cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
905
Views
0
Helpful
6
Replies

Overlapping IP addresses in a VPN

mohamedhaddad
Level 1
Level 1

what is the solution of the following:

-the SP is configuring an MPLS l3 VPN.

-the SP assigns Virtual IP addresses for the serial interfaces between his PE routers and the CE routers

- Case #1 - by chance the Vurtual IP addresses assigned to one of the CE devices makes an overlap with the Ethernet assigned IP addresses for the Customer i.e. the CE router is having IP addresses from the same network on the two interfaces.

- Case #1 - the CE1 ethernet addresses is overlapping with the IP addresses assigned to CE2 , where any device attached to CE 2 when want to communicate with devices in CE1 , the packets will not go out of CE2 router as it has the destination address assigned on its serial interfaces.

========

would it be a good solution to configure the admin distance of the connected routes to be higher than the Static routes ? is it possible ?

6 Replies 6

jackyoung
Level 6
Level 6

I suggest to ask the SP to provide another subnet and IP address to avoid the overlapping. They should have pool to do it. Please don't overlap or duplicate the subnets.

the problem is that we are the SP :))

i am talking about this scenario as it may happen , and the occurance of it may repeat .

so is ther any other solution than assigning another address space?

Unhappily, you cannot maintain that situation. The connected routes on both PE and CE that is the PE-CE link will never go away, so you will be interupting the customer's addressing scheme regardless of any route manipulation.

The SP (you) need to use your own public IP addresses for those links (same set for each VPN is fine). This is the only way to be sure that your customer(s) will not use those same numbers in their routing scheme.

Or you have an agreement with your customers that a particular section of the private ranges is reserved (say 172.31/8). Either way, this needs to be coordinated.

In a scenario I was involved in, we required that the customer provide CE-PE addressing from their addressing scheme.

peter

we are now using the public addresses for the IP addresses between the PE-CE , but this is wasting our public IP , so we are thinking of using the private IP.

i agree with you that it can be an agreement with the customer to not assign his internal IP from the range we assign for serial connections. but what if the customer is already having his already up and running Internal IPs and accidently it overlaps with our assigned IPs? my question here is , is there any technical solution to overcome this problem??

I also worked in a SP before. We normally to provide the PE-CE IP (only 2 host IP are required /30) and a range of public IP to the customer. If it is an Internet connection, then the customer should order the public range themselves or use one of the SP provided public IP. Or they use NAT to translate their private IP to public IP which provided by SP.

If it is a MPLS link, it should be no issue because if the customer traffic (private or public IP) transmitted to the SP/PE side, it will fall into their assigned VRF and it will not affect others. However, those customer IP should not be overlapping with the SP management IP address (e.g.management IP at CE).

Hope this helps.

Jack ;

i am talking about the 2 host IP addresses /30.

when you use them private IP addresses , this may overlap with the customer internal IP addresses ( private also), which will cause routing problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: