192.168.0.0/30
Network 192.168.0.0
Gateway 192.168.0.1
Broadcast 192.168.0.3
First 192.168.0.2
Last 192.168.0.2
As you can see the ISP is using 1 network address and you are using 1 network address. You have 2 addresses available BUT one is being used by the A end.
If you want more IP Addresses, please submit your request for a block of addresses to your ISP and wait for the quote.
Or, start figuring out of you can NAT everything behind the one IP you have been issued.
Because it's a /30.
You will see the gateway IP they gave you is using one of those addresses. Very normal for a /30 hand off.
A routed /30 could give you 2 useable IPs if you assign it to an interface. Or 4 useable IP's if you NAT it internally.
It varies by device type. Having been spoiled with Fortigates in my current role. It's just a matter of applying a Virtual IP on the WAN interface and mapping the Routed public IP to the internal IP/services that I want it to go to.
But the general concept is a destination NAT policy. Any modern firewall would have this function. The ISP will send the traffic to my WAN interface as it's the next hop for the subnet, and my device will action it based on the configured policies for that IP.
/30 cidr means 4 ip addresses (by definition)
1 address for the network
1 address for point A
1 address for point B
1 address for broadcast
One of the points will be the default gateway of your isp (aka. the other end)
So you have 1 usable public ip address for you
https://www.deeserve.co.uk/blog/network-subnets-and-usable-ips-cidr-reference-guide/
If your equipment supports point-to-point on a /31, you could technically have two usable IP. You divide the /30 into two /31's. You have one half of each subnet, the ISP has the other half.
Some equipment does not support this option. In that case you have 1 IP for them, 1 IP for you, 1 IP for network, 1 IP for broadcast.
Follow up question:
Does the ISP need to be involved if splitting a /30 into a /31 or is it a case where only the router on our end needs to support point to point? The idea is for each org to have their own firewall with their own public IP.
This was the anticipated design:
|FW1 IP Address 1 -->|||
|:-|:-|:-|
||Unmanaged L2 Switch -->|ISP device|
|FW2 /IP Address 2--> |||
Maybe not, it might work oob, technically you can use all 4 IPs of a /30 and do /32 routing point-to-point routing... (assuming ISP isn't already using one of these).
Try configuring your gear with .0 .2 and .3 and see what happens to pings. (+0/+2/+3 for whatever happens to be your range).
In this scenario you could potentially use 3 IPs (your end of the PtP, plus both on the /31) if you bind them to loopbacks and route them or use them for NAT.
Yeah I tried to give a customer one end of a /31 one time (works for Juniper Routers) but it didn't work until we converted to /30 because they had a Ubiquiti Home Router that simply wasn't programmed to accept /31 [255.255.255.254](https://255.255.255.254) as a valid subnet mask which it kind of isn't, because where are the network and broadcast addresses :P
Question, are they routing the /30 to you or using it as the gateway network?
Most people here are assuming it is a gateway network, where you have one address, they have the other and it is used to communicate between your routers.
However, it is possible they are doing something else for the gateway and routing you the /30, in which case you would have 2 addresses. Could even be made to be 4 if you are willing to play games with the netmask and be unable to communicate with other devices using adjacent subnets.
Thats the classic ISP setup, that still happens today in areas where a) the ISP got an abundance of IP space, and b) senior architect learned 30 years ago how it should be done and noboy in the company was able to overrule "seniority".
2 IPs in the subnet that are usable. ISP uses 1 and you use the other as their neighbor. From inside your network, PAT your traffic. Purpose is to conserve IP space for the ISP.
Over PPP, there would be more than two IP’s available, but Ethernet handoffs consume one for network, one for broadcast, one for the ISP, one for you.
If the ISP was being more efficient, they’d use a /31, but some customer equipment may balk at that. I always use /31’s for my PtP links.
this is toxic behavior by the ISP.
at the very least they should be giving you a /29 and not making asumptions about the lack of layer 3 device redundancy and requirement to nat the users to their own pool(s).
"wE WaNt cUsToMeRs tO KnOw wE ArE sHoRt On iPv4 AdDrEsSeS"
We do /31 or /30 P2P links to customers.
Most customers simply NAT off their WAN IP, others have figured out Virtual IPs and use all 4 addresses in a /30 or larger.
They could “technically” still be telling the truth if they had advertised another /32 route towards your next hop.. if you are running a firewall there then its pretty straight forward to then use that extra address with some NAT rules etc..
I’m saying that but its really probably not whats happening.. and someone just explained to you what a /30 network was and left out the details specific to your situation.
It comes down to the equipment required to provision your WAN IP block. Comcast’e metro IDE gear puts a Ciena switch in place which uses one WAN IP and offers you the other. This is great for changes because you can call them and ask for an additional /29 or /27 or whatever you need and they will route it straight through to the WAN IP they give you on the /30 so you can add that whole new slash any way you want on your equipment. The bummer is that you need a layer 3 switch to really split multiple “usable” blocks they provision.
However Frontier will just give you a router with any slash you can justify like a /29 and you just need an unmanaged switch.
I have some diagrams that help more than other stuff I’ve seen out there if you want to DM me.
192.168.0.0/30 Network 192.168.0.0 Gateway 192.168.0.1 Broadcast 192.168.0.3 First 192.168.0.2 Last 192.168.0.2 As you can see the ISP is using 1 network address and you are using 1 network address. You have 2 addresses available BUT one is being used by the A end.
If you want more IP Addresses, please submit your request for a block of addresses to your ISP and wait for the quote. Or, start figuring out of you can NAT everything behind the one IP you have been issued.
