Solved

Please help Solve my Confusion

Posted on 2004-08-21
19
385 Views
Last Modified: 2008-02-01
Hi,
This is Driving me Nuts, Please help me understand it. I am a Developer Not a Network Admin. So Please help me understand the basics.

In My Company We have Two Networks.

Network One has the Following IP Scheme 192.168.0.* with the default GateWay of 192.168.0.1 for Cleints.
Network Two has Following IP Scheme 192.168.2.* with the default GateWay of 192.168.2.1 for Clients.

These Two Networks are Connected with their Own Routers And Switches. (2 Different ISP's)

Now My Questions.

1 - This Means We have Two Subnets in the Company, if yes then Explain how. (Not sure about subneting)
2 - is there a Way we can connect these Two Networks Together? so Clients on Both Networks can see each other.? I dont want to change any IP Setting on Router.
3. I Think with the Class C, I cant Connect more then 254 Clients, what if we have 1000+ Clients?

I would highly Appericate if someone can Help me Understanding these Concepts.

Thanks
0
Comment
Question by:sky82
  • 7
  • 5
  • 3
  • +2
19 Comments
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 150 total points
Comment Utility
1 - This Means We have Two Subnets in the Company, if yes then Explain how. (Not sure about subneting)

yes, you have two separated subnets, each of them has their own private IP addresses, both of them use their own routers connect to the internet.

2 - is there a Way we can connect these Two Networks Together? so Clients on Both Networks can see each other.? I dont want to change any IP Setting on Router.

VPN solution is suitable at here, this will make the two private networks visible to each other over the channel (another subnet) established by VPN technology. of course, your two routers should support VPN (PPTP or L2TP). without VPN, commonly there is NO proper way to connect the two private networks except the two ISPs can establish a dedicated network/channel for your two sites.

3. I Think with the Class C, I cant Connect more then 254 Clients, what if we have 1000+ Clients?

yes, with class C network, you can have 254 hosts (253 clients, 1 rotuer) for each network. if you want to expand the network for supporting more than 1000 clients, you need multiple class C subnets. by changing the network mask from 255.255.255.0 (24bit) to 255.255.248.0 (21bit), you can support 2000+ clients.

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
moreover, if one of your above netowrks (192.168.0.x, 192.168.2.x) needs to be expanded to support 1000+ clients. at least one network of them should change its IP addressing, because 192.168.0.0/255.255.248.0 will cover the addressing scope of both 192.168.0.0/255.255.255.0 and 192.168.2.0/255.255.255.0. just for your reference.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
another open question in this TA is discussing a similar issue, just for your reference:
http://www.experts-exchange.com/Networking/Q_21101319.html
0
 

Expert Comment

by:Crazy_Penguins
Comment Utility
The 2 networks should be able to see one another if you set the subnet on the computers (or dhcp server) to 255.255.0.0 - this will 'unmask' the last 2 octs of the IP addresses and allow you to communicate with 192.168.XXX.XXX from both networks.

VPN may or maynot be a good thing, as encripting everything takes cpu time and more bandwidth.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> These Two Networks are Connected with their Own Routers And Switches. (2 Different ISP's)

Crazy_Penguins, i think the two private networks are separated by the internet, so i prefer the VPN solution.
sky82 , am i right?
0
 

Expert Comment

by:Crazy_Penguins
Comment Utility
I see what you are saying; I think I just misread what the issue was.

Yes I agree a VPN solution would do nicely here.
0
 

Author Comment

by:sky82
Comment Utility
> VPN solution is suitable at here.
We have Netgear ProSafe Firewall/Routers. will it do the Trick?

 > by changing the network mask from 255.255.255.0 (24bit) to 255.255.248.0 (21bit), you can support 2000+ clients.

Lets Say I want to Expand 192.168.0.* Subnet, So for all the Clients I will use 255.255.0.0 Subnet Mask. And I would  Assign IP's to Clients(What Syntax?), So far i am been assigning like 192.168.0.*.

 > i think the two private networks are separated by the internet, so i prefer the VPN solution.
sky82 , am i right?

Absolutely Yes. Router 1 has 192.168.0.1(DSL) GateWay and Router 2 has 192.168.2.1(CABLE) GateWay Address.

Crazy_Penguins , in which Case I should be using 255.255.0.0 Subnet Mask, Why Cant I use it in my case?

What the main different b/w Subnet Mask and Subneting.

Thanks

Increasing Points...

