Using static /29 as two static /30

Hello SergeyE and welcome,

A Comcast 5 block /29 static IP only has one gateway and subnet mask address on any Comcast modem. Therefore, it is not technically feasible to break up one 5 Block and utilize it into 2 single static IPs. You can certainly use one of the static IP routable addresses for your Firewall and another for your Server as many Comcast business customers currently implement.

Could you share with us what your objective rationale is behind wanting one subnet for the Comcast Modem (this is by definition your /29 gateway address and subnet mask) and another for a different subnet mask forward to the next hop?  

Look forward to hearing from you.

Hi Rich,

The main reason for seeking the setup described in the original post is that (using host terminology from that post) there is a lot of traffic between DHCP segment and server, sometimes to the point of Gbps link saturation. Firewall/router (the 3-headed thing) is capable of doing line-speed routing with multiple firewall rules. Comcast gateway is not capable of the same.

I was under impression Comcast business CPEs implement static routing proper, where incoming packets for the customer-assigned block would go through the usual routing table on the gateway that I can tweak (and designate next hops). There is something to that sense in the gateway UI, but it looks more and more like just 1:1 NAT.

This shortcoming will probably force us to dual-head the server to sit both in public segment (as a peer to the firewall/router), and in DHCP segment. But that means a) implementing split-horizon DNS for the server, with all administrivia that comes with that, and b) replicating firewall setup for server using gateway UI (and then keeping it in sync). Both are headaches I was hoping to avoid. Oh well.

Thanks for the response.

Hi SergeyE,

Please see my responses/comments/recommendations to your last post. Thanks.

The main reason for seeking the setup described in the original post is that (using host terminology from that post) there is a lot of traffic between DHCP segment and server, sometimes to the point of Gbps link saturation.

One recommendation is to upgrade your host with a DUAL 1G NIC card, but if you do this, the processor should be a QUAD-core @ 3.5 Ghz min. I have friends and aquaintences who have been able to workaround  your saturation issue by actually assigning individual static IP addresses to each of the dual NIC ENET controllers. This sort of in a way allows a single host/server to handle two separate staticIP routings simultaneously. 

Firewall/router (the 3-headed thing) is capable of doing line-speed routing with multiple firewall rules. Comcast gateway is not capable of the same.

Not sure why you believe that Comcast gateways cannot do line speed routing because there is specific NAT 1-1 together with static IP specific port forwarding & management facilities available. Connect any ENET cabled computer to any of the free DPC Lanports 1-4, bring up a browser, to go 10.1.10.1, username=cusadmin, password=highspeed and check the networking facilities available to customers.   

I was under impression Comcast business CPEs implement static routing proper, where incoming packets for the customer-assigned block would go through the usual routing table on the gateway that I can tweak (and designate next hops). There is something to that sense in the gateway UI, but it looks more and more like just 1:1 NAT.

Okay, you are not able to specifically route (tweak or designate) hops through the actual/specific gateway routing table. However, if you had a dual NIC setup each with different Routable Static IP addresses, you can definitely setup host/server application specific ports transactional processing in conjunction with the NAT gateway routing. 

This shortcoming will probably force us to dual-head the server to sit both in public segment (as a peer to the firewall/router), and in DHCP segment. But that means a) implementing split-horizon DNS for the server, with all administrivia that comes with that, and b) replicating firewall setup for server using gateway UI (and then keeping it in sync). Both are headaches I was hoping to avoid. Oh well.

Please expand on " a.) implementing split-horizon DNS for server" because I honestly do not follow this actual netwprking objective? As well as "b.) replicating firewall setup for server", this also escapes my networking objective. If you have a dual NIC setup on your single host/server using multiple staticIP routable addresses, this puts you in full control of the actual application routing control within the Comcast gateway using both the staticIP port management and NAT facilities, the way I see it. But you will have to share more expansion around both your a.) and b.) networking objectives for at least me to get a better handle on what you actual business need objectives revolve around. Lastly, this is a very interesting requirement that I would be very interested in better understanding to provide whatever further assistance I am able to do so without violating any of your business security.