Re: Best practice for ptp/loopback numbering for "small" enterprise multihome setup

[Blake Hudson <blake () ispn net>]

On 3/26/2021 12:01 PM, vom513 wrote:
> Hello,
>
> tl;dr - If I only have a /24 PI - is there any way to use this and not “chop it up / deagg” to use for ptp/loopbacks ?
>
> Hopefully I can explain this in a manner that makes sense.
>
> Say I have a vanilla dual router/dual upstream setup (think enterprise internet edge).
>
> It’s basically an “H” shape:
>
> - Two ISPs
> - Two routers (“crosslink” is the middle of the H - iBGP)
> - Each router has at least a link downstream into my public “outside” segment.  I run an FHRP here.  This is where my 
> DMZ firewalls, VPN endpoints etc. have their outside interfaces.
>
> Let’s also say I only have a /24 of PI.
>
> I need to number the crosslink and the loopbacks.  The upstreams will use their own /30 / /31 let’s say for the top of 
> the H.  My downstream interfaces will have my /24 (or parts of it) on the bottom of the H.

Couple things come to mind that might be a more efficient use of address 
space: First, you don't need two routers in order to have dual 
upstreams. Have you considered multi-homing using a single router? If 
you need redundancy, it could be built into a single chassis. Another 
option is that some routers can perform active/standby failover without 
the need for extra public addresses. For example, two Cisco ASAs would 
have a cross-link, but this link is limited to keeping state and HA 
heartbeat between the two units and can be numbered with either an IPv6 
link local or RFC-1918 address. Other platforms may have the option for 
Virtual Chassis, VSS, stacking, or similar technology that can conserve 
address space compared to two independent and traditionally addressed 
routers.