Another Subnetting Question

Hi Guys,

I don't have any problem calculating the subnets at all. my problem is still I dont understand why we need to subnet.

Let's say our company has 2 branches and 1 HQ. Every Branch will have its own network and one router which will be connected to the router at the HQ. The router at the HQ is connected to the interface as well. And you ISP gave you one IP address for your HQ Router

PC --------- S
PC --------- W
PC --------- I
PC --------- T  ============== ROUTER 1
PC --------- C                                                   \
PC --------- H                                                    \
                                                                        \ ROUTER 3 ============== INTERNET
PC --------- S                                                     /
PC --------- W                                                   /
PC --------- I                                                    /
PC --------- T =============== ROUTER 2
PC --------- C
PC --------- H

Sorry for the drawing :)

anyway. Can't we just use 192.168.5.0/24 for network behind the router 1 and 192.168.6.0 for the network behind the router 2 and so on? do we have to to subnetting here?
bilgehanyildirimAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZabagaRCommented:
I think its fine the way you have it.  The 192.168.5.x network is under Router 1, the .6 network is under router 2.....
That's fine.

If you had all sites in the same network, then the network traffic would traverse networks - now the traffic is segmented.....traffic for the network under router 1 and traffic for the network under router 2.  Then router 3 decides where the traffic goes...either the internet or to the other subnet.  Seems pretty reasonable!

-z-

bilgehanyildirimAuthor Commented:
then why subnetting? could you give me a real life example for a situation where we should use subnetting?
colin_harfordCommented:
Subneting is useful if you have security concerns for one.  It can be used to divide networks physically or not physically connected.  If your using real IP#, subnetting may be needed based on what your ISP has available, etc.

I normally use subnetting to divide networks not physically connected to each other building a --> router a --- router b <-- building b, I also use it to reduce broadcasts, etc.  The larger the network, the more hosts chatting to each other, browser, arp requests, etc.


CH
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

mickyjydCommented:
Subnetting is always used - and in your example through applying the class c mask (255.255.255.0) you have separated the router1 and router 2 networks.  Say for instance that you used the mask 255.255.255.128, you would effective join the two networks as one (called supernetting).  Remember that an IP address and a subnet mask combined create networks and hosts - meaning that you could eliminate the need for router 2 and 3.  As mentioned above, you do have to consider things like broadcast etc.

My suggestion is to look up VLSM (variable length subnet masking) to really understand how all of this works.  I.e. logical ANDing the subnet mask with the IP address to resolve network/host portions of the combination of IP address and subnet mask.

For instance, in many public networks, the IP is public with a /30 mask (255.255.255.252).  This creates more networks and only 2 hosts per subnet - very handy for the ISP gateway and the CPE IP (for router or firewall).  In this way, using VLSM, we can extend the number of public IPs available under the current IPv4 standard.  This is a REAL world scenario.

Understanding how this works helps alot with your network designs.
mickyjydCommented:
EDIT - above the subnet mask is wrong - should read 255.255.128.0 instead of 255.255.255.128!
(apologies for this, Mick)
Reid PalmeiraTelecom EngineerCommented:
subnettings helps in two ways 1) security and 2) logical segmentation of the network

you can prevent computers in one subnet from accessing any other subnet or from acessing a particular machine in a subnet. so if engineering shouldn't see the servers in the sales department, sales get's it's own subnet, engineering it's own and you allow only specific IP's as is necessary for interdepartmental information sharing.

VLSM as mentioned above is good if you have limited address space which is almost always the case in larger enterprises. Engineering may need 700 IP's and sales may only need 250.  No sense in wasting the extra IP's that sales would have in the normal classful IP ranges. so you create VLSM subnets and move some IP's to engineering

more important you provide logical segmentation of the network. You know that sales is on subnet 192.168.4.x and engineering is on 192.168.5.x and to answer your last question, yes you do have subnetting here, just not a VLSM subnet.
bilgehanyildirimAuthor Commented:
No no no no... I still dont get it . I know why, becaue I don't have a real life experience on network. I did setup some SOHO networks which involves max 15 PCs all under same subnet (192.168.5.0/24 for example) and one public IP either static or dynamic assigned by ISP (I'm talking about normal broadband connection) and a ADSL/Router Modem with built-in DHCP.

I don't get why we don't use private IP addresses (like 192.168.x.x) in our internal network? lets say you need 15 subnetworks, can't we use 192.168.1.X - 192.168.14.X ?

I think I'm not very familiar with these concepts. Maybe that's because I haven't worked for a company who has more than 15 computers and only one public IP is more than enough. :)))

Ok, now you know my background. I'm sure at least one of you had been where I am now. So could you please explain in a way that I could understand?
colin_harfordCommented:
People use internal addresses for:

1) security
2) price
3) ISP can't get them a contonious block of IP#
4) Network was orginally designed to not go on the network...
5) don't know any different

The ranges available for private are:
Class A
(24 Bit) 10.0.0.0 10.255.255.255 /8 255.0.0.0
Class B
(20 Bit) 172.16.0.0  172.31.255.255 /12 255.240.0.0
Class C
(16 Bit)  192.168.0.0 192.168.255.255 /16  255.255.0.0


They do not need to run multiple webservers, email servers, need large remote access abilities, etc.  A lot of the largers who do it this way did it because they later added email after the fact, and only have internet primarily for that, or now for a cheaper connection between sites.


In your case, baasd on your drawing you can do it via having router 3 do a large nat of 192.168/16, keep 192.168.1/24 for your routers to talk to each other.. and assign IP# then to subnets as needed beyond that.  This design would ensure that you can grow... If you need more than 254 routers, then it may be a different story...
brakk0Commented:
"I don't get why we don't use private IP addresses (like 192.168.x.x) in our internal network? lets say you need 15 subnetworks, can't we use 192.168.1.X - 192.168.14.X ?"

