Deploying a real ISP NETWORK on Private addresses

Unanswered Question
Sep 10th, 2007

Hi netpros,

i would like to ask a question regarding deploying ISP networks.

I am a CCNA and CCNP certified graduate and i i have been presented with an opportunity to deploy an Entire ISP network based on Cisco technologies and i am going to intergrate the Cisco technologies (Routers,Switches and firewalls) with Motorola Canopy Broadband wireless technologies.

Now my design which i have already put to test,is as follow.

I have the clients network which will be publicly addressed. Then i have the Motorola Canopy Wireless Network ( work as a normal physical leased lines )which is the transit network between the clients public network and our Core NOC network which is on totally private block of addresses.Then i have the Outside networking pointing to our upstream providers on totally public addresses.

Is this implementation valid ,because it seems to be working fine and NAT is only done on the ASA 5510 only i a routed mode.

My worry is i see most ISP's i have worked with using public addresses on there T1 WAN links between them and there clients, but for me i have decided to use private addresses on the WAN links between our NOC Network and clients to route the public address we provide to our customers.

Is this design really valid.

Thanks NOAH.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Mon, 09/10/2007 - 02:15

Hi, at one time it was recommended against, but it is becoming more and more common nodaways: infrastructure links use private address.

In reality, that doesn't cause any problem.

Hope this helps, please rate post if it does!

lgijssel Mon, 09/10/2007 - 02:47

As long as you are using privates for routing inside your own routing domain, there is actually nothing against it.

Using NAT/PAT is a potential problem because it breaks the end-to-end ip connectivity. From your description I understand that you are aware of this and only routing public adresses.

regards,

Leo

cjnwodo Mon, 09/10/2007 - 03:01

Hi,

I agree with everyone else, However, a note of caution: The reason why some ISPs connect to external clients on the WAN [T1 etc] with public addresses is because sometimes clients also use private addresses in their network. And just sometimes they will be using the same block of private addresses that you are using!!

I would advice you to proceed as you've planned but have the following contingencies:

1) Have private addresses from multiple ranges -10.x.x.x, 172.16.x.x -172.31.x.x & 192.168.x.x. This way if a client is using addresses out of one range you can allocate from any of the other ranges for the WAN

2)Reserve a 'small' public address for WAN connections just in case a client insists on public addressing for the WAN connection.

cisco14@@ Mon, 09/10/2007 - 04:28

Hi and thanks for your reply.

I think to note though is i have the whole transit network between the customers CPE and our core network on totally different private range of addresses from 10.0.0.0 172.16.0.0 and 192.168.0.0. mosytof our customers are getting public IP addresses which i statically and dynamically route though the private canopy network to our core network.

I did this to reserved public IP's which could have been wasted on this WAN links between us and the customers.

No i hope this does not affect clients routing and i hope literally it assumes the clients network is Public.

Thanks NOAH

cisco14@@ Mon, 09/10/2007 - 04:38

Yes Leo,

i know that using NAT is a potential problem and would not be a good implementation, But however i have no option because from my design the clients get public IP's which are routed over the private addresses.

Now the reason i NAT on the Core router is because the interfaces are privately addressed and they point to the private WAN link between me and the Customers CPE.

So i have to nat this privates to the public IP on our outside interface pointing to our UPSTREAM PROVIDERS NETWORKS.

Unless there is a way i can MAP this private addresses to the public, then i will have to do that.

Any Ideas. Do you think if i was to use a dynamic routing protocol like OSPF on the ASA 5510 could solve this NATTING issue.

Please advice.

Thanks.

Actions

This Discussion