Page 1 of 1

Routing Conundrum - ISP Routed Subnet

Posted: Fri Mar 04, 2016 11:34 pm
by martr84
We have just had a gigabit leased line installed, they have provided us with a /27 however the routing seems a little strange.

Normally i would have thought the ISP would have routed the /27 via a /30, is this what other people have experienced ?

However in this case we have been given:

- as the gateway on their side.
- with a subnet mask of to use on our side.
- as our ip block.

So i've set it up on the routerboard as a test:

eth1 -
eth2 -
then laptop plugged into eth2 with ip

routes via eth1

Unless i enable proxy arp on eth1 the laptop is not reachable on its ip and from what i understand it enabling proxy arp wouldnt be best practice in this instance. Also the broadcast domain is larger than our ip allocation. I would image the isp has other subscribers within the ip block.

I'd appreciate some feedback on this in terms of proxy arp and the way the isp has done the routing?

Re: Routing Conundrum - ISP Routed Subnet

Posted: Fri Mar 04, 2016 11:42 pm
by ZeroByte
That does sound pretty odd... not sure how they're enforcing your /27 if they're setting you up like this.

I'm surprised the Mikrotik even let you add both IP addresses that way.

Perhaps they're expecting your WAN to be a firewall and for you to 1:1 NAT every address you intend to use internally....

That's pretty bo-bo.

You could add to ether2 (lan interface?),
/ip route add dst= gateway=ether2
set arp=proxy-arp on ether1 and ether2

Interestingly, with the way this sounds, you may even be able to utilize the .128 and .159 addresses if you set up your hosts as /24 netmask with .129 as the default gatway.... again, this is weird but it would probably work given what you've explained thus far.

Re: Routing Conundrum - ISP Routed Subnet

Posted: Fri Mar 04, 2016 11:56 pm
by martr84
I did think it was a little odd and not what i've experienced in the past from other providers. i've managed to find a bit of info they provided if it adds anything in regards to context. I was unsure even if the /27 was routed when i first saw the address's. i've ask for a technical contact on their end to query how its been setup so monday i might know more.

Found this in an old email from the provider:
Config:Public IP subnet behind router or firewall & static route required (/29 subnet routed behind a routing network in a traditional manner)
This is a specialised configuration, where the customer requires a separate public subnet behind their own router or firewall (e.g. a filtered "public DMZ").
In the above example, each server would be configured with:
IP address 203.0.113.{34-38}
Such a configuration requires a static route to be added in the isp router. It also uses more IP addresses than the number of customer devices. In the above example 9 IP addresses are consumed, but only 5 are available for the customer servers (there are two used for the customer's router, and two for the subnet broadcast and network addresses). The cost of this extra address space needs to be considered before designing such a network; the customer will have to pay for all 9 addresses assigned.

Re: Routing Conundrum - ISP Routed Subnet

Posted: Sat Mar 05, 2016 12:10 am
by IPANetEngineer
I've seen the scenario you're describing pretty frequently when working outside of the US and Europe, especially in Mexico and South America.

I'd push for a /30 and /27 routed if possible. Proxy ARP isn't the end of the world and we've had to use it when somebody chops up a subnet like this with a mismatched mask inside a larger subnet but it's just a bad design.

Unfortunately, this is usually done as an IPv4 conservation technique to avoid handing out /30s.