Sorry in advance if this isn't the proper forum...J-Net is filled with smart people and "Routing" seemed like the best fit.
My DSL ISP has sold me 4 static public IPs and told me to use a /26 for subnet mask. I've verified this info with the ISP...it's correct. I've never seen this before, and I'm confused why they would do this?
Sure enough I can ping lot of addresses other than mine in the /26 range and they all ARP to the same MAC as my default gateway. I'm sure we customers all use the same default gateway and it's proxy-ARPing.
My Questions:
1 - Is it common practice for an ISP to put multiple customers on the same subnet? Or is this just something I haven't seen before?
2 - If this isn't the best practice, why would an ISP do it? What are the advantages and disadvantages for BOTH the ISP and the customer? Here's all I can think of.
Advantages for ISP
- ISP can now sell non-power-of-two-sized blocks to better utilize public IP addresses (ie. could take a /26 and sell someone 3 IPs, someone 13 IPs, someone 1 IP, someone 39 IPs, etc and only use 1 IP themselves for the default gateway for all of these customers. Ironically, when I needed more IPs, they said I HAD to purchase a second DSL connection, and I HAD to buy a block of 2, 4, 8, etc. so we got another block of four....same subnet, same gateway.
- Easier administration somehow?
Disadvantages for Customer
- This increases the ARP table size for the customer. Instead of only ARPing for 4 IPs, I'm now ARPing for 64.
- I FEEL like this would pose some sort of security risk, but I guess I don't really know how. Yes I can ping/http some of those other customer's addresses as long as they allow ping/ssh, but I'd be able to do that from anywhere. That shouldn't really have anything to do with us being on the same subnet.
- Non-intuitive? Since we're all on the same L3 network, my device thinks that we're all reachable via L2 network it ARPs, the default gateway obviously proxy-ARPs on behalf of all of us, and my device attempts to send L3 packets directly to a host that belongs to another customer. (of course the proxy arp actually causes my device to L2 it to the gateway anyway, but this just doesn't seem to me to be a clean/right/intuitive/secure design)
Thoughts? Is this normal? Am I just OCD?