• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 539
  • Last Modified:

Multihomed Central Office - Public Address Space

I have been given the responsibility of somehow multihoming my central office location to the Internet.  I have two separate Internet providers who claim to offer the bandwidth that I need for each link.  My question is regarding public IP address space.  Currently, we purchase our IPs through our single provider.  These are, of course, PA addresses.  To my knowledge, these would not suffice in a dual-homed environment with two ISPs.  I did some quick research on ARIN's website and it looks like we are too small to be candidates for a direct end-user assignment - I'm only using half of a /25 currently.  ARIN's policy requires you to use at least 25% of a /24 upon purchase and 50% within a year.  

So, does anyone out there know what would be the best course of action for my enterprise?  I am a higher education institution in Texas.  I'm a member of Educause, but I'm not sure they can sell me what I need in this case.  Once I get the address question answered, I would then need to know what the best method to purchase a BGP ASN would be.
  • 5
  • 5
1 Solution
Jan SpringerCommented:
You can work with PA as long as the provider that has assigned those addresses to you will provide an LOA allowing you to announce them through another AS.  Done all the time and not a big deal.

I wouldn't recommend announcing anything smaller than a /24, however since many routers block smaller prefixes.

If you were to do so, the aggregate that your subnet falls into would allow traffic to flow to your network from the assigning ISP.

It's a bit of a gamble but if you really need two distinct providers, it may be worth the shot.

Any chance you can get a /25 that's contiguous with what you have from your current provider so that you can at least announce a /24?
marrjAuthor Commented:
Yes, I'm pretty sure the next /25 in line with my provider is not being used.  Obtaining a /24 should not be a problem.

I currently have one router that advertises my public range to my single ISP.  I was thinking that I would need to purchase a second router that interfaced with my public range and with the second ISP, then run eBGP on both edge routers to advertise into the corresponding ISPs.  Would that be the best course of action?  Would their be any reason to establish iBGP peering between my two edge routers?
Jan SpringerCommented:
Or you use one router for the two peers and ask both to give you a default route.

When it's justified, you can grow into a router that will handle at least two full routing tables.

The only reason that I'd get a second router and do iBGP (even if it's just a default route) is for the redundancy in case one router died.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

marrjAuthor Commented:
I do like the idea of having a fault tolerant edge with two routers.  I already have an ASA 5515 configured in an active/standby failover.  I think I'm going to pursue the two router approach for a fully redundant edge.

Any word of advice on how to purchase an ASN?
Jan SpringerCommented:
You don't purchase one (technically).  Contact your RIR.  In North American that is ARIN (www.arin.net), in Asia that is APNIC (www.apnic.net), in Europe that is RIPE (www.ripe.net) and in South America that is LACNIC (www.lacnic.net).

You will fill out the obligatory paperwork and submit a small fee for  the ASN.  The RIR may require proof of multi-homing such as a copy of a contract (the first is already established).

Holler if you need help.  It's a rather each process.  If you get a four byte ASN, make sure that your router firmware supports it.
marrjAuthor Commented:
I will have BGP running on a couple of Cisco 2921 ISR's.  How do I find out if they will support a four-byte ASN?
Jan SpringerCommented:
What is the output of "sho ver"?
marrjAuthor Commented:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, REL                                                                             EASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

HOSTNAME uptime is 5 days, 17 hours, 45 minutes
System returned to ROM by power-on
System restarted at 22:40:05 UTC Sat Jun 15 2013
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco CISCO2921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID ************
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

Device#   PID                   SN
*0        CISCO2921/K9          *************

Technology Package License Information for Module:'c2900'

Technology    Technology-package           Technology-package
              Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
uc            None          None           None
data          None          None           None

Configuration register is 0x2102
Jan SpringerCommented:
You don't need to worry about 4-byte ASNs since you cannot take two full routing tables.  If you like this router and cannot justify something heavier, I would recommend asking for a default route from both providers and just doing iBGP between the two.
marrjAuthor Commented:
I like that plan.  Thank you very much for all of your wisdom in this area.  Look for another one of my posts soon.  I will name it "BGP for multihomed enterprise".  I'm going to post my BGP config on EE for verification of its correctness.  I would like to award you the points for this post though.  So, stay tuned.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now