Go Premium for a chance to win a PS4. Enter to Win


Multihomed Central Office - Public Address Space

Posted on 2013-06-20
Medium Priority
Last Modified: 2013-06-21
I have been given the responsibility of somehow multihoming my central office location to the Internet.  I have two separate Internet providers who claim to offer the bandwidth that I need for each link.  My question is regarding public IP address space.  Currently, we purchase our IPs through our single provider.  These are, of course, PA addresses.  To my knowledge, these would not suffice in a dual-homed environment with two ISPs.  I did some quick research on ARIN's website and it looks like we are too small to be candidates for a direct end-user assignment - I'm only using half of a /25 currently.  ARIN's policy requires you to use at least 25% of a /24 upon purchase and 50% within a year.  

So, does anyone out there know what would be the best course of action for my enterprise?  I am a higher education institution in Texas.  I'm a member of Educause, but I'm not sure they can sell me what I need in this case.  Once I get the address question answered, I would then need to know what the best method to purchase a BGP ASN would be.
Question by:marrj
  • 5
  • 5
LVL 29

Accepted Solution

Jan Springer earned 2000 total points
ID: 39264323
You can work with PA as long as the provider that has assigned those addresses to you will provide an LOA allowing you to announce them through another AS.  Done all the time and not a big deal.

I wouldn't recommend announcing anything smaller than a /24, however since many routers block smaller prefixes.

If you were to do so, the aggregate that your subnet falls into would allow traffic to flow to your network from the assigning ISP.

It's a bit of a gamble but if you really need two distinct providers, it may be worth the shot.

Any chance you can get a /25 that's contiguous with what you have from your current provider so that you can at least announce a /24?

Author Comment

ID: 39264363
Yes, I'm pretty sure the next /25 in line with my provider is not being used.  Obtaining a /24 should not be a problem.

I currently have one router that advertises my public range to my single ISP.  I was thinking that I would need to purchase a second router that interfaced with my public range and with the second ISP, then run eBGP on both edge routers to advertise into the corresponding ISPs.  Would that be the best course of action?  Would their be any reason to establish iBGP peering between my two edge routers?
LVL 29

Expert Comment

by:Jan Springer
ID: 39264438
Or you use one router for the two peers and ask both to give you a default route.

When it's justified, you can grow into a router that will handle at least two full routing tables.

The only reason that I'd get a second router and do iBGP (even if it's just a default route) is for the redundancy in case one router died.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 39264453
I do like the idea of having a fault tolerant edge with two routers.  I already have an ASA 5515 configured in an active/standby failover.  I think I'm going to pursue the two router approach for a fully redundant edge.

Any word of advice on how to purchase an ASN?
LVL 29

Expert Comment

by:Jan Springer
ID: 39265750
You don't purchase one (technically).  Contact your RIR.  In North American that is ARIN (www.arin.net), in Asia that is APNIC (www.apnic.net), in Europe that is RIPE (www.ripe.net) and in South America that is LACNIC (www.lacnic.net).

You will fill out the obligatory paperwork and submit a small fee for  the ASN.  The RIR may require proof of multi-homing such as a copy of a contract (the first is already established).

Holler if you need help.  It's a rather each process.  If you get a four byte ASN, make sure that your router firmware supports it.

Author Comment

ID: 39266278
I will have BGP running on a couple of Cisco 2921 ISR's.  How do I find out if they will support a four-byte ASN?
LVL 29

Expert Comment

by:Jan Springer
ID: 39266395
What is the output of "sho ver"?

Author Comment

ID: 39266446
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, REL                                                                             EASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

HOSTNAME uptime is 5 days, 17 hours, 45 minutes
System returned to ROM by power-on
System restarted at 22:40:05 UTC Sat Jun 15 2013
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco CISCO2921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID ************
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

Device#   PID                   SN
*0        CISCO2921/K9          *************

Technology Package License Information for Module:'c2900'

Technology    Technology-package           Technology-package
              Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
uc            None          None           None
data          None          None           None

Configuration register is 0x2102
LVL 29

Expert Comment

by:Jan Springer
ID: 39266616
You don't need to worry about 4-byte ASNs since you cannot take two full routing tables.  If you like this router and cannot justify something heavier, I would recommend asking for a default route from both providers and just doing iBGP between the two.

Author Comment

ID: 39266755
I like that plan.  Thank you very much for all of your wisdom in this area.  Look for another one of my posts soon.  I will name it "BGP for multihomed enterprise".  I'm going to post my BGP config on EE for verification of its correctness.  I would like to award you the points for this post though.  So, stay tuned.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question