Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
5
Replies

using a /22 over internet

saimbt
Level 1
Level 1

‎02-21-2008 03:13 AM - edited ‎03-03-2019 08:48 PM

Hi,

we are doing BGP multi-homing and have to have a /22 APNIC IP pool. The requirement is for site to site VPN, outside firewall machines etc.

I would like to know what are the best practices for advertising the /22 on the internet and the possible IP scheme between my router and firewall. I have thought of using ISP1 as the primary for a /23 and ISP2 for teh remaining /23.

-Sai.

Labels:
0 Helpful
5 Replies 5

royalblues
Level 10
Level 10

‎02-21-2008 05:00 AM

Sai,

My suggestion would be to advertise one block via ISP1 and another via ISP2. You can use AS-Prepend to make one block look less attractive via a certain ISP

Between the router and the firewall, you can use a /23 which should satisfy all your VPN needs and say primarily routed via ISP1. The other pool can then be used for NAT and routed primarily via ISP2

Narayan

0 Helpful

saimbt
Level 1
Level 1
In response to royalblues

‎02-21-2008 05:32 AM

Narayan,

By one block, do you mean a /23 or it is advisable for me to advertise 4*/24 networks?

-Sai.

0 Helpful

royalblues
Level 10
Level 10
In response to saimbt

‎02-21-2008 06:06 AM

Sai,

I would suggest 2 x /24 block ... It will leave you with 2 more blocks which can be used at another site at a later stage rather than agian going through the APNIC/IRR update process :-)

Edit: I agree with Dandy that whatever you plan needs to updated to the ISPs and should be reflected in a similar way in the internet routing databases (Radb etc)

Narayan

0 Helpful

gaurav_thapar79
Level 1
Level 1

‎02-21-2008 05:32 AM

Hi Sai,

You can advertise 1st prefix via ISP-1 and 2nd prefix via ISP-2. You can use PBR and use AS-PREPEND vis-a-vis in each OUT-PREFIX-ADVERTISE respective Policy.

This will advertise from each peerings and provide fall back option on per prefix as well.

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni

‎02-21-2008 06:02 AM

Hi,

Don't forget to tell both ISP to permit /22 because if you tell them that you are advertising only /23, they will put an ACL in the interface of their router connected to your router or a prefix-list for incoming prefix originating from your router just for /23. In the future, you may change your configuration advertising the whole /22 or you swap the advertisement between two ISP, then you will have a problem that you may not immediately see the root cause.

Regards,

Dandy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card