Optimizing Cloud Costs

A Joint Technical Webinar with AWS

Effectively Managing Overlapping IP Address Ranges in Cloud Networking with Prosimo’s Full Stack Platform

In today’s interconnected world, a frequent challenge in customer cloud networking design is managing overlapping IP address ranges, especially when two networks or applications need to communicate. This often happens in certain situations.

Sophisticated Architecture > Cloud Networking Challenges > Overlapping IP

Don't miss it!

OFFICE HOURS

Handling Overlapping IP Ranges in the Cloud

The challenge of managing overlapping IP address ranges across networks appears frequently and is highly disruptive. Exacerbated by cloud’s unparalleled agility, no amount of planning can protect architects and operators from such a challenge, which can take many months to solve. This paper explores the common circumstances that lead to overlapping IP ranges and the technical challenges they present, and provides strategies for addressing them using Prosimo’s Full Stack Platform.

What is the Overlapping IP Range problem?

IP communication requires unique source and destination addresses. When both source and destination networks share the same IP ranges, e.g. 10.1.0.0/16, routing table conflicts break communications. With the speed at which new, ephemeral networks are created in the cloud, and the nature in which resources today are shared across regions, providers, and companies, overlapping IP range challenges are common and grow in frequency as organizations scale, collaborate, and merge.

Typical Scenarios leading to Overlapping IP Ranges

Overlapping IP ranges can occur in various scenarios within cloud networking, often presenting technical challenges that require sophisticated solutions. Here are some typical scenarios where overlapping IP ranges may arise:

  • Planned IP RangeOverlaps for IP Exhaustion Mitigation
    Enterprises may intentionally design their network infrastructure with IP overlaps as a proactive measure to reduce the risk of IP address exhaustion. Organizations can efficiently manage their address space by strategically reusing IP address ranges in different parts of their network without depleting it. A typical example is using the same CIDR range across all VPCs / VNETs for individual app teams. 
     
  • Mergers and Acquisitions (M&A)
    In Post Merger Integration (PMI), when companies attempt to interconnect network infrastructures, they are often using common private IP address ranges. This results in a collision of IP addresses and unroutable transits, posing a significant challenge inhibiting network integration.

  • Extending Core Applications to Business Partners
    When organizations extend their core applications or services to business partners they may encounter a situation where both entities use the same IP address ranges. This can occur when multiple organizations need to collaborate closely, sharing network resources and applications.

  • Accessing Common Services within a Single Service Provider
    Service providers, such as cloud service providers or telecommunications companies, may face scenarios where they must connect two clients with the same IP address range. These providers must find a way to bridge the gap between the conflicting IP addresses to ensure seamless connectivity for their clients.

  • Unexpected Overlaps with Provider Platforms and Services
    Unanticipated IP address overlaps can occur due to the automatic reservation of specific IP ranges by certain cloud services or microservices architectures. For instance, AWS services or products like Docker may reserve IP ranges leading to unexpected conflicts when integrating these services with existing networks.

Additional Challenges

This situation poses several additional challenges beyond IP communication:

  • NAT Cost: Cloud Provider’s NAT Gateway solutions are inhibitively expensive at scale.

     

  • Architectural challenges: Some cloud providers do not allow having overlaps in a hub-and-spoke model. 

  • Routing Complexity at Scale: Managing routing for networks with overlapping IP ranges becomes intricate. Traditional routing solutions need help differentiating between overlapping addresses, complicating traffic delivery to the correct destination.

How Prosimo Solves the Technical Challenges

Prosimo offers a comprehensive solution to address the technical challenges of overlapping IP address ranges in cloud networking. Our approach involves using Prosimo’s Full Stack Cloud Transit, which provides an interconnected, secure, and intelligent fabric using Prosimo Edges in a meshed configuration. This fabric is controlled through cloud APIs and credentials, ensuring efficient management of overlapping IP address scenarios.

Using Prosimo datapath, there are three unique ways to solve Overlapping IP challenges:

OPTION 1:

Prosimo Service Core with NAT capabilities

Solution Overview: Prosimo Service Core provides a robust solution to the technical challenges of overlapping IP address ranges:

  • NAT Capabilities: Within Prosimo Edges and connectors, overlapping IP/subnet addresses are mapped to link-local IP addresses within the source VPC. This effectively provides NAT functionality at the IP or subnet level.

  • Mapping Management: The Service Core maintains mappings of source or destination IP addresses and their corresponding link-local IP addresses. Connectors in the workload VPC/VNet help tunnel and NAT traffic, obfuscating it from the target.

  • Flexibility: Customers can choose from a link-local pool to maintain the mapping. Without customer-provided subnets/CIDR, the service core assigns IPs from its link-local pool of reserved IPs in the 100.127.x.x range.
Prosimo Service Core with NAT capabilities

OPTION 2:

Use of Cloud-Native Private Link (AWS/Azure/GCP)

Solution Overview: Prosimo Service Core provides a robust solution to the technical challenges of overlapping IP address ranges:

  • Seamless Communication: Private Link seamlessly publishes APIs, services, and application endpoints across VPCs or VNets, even when they share IP address ranges. It simplifies complex network architectures without altering existing address schemes or using NAT gateways.

  • Prosimo Integration: Prosimo enables enterprises to use Private Link endpoints in source VPCs/VNets attached to Prosimo Edge as a hub to route traffic between VPC/VNet endpoints. It ensures security and compliance while providing centralized network resource management.

  • Scalability: Prosimo Control Plane uses Cloud APIs to orchestrate endpoint creation, DNS, and routing in customer VPCs/VNets, reducing complexity and improving scalability.
Cloud-native Private Link

OPTION 3:

Prosimo Application-Aware Proxy

Solution Overview: Prosimo Edges act as proxies facilitating communication with application endpoints using higher-layer protocols such as HTTP/s and TCP through DNS. By using a combination of additional application identifying properties – hostname/FQDN, ports and IP addresses – to create a unique identity for the app, in the event of an IP Address overlap, the applications unique identity persists, abstracted at the proxied IP layer, and remains reachable. This effectively masks target IPs and prevents IP address conflicts.

Take the next step

Typical scenarios for IP overlap:

M&A (mergers and acquisitions) activity where both companies have used identical private IP ranges (as per RFC1918)

Extending core applications to business partners that use the same IP range

Oftentimes, enterprises have IP overlap by design to reduce the risk of IP exhaustion.

Similarly, service providers may encounter this when they need to connect two clients who share the same IP range

Unexpected overlaps are also a reality. For instance, certain AWS services or microservices architectures and products like Docker automatically reserve specific IP ranges.

Handling Overlapping IP Ranges in the Cloud

OFFICE HOURS

Handling Overlapping IP Ranges in the Cloud

Discover how Prosimo simplifies resolving IP overlap challenges, reducing integration and onboarding efforts during scenarios like M&A activities, data center migrations, and the distribution of applications across multi-cloud infrastructures.

Speakers

Dan Sheldon

Principal Solutions Architect, Prosimo

Sharol Pereira

Customer Success Manager, Prosimo

Instructor-led training to solve complex enterprise networking challenges.

Reserve your spot in one of our free Prosimo Lab’s and receive hands-on, instructor-led training on how to solve complex networking challenges with the Prosimo platform – single-cloud, multi-cloud, network-to-network, and network-to-app.

Cloud Field Day 18

Get a comprehensive view on how Prosimo’s platform solves complex cloud networking challenges.

Related Resources

Related Post

Failure to launch due to overlapping CIDR? Get to escape velocity with Prosimo

By Navjyoti Sharma