IP addressing help

Unanswered Question
Jan 9th, 2008
User Badges:

Hi


I've got a router that linked to our ISP. What I'd like to do is migrate from our single router to a dual router setup. Between the routers I'd like to run HSRP. However I've got a slight problem, the ip addressing between the ISP and our site is:


ip address 212.x.x.2 255.255.255.252


This only give four ip address, one which the ISP is using that other is on my end. Given that limit how can I configure ip addressing on the interface while having my ip 212.x.x.2 as a floating ip in hsrp?


Is it possible to use private ip's on the interface i.e 192.168.40.x on each of my routers and configure the floating ip as 212.x.x.2?


Thanks in advance

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Hi,


1st of all, my question is: how are you connected to the Internet? Leased line using serial interface on the router? If you're going to get a 2nd router, how is the internet connection going to be implemented? If it's going to be connected to one router then you don't need to add another router. Or are you going for a 2nd Internet connction?

dan_track Wed, 01/09/2008 - 05:50
User Badges:

Hi


Thanks for the reply. Currently its an ethernet connection presented as with an RJ-45 connection.


What I'm planning on doing is plugging in the ISP connection into a switch and then have these two routers plugged into the same vlan as the ISP link. I'll then have HSRP running so that if one router fails the other can just take over. But since I don't have free IP's on the link, I'm going to need to know whether I can use private IP's on the interface while having the external IP 212.x.x.2 as the floating IP. Hope this answers your question.


Thanks

Dan

Hi,


Yes it's much clearer now. Keep in mind that although you're implementing a two router scenario for higher availability, the design isn't that strong since you have the switch as a single point of failure. The correct thing to do for such cases is to apply two redundant Internet connections. Anyway back to your question:

Honestly, I never tried that before and I'm not sure if using private IPs for the physical interfaces and a real IP for the virtual router is going to work. I think it's worth to give it a try.


Anyhow, there are two other possible solution that I would go for:


1- Convert to private IP addressing which is the safest solution. The issue here is that your ISP needs to make some changes from their side too, and I know this is kind of headache.


2- Why don't you simply change the subnet mask on your outside interface to 255.255.255.248. This will give you extra IP addresses without disrubting connectivity to and from your ISP. But be careful that this solution will make communication through your router to any hosts using these IP addresses not possible. But anyway it's kind of workaround.


Hope this helps.

dan_track Wed, 01/09/2008 - 06:34
User Badges:

Hi


Thanks for that last thought on changing the subnet mask. I wasn't sure whether this would work, doesn't the ISP also have to change their subnet mask? or is this a misconception on my behalf?


Thanks

Dan

Hi,


Suppose the following addressing:


Your HRSP virtual router: x.x.x.2 255.255.255.248

Your ISP router: x.x.x.1 255.255.255.252


The ISP can keep their subnet mask as it is since they need only to speak to x.x.x.2 (and the subnet mask of 255.255.255.252 will allow this as the x.x.x.2 address will be considered a valid host IP from the ISP point of view within the 255.255.255.252 subnet mask).

On the other hand, changing the subnet mask on your side to 255.255.255.248 will still enable your router to speak with x.x.x.1 since it's a valid IP address within your subnet, as well as allowing you to have these extra IP addreses that can be accessed only from within your subnet:

x.x.x.3

x.x.x.4

x.x.x.5

x.x.x.6

Keep in mind that in this case if you try to generate traffic from your router itself towards your ISP using the physical interface IP address x.x.x.3 for example, this is not going to work since this address is not valid. Also don't try to NAT your internal users to any other address than x.x.x.2.

bvsnarayana03 Wed, 01/09/2008 - 02:58
User Badges:
  • Silver, 250 points or more

What i understand is tht the /30 subnet provided by the ISP is for serial interfaces.


ISP would have given a pool to be used for natting etc. I assume that 1 IP frm same pool would have been used to your fastethernet interface of router. So, you can use free IP from that pool. HSRP is configured on ethernet interfaces, so what IP's you have on serial interfaces doesnt mater.


hope that clarifies.


pls rate all helpful posts.

Actions

This Discussion