Community discussions

MUM Europe 2020
 
martr84
just joined
Topic Author
Posts: 19
Joined: Sun Feb 12, 2012 1:17 am

Routing Conundrum - ISP Routed Subnet

Fri Mar 04, 2016 11:34 pm

We have just had a gigabit leased line installed, they have provided us with a /27 however the routing seems a little strange.

Normally i would have thought the ISP would have routed the /27 via a /30, is this what other people have experienced ?

However in this case we have been given:

- 1.1.1.1 as the gateway on their side.
- 1.1.1.7 with a subnet mask of 255.255.255.0 to use on our side.
- 1.1.1.128/27 as our ip block.

So i've set it up on the routerboard as a test:

eth1 - 1.1.1.7/24
eth2 - 1.1.1.129/27
then laptop plugged into eth2 with ip 1.1.1.130/27

routes 0.0.0.0/0 via eth1

Unless i enable proxy arp on eth1 the laptop is not reachable on its ip and from what i understand it enabling proxy arp wouldnt be best practice in this instance. Also the broadcast domain is larger than our ip allocation. I would image the isp has other subscribers within the 1.1.1.0/24 ip block.

I'd appreciate some feedback on this in terms of proxy arp and the way the isp has done the routing?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Routing Conundrum - ISP Routed Subnet

Fri Mar 04, 2016 11:42 pm

That does sound pretty odd... not sure how they're enforcing your /27 if they're setting you up like this.

I'm surprised the Mikrotik even let you add both IP addresses that way.

Perhaps they're expecting your WAN to be a firewall and for you to 1:1 NAT every address you intend to use internally....

That's pretty bo-bo.

You could add 1.1.1.129/32 to ether2 (lan interface?),
/ip route add dst=1.1.1.128/27 gateway=ether2
set arp=proxy-arp on ether1 and ether2

Interestingly, with the way this sounds, you may even be able to utilize the .128 and .159 addresses if you set up your hosts as /24 netmask with .129 as the default gatway.... again, this is weird but it would probably work given what you've explained thus far.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
martr84
just joined
Topic Author
Posts: 19
Joined: Sun Feb 12, 2012 1:17 am

Re: Routing Conundrum - ISP Routed Subnet

Fri Mar 04, 2016 11:56 pm

I did think it was a little odd and not what i've experienced in the past from other providers. i've managed to find a bit of info they provided if it adds anything in regards to context. I was unsure even if the /27 was routed when i first saw the address's. i've ask for a technical contact on their end to query how its been setup so monday i might know more.

Found this in an old email from the provider:
Config:Public IP subnet behind router or firewall & static route required (/29 subnet routed behind a routing network in a traditional manner)
image003.png
This is a specialised configuration, where the customer requires a separate public subnet behind their own router or firewall (e.g. a filtered "public DMZ").
In the above example, each server would be configured with:
IP address 203.0.113.{34-38}
Netmask 255.255.255.248
Gateway 203.0.113.33
Such a configuration requires a static route to be added in the isp router. It also uses more IP addresses than the number of customer devices. In the above example 9 IP addresses are consumed, but only 5 are available for the customer servers (there are two used for the customer's router, and two for the subnet broadcast and network addresses). The cost of this extra address space needs to be considered before designing such a network; the customer will have to pay for all 9 addresses assigned.
You do not have the required permissions to view the files attached to this post.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1090
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Routing Conundrum - ISP Routed Subnet

Sat Mar 05, 2016 12:10 am

I've seen the scenario you're describing pretty frequently when working outside of the US and Europe, especially in Mexico and South America.

I'd push for a /30 and /27 routed if possible. Proxy ARP isn't the end of the world and we've had to use it when somebody chops up a subnet like this with a mismatched mask inside a larger subnet but it's just a bad design.

Unfortunately, this is usually done as an IPv4 conservation technique to avoid handing out /30s.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com

Who is online

Users browsing this forum: No registered users and 31 guests