Ethernet IP Settings

From AAISP Support Site
Revision as of 11:09, 18 March 2015 by AA-Andrew (talk | contribs)

IP settings

The Ethernet link provides a connection between your network and ours, and we connect your network to the internet. To achieve this we provide IP addresses on the link. A block of IP addresses is used specifically to link between us, and then additional addresses are provided as needed for your network.

IPv4 interlink

We provide a block of 8 IPv4 addresses (a /29). As usual the first and last are not usable (network and broadcast) leaving 6 usable addresses. 3 of these are for our use and 3 are usable by you.

For example, if you've been assigned 192.0.2.0/29

Example IP Use description 192.0.2.0 Unusable
192.0.2.1 Virtual gateway address
192.0.2.2 A router address
192.0.2.3 B router address
192.0.2.4 For your use
192.0.2.5 For your use
192.0.2.6 For your use
192.0.2.7 Broadcast

When configuring your router/firewall you must pick one of the three addresses that are for you use, and set the subnet mask to 255.255.255.248. The gateway is set to the first usable address - the virtual gateway. DNS is set to 217.169.20.20 and 217.169.20.21.

You should not use the "A" or "B" router address directly for anything except BGP (see below). The virtual gateway will be the same as either "A" or "B" routers, and we may switch this at any time and disable one or other of the two real routers for maintenance or in the event of failure at any time without notice. What we aim to do is always ensure you have a working virtual gateway and hence an internet connection.

If you have one router, please use the last usable address as the router address and leave the previous two addresses unused.

IPv6 interlink

For IPv6 we will allocate two addresses, one for each of our routers and announce these as router addresses. You should configure your firewall/router to configure its IPv6 external address automatically. If we shut down a router for maintenance it will announce itself as the low priority router before shutting down so as to ensure you switch to the other router automatically.

For example, if you've been assigned 2001:8b0:1628:4000/64

Example IP Use description
2001:8b0:1628:4000::1 Default Gateway for the customer to use
2001:8b0:1628:4000::2 A&A router 1 (internal use)
2001:8b0:1628:4000::3 A&A router 2 (internal use)
2001:8b0:1628:4000::4 Customer router (for example)

You can set DNS manually to 2001:8b0::2020 and 2001:8b0::2021.

Dual routers and VRRP

If you wish to run two routers yourself and use a protocol such as VRRP, set the virtual address as the last usable address. You can use the other two addresses as the real addresses of your two routers. We use VRID 42 for VRRP so use a different VRID if you are using VRRP to avoid any clash.

Additional IP blocks

If you have additional IP requirements, these will be set up on your control pages and you can change the target address if you need. We will set these up to route to your gateway address initially, assuming (for IPv4) that you are using the last usable address as your firewall/router.

BGP

If you are announcing addresses to us using BGP then the routing and fall-back is managed by BGP. You should set up your BGP routers to peer with the two real router addresses ("A" and "B"). If you have two BGP routers then set up a full mesh (4 peer links). In the event of any maintenance we will cleanly close BGP sessions first causing routing to switch as necessary. You will need a suitable IP assignment and AS number for BGP. We support 32 bit AS numbers.

Firewall

If you do not have a router/firewall, we can supply one and assist in configuring it as needed.

Direct PC connections

If you wish, using the /29 interlink, you could connect up to 3 devices directly and not use a firewall/router. However, we recommend always using some sort of firewall/router. We only allocate a /29 for direct connection.

NAT

Obviously you can use network address translation and private addressing on your LAN if you wish. In this case you would not need anything more than the /29 interlink address. However, NAT has many limitations and is not something we recommend. Even if considering NAT for IPv4 we recommend considering IPv6 addressing on your network as well. We can provide advice on this if you are interested.

Ping

Contrary to normal VRRP operation we do answer ICMP echos (pings) on the virtual router address. You can ping this address to confirm you have a working gateway if you wish.

We will normally set up a ping to one of your addresses and provide a graph showing loss and latency on the link from each of our routers. This can be useful in debugging any issues with the fibre or your router.

Multiple links

If you have multiple independent etherflows then these appear on separate VLANs at your end. The above applies to each etherflow to us for internet access. Etherflows to other sites you may have are entirely for you to configure as you wish at an Ethernet level.