Best practice for ptp/loopback numbering for "small" enterprise multihome setup

• Previous message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Next message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 26 Mar 2021 at 20:01, William Herrin <bill at herrin.us> wrote:
>
> On Fri, Mar 26, 2021 at 11:07 AM vom513 <vom513 at gmail.com> wrote:
> > As I said in the tl;dr - my main point of contention here is breaking up my /24 I.e. use the very top /30s / /31s for ptp/loop.  I would then have at most the bottom /25 to use contig. on my “lan” - and I would need to use the next /26, /27 and so on in some manner for the space to be useable...
>
> If you feel like getting fancy...
>
> Use /32 routes to reclaim the unused base and broadcast address in any /30s
>
> Pick the next largest size block that has your /24 neither at the
> start or end and assign that to your lan.
>
> Use proxy arp and more specific routes to grab traffic that doesn't
> fall in the /24 or is part of the loopback and point to point
> numbering and move it off the lan and towards its destination
> (including upstream).

In a lab, sure.

In production, you may be able to troubleshoot this a few months from
now, but how will the on-duty junior engineer handle this at 03 AM?


> This way, every address in the /24 that you don't specifically use
> elsewhere is usable as a unicast address on your LAN segment,
> including the .0 and .255 addresses.
>
> e.g.
>
> You have 10.0.1.0/24
>
> Put 10.0.0.0/22 on your LAN
> Add proxy arp and route 10.0.0.0/24 upstream
> Add proxy arp and route 10.0.2.0/23 upstream
> Add proxy arp and route 10.0.1.254/32 to your first router loopback
> etc.
>
> If you're really clever you can convince the stations that 10.0.0.1 is
> the default gateway but convince the router that 10.0.0.1 is upstream
> so that the router doesn't even need a dedicated IP address facing the
> LAN.

What you are suggesting is to configure public IP address space that
isn't yours, this should be a big nono. At the very least you can't
reach the public IP addresses 10.0.0.0 and 10.0.3.255 from the hosts,
because they won't be sending ARP requests for subnet and broadcast
addresses. So you break real public IP's of other people. In the worst
case scenario, some of this goes wrong and you cause entire public
subnets to be unreachable from this network.

We are talking about how to avoid 1918 addressing on P2P links. I'd
say NOT configuring other people's public IP addresses on your network
is more important than NOT configuring 1918 addressing on your
network.



Lukas

• Previous message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Next message (by thread): Best practice for ptp/loopback numbering for "small" enterprise multihome setup
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]