Solved

Please help Solve my Confusion

Posted on 2004-08-21
19
397 Views
Last Modified: 2008-02-01
Hi,
This is Driving me Nuts, Please help me understand it. I am a Developer Not a Network Admin. So Please help me understand the basics.

In My Company We have Two Networks.

Network One has the Following IP Scheme 192.168.0.* with the default GateWay of 192.168.0.1 for Cleints.
Network Two has Following IP Scheme 192.168.2.* with the default GateWay of 192.168.2.1 for Clients.

These Two Networks are Connected with their Own Routers And Switches. (2 Different ISP's)

Now My Questions.

1 - This Means We have Two Subnets in the Company, if yes then Explain how. (Not sure about subneting)
2 - is there a Way we can connect these Two Networks Together? so Clients on Both Networks can see each other.? I dont want to change any IP Setting on Router.
3. I Think with the Class C, I cant Connect more then 254 Clients, what if we have 1000+ Clients?

I would highly Appericate if someone can Help me Understanding these Concepts.

Thanks
0
Comment
Question by:sky82
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +2
19 Comments
 
LVL 37

Assisted Solution

by:bbao
bbao earned 150 total points
ID: 11862980
1 - This Means We have Two Subnets in the Company, if yes then Explain how. (Not sure about subneting)

yes, you have two separated subnets, each of them has their own private IP addresses, both of them use their own routers connect to the internet.

2 - is there a Way we can connect these Two Networks Together? so Clients on Both Networks can see each other.? I dont want to change any IP Setting on Router.

VPN solution is suitable at here, this will make the two private networks visible to each other over the channel (another subnet) established by VPN technology. of course, your two routers should support VPN (PPTP or L2TP). without VPN, commonly there is NO proper way to connect the two private networks except the two ISPs can establish a dedicated network/channel for your two sites.

3. I Think with the Class C, I cant Connect more then 254 Clients, what if we have 1000+ Clients?

yes, with class C network, you can have 254 hosts (253 clients, 1 rotuer) for each network. if you want to expand the network for supporting more than 1000 clients, you need multiple class C subnets. by changing the network mask from 255.255.255.0 (24bit) to 255.255.248.0 (21bit), you can support 2000+ clients.

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:bbao
ID: 11863112
moreover, if one of your above netowrks (192.168.0.x, 192.168.2.x) needs to be expanded to support 1000+ clients. at least one network of them should change its IP addressing, because 192.168.0.0/255.255.248.0 will cover the addressing scope of both 192.168.0.0/255.255.255.0 and 192.168.2.0/255.255.255.0. just for your reference.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11863147
another open question in this TA is discussing a similar issue, just for your reference:
http://www.experts-exchange.com/Networking/Q_21101319.html
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:Crazy_Penguins
ID: 11863582
The 2 networks should be able to see one another if you set the subnet on the computers (or dhcp server) to 255.255.0.0 - this will 'unmask' the last 2 octs of the IP addresses and allow you to communicate with 192.168.XXX.XXX from both networks.

VPN may or maynot be a good thing, as encripting everything takes cpu time and more bandwidth.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11863660
> These Two Networks are Connected with their Own Routers And Switches. (2 Different ISP's)

Crazy_Penguins, i think the two private networks are separated by the internet, so i prefer the VPN solution.
sky82 , am i right?
0
 

Expert Comment

by:Crazy_Penguins
ID: 11863709
I see what you are saying; I think I just misread what the issue was.

Yes I agree a VPN solution would do nicely here.
0
 

Author Comment

by:sky82
ID: 11864777
> VPN solution is suitable at here.
We have Netgear ProSafe Firewall/Routers. will it do the Trick?

 > by changing the network mask from 255.255.255.0 (24bit) to 255.255.248.0 (21bit), you can support 2000+ clients.

Lets Say I want to Expand 192.168.0.* Subnet, So for all the Clients I will use 255.255.0.0 Subnet Mask. And I would  Assign IP's to Clients(What Syntax?), So far i am been assigning like 192.168.0.*.

 > i think the two private networks are separated by the internet, so i prefer the VPN solution.
sky82 , am i right?

Absolutely Yes. Router 1 has 192.168.0.1(DSL) GateWay and Router 2 has 192.168.2.1(CABLE) GateWay Address.

Crazy_Penguins , in which Case I should be using 255.255.0.0 Subnet Mask, Why Cant I use it in my case?

What the main different b/w Subnet Mask and Subneting.

Thanks

Increasing Points...