0
 

Author Comment

by:sky82
Comment Utility
bbao your Second Comment is starting to make Sense now.

if I have a Subnet Mask of 255.255.255.0 Last octet is Zero this means 254 Hosts.
And if we change the Mask to 255.255.254.0 This Means I can have 254 * 2 Hosts?
and if i use subnet Mask of 255.255.254 for 192.168.0.* Network, I can have 508 Hosts and I dont have to change any IP settings on the Router having IP Scheme of 192.168.2.*.
Please Tell me if I am correct.
But I am still confusd about the Concept of Subnet and Subnet Mask.

Thanks
0
 

Assisted Solution

by:Crazy_Penguins
Crazy_Penguins earned 50 total points
Comment Utility
I am sorry for adding confusion to the issue,

Changing your subnet as I stated above would only work if your 2 ‘networks’ were on the same ‘physical’ hard-wired network running on the same set of switches.  I have seen where people inadvertently created 2 ‘virtual’ networks on the same ‘physical’ network by using dual routers, dual gateways, with slightly different IP schemes. Fixing this typically consisted of changing the subnet (also called ‘subnet mask’ because it masks other computers from/to you) to allow unmasking a broader range of IP’s.  However, because your two networks are split by the (public) internet seeing all the IP’s in the world behind your router won’t do a bit of good.  So what bbao and I are saying is that a VPN (Virtual Privet Network) would be right for you, the allowing a small (private) tunnel across the (public) internet.  The options open for you for VPN’s are limitless, everything from the W2K / W2K3 Client, which can be used for laptops and such – or for a permanent connection to another W2K / W2K3 server – to the high(er) end Sonic Wall series.  Both types can have just a handful of single clients or a ‘Remote Office’ connection.

Hope this helps,

Crazy_Penguins
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 15

Accepted Solution

by:
adamdrayer earned 200 total points
Comment Utility
Here's the skinny on TCP/IP and subnetting: (I'm repeating some things that have already said, and I apologize)

A TCP/IP address is made up of four numbers seperated by dots.  each number can range from 0 to 255.  This is because it is made of of 8 binary values.  If you string them all together you get 32 binary values (1 or 0).  In all networks, a portion of these 32 binary values will be the same for all computers on your "network" and the rest will be specific to each computer.  The amount of binary values that are allotted to each is defined by thte subnet mask.

For example:
a subnet mask of 255.255.255.0 is 11111111.11111111.11111111.00000000

This means that the first 24 bits of a TCP/IP address represent the network, and the last 8 represent the host.  This leaves only enough addresses for 254 different computers.  

By changing the mask to 255.255.248.0 (11111111.11111111.11111000.00000000)
You allow over 2000 different host address combinations.


TCP/IP assumes that it can communicate directly with any address on it's network.  If it comes across an address that is NOT on it's network, it doesn't even attempt to communicate with the destination but rather passes the communication to it's gateway (which has to be on the network).

What this means to you is that if you redefine the subnet mask to 255.255.248.0, then your computers will assume that 192.168.0.xxx and 192.168.2.xxx are on the same network, because you are saying with 255.255.248.0 is the subnet mask and therefore the network is defined by the first 21 binary values.  Which in this case would be the same.  The computers would try and contact each other directly and never pass the communication to other machines(gateways) to route.
0
 

Author Comment

by:sky82
Comment Utility
Excellant Concept of Subnet Mask by adamdrayer. So Basicly Subnet Mask is something Like a Mask for the Network Machines.

So if my Router 1 has IP of 192.168.0.1 and Clients have Subnet Mask for this network is 255.255.0.0
And Router 2 has Ip of 192.168.2.0  and Subnet Mask 255.255.0.0 For Clients(Same as Router 1).

And if I Link these routers together by a Cable Why Cant they see each other. And I will divide Gateways among my machines. Subnet mask is same for all machines. Why?

Thanks
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> We have Netgear ProSafe Firewall/Routers. will it do the Trick?

ProSafe Firewall/VPN - model FVS318
ProSafe Firewall/VPN - model FVL328
ProSafe Firewall/VPN - model FVM318
ProSafe Firewall/VPN - model FWAG114

exactly speaking, if you have one of above models, you can establish a VPN tunnel to connect the separated private networks. their differences are the maximum VPN tunnels supported, if we compare them from the point of VPN view.

if you want to connect the two isolated networks throught the internet, two things you should consider:

1) if you have FIXED public IP address assigned by your ISPs for both sites? since you are using DSL and CABLE lines, you might have no permanent link to the internet, using dynamic IP addresses instead.

