On Aug 22, 2012, at 3:52 AM, Tobias Crefeld wrote: > Not sure, if I understand you right: Did you move the /23 on another > ethernet interface when establishing the transit network (/30) ?
No, we replaced it. We use NAT for all of our public IP addresses, so we didn't have to reassign anything; the NAT section of the PF ruleset continued to handle everything. The CARP interface used to have all of the /23 assigned as aliases, but now it just has the endpoint of the /30 assigned and our ISP routes all traffic for the /23 to that interface as its next hop. To make that more concrete, here is what our interfaces used to look like (numbers changed to protect the guilty): ===================== begin hostname.carp2 ===================== up vhid 3 pass Redacted carpdev vlan1234 advskew 0 description "CARP: WAN" # 192.168.0.1 reserved by ISP for router address inet alias 192.168.0.2 255.255.255.255 inet alias 192.168.0.3 255.255.255.255 inet alias 192.168.0.4 255.255.255.255 # ... 0.5 - 0.255 and 1.0 - 1.253 omitted for brevity inet alias 192.168.1.254 255.255.255.255 ====================== end hostname.carp2 ====================== The ISP claimed the lowest address (.1) for their router and we aliased the remaining addresses in the /23. After the changeover, the CARP device looked like this: ===================== begin hostname.carp2 ===================== inet 10.0.0.2 255.255.255.252 10.0.0.1 vhid 3 pass Redacted carpdev vlan1234 advskew 0 description "CARP: WAN" ====================== end hostname.carp2 ====================== 10.0.0.0/30 is the new transit network, with the ISP claiming the smallest address (.1) and us getting the largest (.2). The ISP now routes our 192.168.0.0/23 to 10.0.0.2 as the next-hop. Our box NATs the /23 to our internal LAN. Jason -- Jason Healy | jhe...@logn.net | http://www.logn.net/