0
 

Author Comment

by:sky82
ID: 11864855
bbao your Second Comment is starting to make Sense now.

if I have a Subnet Mask of 255.255.255.0 Last octet is Zero this means 254 Hosts.
And if we change the Mask to 255.255.254.0 This Means I can have 254 * 2 Hosts?
and if i use subnet Mask of 255.255.254 for 192.168.0.* Network, I can have 508 Hosts and I dont have to change any IP settings on the Router having IP Scheme of 192.168.2.*.
Please Tell me if I am correct.
But I am still confusd about the Concept of Subnet and Subnet Mask.

Thanks
0
 

Assisted Solution

by:Crazy_Penguins
Crazy_Penguins earned 50 total points
ID: 11865357
I am sorry for adding confusion to the issue,

Changing your subnet as I stated above would only work if your 2 ‘networks’ were on the same ‘physical’ hard-wired network running on the same set of switches.  I have seen where people inadvertently created 2 ‘virtual’ networks on the same ‘physical’ network by using dual routers, dual gateways, with slightly different IP schemes. Fixing this typically consisted of changing the subnet (also called ‘subnet mask’ because it masks other computers from/to you) to allow unmasking a broader range of IP’s.  However, because your two networks are split by the (public) internet seeing all the IP’s in the world behind your router won’t do a bit of good.  So what bbao and I are saying is that a VPN (Virtual Privet Network) would be right for you, the allowing a small (private) tunnel across the (public) internet.  The options open for you for VPN’s are limitless, everything from the W2K / W2K3 Client, which can be used for laptops and such – or for a permanent connection to another W2K / W2K3 server – to the high(er) end Sonic Wall series.  Both types can have just a handful of single clients or a ‘Remote Office’ connection.

Hope this helps,

Crazy_Penguins
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 200 total points
ID: 11865805
Here's the skinny on TCP/IP and subnetting: (I'm repeating some things that have already said, and I apologize)

A TCP/IP address is made up of four numbers seperated by dots.  each number can range from 0 to 255.  This is because it is made of of 8 binary values.  If you string them all together you get 32 binary values (1 or 0).  In all networks, a portion of these 32 binary values will be the same for all computers on your "network" and the rest will be specific to each computer.  The amount of binary values that are allotted to each is defined by thte subnet mask.

For example:
a subnet mask of 255.255.255.0 is 11111111.11111111.11111111.00000000

This means that the first 24 bits of a TCP/IP address represent the network, and the last 8 represent the host.  This leaves only enough addresses for 254 different computers.  

By changing the mask to 255.255.248.0 (11111111.11111111.11111000.00000000)
You allow over 2000 different host address combinations.


TCP/IP assumes that it can communicate directly with any address on it's network.  If it comes across an address that is NOT on it's network, it doesn't even attempt to communicate with the destination but rather passes the communication to it's gateway (which has to be on the network).

What this means to you is that if you redefine the subnet mask to 255.255.248.0, then your computers will assume that 192.168.0.xxx and 192.168.2.xxx are on the same network, because you are saying with 255.255.248.0 is the subnet mask and therefore the network is defined by the first 21 binary values.  Which in this case would be the same.  The computers would try and contact each other directly and never pass the communication to other machines(gateways) to route.
0
 

Author Comment

by:sky82
ID: 11867237
Excellant Concept of Subnet Mask by adamdrayer. So Basicly Subnet Mask is something Like a Mask for the Network Machines.

So if my Router 1 has IP of 192.168.0.1 and Clients have Subnet Mask for this network is 255.255.0.0
And Router 2 has Ip of 192.168.2.0  and Subnet Mask 255.255.0.0 For Clients(Same as Router 1).

And if I Link these routers together by a Cable Why Cant they see each other. And I will divide Gateways among my machines. Subnet mask is same for all machines. Why?

Thanks
0
 
LVL 37

Expert Comment

by:bbao
ID: 11867755
> We have Netgear ProSafe Firewall/Routers. will it do the Trick?

ProSafe Firewall/VPN - model FVS318
ProSafe Firewall/VPN - model FVL328
ProSafe Firewall/VPN - model FVM318
ProSafe Firewall/VPN - model FWAG114

exactly speaking, if you have one of above models, you can establish a VPN tunnel to connect the separated private networks. their differences are the maximum VPN tunnels supported, if we compare them from the point of VPN view.

if you want to connect the two isolated networks throught the internet, two things you should consider:

1) if you have FIXED public IP address assigned by your ISPs for both sites? since you are using DSL and CABLE lines, you might have no permanent link to the internet, using dynamic IP addresses instead.

