Setting up Metro E Routing / Subnets from Comcast
-
Hello All,
I'm running into bit of a problem with setting up a Metro-E connection from Comcast to work with PFSense. In general, I am able to get the main point to point ip working fine and am able to connect to the internet, however it's the static IP block they assigned i'm having difficulty getting to work. Any input or suggestions would be appreciated.
In general, Two Subnets are assigned from Comcast on their Metro-E Side.
/30 Network for the point to point connection (This is currently what is assigned to the gateway on the pfsense box allowing the devices internally to get out to the network)
/28 Network for the Public IP Address.
Comcast has the following notes on their website:
You receive two subnets from Comcast with Comcast Business Ethernet Dedicated Internet (EDI) circuits:
Wide Area Network (WAN) point-to-point connection between your network and Comcast Business
Public LAN (Local Area Network) IP Block
WAN Point-to-Point Connection
In an EDI plan, the WAN subnet is typically in the form of a /30 (255.255.255.252) network since the circuit is a point-to-point connection type.
Note: Comcast’s standard configuration is to use the /30 WAN point-to-point IP block. It is possible to have the WAN subnet in the form of a subnet larger than a /30, however this is an individual case basis that must be approved by Comcast Business.
The WAN point-to-point network provides security against Denial of Service (DOS) spoofing attacks and a clear demarcation point between your routed networks and Comcast Business.
Public LAN IP Block
The Public IP Block is in the form of a /29 - /24 network, depending on the information you provided us during network design. You are responsible for securing and providing a Layer 3 router capable of routing traffic between Comcast Business and your LAN. We do not consult or configure Customer Premise Equipment (CPE). The Layer 3 router should have at least two Layer 3 WAN network interfaces. One interface should face Comcast P2P (/30) and the other interface should face your LAN (/29 - /24).
Any input would be appreciated. Thank You!
-
OMG an ISP with a clue. And it's Comcast. /me checks outside to see if it's raining frogs.
Put the /30 on your WAN interface. Then you can do whatever you want with the /28. You can use it as VIPs on WAN, you can assign it to an inside interface and give the hosts there public IP addresses and not have to NAT, you can split it into two /29s, 4 /30s, 8 /31s, etc.
What do you want to do with the /28?
-
The above is correct to my knowledge as well. We run an HA setup and use CARP VIPs for everything WAN. We have a directly allocated /27 to our WAN interface as well as a routed /25. The ISP routes the /25 traffic to our primary IP on the /27 and everything works like magic. We only have one upstream gateway so there was no additional work required on our side.