Re: Subnet for two sites then advertise in BGP

Jas1066 · ‎04-02-2018

Hello All,

Trying to get around a simple problem that has issues..

Current setup [site A];

Perimeter Firewall>(/24 network)>Perimeter router BGP>ISP

What we plan to do is split /24 into two /25.

Site A;

Firewall>(212.1.1.0/25 network)>perimeter router BGP>ISP

ie IPs for NATing 212.1.1.1 to .126

Site B;

Firewall>(212.1.1.128/25 network)>perimeter router BGP>ISP

ie IPs for NATing 212.1.1.129 to .254

This is all fine but the problem is;

Site A needs to keep the following IPs

212.1.1.1 to .126

212.1.1.252 to .254 (x10 VPNs used)...

.252 and .254 messed up the simple move/break up of /25 subnets for site B.

Questions:

1a) is it possible to advertise lower range of /25 and smaller /32?? (.252 to .254) in BGP for site A?

1b) Do i leave /24 as is, between firewall and ISP router at site A..but adverstise /25 and /32 in BGP?

2) Is it possible to advertise upper range of /25 and exclude .252 to .254 in BGP for site B?

Example of cisco BGP config would help.

Thank you for any help/ info

Jas

Reza Sharifi · ‎04-02-2018

Hi,

Is the original /24 IP assined to you by your ISP or this is your own IP segment assigned by ARIN?

If it is assigned to you by your ISP, you can leave the /24 at site-A and get a new subnet for site-B.

The ISPs usually don't advertise anything smaller than /25.

HTH

Jas1066 · ‎04-03-2018

Hi Reza,

/24 is owned by the company not allocated by the ISP.

Thanks

Jas

Richard Burts · ‎04-03-2018

If we look at this question from a high level as a question about routing possibility then clearly it is possible to advertise a /25 at one site and to advertise a smaller subnet (/32 or /30 or whatever) from another site. The general rule for routing is that the most specific route is the route that will be used. So from this perspective yes the original poster can do what he asks.

But my colleague Reza beings up a good point. ISPs do not advertise small subnets in Internet routing. So from that perspective the approach suggested in the original post will not work. Perhaps a solution might be to advertise the subnets for each site and to set up a tunnel between sites (perhaps a GRE tunnel or perhaps a site to site VPN) and to forward traffic for the .254 address over the tunnel to the other site.

Cautionary note: I am not sure that even a /25 will be accepted and advertised over the Internet. I suspect that you may need to advertise the /24 and then to use the tunnel to forward traffic for the other site over the tunnel.

HTH

Rick

HTH

Rick

Jas1066 · ‎04-04-2018

Thanks for your reply Richard. Think a plan is coming together will a /26 be acceptable on the internet?

Thanks

Jas

Jon Marshall · ‎04-04-2018

As Rick has said usually the minimum is a /24.

You need to talk to your ISPs to find out what is possible.

Jon

Reza Sharifi · ‎04-03-2018

Hi,

How about 4 /26 subnets. Advertise the first and last one from site-A and advertise the 2 in the middle from site-B.

212.1.1.0/26 site-A

212.1.1.64/26 site-B

212.1.1.128/26 site-B

212.1.1.196/26 site-A

Of course, this would not work if you have already used host address from the second or third segment at site-A. Also, not sure if the provider will advertise for you this way. I know most larger providers have their own policy and will not change how the advertise segments for their customers.

HTH

Jas1066 · ‎04-04-2018

That looks promising!!

Just checking the usage of IPs i can get away with;

212.1.1.0/26 site-A

212.1.1.64/26 site-A

212.1.1.196/26 site-A

212.1.1.128/26 site-B

Do i keep /24 at site A ie all perimeter configured devices with 212.1.1.x/24 no change BUT advertise;

212.1.1.0/26 site-A

212.1.1.64/26 site-A

212.1.1.196/26 site-A

At site B configure devices 212.1.1.128/26 and advertise 212.1.1.128/26.

Thanks

Jas