Another ISP thread...
tensai at zmonkey.org
Thu Apr 25 14:53:49 MDT 2013
On 04/24/2013 06:41 PM, Tod Hansmann wrote:
> On 4/24/2013 8:41 AM, Steve Meyers wrote:
>> On 4/24/13 6:44 AM, Jima wrote:
>>> You do need the /30 for a couple of those, actually. There are ways
>>> around the others (like a transparent bridging firewall).
>>> With IPv6, the point-to-point subnet is actually MORE important, not
>>> less. Have you ever dealt with an on-link /48? It's clear evidence
>>> that whoever architected the ISP's IPv6 deployment had little idea what
>>> they were doing. The only way around it is rather unpleasant hacks --
>>> not hypothetically speaking.
>> I completely agree with Jima. Tod, I'll diagram it out for you at the
>> next PLUG meeting. :)
> Having not slept since Monday night, all of this is making less and less
> sense as we go. I may well need a diagram to clear it up after I get
> some sleep. My mind just keeps going in circles usually because I
> somehow get thinking about point-to-point T1s as an example of
> something, and then can't remember what.
You're on the right track. Maybe I can get you the rest of the way there.
For this example, let's say that your ISP assigns you a /28 of IP
addresses, 192.0.2.0/28. Your usable range is 14 addresses, .1 to .14.
There are two ways to do this.
ISP Router ---- 192.0.2.0/28 ---- Your Router ---- 192.168.0.0/24
192.0.2.1 192.0.2.2 192.168.0.1
In this case, the ISP takes one of the IPs in your range (192.0.2.1),
you take the second on your WAN interface (192.0.2.2) and then you have
a separate range on your LAN (192.168.0.0/24). This would presume you
use NAT, since you can't also put the /28 on your LAN. The only way to
get addresses from the /28 onto your LAN is through a one-to-one NAT or
proxy ARP or some other funny business. You can only use .3 to .14 this way.
ISP Router ---- 184.108.40.206/30 ---- Your Router ---- 192.0.2.0/28
220.127.116.11 18.104.22.168 192.0.2.1
This would be the routed case which Jima and Steve are advocating (and
for the record, the one I prefer as well). The ISP assigns you a
separate /30 for your connection (22.214.171.124/30). This frees up 192.0.2.1
and 192.0.2.2 for the LAN and doesn't require anything aside from
standard routing. You *can* NAT if you want, but you don't *have* to.
This is typically how T1s (and OC3s, etc) are set up, which is probably
why it came to mind for you. In the case of a point-to-multipoint setup,
you might have a larger subnet instead of the /30, but the same
principle would apply.
More information about the PLUG