top of page

Bumblebee CPE WAN Subnet Design

Writer's picture: Sherry  WeiSherry Wei

Updated: Jan 22

This document walks through a design example for a scenario where site Firewall device wishes to use static IP address from a range provided by service provider.


  1. WAN Subnet Requirements

An enterprise is allocated from its service provider a X.Y.134.112/28 as its WAN subnet (where X and Y are the first and second bytes of the subnet). The network diagram is Internet - CPE - Firewall - Internal Network as shown below. 



Bumblebee CPE deployment
Bumblebee CPE deployment scenario

The customer requires to assign the Firewall a static IP address from the subnet provided by the service provider. 


  1. CPE WAN Subnet Design

The solution for the CPE WAN subnet design is to split the /28 into two /29 subnets. 


CPE WAN Subnet (/29):

  • Network: X.Y.134.112/29

  • Usable IP addresses: X.Y.134.113 to X.Y.134.118

  • Default gateway: X.Y.134.113 (The default gateway is the ISP router)

  • Broadcast address: X.Y.134.119

  • CPE WAN Eth0 IP address: X.Y.134.114


CPE LAN Subnet (/29):

  • Network: X.Y.134.120/29

  • Usable IP addresses: X.Y.134.121 to X.Y.134.126

  • Default gateway: X.Y.134.121

  • Broadcast address: X.Y.134.127

  • CPE LAN Eth1 IP address: X.Y.134.121

  • Firewall IP address: X.Y.134.122


The above design is illustrated in the diagram below. 


Bumblebee CPE deployment scenario example
Subnets Address Allocation


Other considerations.


  • For this configuration to work, the CPE WAN NAT function is disabled. 

  • Firewall NAT function should be enabled. 


  1. Migration Steps

If CPE has been deployed and the above diagram is a new requirement, you can adopt the CPE configuration by following the steps below.


  1. Login to the Bumblebee portal

  2. Under Intelligent Edge, click CPE Routers

  3. Select the CPE on the list, click Actions -> Edit WAN Interface

  4. Change the WAN IP address and related fields and disable NAT by un-selecting Enable Source NAT

  5. Wait a few minutes for the CPE device to come up again (The Op State of the CPE should be green)

  6. Once it has come back up, proceed to change LAN Interface by Actions -> Edit LAN Interface


  1. How about a /29 WAN subnet?

The same approach can be applied if the service provider allocates a /29 WAN network for a site. By splitting a /29 to two /30 subnets, enterprise can install both CPE and Firewall on two separate /30 subnets.


As an example, say the WAN subnet is X.Y.134.112/29, one can split it into two /30 subnet as follows with 2 usable host IP address on each subnet.


CPE WAN Subnet (/30):

  • Network: X.Y.134.112/30

  • Usable IP addresses: X.Y.134.113 and X.Y.134.114

  • Default gateway: X.Y.134.113 (The default gateway is the ISP router)

  • Broadcast address: X.Y.134.115

  • CPE WAN Eth0 IP address: X.Y.134.114


CPE LAN Subnet (/30):

  • Network: X.Y.134.116/30

  • Usable IP addresses: X.Y.134.117 and X.Y.134.118

  • Default gateway: X.Y.134.117

  • Broadcast address: X.Y.134.119

  • CPE LAN Eth1 IP address: X.Y.134.117

  • Firewall IP address: X.Y.134.118

15 views0 comments

Recent Posts

See All

Intelligent Edge Dashboards

Managed Edge Dashboards provide visibility and insight to the data traffic passing through CPEs.

Comments


bottom of page