On 3/26/2021 12:01 PM, vom513 wrote:
Hello,
tl;dr - If I only have a /24 PI - is there any way to use this and not “chop it up / deagg” to use for ptp/loopbacks ?
Hopefully I can explain this in a manner that makes sense.
Say I have a vanilla dual router/dual upstream setup (think enterprise internet edge).
It’s basically an “H” shape:
- Two ISPs - Two routers (“crosslink” is the middle of the H - iBGP) - Each router has at least a link downstream into my public “outside” segment. I run an FHRP here. This is where my DMZ firewalls, VPN endpoints etc. have their outside interfaces.
Let’s also say I only have a /24 of PI.
I need to number the crosslink and the loopbacks. The upstreams will use their own /30 / /31 let’s say for the top of the H. My downstream interfaces will have my /24 (or parts of it) on the bottom of the H.
Couple things come to mind that might be a more efficient use of address space: First, you don't need two routers in order to have dual upstreams. Have you considered multi-homing using a single router? If you need redundancy, it could be built into a single chassis. Another option is that some routers can perform active/standby failover without the need for extra public addresses. For example, two Cisco ASAs would have a cross-link, but this link is limited to keeping state and HA heartbeat between the two units and can be numbered with either an IPv6 link local or RFC-1918 address. Other platforms may have the option for Virtual Chassis, VSS, stacking, or similar technology that can conserve address space compared to two independent and traditionally addressed routers.