Ben Grabau
We all know IPv4 addresses are becoming more scarce, We’ve been warned about it for decades, and yet still every router I touch is primarily configured for IPv4. When it comes to preserving IP space, we’ve had NAT and RFC1918 for decades, and more recently CGNAT with RFC 6598.
I try to be as resourceful with my address space as possible. Most setups only require one routable address per site, some even getting away with CGNAT, particularly with MPLS/SD-WAN technologies.
My ISP at home provides me with a frame-routed /30 IP address range that directs traffic to my allocated subnet to my router via it’s primary IP address.
Instead of assigning 2 usable addresses, and broadcast and network addresses out of the four addresses available, I wanted to explore options for getting the most usable addresses as possible.
In a typical DIA or even a standard home network, the assigned IP address typically belongs to the same network as the gateway, as defined by the subnet mask. This requires at least two usable IP addresses and therefore a /30 (many routers support RFC3021 that allow for /31 addresses, but this is still using one more IP address than I’d like).
I use a Mikrotik RB5009 router at home – it’s a powerful and inexpensive device with lots of capability. Miktrotik builds routers with WISPs in mind, and therefore has many of the functions WISPs look for in a router.
PPPoE
PPPoE allows for a point-to-point tunnel to be created, typically between a BNG router and a CPE. The CPE authenticates with a username and password, and the BNG assigns a /32 IP address and a gateway address. The gateway address doesn’t need to be on the same network as the assigned IP, in fact it can be a private address.
Using RouterOS makes setting up a PPPoE server easy. In this example, my ISP has provided me a primary IP address of 198.51.100.189/24 and a framed-routed network of 203.0.113.80/30.
We’ll create a PPPoE profile with our gateway address and add some secrets (or PPPoE accounts) that will allow us to connect. We’ll create the PPPoE server and attach it to the bridge interface, but you can use a specific interface in your configuration.
/ppp
profile add name=PPPoE local-address=100.65.65.65
secret add name=MyServer0 password=terrible remote-address=203.0.113.80 service=pppoe
secret add name=MyServer1 password=terrible remote-address=203.0.113.81 service=pppoe
secret add name=MyServer2 password=terrible remote-address=203.0.113.82 service=pppoe
secret add name=MyServer3 password=terrible remote-address=203.0.113.83 service=pppoe
/interface
pppoe-server server add interface=bridge service-name=
serversIn my case I also had to add a NAT rule that bypassed my usual NAT rules for my private network on my primary address:
/ip/firewall/nat
add action=accept src-address=203.0.1
13.80/30 chain=srcnat place-before=0Once the router config is done, it’s time to create a PPPoE session from your end computer. I’ll leave it to the reader to find a suitable guide for their operating system.
DHCP /32 addressing
It turns out you can use DHCP to provide a /32 IP address, along with a DHCP option to provide the client with a static route via the lease interface to find the gateway.
Most modern operating systems will handle this just fine (including Windows, but my use case is with Linux servers only).
We’ll create a DHCP server instance, add some DHCP options and create a static lease for our server.
/ip/dhcp-server
add name=servers address-pool=static-only lease-
time=8h interface=br-servers
option add code=121 name=classless-static-route-option value=0x00644141FE20644141FE644141FE
# this one may or may not be required, depending on your operating system
option add code=3 name=router value="'100.65.65.254'
option sets add name=servers-options options=classless-static-route-option,router
lease add mac-address=AB:CD:EF:12:34:56 address=203.0.113.80 server=servers dhcp-option-set=servers-options Static (or dynamic) routing
You can also assign a private IP address to the client and add a static route to for the internet-routable IP address. You will need to add the address the target machine’s network adapter or loopback interface.
/ip/dhcp-server
add name=servers address-pool=static-only lease-
time=8h interface=br-servers
network add address=100.65.65.0/24 dns-server=100.65.65.254 gateway=100.65.65.254
lease add mac-address=AB:CD:EF:12:34:56 address=100.65.65.1 routes=203.0.113.80/32
# or if you prefer just a static route
/ip/route
add dst-address=203.0.113.80/32 gateway=100.65.65.1Conclusion
It’s a privilege these days to have a single internet-routable IP address, so while it can take some extra time to setup, preserving as many addresses as you can will help.
No Comments