Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

using a /22 over internet

Hi,

we are doing BGP multi-homing and have to have a /22 APNIC IP pool. The requirement is for site to site VPN, outside firewall machines etc.

I would like to know what are the best practices for advertising the /22 on the internet and the possible IP scheme between my router and firewall. I have thought of using ISP1 as the primary for a /23 and ISP2 for teh remaining /23.

-Sai.

  • WAN Routing and Switching
5 REPLIES

Re: using a /22 over internet

Sai,

My suggestion would be to advertise one block via ISP1 and another via ISP2. You can use AS-Prepend to make one block look less attractive via a certain ISP

Between the router and the firewall, you can use a /23 which should satisfy all your VPN needs and say primarily routed via ISP1. The other pool can then be used for NAT and routed primarily via ISP2

Narayan

New Member

Re: using a /22 over internet

Narayan,

By one block, do you mean a /23 or it is advisable for me to advertise 4*/24 networks?

-Sai.

Re: using a /22 over internet

Sai,

I would suggest 2 x /24 block ... It will leave you with 2 more blocks which can be used at another site at a later stage rather than agian going through the APNIC/IRR update process :-)

Edit: I agree with Dandy that whatever you plan needs to updated to the ISPs and should be reflected in a similar way in the internet routing databases (Radb etc)

Narayan

New Member

Re: using a /22 over internet

Hi Sai,

You can advertise 1st prefix via ISP-1 and 2nd prefix via ISP-2. You can use PBR and use AS-PREPEND vis-a-vis in each OUT-PREFIX-ADVERTISE respective Policy.

This will advertise from each peerings and provide fall back option on per prefix as well.

Re: using a /22 over internet

Hi,

Don't forget to tell both ISP to permit /22 because if you tell them that you are advertising only /23, they will put an ACL in the interface of their router connected to your router or a prefix-list for incoming prefix originating from your router just for /23. In the future, you may change your configuration advertising the whole /22 or you swap the advertisement between two ISP, then you will have a problem that you may not immediately see the root cause.

Regards,

Dandy

108
Views
0
Helpful
5
Replies
This widget could not be displayed.