how to obtain a public ip prefix for Extranet?

Unanswered Question

hi! I hope this is the correct forum.

I'd like to obtain a /24 public IP address block, which will be used as the NAT pool that represent our company when this company connect to other business partners via Extranet.

Thus when we advertise this prefix to other firms:

1. this IP prefix is public

2. this IP prefix is not being advertised on the internet

I called ARIN but they told me we need to be BGP multi-homed first, already using /24 and show some usage...

or we can apply for prefix from ISP

I am a little confused now. I have worked in some other place where they already own a few /24. so they advertise a few on the internet, then use the other prefix for Extranet routing.

any help is appreciated!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 12/16/2008 - 12:07


You could ask your ISP but chances are i would have thought they will be advertising this to the internet.

This extranet, how is it being created ie. is it a closed network that only the extranet partners connect into or is it run over the Internet - i'm guessing not as you don't want it advertised on the internet.

Have you considered using a private IP address space that is unique among all the extranet partners ?


kjmattakat-bby Wed, 12/17/2008 - 07:39

How are you connecting to the internet? DSL? dedicated circuit (Frame, P2P, etc)?

depending on your internet connection, and your provider, you may not be able to get a full class C, in my experience you really shouldn't need that large of an adress space. Either way, you will probably have to justify the amount of addresses you are asking for and fill out an ARIN end-user network request ( your ISP should provide you with one.

You should not need to do anything with BGP unless you are already using BGP to advertise your existing public address space.

Your business partners are requesting you do this because they do not want a conflict with any of their other customer connections. I would assume that your connectivity to your partners will be through VPN, to/from a public IP you already have. Even though your new addresses need to be public and internet routable your partners won't necessarily be using internet routing to access your new block, they will create routing entries in their firewalls and VPN devices to route any traffic to your new block through a VPN pointing at your existing IP address.

I have set up many of these types of connections and would be happy to discuss this off line if you like.

kjmattakat-bby Wed, 12/17/2008 - 11:03


I am at a customer site, it would be better if you could call me. I have attached a simple diagram I just threw together to help explain things.




This Discussion