Colo - IP address range question - how to route?

[tigweld0101]

I got a /28 from my colo provider. Previously I got a /31 where there are 2 IP addresses then I just pointed my address to the upstream gateway and I was done. Ez in pfSense and Fortinet.

This time I got an address range, subnet, and a gateway IP. Do I then need to assign my router/ firewall an IP address in my range to then route to the gateway IP address? Or does this mean I need to now BGP? OpenBGPD package - PFSenseDocs

 

[cptbjorn]

What are you trying to do with them? If you want those IPs publicly routable AND behind pfsense then yes, I think you'll need BGP. But there are a couple other options that are a little less work:

1. Add each IP as a virtual IP on pfsense and use NAT rules to an internal network use them
2. Assuming pfsense is virtualized, just give other VMs NICs on your external vswitch and give them external IPs. You don't get to firewall them this way.

 

[namike]

It sounds like to me your colo provider is giving you a block of IPs to use as your please. Looks like 14 usable IP addresses.

Ex.
200.200.100.64/28

200.200.100.64 network
200.200.100.65-200.200.100.78 usable
200.200.100.79 broadcast

Since this is a colo, I'm sure they are just giving you an address chunk off their larger IP space and their router is already doing the route announcements for you to the internet via BGP, so you will not have to run BGP on your end.

On your firewall you will need to put a 0.0.0.0/0 static route to the gateway IP they have provided you.

You can then setup either NAT/PAT depending on how you want the boxes behind your firewall to talk to the internet. If you just wanted all your servers to talk out the same public IP (ex. 200.200.100.65) then assign it to your untrust interface (not sure if that is the correct terminology in pfsense) then configure NAT so that your internal hosts all get translated to that IP as they leave the firewall.

--Mike