2) if you have two private networks that is reachable (routable) to each other? since you have deployed two private networks (192.168.0.0/24 and 192.168.2.0/24) at each site, and want to expand one of them to support 1000+ network clients, you should face an overlay issue of IP addressing. i have mentioned this in my 2nd comment. btw, /24 here refers 24 bit of network mask.

one solution is to deploy another IP addressing space at one site, e.g. 192.168.128.0/255.255.248.0 (21bit) for up to 2046 network clients.

> in which Case I should be using 255.255.0.0 Subnet Mask, Why Cant I use it in my case?

if you have (or will have) more than 510 clients working on the same network, and you are NOT sure how the network will be expanded in the future (of course, less than 65534 clients), and you want to simiplify your IP addressing, you can just SIMPLELY use class B addressing, which use 255.255.0.0 as its subnet mask.

commonly, some administrators like to divid a big class-B network into multiple subnets in different sizes, some of them are bigger than class-C, some of them are even smaller than class-C, according to different divisions, business functions or people's roles. you may see my another answer related to this issue at:

http://www.experts-exchange.com/Networking/WinNT_Networking/Q_21073012.html

> if I have a Subnet Mask of 255.255.255.0 Last octet is Zero this means 254 Hosts.
> And if we change the Mask to 255.255.254.0 This Means I can have 254 * 2 Hosts?

YES

> and if i use subnet Mask of 255.255.254 for 192.168.0.* Network, I can have 508 Hosts and I dont have to change any IP settings on the Router having IP Scheme of 192.168.2.*.

YES, but the router's network mask should be changed to 255.255.254.0, otherwise, only half part of the netowrk clients can access the internet or another sites.

> So if my Router 1 has IP of 192.168.0.1 and Clients have Subnet Mask for this network is 255.255.0.0
> And Router 2 has Ip of 192.168.2.0  and Subnet Mask 255.255.0.0 For Clients(Same as Router 1).

the two networks can not see each other because their own BIG network mask (255.255.0.0) is telling themself that "192.168.2.x or 192.168.1.x is a local computer, you dont need to send the package to the router." in fact, from the viewpoint of IP addressing, not the viewpoint of your physical networks, the network 192.168.2.0/255.255.0.0 is only a part of the netowork 192.168.0.0/255.255.0.0, so there is an OVERLAY at here.

> And if I Link these routers together by a Cable Why Cant they see each other.
> And I will divide Gateways among my machines. Subnet mask is same for all machines. Why?

1) you need a VPN tunnle to connect the two networks at different geographical locations if you have NO dedicated media, except the public network (the internet), between the two sites.
2) their addresses overlaps with each other, so you canNOT see each other even you locally connect the two routers.

hope it helps,
bbao
0
 
LVL 3

Expert Comment

by:iwontleaveyou
ID: 11867832
I agree with bbao,
what ever he has suggested is the ultimate solution and whatever discussed here is also good,

Well As far as a VPN solution is concerned, I will go for KERIO WINROUTE FIREWALL s/w

I havn't used Netgear ProSafe Firewall/Routers, But have worked on KERIO WINROUTE.

you just need to install a copy of kerio winroute on two machines , one on each network, then configure it for VPN.
configure your clients with the winroute machine to use as default gateway.Same on other subnet.

Then configure both winroutes for server-to-server VPN configuration. In this case your clients dont need to do the VPN rather your winroute servers will do VPN with each other across the INTERNET. thats secure also.

you can get a trial for winroute from http:\\www.kerio.com

You can read the Online manual for the same and decide whether to use it or not.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11868042
additional explanations to my last comment:

> one solution is to deploy another IP addressing space at one site, e.g. 192.168.128.0/255.255.248.0 (21bit) for up to 2046 network clients.

if you have definitely NO up to 510 network clients for each site in the future, you may consider to reduce the size of each network, so the following IP addressing plan should be feasible:

IP subnet for site A: 192.168.0.0/255.255.254.0 (25 bits for network mask)
IP subnet for site B: 192.168.2.0/255.255.254.0 (25 bits for network mask)

[192.168.0.0/25] <-> router A <-> [1.1.1.0/24] <-> router B <-> [192.168.2.0/25]
                            ^              ^                           ^                ^
                    192.168.0.1    1.1.1.1                   1.1.1.2       192.168.2.1
                                            IP1                         IP2

192.168.0.1 and 192.168.2.1 refer the default gateways of site A and B
1.1.1.0/24 refer the subnet for inter-connecting the two sites, if you connect the two sites via VPN, this refer the subnet for VPN tunnel.
1.1.1.1 and 1.1.1.2 refer the gateways of inter-connecting the two sites, used for VPN or direct connection.
IP1 and IP2 refer the public IP addresses on the external interfaces of the two routers exposed on the internet.

