Routing an ethernet like a serial point-to-point?

Unanswered Question
Apr 29th, 2010
User Badges:

I'm sure this is a terribly simple question, but I haven't done this sort of thing before and I can't find an example of how it's done.


I am accustomed to using routers with WAN cards like WIC-T1's etc on which the ISP delivers the Internet access which you point default at.  The serial line has a /30 that is allocated out of the SP's space not out of the /24 or /28 you get assigned for your LAN or DMZ.  This looks like:



Serial: 192.168.1.1  on the provider's router


          192.168.1.2  on my router


Then something like:


FE0  10.10.1.1/25  -- to the LAN


FE1   10.10.1.129/25  -- DMZ



I've moved some equipment out of my comapny's office where I work and into a commercial datacenter.  They have given me an ethernet handoff and two /28's pointed at the interface.  Let's pretend that is 192.168.1.48/28


I have then:


FE0      192.168.1.49  at the provider's router and 192.168.1.50/28 on my FE0.


What I want to do is route the balance of that /28 out of FE1 which feeds the distribution switch in my rack.


In addition, when I went back for more address space, I was assigned 192.168.22.64/28 which also needs to route out of FE1


I have tried all sorts of slicing and dicing trying to make a /30 PtoP out of the first two addreses, but usually the IOS balks or it just doesn't Do What I Want.  I've tried also to fool with IP Unnumbered (even though I know its not supposed to work on ehter), but that was a bust too.



Help!



Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ozzyosbu1 Fri, 04/30/2010 - 00:49
User Badges:

You may request your ISP to give you a /30 for the WAN ethernet link than a /28.

And regarding the additional /28 which you have recieved, it shouldnt be difficult,have you tried assigning one IP from it as a secondary address to FE1.

Jon Marshall Fri, 04/30/2010 - 06:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joseph


What I want to do is route the balance of that /28 out of FE1 which feeds the distribution switch in my rack.

In addition, when I went back for more address space, I was assigned 192.168.22.64/28 which also needs to route out of FE1


Could you clarify what you mean. FE1 is connected to your dmz. Do you simply want to use the address ranges provided to present internal privately addressed servers to the outside ? If so you just setup static NAT commands on the router.


Note - you have been assigned 192.168.x.x addressing, is this actually real public IPs you have been assigned and you just used 192.168.x.x as an example ?


Jon

joseph.noonan Fri, 04/30/2010 - 07:59
User Badges:

Jon,


I'm sorry for not making it clear that I used the 1918 address space just for illustration, t

he actual setup is using real, routable space.  So, no, I most emphatically do not wish to NAT.



To the other poster who suggested I get a /30 from the datacenter: While I am sure that would work. I'm pretty sure that should not be necesarry.  I find it difficult to believe that there isn't a cleaner solution when on a shared fabrix like ethernet.  Maybe VLAN's or something, I'm looking into that next.

Jon Marshall Fri, 04/30/2010 - 08:59
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joseph


I'm sorry for not making it clear that I used the 1918 address space just for illustration, the actual setup is using real, routable space.  So, no, I most emphatically do not wish to NAT.


So just to clarify, you have public addressing assigned to you by the ISP and you want to assign these addresses directly to devices on your network as opposed to having devices on your network using private RFC1918 addressing that you want to give access to via the public IPs ?


Jon

joseph.noonan Fri, 04/30/2010 - 14:14
User Badges:

There are NO rfc1918 addresses anywhere in my network!  I used those as illsutrations as I'm not going put up a blinking neon sign pointing at the real network in question when the message of the sign is roughly: "idiot runs the network here"



I have two discontiguous /28 sized netblocks that are assigned to various machines in a rack in a colo someplace.  Every router, firewall, server, or toaster in that network has a real routable IP addrerss.  There is no NAT or PAT configured anywhere in the mix.


I have a 2811 with two FE's.



One FE is connected back to the datacenter's router (address XX.yy.ZZ.49/28)



The other FE is attached to the distribution switch in my rack into which all of my gear terminates.



By analogy with 1700s I have at several branch offices in which the WAN link gets something like: qq.ww.ee.31/30 and the LAN (and/or DMZ) but an ethernet is where you terminate your 'inside' machines  I tried to do something like putting XX.yy.ZZ.50/30 on FE0 and somehow get routers to the other 11 addresses out to FE1.  I was thinking along the lines of "IP unnumbered" which allows you to not burn an IP on the customer side of a point-to-point serial line.  The near side just 'borrows' one of the ethernet's IPs.



Here is the correct answer to my problem and I am most grateful to Bharat Bali of the TAC Routing team for the help and the perfect solution he outlined for my problem.  A solution I am already expanding to make use in some other settings.



The analogous thing to IP unnumbered for ethers is to "no IP address" both of the FE interfaces, join them in a bridge group, and assign one address out of each block (second and subsequent ip address statements must have the SECONDARY qualifier tacked on the end) to the bridge and voila!  Packets come and goe and find their way to the correct hardware interface.


Here are the relevant portions of the config:


!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 1
!

!
bridge irb

!

!
interface BVI   1
ip address 192.234.568.210      255.255.255.240 secondary
ip address 192.456.789.50        255.255.255.240
!
ip route 0.0.0.0 0.0.0.0 209.189.225.49
!

!
bridge 1 protocol ieee
bridge 1 route ip



In the above configuration on address from each block is used by the provider's interface, and one each is used on the bridge on my router.



I hope some similarly tortured individual finds this useful one day.

Actions

This Discussion

Related Content