new connection with 6 static public IPs (/29 block) routed via single /30

[Ed2010]

We're getting a new connection which the provider describes as having 6 static public IPs (/29 block) routed via single /30. In the past I've always just gotten a /29 for our connections, where I would have private ip address on one router interface (192.168.0.1/24 say) and then second router interface with one of the public ip addresses and would put in a default route to the provider ip from the same subnet ie if subnet block was 50.50.50.0/29 provider gateway would be 50.50.50.1 and my router external interface would be 50.50.50.2. Then I would use static nat to have 4 devices with public ip addresses.

How do I handle these two public ip ranges that provider is giving me? For example let's use private/internal subnet of 192.168.0.0/24, router ip of 192.168.0.1, public subnet 100.100.100.0/30 where provider has told me to configure 100.100.100.2 as my external router interface, and add a default route to 100.100.100.1(address on their end), and second subnet is 200.200.200.0/29. Do I need a router with 3 interfaces, one for each subnet? Or do I need two routers like this
Private subnet ->router -> public /29 subnet ->router ->public /30 subnet ?
Right now I'm looking at using a Cisco 2811 as router, interfaces fe0/0 and fe0/1. Normally I would use fe0/0 for outside/public address and fe0/1 for inside/private address, then use ip nat overload for client internet access and ip nat static for web server/mail server.

Does anyone have experience with a connection like this? Any help appreciated, thanks

 

[meyer1y2k]

Been a while since I have done one like this (literally years) but from what I remember we would assign the /30 address to the physical interface connected to the service provider and then set up a Loopback interface with the IP addresses of the public assigned to us. We could then set up NAT and port forwarding as needed.

I believe you can also assign ALL the addresses to the interface assigned to the SP using IP address X.X.X.X X.X.X.X secondary

Mike

 

[burtsbees]

Your provider should be routing your /29---you can configure inside interface as public (the /29 addresses) or NATted to privates.

-Tim

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[Ed2010]

Thanks for the input guys. Sorry for the delay getting back. Right now I have it configured with basic NAT overload configuration with /30 address on external interface, private address on internal interface, and as you said Mike one of the /29 addresses as a loopback. NAT overload is working properly and I am able to ping and do traceroute to /29 loopback address from outside so I know service provider is doing the routing to this subnet. Will be adding static NAT and also site to site vpn onto it shortly. It's located at a new site that is still in state of change. Thanks again