Routing of a public IP network

networking subnet ip routing

Given a (public) network 198.51.100.0/24 that is routed to HostA and I want to route a subnet of it (say, 198.51.100.16/28) to HostB. HostA and HostB are connected over some sort of point-to-point link (e.g. VPN or PPP).

What are the options (and what is the best practice) to route such a net? Technically I should not use a private IP (RFC1918) because such an IP should never be mixed with publicly routable IP addresses.

I could split off a /30 network and use it as a point-to-point link between HostA and HostB and on top of it route 198.51.100.16/28. But that seems wasteful.

Can I use a RFC1918 address for it? Can I use a link-local address?

Edit: I tried tracert and indeed, there are RFC1918 addresses interspersed in between (Note: the first one I think is my CGNAT but the others are definitely in the public network):

  [...]
  2    70 ms    70 ms    71 ms  10.8.0.1
  3    78 ms    71 ms    73 ms  D [64.44.32.1]
  4    72 ms    71 ms    71 ms  89-88-12-198.as20278.net [198.12.88.89]
  5    72 ms    74 ms    70 ms  10.8.40.245
  6    71 ms    71 ms    73 ms  10.8.6.33
  7    75 ms    71 ms    73 ms  buf-b1-link.ip.twelve99.net [62.115.59.89]
  8    82 ms     *       81 ms  nyk-bb1-link.ip.twelve99.net [62.115.118.122]
  9   188 ms     *      157 ms  ldn-bb4-link.ip.twelve99.net [62.115.112.245]
 10   364 ms   212 ms   294 ms  prs-bb2-link.ip.twelve99.net [62.115.114.229]
 11   208 ms   297 ms   304 ms  ffm-bb2-link.ip.twelve99.net [62.115.122.139]
 12   282 ms   246 ms   361 ms  win-bb4-link.ip.twelve99.net [62.115.138.23]
 13   303 ms   180 ms   325 ms  win-b2-link.ip.twelve99.net [62.115.114.183]
[...]

Solution 1:

You can use any subnet from the RFC 1918 ranges for routing in between. As long as the connected hosts can make sense of it it'll work. For a P2P link, a /31 subnet is sufficient. For a PPP connection, addressing isn't even required, just routing.

Just make sure that no private IP packets leak out from any host to the Internet. Especially HostB needs to use 198.51.100.16/28 address for outgoing packets to the Internet - usually that can be established by binding all relevant services specifically to that address.

However, routing from the 198.51.100.0/24 to the 198.51.100.16/28 subnet may pose a challenge as they overlap. Hosts on 198.51.100.0/24 will not use HostA as gateway. You'll need to use static ARP entries, proxy ARP or similar to get the packets routed. It might be useful to cleanly subnet 198.51.100.0/24 first, making the problem trivial.

tracert works by sending incremental TTL probes towards the destination and displaying where they timed out. As long as intermediate gateways return a TTL expired in transit message you'll see them in the list. Whether they use public or private addresses on the used interface or just as a general ICMP source address doesn't matter.

If you don't want that you need to either disable or filter such messages (making the hop show up as * * *) or use a public IP address for ICMP errors. Note that HostA is the last hop gateway, so it depends on its setup (likely a public address anyway). HostB won't time out the TTL because that is only checked when forwarding - HostB might reply to a ping though but that usually returns the ping's destination address (which cannot be private from the public Internet).

Related

How to change desktop files selection color on Windows 10 [duplicate]
i enter "rm -rf /obj" and my system is broked
How to get emacs to highlight and link file paths
Spark Driver in Apache spark
What gui library is used by sublime text editor?
Removing all DataGrid row and cell borders
Typescript compiler error when importing json file
JavaScript random generate 0 or 1 integer [duplicate]
LINQ to Entities for subtracting 2 dates
Events - naming convention and style
.toLowerCase not working, replacement function?
php: try-catch not catching all exceptions