[SOLVED] Multiple IP's on a single WAN port

May 6, 2020
3
0
10
I have a single FTTP delivered to a company and on that I have multiple public IPv4 addresses for different customers.
I wish to send traffic for each specified IP to each customer. i.e

WAN Port 1-->Public IP1 - 185.220.1.1 --> Customer 1 --> LAN Port 2 --> Firewall customer 1
Wan Port 1 -->Public IP2 - 185.220.1.2 --> Customer 2 --> Lan Port 5 --> Firewall customer 2

Each customer has their own firewall but I would liek to set up bandwidth limits on different customers i.e Customer 1 = 200Mb/s, Customer 2 = 100Mb/s.

I can use an unmanged switch to ensure the traffic to each customer but does anyone have a better solution as most unmanged switches wont do bandwidth control.
 
Solution
You are going to have to buy a actual router. The ability to do things like this are why they really should not call the boxes you buy in the consumer stores routers. You also to some point can accomplish this with a managed switch. Many of those have ability to limit traffic. It is very basic but if you just want to limit all types of traffic on a certain port to a fixed data rate they can accomplish that.

This is one of those either buy well known brands such as cisco,hp,juniper etc and it will be easy with lot of documentation. Otherwise you search out the lessor known companies that sell to the smaller business market. These devices will work but they many time can be tricky to configure and less user/forum type of...
You are going to have to buy a actual router. The ability to do things like this are why they really should not call the boxes you buy in the consumer stores routers. You also to some point can accomplish this with a managed switch. Many of those have ability to limit traffic. It is very basic but if you just want to limit all types of traffic on a certain port to a fixed data rate they can accomplish that.

This is one of those either buy well known brands such as cisco,hp,juniper etc and it will be easy with lot of documentation. Otherwise you search out the lessor known companies that sell to the smaller business market. These devices will work but they many time can be tricky to configure and less user/forum type of support.

You can of course use pc with multiple nic cards and build your own using one of the many free unix router implementations.
 
Solution
I have a Juniper SRX340 for my network, but I didnt want the other customer traffic to go anywhere near my router/ firewall as I dont want to interupt traffic.
In my example customer is connected to this Juniper but I want customer 2 to have the public IP address accessible directly to them.
 
Your problem is you are trying to implement a consumer design using a business network in a way.

The way you would normally do this is assign ip using a /32 subnet mask to the servers and then route it over a different subnet. The servers would use the concept of loopback to use the IP but carry the traffic over private networks between the router and the end devices.

Your problem appears to be that you want to keep the 2 networks separate but use the same subnet mask. That gets messy to do. There are all kinds of tricky non standard things you can do by carefully duplicating parts of networks.

Limitations on physical port can be done if you plan it carefully but limitation by ip address tends to be a more common implementation.

It is mostly a matter of what equipment do you have and/or what equipment do you want to buy. You can implement this with managed switches at the port level or you can use some other device to limit them at the ip level.

Consumer grade equipment does not have these features because it is not usable by most people.
 
As bill001g has mentioned, there's a bunch of different approaches. Personally, I would just go with a managed switch to limit the bandwidth per port as that is your goal. If your limitation is something simple like 100Mbps or 10Mbps, you can even just use an older switch that is simply limited to that speed for an unmanaged way to do it.
 
Your problem is you are trying to implement a consumer design using a business network in a way.

The way you would normally do this is assign ip using a /32 subnet mask to the servers and then route it over a different subnet. The servers would use the concept of loopback to use the IP but carry the traffic over private networks between the router and the end devices.

Your problem appears to be that you want to keep the 2 networks separate but use the same subnet mask. That gets messy to do. There are all kinds of tricky non standard things you can do by carefully duplicating parts of networks.

Limitations on physical port can be done if you plan it carefully but limitation by ip address tends to be a more common implementation.

It is mostly a matter of what equipment do you have and/or what equipment do you want to buy. You can implement this with managed switches at the port level or you can use some other device to limit them at the ip level.

Consumer grade equipment does not have these features because it is not usable by most people.

Many thanks for the reply. I totally agree that if under my control, it would be best to use a /32. But limiting a port to 100Mb/s would actually do the drick using a dumb simple switch.
 
I have a single FTTP delivered to a company and on that I have multiple public IPv4 addresses for different customers.
I wish to send traffic for each specified IP to each customer. i.e

WAN Port 1-->Public IP1 - 185.220.1.1 --> Customer 1 --> LAN Port 2 --> Firewall customer 1
Wan Port 1 -->Public IP2 - 185.220.1.2 --> Customer 2 --> Lan Port 5 --> Firewall customer 2

Each customer has their own firewall but I would liek to set up bandwidth limits on different customers i.e Customer 1 = 200Mb/s, Customer 2 = 100Mb/s.

I can use an unmanged switch to ensure the traffic to each customer but does anyone have a better solution as most unmanged switches wont do bandwidth control.

You're going to need either a business class router or a server running routing software.

I run PFSense on a Dell R620 with a quad-port Intel i350 NIC.

A dedicated network appliance would cost $10,000, I paid $300 on Ebay