Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up Metro E Routing / Subnets from Comcast

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      i4cs
      last edited by

      Hello All,

      I'm running into bit of a problem with setting up a Metro-E connection from Comcast to work with PFSense. In general, I am able to get the main point to point ip working fine and am able to connect to the internet, however it's the static IP block they assigned i'm having difficulty getting to work. Any input or suggestions would be appreciated.

      In general, Two Subnets are assigned from Comcast on their Metro-E Side.

      /30 Network for the point to point connection (This is currently what is assigned to the gateway on the pfsense box allowing the devices internally to get out to the network)

      /28 Network for the Public IP Address.

      Comcast has the following notes on their website:

      You receive two subnets from Comcast with Comcast Business Ethernet Dedicated Internet (EDI) circuits:

      Wide Area Network (WAN) point-to-point connection between your network and Comcast Business

      Public LAN (Local Area Network) IP Block

      WAN Point-to-Point Connection

      In an EDI plan, the WAN subnet is typically in the form of a /30 (255.255.255.252) network since the circuit is a point-to-point connection type.

      Note: Comcast’s standard configuration is to use the /30 WAN point-to-point IP block. It is possible to have the WAN subnet in the form of a subnet larger than a /30, however this is an individual case basis that must be approved by Comcast Business.

      The WAN point-to-point network provides security against Denial of Service (DOS) spoofing attacks and a clear demarcation point between your routed networks and Comcast Business.

      Public LAN IP Block

      The Public IP Block is in the form of a /29 - /24 network, depending on the information you provided us during network design. You are responsible for securing and providing a Layer 3 router capable of routing traffic between Comcast Business and your LAN. We do not consult or configure Customer Premise Equipment (CPE). The Layer 3 router should have at least two Layer 3 WAN network interfaces. One interface should face Comcast P2P (/30) and the other interface should face your LAN (/29 - /24).

      Any input would be appreciated. Thank You!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        OMG an ISP with a clue. And it's Comcast. /me checks outside to see if it's raining frogs.

        Put the /30 on your WAN interface. Then you can do whatever you want with the /28. You can use it as VIPs on WAN, you can assign it to an inside interface and give the hosts there public IP addresses and not have to NAT, you can split it into two /29s, 4 /30s, 8 /31s, etc.

        What do you want to do with the /28?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rpbaetens
          last edited by

          The above is correct to my knowledge as well. We run an HA setup and use CARP VIPs for everything WAN. We have a directly allocated /27 to our WAN interface as well as a routed /25. The ISP routes the /25 traffic to our primary IP on the /27 and everything works like magic. We only have one upstream gateway so there was no additional work required on our side.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.