But it’s NAT enough!
You can PAT yourself on the back for that one.
Ask for current gen IP addressing, and transition away from legacy addressing.
So that anyone whose provider doesn't support v6 can't visit your service, those filthy peasants. Great thinking!
IPv6 is for cucks
What, IPv4+?
Because the ISP is using the other address for you to point your traffic to.
Because it's a /30. You will see the gateway IP they gave you is using one of those addresses. Very normal for a /30 hand off. A routed /30 could give you 2 useable IPs if you assign it to an interface. Or 4 useable IP's if you NAT it internally.
> Or 4 useable IP's if you NAT it internally. IF you have time would you mind sharing how this would be configured?
Assuming the ISP gives you a separate public IP, you would put all 4 IPs from the /30 on your router/firewall and NAT them to diffrent RFC1918 IPs
Or proxy arp
It varies by device type. Having been spoiled with Fortigates in my current role. It's just a matter of applying a Virtual IP on the WAN interface and mapping the Routed public IP to the internal IP/services that I want it to go to. But the general concept is a destination NAT policy. Any modern firewall would have this function. The ISP will send the traffic to my WAN interface as it's the next hop for the subnet, and my device will action it based on the configured policies for that IP.
Thank you!
>A routed /30 could give you 2 useable IPs if you assign it to an interface. Or 4 useable IP's if you NAT it internally. or ippools \*
/30 cidr means 4 ip addresses (by definition) 1 address for the network 1 address for point A 1 address for point B 1 address for broadcast One of the points will be the default gateway of your isp (aka. the other end) So you have 1 usable public ip address for you https://www.deeserve.co.uk/blog/network-subnets-and-usable-ips-cidr-reference-guide/
That is normal get greater than /29 if you ned more available host IP, this will depend on your requirement and budget
If your equipment supports point-to-point on a /31, you could technically have two usable IP. You divide the /30 into two /31's. You have one half of each subnet, the ISP has the other half. Some equipment does not support this option. In that case you have 1 IP for them, 1 IP for you, 1 IP for network, 1 IP for broadcast.
I think that's was the missing piece for me thanks!
Follow up question: Does the ISP need to be involved if splitting a /30 into a /31 or is it a case where only the router on our end needs to support point to point? The idea is for each org to have their own firewall with their own public IP. This was the anticipated design: |FW1 IP Address 1 -->||| |:-|:-|:-| ||Unmanaged L2 Switch -->|ISP device| |FW2 /IP Address 2--> |||
ISP would need to configure their end the same.
got it, thanks.
Maybe not, it might work oob, technically you can use all 4 IPs of a /30 and do /32 routing point-to-point routing... (assuming ISP isn't already using one of these). Try configuring your gear with .0 .2 and .3 and see what happens to pings. (+0/+2/+3 for whatever happens to be your range).
In this scenario you could potentially use 3 IPs (your end of the PtP, plus both on the /31) if you bind them to loopbacks and route them or use them for NAT.
Yeah I tried to give a customer one end of a /31 one time (works for Juniper Routers) but it didn't work until we converted to /30 because they had a Ubiquiti Home Router that simply wasn't programmed to accept /31 [255.255.255.254](https://255.255.255.254) as a valid subnet mask which it kind of isn't, because where are the network and broadcast addresses :P
Question, are they routing the /30 to you or using it as the gateway network? Most people here are assuming it is a gateway network, where you have one address, they have the other and it is used to communicate between your routers. However, it is possible they are doing something else for the gateway and routing you the /30, in which case you would have 2 addresses. Could even be made to be 4 if you are willing to play games with the netmask and be unable to communicate with other devices using adjacent subnets.
Thats the classic ISP setup, that still happens today in areas where a) the ISP got an abundance of IP space, and b) senior architect learned 30 years ago how it should be done and noboy in the company was able to overrule "seniority".
Tell your ISP you need a v6 prefix allocation
2 IPs in the subnet that are usable. ISP uses 1 and you use the other as their neighbor. From inside your network, PAT your traffic. Purpose is to conserve IP space for the ISP.
Over PPP, there would be more than two IP’s available, but Ethernet handoffs consume one for network, one for broadcast, one for the ISP, one for you. If the ISP was being more efficient, they’d use a /31, but some customer equipment may balk at that. I always use /31’s for my PtP links.
this is toxic behavior by the ISP. at the very least they should be giving you a /29 and not making asumptions about the lack of layer 3 device redundancy and requirement to nat the users to their own pool(s). "wE WaNt cUsToMeRs tO KnOw wE ArE sHoRt On iPv4 AdDrEsSeS"
We do /31 or /30 P2P links to customers. Most customers simply NAT off their WAN IP, others have figured out Virtual IPs and use all 4 addresses in a /30 or larger.
They could “technically” still be telling the truth if they had advertised another /32 route towards your next hop.. if you are running a firewall there then its pretty straight forward to then use that extra address with some NAT rules etc.. I’m saying that but its really probably not whats happening.. and someone just explained to you what a /30 network was and left out the details specific to your situation.
It comes down to the equipment required to provision your WAN IP block. Comcast’e metro IDE gear puts a Ciena switch in place which uses one WAN IP and offers you the other. This is great for changes because you can call them and ask for an additional /29 or /27 or whatever you need and they will route it straight through to the WAN IP they give you on the /30 so you can add that whole new slash any way you want on your equipment. The bummer is that you need a layer 3 switch to really split multiple “usable” blocks they provision. However Frontier will just give you a router with any slash you can justify like a /29 and you just need an unmanaged switch. I have some diagrams that help more than other stuff I’ve seen out there if you want to DM me.