Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Routing between two different subnets

Posted on 2004-04-26
14
Medium Priority
?
965 Views
Last Modified: 2010-03-18
I am running a Windows 2000 Server environment with Win 2000 and XP clients.
We have one physical network with a set of public IP address's e.g 101.1.9.1 - 101.1.9.254 we recently ran out of these address and so have been assigned another subnet 101.1.12.1 - 101.1.12.254. We wish to use both subnets but I am unsure of the best way to connect the two. We have a choice of either using one of our exiasting fileservers to do the routing or we have a Layer 3 switch which I have been told could possibly do it also.
Which would be the best solution to use - I have been told that using the server for routing may cause problems by putting to much load on the server.

Thanks

Andrew
0
Comment
Question by:NetAdmin_UK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 16

Expert Comment

by:JammyPak
ID: 10918441
Not exactly answering your question, but is there any reason why every machine needs to have a public address?

My recommendation would be to use private addressing...say, a Class B 10.1.x.x (giving you 65000+ addresses) and then use a firewall or proxy to access public sites on the 'net.

0
 

Author Comment

by:NetAdmin_UK
ID: 10918548
Unfortunately yes we have to have public IP's as we have a WAN link to other offices with access controlled by IP address.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10918600
You can use private IP's over a WAN environment.  I assume you have routers at each site?  If so, the routers can be set for the public IP addresses, and resolve all the clients to a single address...unless, of course, you're saying that you need to control individual computer access between sites, then I can see the need.  Perhaps some kind of control utilizing MAC addresses can be considered...?

To answer your question...you should purchase a router.  Doesn't have to be anything fancy, but it really is your best option for combining to seperate ranges.  It'll make administration easier down the road.  Some fairly inexpensive routers that would do the trick nicely for you are Netopia routers.  I've not had any problems with them...I prefer Cisco, of course, but you're looking at a cost issue there.

James
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:NetAdmin_UK
ID: 10918648
Yes we need to control individual access between sites. Plus Company policy says we must use these IP's.
We were considering a router but I have read that a 'Layer 3' switch (which is what all  our switches are) operates the same as a router so I figured this would be the best option.
0
 
LVL 9

Accepted Solution

by:
jamesreddy earned 375 total points
ID: 10918710
Ummm...no...not really.  Layer 3 routers are not the same as routers at all.  Yes, they can be used to combine subnets, but over a WAN link?   That's a major security risk....

In any event, I found the following article on EE that seems to agree with that assessment (yours, that is).  Given the information I get from here, I am inclined to believe that the Layer 3 switch would suit your purposes.  We have layer 3 switches here and I have found them effective at combining subnets, but I would never endanger my network by using it over a WAN link.

http://www.experts-exchange.com/Hardware/Routers/Q_20868261.html

Just my opinion...but here is the link to the article.

James
0
 

Author Comment

by:NetAdmin_UK
ID: 10918901
Okay so Switch should do the job. Not sure I understanf your concern about WAN but this is for internal routing only (within the building) nothing to do with the External WAN link. So didn't think it should be an issue.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10919157
Anything with a public address is subject to security risks...a public address is usually accessible by other means.  For example, when users use the internet, since they all have public IPs, that information is easily identified and opens up your network to a host of security issues.  I router/firewall combo can stop that stuff dead in its tracks.  The Windows XP firewalls should be enabled at a MINIMUM, but it isn't all that effective.

Understand, I used to work for the U.S. Air Force in security, so security is something I get pretty crazy about.  Your network would give me a heart attack, the way it is set up!  :)

So once again...the switch will likely do the trick, but I still highly recommend a router/firewall.

James
0
 

Author Comment

by:NetAdmin_UK
ID: 10919348
We are behind our own firewall. Which is in turn behind the Company firewall so don't think it will be an issue.
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10919445
Ok...then nevermind!  :)  Layer 3 switch should do the trick then.
0
 

Author Comment

by:NetAdmin_UK
ID: 10919775
I understand that if we were trying to bridge to separate segments on a network you would bridge 2 ports on the connecting switch. But in my case we are bridging 2 subnets all on the same physical LAN. Can you shed any light on how this is done or am I pushing my luck?
0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10919894
What kind of L3 switch do you have?  Make/model.
0
 
LVL 4

Expert Comment

by:kreaganoutsourceditbiz
ID: 10970278
OK, new to the discussion here.

Back to your original question, should you use the server or the switch to do the routing?  I would use the switch, otherwise, when you take your server down, you also literally take your network down.  Modular is good.

OK, here is my take on the subject....

If my workstation needs to communicate with another IP address, it takes that IP address and determines if it is on the same subnet.  If not, it then forwards the request to the default gateway.  The default gateway is then responsible for delivery.  The default gateway then uses a very similar process to determine what to do with the packet.

So, you need a router or a switch with routing functions.  In either case you will need to have two IP Addresses assigned to the device - one from each internal subnet.  It will know what to do with the packet.

The Intel web site has a short page descibing a Layer 3 switch.  It is short and helpful.  I may help you with your needs.

http://support.intel.com/support/express/switches/10/23364.htm
0
 

Author Comment

by:NetAdmin_UK
ID: 11029416
Thanks for the link. We have been given another suggestion which may sort the problem without the need for using a switch or Router.
As we have the two subnets 101.1.9.0 and 101.1.12.0 are thinking about just changing the subnet mask to 255.255.0.0 instead of 255.255.255.0. this seems to work in a test scenario we set up ( i didn't think it would because the way I understand this should not allow any traffic to go outside our network which is on 106.1.x.x) but everything seems okay. I'm sure there will be some disadvantages to doing it this way (maybe speed in finding address which is external?) and just trying to find out about them before implementing it.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 11030976
there are some fairly major impacts of what you're planning to do.

If you change your mask to 255.255.0.0, then you will never be able to communicate with anyone who's public IP addresses are 101.1.1, 101.1.2, 101.1.3....basically anyone on the 101.1 range who's not you. So...if you can't visit certain websites, can send/receive email from certain companies...that will be why.

You *can* change the mask to do what's called 'supernetting' but you need to have a block of contiguous address ranges - which you don't. There's no subnet mask that will work for only .9 and .12 and no other networks.

I really wouldn't do this if I were you.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question