Multihomed Central Office - Public Address Space

Posted on 2013-06-20
Last Modified: 2013-06-21
I have been given the responsibility of somehow multihoming my central office location to the Internet.  I have two separate Internet providers who claim to offer the bandwidth that I need for each link.  My question is regarding public IP address space.  Currently, we purchase our IPs through our single provider.  These are, of course, PA addresses.  To my knowledge, these would not suffice in a dual-homed environment with two ISPs.  I did some quick research on ARIN's website and it looks like we are too small to be candidates for a direct end-user assignment - I'm only using half of a /25 currently.  ARIN's policy requires you to use at least 25% of a /24 upon purchase and 50% within a year.  

So, does anyone out there know what would be the best course of action for my enterprise?  I am a higher education institution in Texas.  I'm a member of Educause, but I'm not sure they can sell me what I need in this case.  Once I get the address question answered, I would then need to know what the best method to purchase a BGP ASN would be.
Question by:marrj
  • 5
  • 5
LVL 28

Accepted Solution

Jan Springer earned 500 total points
ID: 39264323
You can work with PA as long as the provider that has assigned those addresses to you will provide an LOA allowing you to announce them through another AS.  Done all the time and not a big deal.

I wouldn't recommend announcing anything smaller than a /24, however since many routers block smaller prefixes.

If you were to do so, the aggregate that your subnet falls into would allow traffic to flow to your network from the assigning ISP.

It's a bit of a gamble but if you really need two distinct providers, it may be worth the shot.

Any chance you can get a /25 that's contiguous with what you have from your current provider so that you can at least announce a /24?

Author Comment

ID: 39264363
Yes, I'm pretty sure the next /25 in line with my provider is not being used.  Obtaining a /24 should not be a problem.

I currently have one router that advertises my public range to my single ISP.  I was thinking that I would need to purchase a second router that interfaced with my public range and with the second ISP, then run eBGP on both edge routers to advertise into the corresponding ISPs.  Would that be the best course of action?  Would their be any reason to establish iBGP peering between my two edge routers?
LVL 28

Expert Comment

by:Jan Springer
ID: 39264438
Or you use one router for the two peers and ask both to give you a default route.

When it's justified, you can grow into a router that will handle at least two full routing tables.

The only reason that I'd get a second router and do iBGP (even if it's just a default route) is for the redundancy in case one router died.
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.


Author Comment

ID: 39264453
I do like the idea of having a fault tolerant edge with two routers.  I already have an ASA 5515 configured in an active/standby failover.  I think I'm going to pursue the two router approach for a fully redundant edge.

Any word of advice on how to purchase an ASN?
LVL 28

Expert Comment

by:Jan Springer
ID: 39265750
You don't purchase one (technically).  Contact your RIR.  In North American that is ARIN (, in Asia that is APNIC (, in Europe that is RIPE ( and in South America that is LACNIC (

You will fill out the obligatory paperwork and submit a small fee for  the ASN.  The RIR may require proof of multi-homing such as a copy of a contract (the first is already established).

Holler if you need help.  It's a rather each process.  If you get a four byte ASN, make sure that your router firmware supports it.

Author Comment

ID: 39266278
I will have BGP running on a couple of Cisco 2921 ISR's.  How do I find out if they will support a four-byte ASN?
LVL 28

Expert Comment

by:Jan Springer
ID: 39266395
What is the output of "sho ver"?

Author Comment

ID: 39266446
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, REL                                                                             EASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

HOSTNAME uptime is 5 days, 17 hours, 45 minutes
System returned to ROM by power-on
System restarted at 22:40:05 UTC Sat Jun 15 2013
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco CISCO2921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID ************
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

Device#   PID                   SN
*0        CISCO2921/K9          *************

Technology Package License Information for Module:'c2900'

Technology    Technology-package           Technology-package
              Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
uc            None          None           None
data          None          None           None

Configuration register is 0x2102
LVL 28

Expert Comment

by:Jan Springer
ID: 39266616
You don't need to worry about 4-byte ASNs since you cannot take two full routing tables.  If you like this router and cannot justify something heavier, I would recommend asking for a default route from both providers and just doing iBGP between the two.

Author Comment

ID: 39266755
I like that plan.  Thank you very much for all of your wisdom in this area.  Look for another one of my posts soon.  I will name it "BGP for multihomed enterprise".  I'm going to post my BGP config on EE for verification of its correctness.  I would like to award you the points for this post though.  So, stay tuned.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question