Best practice with multiple subnets on WAN
a customer installation got additional IP ranges (/28s and /29) for their setup. Problem is, the ISP won't route them to their already existent /29 subnet but configured it by using the first IP as their GW address. As WAN and default GW are now on the first /29, how can we best catch those additional subnets/IPs and route them back via their own gateway?
Get a new ISP. They're the ones who need to take a look at whatever "best practices" are in play here.
You are asking for ugly, hacky workarounds, not best practice (which would be the new subnet routed to an existing address on the /29).
You might be able to get away with Proxy ARP VIPs on WAN as long as the existing gateway IP address will accept traffic sourced from those addresses. I can't think of anything that will work other than another physical interface on the same layer 2 to them set up as multi-wan if the current gateway will not accept the traffic. Maybe someone else knows.
You might even be able to create an inside interface using the /28 and, coupled with the proxy ARP VIPs it might work there.
so let me get this right..
So you had a /29, lets call it
Where 188.8.131.52 lets say is the ISP an your gateway. And you have the rest of the 29 to use.
They then added non adjacent /28 and another /29.. but instead of routing this to your say 184.108.40.206/29 address they just created these layer 3 networks on the same layer 2 your 220.127.116.11/29 is on??
Yeah with Derelict here - Get a new ISP ;) That is not how you would best practice do it, that is not how it should ever be done.. If they can not just increase your first /29 with adjacent space and give you say a /27 to give you the IPs you wanted then they should route your new networks to your existing network. So the you can do whatever you want with them.
viragomann last edited by
I've the same situation on a pfSense, two /29 and one /28, non adjacent and not routed. Each subnet has its gateway.
Each unique utilizable address of the ranges is added as VIP to the WAN interface and there is only one upstream gateway set in pfSense and any response is routed to it.
Why want you route packets back to the proper subnet gateway while they are also accepted by the first GW?