Another ISP thread...

Corey Edwards tensai at zmonkey.org
Thu Apr 25 14:53:49 MDT 2013


On 04/24/2013 06:41 PM, Tod Hansmann wrote:
> 
> On 4/24/2013 8:41 AM, Steve Meyers wrote:
>> On 4/24/13 6:44 AM, Jima wrote:
>>>     You do need the /30 for a couple of those, actually.  There are ways
>>> around the others (like a transparent bridging firewall).
>>>
>>>     With IPv6, the point-to-point subnet is actually MORE important, not
>>> less.  Have you ever dealt with an on-link /48?  It's clear evidence
>>> that whoever architected the ISP's IPv6 deployment had little idea what
>>> they were doing.  The only way around it is rather unpleasant hacks --
>>> not hypothetically speaking.
>> I completely agree with Jima.  Tod, I'll diagram it out for you at the
>> next PLUG meeting. :)
>>
>> Steve
> Having not slept since Monday night, all of this is making less and less 
> sense as we go.  I may well need a diagram to clear it up after I get 
> some sleep.  My mind just keeps going in circles usually because I 
> somehow get thinking about point-to-point T1s as an example of 
> something, and then can't remember what.

You're on the right track. Maybe I can get you the rest of the way there.

For this example, let's say that your ISP assigns you a /28 of IP
addresses, 192.0.2.0/28. Your usable range is 14 addresses, .1 to .14.
There are two ways to do this.

Setup A:

ISP Router ---- 192.0.2.0/28 ---- Your Router ---- 192.168.0.0/24
    192.0.2.1               192.0.2.2    192.168.0.1

In this case, the ISP takes one of the IPs in your range (192.0.2.1),
you take the second on your WAN interface (192.0.2.2) and then you have
a separate range on your LAN (192.168.0.0/24). This would presume you
use NAT, since you can't also put the /28 on your LAN. The only way to
get addresses from the /28 onto your LAN is through a one-to-one NAT or
proxy ARP or some other funny business. You can only use .3 to .14 this way.

Setup B:

ISP Router ---- 192.1.2.0/30 ---- Your Router ---- 192.0.2.0/28
    192.1.2.1               192.1.2.2    192.0.2.1

This would be the routed case which Jima and Steve are advocating (and
for the record, the one I prefer as well). The ISP assigns you a
separate /30 for your connection (192.1.2.0/30). This frees up 192.0.2.1
and 192.0.2.2 for the LAN and doesn't require anything aside from
standard routing. You *can* NAT if you want, but you don't *have* to.
This is typically how T1s (and OC3s, etc) are set up, which is probably
why it came to mind for you. In the case of a point-to-multipoint setup,
you might have a larger subnet instead of the /30, but the same
principle would apply.

Corey



More information about the PLUG mailing list