Routing for /26 block over /30 network

StanDurst
New here

Routing for /26 block over /30 network

We are moving to a new ISP, I have a /26 block that has been established  but in order to use it I'm told that I must route it over a /30 they've provided in order to limit the size of the broadcast domain.  We have over 40 externally facing instances and need to NAT about 30 of these IPs to internal web servers. Our current ISP gave us our existing IP block in the traditional way so that their gateway is part of the block so we have no need for a route.  My question is do I need to setup a router between the new ISP and my MX400 or is there a way to make this all work within my firewall?

4 Replies 4
BrandonS
Kind of a big deal

I've had Comcast deliver this way.  It will just work and you can assign 1:1 NAT, etc. from you /26 as normal on your MX.

 

Where you could have a problem is if you plan to do warm spare and need more public IP addresses in a subnet on your WAN port.

- Ex community all-star (⌐⊙_⊙)
StanDurst
New here

Thank you, we do have a warm spare that needs to work with this service. We also have an unused ISR4451 on site that we are going to press back in to to service to keep the firewall simple. This way all we will need to do is change the WAN IP's and the external addresses used for our NATs.
General-Zod
Getting noticed

If that’s the case you will need to have a minimum /29 for your wan subnet. Most providers will accomodate this. This will cater for 6 usable addresses to facilitate your HA. 1 for each mx, vrrp, gateway, leaving you with 2 spare. Then of course the /26 will then be routed to your vrrp address for all your public facing servers.

Hope this helps
BrandonS
Kind of a big deal

"Kneel before Zod" lol!

 

That is all correct.  I forgot to reply earlier that the ISR is perfectly good way to work around getting your /26 more properly usable if your ISP won't change.  I have been battling and escalating with Comcast for nearly a month already on this same topic.  They just won't change it.  They will put in their own router (and charge) or we can do like you are planning..

- Ex community all-star (⌐⊙_⊙)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels