Routing for Verizon FIOS -- Reward for answer

Routing for Verizon FIOS -- Reward for answer
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Routing for Verizon FIOS -- Reward for answer Fletcher James 05-03-2008
Posted by Merv on May 6, 2008, 5:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options
What is bit strange here is that of having a service were Verizon
dishes out a /26 which is beyond anything a normal residence would
require unless it is a multi-unit dwelling. This really is a an
business Internet service offering but it certainly appears that it is
not being supported as such.

Unfortunately teh OP does not have access to a Verizon SE or account
manager. If I were him I would write to the President of Verizon and
request to be directed to someone in the Verizon organization who can
address this business issue.


Posted by Fletcher James on May 6, 2008, 1:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
It is really a pretty wild situation. There appears to be not a single
person in the FIOS business office or tech staff who knows ANYTHING. They
can only read scripts and fill in forms which have been provided to them. I
will definitely be trying to find some less-formal way way into the
organization, or looking to see if there's anyone else who has dealt with
this problem.

Based on numerous tests, I have come to the conclusion that the
router/switch on Verizon's side is totally spoof protected: It will not
respond to an ARP query unless the source address is one of the 61 addresses
assigned to us (we've tried .2 and also tried assigning 10.1.1.1 to the
outside of the router, and giving a static route to our gateway.) In one
case, .2 worked briefly -- probably because we had just swiched over, and it
had an association of our MAC address with a valid IP. In that
configuration, we could route in/out of our network, but couldn't ping from
the router to the gateway. Once that timed out, we were blocked, again.

We have one remaining option ("OPTION B", in my original post) which is
where I think we will end up for the medium term: We will route & NAT
70.x.x.66-.126 on the outside to 10.0.0.66-.126 on the inside. Then, we
will NAT again in our ISA server to our LAN and Service Zone addresses. Our
VideoTeleconference units, outside the ISA server, can be told that their
inside a NAT which is not H.323-aware, and they will work just fine.

While we may need to make additional adjustments to a couple of other
devices, there is ONE upside advantage to this: once we've got it working,
none of the inside hosts will need to be aware of their public IP addresses.
It also means that if the router falls back to the T1 line, or we switch
ISPs, this will be almost totally transparent to everybody (the VTCs will
need to have us adjust "IP Address to Show in Global Phone Book.")

> What is bit strange here is that of having a service were Verizon
> dishes out a /26 which is beyond anything a normal residence would
> require unless it is a multi-unit dwelling. This really is a an
> business Internet service offering but it certainly appears that it is
> not being supported as such.
>
> Unfortunately teh OP does not have access to a Verizon SE or account
> manager. If I were him I would write to the President of Verizon and
> request to be directed to someone in the Verizon organization who can
> address this business issue.
>


Posted by Merv on May 6, 2008, 1:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

Do you need use of all 61 available address ?

Becuase another option that one of the other responders proposed was
to put part of the space on the outside interface and part on the
inside


like so

int fa 0/0
description inside LAN interface
ip addr 70.x.x.98 255.255.255.224 ! default gateway

int fa 0/1
description outside interface facing Verizon FIOS ONT
ip addr 70.x.x.66 255.255.255.224
ip proxy-arp ! to answer ARP requests from 70.x.x.1

ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 70.x.x.1



You can use small block on outside and then add secondary address
blocks to inside if you want to go to the bother


Posted by Trendkill on May 6, 2008, 1:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Do you need use of all 61 available address ?
>
> Becuase another option that one of the other responders proposed was
> to put part of the space on the outside interface and part on the
> inside
>
> like so
>
> int fa 0/0
> description inside LAN interface
> ip addr 70.x.x.98 255.255.255.224 ! default gateway
>
> int fa 0/1
> description outside interface facing Verizon FIOS ONT
> ip addr 70.x.x.66 255.255.255.224
> ip proxy-arp ! to answer ARP requests from 70.x.x.1
>
> ip classless
> ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 70.x.x.1
>
> You can use small block on outside and then add secondary address
> blocks to inside if you want to go to the bother

Yes, except you would need to ensure Verizon adds a route (or turn up
a protocol) to ensure that they know how to get back into the second
half of your range. They would also need to turn up a secondary
address, as .98/27 doesn't include .1 which is the gateway. You could
turn up .68/30 with .69 as their secondary IP, .70 as your router, and
then .96/27 on the inside interface. You'd lose .71-.95 unless you
want to subinterface the router's connection back to the internal
switch and trunk a /29, /28, and /27 instead. Although since Verizon
doesn't seem to be able to do anything but transfer your calls, they
probably won't turn up a secondary interface (even if its in your
address range), and most likely will not add a static route for those
subnets. May be worth a call though.....

Posted by stephen on May 6, 2008, 4:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> > Do you need use of all 61 available address ?
> >
> > Becuase another option that one of the other responders proposed was
> > to put part of the space on the outside interface and part on the
> > inside
> >
> > like so
> >
> > int fa 0/0
> > description inside LAN interface
> > ip addr 70.x.x.98 255.255.255.224 ! default gateway
> >
> > int fa 0/1
> > description outside interface facing Verizon FIOS ONT
> > ip addr 70.x.x.66 255.255.255.224
> > ip proxy-arp ! to answer ARP requests from 70.x.x.1
> >
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 70.x.x.1
> >
> > You can use small block on outside and then add secondary address
> > blocks to inside if you want to go to the bother
>
> Yes, except you would need to ensure Verizon adds a route (or turn up
> a protocol) to ensure that they know how to get back into the second
> half of your range.

No - proxy ARP should take care of this is it is enabled on the cisco WAN
interface.

The cisco will repond to ARP requests where it is the preferred route to the
destination IP - in this case any IP addresses on the LAN side of the cisco.

You can map further blocks on the LAN with static routes to the LAN side
interface if the WAN side is only a small block such as a /30.

ip route 70.x.x.80 255.255.255.240 FastEth 0/0 for example maps another 16
addresses.

They would also need to turn up a secondary
> address, as .98/27 doesn't include .1 which is the gateway. You could
> turn up .68/30 with .69 as their secondary IP, .70 as your router, and
> then .96/27 on the inside interface. You'd lose .71-.95 unless you
> want to subinterface the router's connection back to the internal
> switch and trunk a /29, /28, and /27 instead. Although since Verizon
> doesn't seem to be able to do anything but transfer your calls, they
> probably won't turn up a secondary interface (even if its in your
> address range), and most likely will not add a static route for those
> subnets. May be worth a call though.....

Golden rule with a carrier who doesnt seem to have systems to do something,
is not to ask for anything non standard (ie not standard for them).

Even if you get it sorted and it works, can you get it to stay like that, or
will someone "fix" it for you when they notice ?

--
Regards

stephen_hope@xyzworld.com - replace xyz with ntl



Similar ThreadsPosted
Re: Excessive interface resets on Cisco 1841 and FIOS line February 6, 2008, 9:26 pm
Nobody knows the Answer!!! :-( August 20, 2004, 2:56 am
Re: Why didn't Verizon sue Cisco instead? March 11, 2007, 12:10 pm
PIX 501 Verizon Infospeed DSL November 22, 2007, 9:04 pm
Verizon TLS (Q in Q) multicast challenge February 21, 2006, 10:20 pm
Ring no Answer on as5800? November 9, 2004, 10:32 am
WIC-1AM - auto answer question June 29, 2006, 9:59 am
Cisco 1750 again - still no right answer :( October 24, 2006, 2:45 pm
Dropping Connections (Verizon Aircard) October 29, 2007, 12:41 pm
CISCO PIX hard question, can you answer it? TIA September 1, 2005, 3:01 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map