ip scheme overlap in BGP

Answered Question
Jan 16th, 2008

We have numerous branches Wan'd via bgp with a 10.x.0.0/16 scheme. A consultant to a stub like portion of our network wants to inject a 10.x.0.0/12 "supernet" how he put's it scheme. If for instance then the question is put to me whether a 10.120.0.0/16 network and a 10.120.0.0/12 network are advertised, will there be any chance of overlapping addresses? I should know this...my inclination is no, but our senior network tech has some reservations.

I have this problem too.
0 votes
Correct Answer by Kevin Dorrell about 9 years 2 days ago

Not quite. 10.130.0.0/12 does not exist as it has an inconsistent mask. The prefix would be 10.128.0.0/12. You are right that you should not permit anything in the range 10.128.0.0/16 to 10.143.0.0/16 to be injected from anywhere else as all those addresses would be covered by the 10.128.0.0/12 injection.

Kevin Dorrell

Luxembourg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kevin Dorrell Wed, 01/16/2008 - 12:13

The "super-sub-net" 10.120.0.0/12 does not exist as such. If it is a /12, then the second octet starts at a multiple of 16, for example 10.112.0.0/12. The "super-sub-net" would occupy the range 10.112.0.0 to 10.127.255.255. If that is the case, you should avoid using 10.x.0.0/16 (where 112 <= x < 128) anywhere else.

Another way of looking at it is that the "super-sub-net" will occupy the space of 16 of your standard subnets.

Kevin Dorrell

Luxembourg

tteslicko Thu, 01/17/2008 - 04:15

So therefore if we were speaking of a potential injection of 10.130.0.0/12 address....that would be within the 10.128.0.0-10.143.255.255 range and 128 <=130<=144 ?? WE therefore should not permit that range of addresses to be injected if we already advertise a 10.130.0.0/16 network from a major section of our wan???? Thanks for your detailed response. Much appreciated!!!!!!!!

Correct Answer
Kevin Dorrell Thu, 01/17/2008 - 05:41

Not quite. 10.130.0.0/12 does not exist as it has an inconsistent mask. The prefix would be 10.128.0.0/12. You are right that you should not permit anything in the range 10.128.0.0/16 to 10.143.0.0/16 to be injected from anywhere else as all those addresses would be covered by the 10.128.0.0/12 injection.

Kevin Dorrell

Luxembourg

Actions

This Discussion