[c-nsp] Private IP in point to point link on internet

Nick Cutting ncutting at edgetg.com
Tue Jun 21 10:37:39 EDT 2016 

We have a few providers in HK who deliver our public /24's via a /30 RFC 1918 Address.

I'm not 100 percent sure how it breaks the path discovery, I would love to test this too, as we have a few of these setups in place.

It is very annoying for other reasons, i.e remotely managing the router on the outside interface, when the BGP prefix we own is preferred  inbound on the other router in the HSRP pair.

Why not deliver a /31 and not break the hearts of us poor customers :)

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Satish Patel
Sent: Tuesday, June 21, 2016 9:08 AM
To: Mike
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Private IP in point to point link on internet

You have a point, what if I increase MTP size to 9000 on that point to point interface? 

--
Sent from my iPhone

> On Jun 21, 2016, at 1:10 AM, Mike <mike-cisconsplist at tiedyenetworks.com> wrote:
> 
>> On 06/20/2016 07:52 PM, Satish Patel wrote:
>> This is weird question but i thought let me get opinion from you guys.
>> We have following scenario
>> 
>> [ISP]------<Public-IP>-----[Router]-------<Private-IP>-------[L3
>> Switch]------------[Hosts]
>> 
>> 
>> In above diagram we get /24 subnet from ISP for hosts, Now i want to 
>> configure routed network between [Router] and [L3 switch] so can i 
>> use Private IP address (rfc1981)  like 192.168.100.1/30 instead of 
>> Public IP address, to save public IP address in point to point link. 
>> what would be the disadvantage i will get doing that?
> 
> 
> Well, if I understand your question, you want to put private IP's on the point-to-points to save ip addresses. The only primary side-effect you will have is for path mtu discovery - if the router or l3 switch needs to fragment a packet for example (or send back any other icmp messages like host unreachable or the like), it's likely to use the interface address 'facing' the destination which would be your private IP's. These are dropped by many firewalls and such, which effectively breaks path mtu discovery and such. Depending on your equipment, you could assign 1 public IP to a loopback interface on the router and to the l3 switch, which usually will cause that device to use that address as the source for any icmp messages it generates.I am not %100 certain of the fine details (would love someone to point out an authoratitive doc that explains this for cisco), but I have used this method for exactly this reason and it does seem to work.
> 
> Mike-
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list