[UPDATE: As of March 2019, this also works for ATT / NiTel setups]
I had to deal with a most interesting network issue with Comcast Business Fiber. Comcast Business Fiber and Metro Ethernet both use an interesting way to get the static IPs to the customer. In my example, the LAN will be 10.1.1.x/24, Comcast will give you two blocks, a 22.214.171.124/30 for routing and a 126.96.36.199/28 for your use as public IP addresses.
What Comcast [or ATT/NiTel] is saying is you will setup the /30 as you normally do, then use the ARP of 188.8.131.52 to route your 184.108.40.206/28 packets. Confused, I will explain it at the end, but for now, lets look at the Sonicwall setup:
Setting up the Sonicwall for the /30 is very simple, you set it up like any other as Comcast gives you the basics. For our Example:
220.127.116.11/30 would break out as:
- 18.104.22.168 – Network address [unusable]
- 22.214.171.124 – Comcast Router [set as your Gateway]
- 126.96.36.199 – Customer useable address [This would be the address you would set X1 WAN to]
- 188.8.131.52 – Broadcast [unusable]
As you see from the picture above, this is very simple and is standard for almost all Comcast setups.
Now for the tricky part, 184.108.40.206/28. Now, Comcast, for some reason, decided to send this through the Gateway as 220.127.116.11. Your router must support Layer 2 if you want to break it out to a separate router. Instead, for this discussion, I want 18.104.22.168/28 to be used by the Sonicwall. Where you would lose 22.214.171.124 [Network] and 126.96.36.199 [Comcast Gateway] the good news is this gives you 188.8.131.52 through 184.108.40.206 for your use. You actually get MORE IPs to use and we all know that’s important. But how do we set this up, Uncle Carl? We don’t have a ROUTER IP address!! Help me Obi-wan…
Setup your range in the Sonicwall under “Network” -> “Address Objects”
In this case, I just called “Comcast-220.127.116.11-Fiber-IPs”. Notice that /28 = 255.255.255.240 for the Netmask. You will need this later for the route.
Now for the “Secret Sauce”, you need to add an ARP address on your X1 interface for each of the 18.104.22.168/28 addresses you want to use. In my example, I want to use 22.214.171.124. So, create an ARP using “Network” -> “ARP” and under “Static ARP Entries” click on [ADD…].
You should repeat this for each IP address you want to use in your 126.96.36.199/28 range.
Now, we need to tell the Sonicwall where to send any outbound requests for these 188.8.131.52/28 IP addresses. Click on “Network” -> “Routing” and scroll down to the “Route Policies” and click on [Add…].
Now, just add Address Objects for your 2.3.4.x IPs and NAT policies as you normally would. You can search the internet for instructions.
But how does this work? Why does it work? There’s no Gateway. We did not set this up using the regular “Network” -> “Interface” for 184.108.40.206/30. That’s because what the Sonicwall will do is send all packets for remote internet IP addresses as ARP requests. The Sonicwall knows to put the request on X1 and do a ARP request [remember the 0.0.0.0 we put as Gateway?]. For example, if 220.127.116.11 wants to talk to 18.104.22.168, the packet is sent as a ARP request for 22.214.171.124 [who has 126.96.36.199?] and the ARP address of the local Comcast router responds as the next hop, which is called a “Proxy ARP”. Now your 188.8.131.52 request knows to go via the MAC address of the Comcast router thanks to the ARP response.
I hope this helps fellow Sonicwall users as it’s actually easy once you understand how to do it.
For more information, or where I got my ideas:
DELL Sonicwall – Configuring Multiple WAN Subnets Using Static ARP with SonicOS Standard
And various articles on “IP routing gateway to ARP” look up.