[arin-ppml] /48 per Site

Chris Engel cengel at sponsordirect.com
Tue Apr 6 10:54:55 EDT 2010

Not everyone's needs nor approach will be the same, which is kinda the whole point behind this discussion of allowing people different addressing options (PA, PI , ULA-R, ULA-C)  to find the one that THEY feel works best for them. However my general approach for multiple branch offices would definately be some variation of below. Get a small PA assigment from whatever ISP makes the most sense for each branch office, setup tunnels back to corporate from thier branch office/soho firewalls and use private address space (ULA) for everything inside the firewalls. If it made sense for a branch office to advertise something public (probably wouldn't be very much) setup a DMZ off thier firewall with the couple of public addresses they need from thier local ISP and NAT them on the FW to whatever devices are running those.

For my book, this gives the most bang for the buck in terms of flexibility, security and compliance. If your using ULA-C space in this scenerio, you don't even need to worry so much about merger issues from an addressing scheme.

> These remote sites probably don't host publicly reachable
> services, so a simple "use PA addresses (/48 or even /56) and
> tunnel to corporate" approach would work just fine, yes?
> They could even be multi-homed, but use something like GRE to
> have multiple concurrent tunnels over different providers'
> addresses to get back to the hub.

Christopher Engel
Network Infrastructure Manager
cengel at sponsordirect.com
p(914) 729-7218
f (914) 729-7201

More information about the ARIN-PPML mailing list