2) if you have two private networks that is reachable (routable) to each other? since you have deployed two private networks (192.168.0.0/24 and 192.168.2.0/24) at each site, and want to expand one of them to support 1000+ network clients, you should face an overlay issue of IP addressing. i have mentioned this in my 2nd comment. btw, /24 here refers 24 bit of network mask.

one solution is to deploy another IP addressing space at one site, e.g. 192.168.128.0/255.255.248.0 (21bit) for up to 2046 network clients.

> in which Case I should be using 255.255.0.0 Subnet Mask, Why Cant I use it in my case?

if you have (or will have) more than 510 clients working on the same network, and you are NOT sure how the network will be expanded in the future (of course, less than 65534 clients), and you want to simiplify your IP addressing, you can just SIMPLELY use class B addressing, which use 255.255.0.0 as its subnet mask.

commonly, some administrators like to divid a big class-B network into multiple subnets in different sizes, some of them are bigger than class-C, some of them are even smaller than class-C, according to different divisions, business functions or people's roles. you may see my another answer related to this issue at:

http://www.experts-exchange.com/Networking/WinNT_Networking/Q_21073012.html

> if I have a Subnet Mask of 255.255.255.0 Last octet is Zero this means 254 Hosts.
> And if we change the Mask to 255.255.254.0 This Means I can have 254 * 2 Hosts?

YES

> and if i use subnet Mask of 255.255.254 for 192.168.0.* Network, I can have 508 Hosts and I dont have to change any IP settings on the Router having IP Scheme of 192.168.2.*.

YES, but the router's network mask should be changed to 255.255.254.0, otherwise, only half part of the netowrk clients can access the internet or another sites.

> So if my Router 1 has IP of 192.168.0.1 and Clients have Subnet Mask for this network is 255.255.0.0
> And Router 2 has Ip of 192.168.2.0  and Subnet Mask 255.255.0.0 For Clients(Same as Router 1).

the two networks can not see each other because their own BIG network mask (255.255.0.0) is telling themself that "192.168.2.x or 192.168.1.x is a local computer, you dont need to send the package to the router." in fact, from the viewpoint of IP addressing, not the viewpoint of your physical networks, the network 192.168.2.0/255.255.0.0 is only a part of the netowork 192.168.0.0/255.255.0.0, so there is an OVERLAY at here.

> And if I Link these routers together by a Cable Why Cant they see each other.
> And I will divide Gateways among my machines. Subnet mask is same for all machines. Why?

1) you need a VPN tunnle to connect the two networks at different geographical locations if you have NO dedicated media, except the public network (the internet), between the two sites.
2) their addresses overlaps with each other, so you canNOT see each other even you locally connect the two routers.

hope it helps,
bbao
0
 
LVL 3

Expert Comment

by:iwontleaveyou
Comment Utility
I agree with bbao,
what ever he has suggested is the ultimate solution and whatever discussed here is also good,

Well As far as a VPN solution is concerned, I will go for KERIO WINROUTE FIREWALL s/w

I havn't used Netgear ProSafe Firewall/Routers, But have worked on KERIO WINROUTE.

you just need to install a copy of kerio winroute on two machines , one on each network, then configure it for VPN.
configure your clients with the winroute machine to use as default gateway.Same on other subnet.

Then configure both winroutes for server-to-server VPN configuration. In this case your clients dont need to do the VPN rather your winroute servers will do VPN with each other across the INTERNET. thats secure also.

you can get a trial for winroute from http:\\www.kerio.com

You can read the Online manual for the same and decide whether to use it or not.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
additional explanations to my last comment:

> one solution is to deploy another IP addressing space at one site, e.g. 192.168.128.0/255.255.248.0 (21bit) for up to 2046 network clients.

if you have definitely NO up to 510 network clients for each site in the future, you may consider to reduce the size of each network, so the following IP addressing plan should be feasible:

IP subnet for site A: 192.168.0.0/255.255.254.0 (25 bits for network mask)
IP subnet for site B: 192.168.2.0/255.255.254.0 (25 bits for network mask)

[192.168.0.0/25] <-> router A <-> [1.1.1.0/24] <-> router B <-> [192.168.2.0/25]
                            ^              ^                           ^                ^
                    192.168.0.1    1.1.1.1                   1.1.1.2       192.168.2.1
                                            IP1                         IP2

192.168.0.1 and 192.168.2.1 refer the default gateways of site A and B
1.1.1.0/24 refer the subnet for inter-connecting the two sites, if you connect the two sites via VPN, this refer the subnet for VPN tunnel.
1.1.1.1 and 1.1.1.2 refer the gateways of inter-connecting the two sites, used for VPN or direct connection.
IP1 and IP2 refer the public IP addresses on the external interfaces of the two routers exposed on the internet.