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:bbao
ID: 11868159
iwontleaveyou, thanks for your comment. you posted a server based VPN solution, what i would additionally say is that, the client computers need to add a route to their local routing tables, like this:

for site A, assume the VPN server is 192.168.0.2, the client computers should run this command:
route add 192.168.2.0 mask 255.255.254.0 192.168.0.2 metric 1

for site B, assume the VPN server is 192.168.2.2, the client computers should run this command:
route add 192.168.1.0 mask 255.255.254.0 192.168.2.2 metric 1

the client computers certainly may just need to simply change their default gateway to the VPN servers 192.168.0.2 or 192.168.2.2, if the VPN servers can also route/forward the other requests to the internet.

cheers,
bbao
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11869042
>>So if my Router 1 has IP of 192.168.0.1 and Clients have Subnet Mask for this network is 255.255.0.0
>>And Router 2 has Ip of 192.168.2.0  and Subnet Mask 255.255.0.0 For Clients(Same as Router 1).

As mentioned this will not work.  The subnet mask of 255.255.0.0 would define the network as 192.168.xxx.xxx  Both the above-mentioned address ranges fall into this subnet, and would be considered to be on the same network.  You need to specify address ranges and subnet masks for both networks so that each host can determine immediately whether the destination IP is on its own network, or a different one.
0
 

Author Comment

by:sky82
ID: 11871187
Thanks for the Great Comments @bbao@ adamdrayer

 > The subnet mask of 255.255.0.0 would define the network as 192.168.xxx.xxx  Both the above-mentioned address ranges fall into this subnet, and would be considered to be on the same network.

Basicly thats what i want both on the same Network. But like you guys said. it will not work because they are connected with their OWN ISP's.

for now I would like to stay away from VPN solution. All I need to do is have around 500 Clients for now.
I dont want to touch the 192.168.2.1 Network. I would like to  have additional Clients in 192.168.0.1 Network.

if I change the subnet mask to 255.255.254.0 for 192.168.0.1 Network I believe I can have 500+ Clients in it. but What scheme I should be using for 192.168.0.1 Network ater modifying Subnet Mask.

Example

192.168.0.2 - 192.168.0.254 AND
192.168.1.0 - 192.168.1.254

is it Correct?

Can I also use 192.168.3.0 - 192.168.3.254, instead of 192.168.1.0 - 192.168.1.254?

Thanks, you guys are very helpfull

0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11871610

>>192.168.0.2 - 192.168.0.254 AND
>>192.168.1.0 - 192.168.1.254

is kinda right.  It should be this:

192.168.0.1 - 192.168.0.255 AND
192.168.1.1 - 192.168.0.254

Using 0's at the very end of an address usually signifies a "network".  Alot of equipment won't except this as a host address.  Like I write 192.168.1.xxx, but some people would call this the "192.168.1.0 network".  Also the very last address in  a subnet is used for broadcasts.  This is why normally with a 24-bit subnet mask, that you only have the last octet range from 1-254.  That's because the 255 address is used for broadcasts.  with a 23-bit subnet mask as you are describing, the 192.168.0.255 is a perfectly good address and the 192.168.1.254 is the last usuable host address.

I would not use a 23-bit subnet-mask for 500 computrers.  That is dangerous.  You want to have double the amount of IP addresses than you need.  Especially if you are using DHCP.

>>Basicly thats what i want both on the same Network
Well, you want to route between two different networks.  When we talk about networks and subnets we are talking about devices that are within the same layer2 broadcast domain.  Usually this means computers that are physically connected to the same hub or switch.  Once you start using routers or the internet(a series of routers), then you are describing communicating between two different networks.  I know sometimes a company considers their "network" to be the sum of all their communications, but this isn't particularly so.  This is more the description of an infrastructire.

Also know that simply selected the correct IP addressing scheme and correct subnet masks is only part of the solution.  You will then need to setup routers and/or VPN clients/servers to handle traffic.  You will need to configure them to explicitly route certain packets headed to certain destinations a certain way.

>>for now I would like to stay away from VPN solution.
Any solution where you will be connecting two networks through a portion of a public network(intrenet) is considered a "virtual private network".  If you go this route, you will definately need to study up on VPN security or get someone to help you out.
0
 

Author Comment

by:sky82
ID: 11873220
all of you are really experienced Networking Guru's. I appericate your Help.
I learned alot from this Thread.
Now I also need to get a Good Book to Learn More.

Thanks guys, I think Points dont mean anything for this great help, you have my respect:)
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question