Multiple IPs for a company...

[Jugernot]

The company I work for currently has a pool of around 120 IPs and I had some problems this weekend relating to the worm, so I called our DSL provider. Number one they couldn't even find our modem because we use an OLD Pairgain 768 Megabit Modem (circa 1996-97). It doesn't even use a phone number, rather it uses a circuit that only the phone company can access. Yes, it's that old. It doesn't even use PPPOE. It's so old they only had one tech that even remembered using these modems and knew how to support it. Our Old Vice President used to work at our Providers, so he "Hooked us up..." with a package.

So, long story short... I've decided we need to switch to a regular DSL modem.

Our DSL provider currently charges us just $100 a month for everything... As I was talking to a tech on the phone, he told me that the most you can have on a single DSL line is 5. Is this true with traditional DSL? I have always assumed that our DSL provider was the company providing us with our IP addresses, is this the case? Could we have purchased them seperately years ago?

I guess the root of my question is this... I know we should be getting charged more than $100 for all our IPs and our DSL, but we aren't because we were hooked up by our previous VP. What is the average cost for over a hundred static IPs and a normal 512/512 DSL line?

Thanks,
Jugs

 

[spidey07]

the number of IPs you get depends on your level of service. Your provider should have different service offerings that would meet your needs.

I for one wouldn't pay more for something I already have. Given your long standing relationship with the provider i'm sure something could be worked out.

Technically though I can't see any reason why you couldn't have thousands of IP addresses. That is how the internet works ya know.

 

[mboy]

Do u really need 120 PUBLIC IP's? All those IP's have to be accessible from the net?

 

[DynaGlide]

I second mBoy: Why in the world do you need 120 public IP addresses? Perhaps your Web Server needs one, and, possibly, your mail server, if you're hosting your own, but why all the others?

Many organizations get by with only a single public IP address, then use a NAT (Network Address Translation) device to provide private (10.X.Y.Z, 172.16.0.1 - 172.31.255.254, or 192.168.Y.Z) IP addresses to their hosts inside their firewall. A quality NAT device will also provide DHCP address and scope option assignment to your internal hosts, and if you spend a few more $$$, provide some pretty rock-solid firewalling capabilities, as well. Toss in a decent router (Cisco 2501: $200.00 on many auction sites) to filter and forward traffic to your web server and mail server, and you're all set.

If each and every one of your 120 hosts has to visible to the Internet (that is, is functioning as a server), then you need these public IP address, but I hope you've got a kick-butt firewall protecting all these hosts from nefarious slime like the recent SQL Slammer worm. If they only need to access the Internet from inside your firewall, then certainly look at a combination Firewall/DHCP/NAT device. Cisco PIX comes to mind, as does CheckPoint Firewall One and a few others. There was lenghty thread on a firewall device running over in "Hot Deals" a while back.

 

[spidey07]

guys...

It's not uncommon to have 1000s of IP addresses.

SSL, FTP, media, vpns, network address translation. I have 1024 and am quickly running out.

-edit- PATing every single host over a single IP address is generally a very bad idea - especially for apps that don't like being PATted like FTP, h.323, vpns, ipsec, pptp, etc.

 

[DynaGlide]

spidey07, point(s) well taken. For clients that are running (or requesting) the types of services that you mention, asking a NAT/PAT device to manage 120+ IP addresses might be too much. Depends in large part on what type of traffic we're talking about. "Normal" HTTP, SMTP/POP3 traffic is fairly easy to manage. Since Jugernot doesn't mention any concerns about available bandwidth for 120+ users over an unspecified capacity DSL line, I'm assuming the his users aren't all that demanding.

Also, I should have mentioned that many of the services that I suggested for PAT/NAT are available "free" under various flavors of Linux. Not going to offer the performance of a dedicated solution like PIX, but a whole boatload cheaper.

Just curious, Spidey07, how do you come up with 1024 IP addresses? 1022, ok, but what S/N mask are you using that yields 1024? Ok, so I'm splitting hairs, but I couldn't resist! /;-)

EDIT - ER, THAT'S USABLE HOST ADDRESSES! OK, YOUR TURN TO SPLIT HAIRS! - EDIT

 

[bobcpg]

well, where i work we have adsl and they only gave us 5 ip's for 100$.

also, what speeds do you get?

-bob

 

[mboy]

I really hope he isnt using a 100 VPN's over a 768Kb dsl line, that would be mighty slow.

I have 1 DES VPN on an 8mbp/1mb cable connection home and a 768768 T1 on the other end and that is too slow

 

[CZroe]

I just bumped another post asking about this but it looks like the topic has changed to accomodate me here

Anyway, my cable co is misconfigured and leases multiple quasi-static IP addresses through a simple hub. I've gotten almost twenty IP addresses at once before I ran out of network cards and friends with network cards

Anyway, NAT networks interfere with my activities constantly, and after my friend was able to buy an IP address from his cable co and it was delivered via VPN, I thought that VPN is exactly what I need to make use of one of my "outside" IP addresses from nearly anywhere. I figured out enough of XP Pro's VPN server, but XP's built-in bridging functions simply aren't available when "incomming connection" is one of the devices highlighted. How can I manually bridge the VPN connection? Or, how can I share the Internet connection through VPN (Especially when the VPN hosting PC gets effectively cut off when connected via VPN.)

 

[n0cmonkey]

Originally posted by: spidey07
guys...

It's not uncommon to have 1000s of IP addresses.

SSL, FTP, media, vpns, network address translation. I have 1024 and am quickly running out.

-edit- PATing every single host over a single IP address is generally a very bad idea - especially for apps that don't like being PATted like FTP, h.323, vpns, ipsec, pptp, etc.

The last place I worked had their VPNs (checkpoint and OpenBSD's isakmpd) working just fine with NAT. In fact, there were some installations where both sides were NATed. Downloading from FTP servers works just fine for me, except on some brain damaged servers.

Ill be looking it up in a minute, but in case I dont find it, what is the difference between PAT and NAT?

EDIT: Port Address Translation? If thats it, Acronymfinder.com rocks

 

[spidey07]

Nocmonkey,

when it comes to PAT/NAT working with VPNs it really just depends.

 

[n0cmonkey]

Originally posted by: spidey07
Nocmonkey,

when it comes to PAT/NAT working with VPNs it really just depends.

Ill buy that. Ive seen some simple things work on one vendor's product but not on another's. Hell, I just went through an issue with a Sun machine but not on another Sun machine that had the same software installed. Not exactly the same as you are talking about, but probably pretty similar. Or something. More systems to rack...

 

[Jugernot]

First of all, We could technically get rid of say... 60 of our IPs.... We have around 18 users and 12 servers (4 web, 5 SQL, 1 Exchange, 1 File server, VPN server) On our web servers, we probably have 100 domains hosted with around 15 needing IPs. We'd need 5 of so IPs for our wireless, 10 IPs for VPN....

I could realistically put all the users (or most) on a NAT, then keep our servers and websites on single IPs. That would make my job a little harder to support them.... as I'd have to deal with file sharing issues and opening ports for people. Actually now that i think of that... I'd rather not have 18 people down my neck saying "I can't send a file through MSN Messagener... why isn't it working!" So I'd like to stick with IPs for them too.

So, realistically, we're looking at actually USING 60 IPs alone and that would leave us no room for growth if I decrease our IPs to 60.

Right now, we are on an incredibly slow 320/320 DSL line... yes we host all the websites and all users are supported through that little pipe. That choice was made before my time here and I'm all for upgrading our package to 1200/320.

Jugs