Solved

Routing between two different subnets

Posted on 2004-04-26
14
924 Views
Last Modified: 2010-03-18
I am running a Windows 2000 Server environment with Win 2000 and XP clients.
We have one physical network with a set of public IP address's e.g 101.1.9.1 - 101.1.9.254 we recently ran out of these address and so have been assigned another subnet 101.1.12.1 - 101.1.12.254. We wish to use both subnets but I am unsure of the best way to connect the two. We have a choice of either using one of our exiasting fileservers to do the routing or we have a Layer 3 switch which I have been told could possibly do it also.
Which would be the best solution to use - I have been told that using the server for routing may cause problems by putting to much load on the server.

Thanks

Andrew
0
Comment
Question by:NetAdmin_UK
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 16

Expert Comment

by:JammyPak
ID: 10918441
Not exactly answering your question, but is there any reason why every machine needs to have a public address?

My recommendation would be to use private addressing...say, a Class B 10.1.x.x (giving you 65000+ addresses) and then use a firewall or proxy to access public sites on the 'net.

0
 

Author Comment

by:NetAdmin_UK
ID: 10918548
Unfortunately yes we have to have public IP's as we have a WAN link to other offices with access controlled by IP address.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10918600
You can use private IP's over a WAN environment.  I assume you have routers at each site?  If so, the routers can be set for the public IP addresses, and resolve all the clients to a single address...unless, of course, you're saying that you need to control individual computer access between sites, then I can see the need.  Perhaps some kind of control utilizing MAC addresses can be considered...?

To answer your question...you should purchase a router.  Doesn't have to be anything fancy, but it really is your best option for combining to seperate ranges.  It'll make administration easier down the road.  Some fairly inexpensive routers that would do the trick nicely for you are Netopia routers.  I've not had any problems with them...I prefer Cisco, of course, but you're looking at a cost issue there.

James
0
 

Author Comment

by:NetAdmin_UK
ID: 10918648
Yes we need to control individual access between sites. Plus Company policy says we must use these IP's.
We were considering a router but I have read that a 'Layer 3' switch (which is what all  our switches are) operates the same as a router so I figured this would be the best option.
0
 
LVL 9

Accepted Solution

by:
jamesreddy earned 125 total points
ID: 10918710
Ummm...no...not really.  Layer 3 routers are not the same as routers at all.  Yes, they can be used to combine subnets, but over a WAN link?   That's a major security risk....

In any event, I found the following article on EE that seems to agree with that assessment (yours, that is).  Given the information I get from here, I am inclined to believe that the Layer 3 switch would suit your purposes.  We have layer 3 switches here and I have found them effective at combining subnets, but I would never endanger my network by using it over a WAN link.

http://www.experts-exchange.com/Hardware/Routers/Q_20868261.html

Just my opinion...but here is the link to the article.

James
0
 

Author Comment

by:NetAdmin_UK
ID: 10918901
Okay so Switch should do the job. Not sure I understanf your concern about WAN but this is for internal routing only (within the building) nothing to do with the External WAN link. So didn't think it should be an issue.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10919157
Anything with a public address is subject to security risks...a public address is usually accessible by other means.  For example, when users use the internet, since they all have public IPs, that information is easily identified and opens up your network to a host of security issues.  I router/firewall combo can stop that stuff dead in its tracks.  The Windows XP firewalls should be enabled at a MINIMUM, but it isn't all that effective.

Understand, I used to work for the U.S. Air Force in security, so security is something I get pretty crazy about.  Your network would give me a heart attack, the way it is set up!  :)

So once again...the switch will likely do the trick, but I still highly recommend a router/firewall.

James
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:NetAdmin_UK
ID: 10919348
We are behind our own firewall. Which is in turn behind the Company firewall so don't think it will be an issue.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10919445
Ok...then nevermind!  :)  Layer 3 switch should do the trick then.
0
 

Author Comment

by:NetAdmin_UK
ID: 10919775
I understand that if we were trying to bridge to separate segments on a network you would bridge 2 ports on the connecting switch. But in my case we are bridging 2 subnets all on the same physical LAN. Can you shed any light on how this is done or am I pushing my luck?
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10919894
What kind of L3 switch do you have?  Make/model.
0
 
LVL 4

Expert Comment

by:kreaganoutsourceditbiz
ID: 10970278
OK, new to the discussion here.

Back to your original question, should you use the server or the switch to do the routing?  I would use the switch, otherwise, when you take your server down, you also literally take your network down.  Modular is good.

OK, here is my take on the subject....

If my workstation needs to communicate with another IP address, it takes that IP address and determines if it is on the same subnet.  If not, it then forwards the request to the default gateway.  The default gateway is then responsible for delivery.  The default gateway then uses a very similar process to determine what to do with the packet.

So, you need a router or a switch with routing functions.  In either case you will need to have two IP Addresses assigned to the device - one from each internal subnet.  It will know what to do with the packet.

The Intel web site has a short page descibing a Layer 3 switch.  It is short and helpful.  I may help you with your needs.

http://support.intel.com/support/express/switches/10/23364.htm
0
 

Author Comment

by:NetAdmin_UK
ID: 11029416
Thanks for the link. We have been given another suggestion which may sort the problem without the need for using a switch or Router.
As we have the two subnets 101.1.9.0 and 101.1.12.0 are thinking about just changing the subnet mask to 255.255.0.0 instead of 255.255.255.0. this seems to work in a test scenario we set up ( i didn't think it would because the way I understand this should not allow any traffic to go outside our network which is on 106.1.x.x) but everything seems okay. I'm sure there will be some disadvantages to doing it this way (maybe speed in finding address which is external?) and just trying to find out about them before implementing it.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 11030976
there are some fairly major impacts of what you're planning to do.

If you change your mask to 255.255.0.0, then you will never be able to communicate with anyone who's public IP addresses are 101.1.1, 101.1.2, 101.1.3....basically anyone on the 101.1 range who's not you. So...if you can't visit certain websites, can send/receive email from certain companies...that will be why.

You *can* change the mask to do what's called 'supernetting' but you need to have a block of contiguous address ranges - which you don't. There's no subnet mask that will work for only .9 and .12 and no other networks.

I really wouldn't do this if I were you.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now