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
iwontleaveyou, thanks for your comment. you posted a server based VPN solution, what i would additionally say is that, the client computers need to add a route to their local routing tables, like this:

for site A, assume the VPN server is 192.168.0.2, the client computers should run this command:
route add 192.168.2.0 mask 255.255.254.0 192.168.0.2 metric 1

for site B, assume the VPN server is 192.168.2.2, the client computers should run this command:
route add 192.168.1.0 mask 255.255.254.0 192.168.2.2 metric 1

the client computers certainly may just need to simply change their default gateway to the VPN servers 192.168.0.2 or 192.168.2.2, if the VPN servers can also route/forward the other requests to the internet.

cheers,
bbao
0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
>>So if my Router 1 has IP of 192.168.0.1 and Clients have Subnet Mask for this network is 255.255.0.0
>>And Router 2 has Ip of 192.168.2.0  and Subnet Mask 255.255.0.0 For Clients(Same as Router 1).

As mentioned this will not work.  The subnet mask of 255.255.0.0 would define the network as 192.168.xxx.xxx  Both the above-mentioned address ranges fall into this subnet, and would be considered to be on the same network.  You need to specify address ranges and subnet masks for both networks so that each host can determine immediately whether the destination IP is on its own network, or a different one.
0
 

Author Comment

by:sky82
Comment Utility
Thanks for the Great Comments @bbao@ adamdrayer

 > The subnet mask of 255.255.0.0 would define the network as 192.168.xxx.xxx  Both the above-mentioned address ranges fall into this subnet, and would be considered to be on the same network.

Basicly thats what i want both on the same Network. But like you guys said. it will not work because they are connected with their OWN ISP's.

for now I would like to stay away from VPN solution. All I need to do is have around 500 Clients for now.
I dont want to touch the 192.168.2.1 Network. I would like to  have additional Clients in 192.168.0.1 Network.

if I change the subnet mask to 255.255.254.0 for 192.168.0.1 Network I believe I can have 500+ Clients in it. but What scheme I should be using for 192.168.0.1 Network ater modifying Subnet Mask.

Example

192.168.0.2 - 192.168.0.254 AND
192.168.1.0 - 192.168.1.254

is it Correct?

Can I also use 192.168.3.0 - 192.168.3.254, instead of 192.168.1.0 - 192.168.1.254?

Thanks, you guys are very helpfull

0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility

>>192.168.0.2 - 192.168.0.254 AND
>>192.168.1.0 - 192.168.1.254

is kinda right.  It should be this:

192.168.0.1 - 192.168.0.255 AND
192.168.1.1 - 192.168.0.254

Using 0's at the very end of an address usually signifies a "network".  Alot of equipment won't except this as a host address.  Like I write 192.168.1.xxx, but some people would call this the "192.168.1.0 network".  Also the very last address in  a subnet is used for broadcasts.  This is why normally with a 24-bit subnet mask, that you only have the last octet range from 1-254.  That's because the 255 address is used for broadcasts.  with a 23-bit subnet mask as you are describing, the 192.168.0.255 is a perfectly good address and the 192.168.1.254 is the last usuable host address.

I would not use a 23-bit subnet-mask for 500 computrers.  That is dangerous.  You want to have double the amount of IP addresses than you need.  Especially if you are using DHCP.

>>Basicly thats what i want both on the same Network
Well, you want to route between two different networks.  When we talk about networks and subnets we are talking about devices that are within the same layer2 broadcast domain.  Usually this means computers that are physically connected to the same hub or switch.  Once you start using routers or the internet(a series of routers), then you are describing communicating between two different networks.  I know sometimes a company considers their "network" to be the sum of all their communications, but this isn't particularly so.  This is more the description of an infrastructire.

Also know that simply selected the correct IP addressing scheme and correct subnet masks is only part of the solution.  You will then need to setup routers and/or VPN clients/servers to handle traffic.  You will need to configure them to explicitly route certain packets headed to certain destinations a certain way.

>>for now I would like to stay away from VPN solution.
Any solution where you will be connecting two networks through a portion of a public network(intrenet) is considered a "virtual private network".  If you go this route, you will definately need to study up on VPN security or get someone to help you out.
0
 

Author Comment

by:sky82
Comment Utility
all of you are really experienced Networking Guru's. I appericate your Help.
I learned alot from this Thread.
Now I also need to get a Good Book to Learn More.

Thanks guys, I think Points dont mean anything for this great help, you have my respect:)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now