Merging two networks behind one router

dturner0114 · ‎07-25-2024

Hello everyone,

Here's the situation:

Our ISP is providing a /29 to our first router, R1, and then IP routing two large blocks of public IP's to our first usable IP. We are currently subnetting these blocks out to offices over ethernet private line links. For example, on the router we make interface vlan332 and assign it X.X.X.1/29. On the EPL downlink interface we specify switchport access vlan332. At the branch office the router's WAN address would be X.X.X.2/29. If an office needs additional public IP's we IP route a second block (such as a /24) to X.X.X.2 from R1. Repeat for other offices. This setup has worked for years. There are no private addresses on R1. On R1 we also have an IP route 0.0.0.0 0.0.0.0 (IP of /29 circuit gateway) to send all traffic to the ISP.

Yes I understand the R1 is acting like an ISP router. That is the intent.

Circuit 1’s bandwidth is exhausted, so my predecessor got a second connection with a second /29 from our ISP and put it behind a second router, R2. The second /29 connection works. This second /29 also has a large block of public IP’s routed to it for subnetting that is not currently in use but will be shortly.

We are now out of physical ports and there is a desire to combine the two circuits behind a new, single router with more capacity instead of just replacing the individual routers. So, R3 will be replacing both R1 and R2. We do not need load balancing and will be using both circuits independently.

So, my question, is how to we shape traffic so IP’s that are routed to circuit 1 from our ISP go back out circuit 1’s interface, and circuit 2’s IP’s out of circuit 2’s interface? I have read about route-map but those posts apply to internal private IP’s such as using circuit 1 for data and circuit 2 for voice. My first thought was to IP route <entire block of IP block 1> to [Interface or IP of circuit 1 gateway] and <entire block of block2 on circuit 2> to [interface or IP of circuit 2 gateway] but suspect this may cause routing confusion as we’ll be subnetting the blocks downstream.

We do not have the ability for BGP at this time.

IP blocks from circuits 1 and 2 do not need to talk to each other through the router.

I’m curious to see how the community would address this. I’d appreciate any feedback or suggestions. Yes we can simply replace R1 and R2 with larger capacity units and keep the circuits physically separate if needed, but I feel there has to be a simple way to configure the routes.

MHM Cisco World · ‎07-25-2024

I dont fully get your request but

You can use pool for public IP and assing one of these IP as secondary IP in interface of new ISP.

MHM

Joseph W. Doherty · ‎07-25-2024

Possibly VRF? Are you familiar with it?

dturner0114 · ‎07-26-2024

Thanks for the suggestion. No, I am not familiar with VRF. Looking it up online I came to the following config:

(config)# vrf context ROUTE1
(config-vrf)# ip route 0.0.0.0 0.0.0.0 [IP OF 1st circuit gateway]
(config-vrf)# exit
(config)# int VLAN332
(config-if)# vrf member ROUTE1
(config-if)# ip address X.X.X.1/29

(config)# vrf context ROUTE2
(config-vrf)# ip route 0.0.0.0 0.0.0.0 [IP OF 2nd circuit gateway]
(config-vrf)# exit
(config)# int VLAN444
(config-if)# vrf member ROUTE2
(config-if)# ip address Y.Y.Y.1/29

Using this I can see how we can manipulate the next hops of a given interface, and assuming this works, also permitting easy expandability as the need arises. Is there anything else I may be missing?

Joseph W. Doherty · ‎07-26-2024

I'm far, far from being an expert with VRF, so you might post a new question on how to configure it.

That said, if you've read up on it, likely you see why I suggested it. It allows multiple L3 domains on the same device.