I'm not sure exactly what you're asking, but maybe this will help.

you can start with 192.168.0.0 255.255.0.0 and use address 192.168.0.1 through 192.168.255.254. They would all be on the same subnet and all talk directly to each other without needing a router. (though it wouldn't be practical to do this because you would have 65,000 computers all talking and broadcasting on the same lan)

You can change your subnet mask to 255.255.128.0 and use 192.168.0.1 through 192.168.127.254 giving you 32,000 computers on one network. Again too much. You can also use 192.168.128.0 through 192.168.255.254

255.255.172.0 = 192.168.0.1 - 192.168.63.254
                     or 192.168.64.1 - 192.168.127.254
                     or 192.168.128.1 - 192.168.191.254
                     or 192.168.192.1 - 192.168.255.254
16,000 hosts each

and on and on. It depends on how many hosts you need in one subnet and how you want to divide them.

You could even get down to 255.255.255.255 but you would only have one IP in each subnet and it would be hard to get it to talk to anything else. 255.255.255.254 would give you two IPs in each subnet (can be use for interfaces on two routers that talk to each other and nothing else). 255.255.255.252 would give you 4 IPs in each subnet. And on and on.


You say you can calculate subnets, but can you calculate them in binary? It makes much more sense if you lay everything out in binary. Start here for some more info http://www.subnetonline.com/subnet/step1.html
bilgehanyildirimAuthor Commented:
Ok,I was talking about 192.168.x.x/24 network.
if we use 192.168.x.x / 24 we will have 255 networks wont we?
192.168.1.0
192.168.2.0
192.168.3.0
...
192.168.255.0

and every network will have at least 253 free IP addresses for individual computers.
I assume these numbers are more than enough in most cases.

lets say we need more than 260 hosts. Then we can use 192.168.X.X/16 subnet.

i know I'm annoying but this is very important for me. At the end of the day, you need to deserve the points :):):):

thanks for your patience.
colin_harfordCommented:
a /24 is a class C subnet, as such only 1 network with 253 useable IP (1 router, 1 broadcast)
a /16 is a class B subnet, as such you can have ~16K IP#, and then you can subnet the class B into smaller, say class C subnets.


example of /24 : 192.168.1.1/24, 192.168.24.1/24
Example of /16 : 192.168.1.1/16

brakk0Commented:
"Ok,I was talking about 192.168.x.x/24 network.
if we use 192.168.x.x / 24 we will have 255 networks wont we?"

Yes, you are correct.





"lets say we need more than 260 hosts. Then we can use 192.168.X.X/16 subnet."

It would be better to use /23 (255.255.254.0) Which would give you around 500 hosts and leave other usable subnets.
colin_harfordCommented:
Ya, if you need more than 253 hosts per network segment then you have to use something bigger than a /24.   Since you said you have no problems calculating subnets, will leave it up to you to figure out how large you need.


Based on your drawing:

Start with 192.168 for a class B subnet.
Sub-devide a small network, a /24, /28, etc for your routers to talk to each other on
Sub-devide then the remaining network into subnets based on the size of IP# needed and assign to the routers accordingly


Remember routers are to connect different locations to each other.
makanaCommented:
needed for Many IP's and if you hav only one Routable IP.
Security
for NAT
Wach them:
http://www.maddog2k.nl/stuff/tmp/subnet.html
http://www.sudhian.com/showdocs.cfm?aid=340

makana


Reid PalmeiraTelecom EngineerCommented:
What you suggest with the "lets say we need more than 260 hosts. Then we can use 192.168.X.X/16 subnet. " line is what VLSM is for Variable Length Subnet Mask mans you aren't locked into the /16 or /24 networks. Use only the address space you need, with maybe a little headroom for growth.  if you have say 500 machines you don't want the whole /16 address space because it's got lots of extra internal private IP's that can be used in another subnet, so you do a VLSM subnet mask of /23 as brakk0 suggests or of whatever length is appropriate. Thus you still have the other addresses available for private IP use in a different subnet.  

The point of the private IP space is twofold. primarily it saves public IP addresses so you can use a single gateway public IP for many private IP's, secondly you control traffic through that public IP, or segment that subnet from the rest of the public IP space or other subnets for security.

The issues of space limitation is almost nil for small-to-medium sized businesses, at least as pertains to private IP's there are Class A and Class B private IP ranges that can accomodate an obscene number of internal network machines and few locations for a small business will have more than 250 machines on a single network so the normal private class C addresses are sufficient.

the use of private address space though means that not all addresses are routable. thus to connect multiples private address subnetted LAN's you need a router to allow data to cross.  You can subnet public IP address space as well which is what ISP's and ICANN essentially does, dividing up the public IP space. If you're a large enough organization that you get allocated a full Class B block of addresses, you create subnets of pubic space according to organizational need.  Subnetting is for logical segmentation

VLSM is for practical segmentation of the addresses that you are assigned to work with given the number of computers you need to connect on a network.

NAT works in conjunction so that you're 1 or N public spaces can be translated to work on a privately addressed LAN subnet.  You can absolutely connect your internal network machines with private IP addresses. This is in fact normally done because linking them with public addresses is usually not necessary and is prohibitively expensive. Most machines don't need to act as servers or otherwise need to be a public machine. Even some server machines can have private IP addresses if you have a router that does port forwarding or port triggering, so that if you have a single public IP and single machine, you forwards say port 80 from the router to the private IP of the machine. or enable UPnP on the router (as most support it) and desktop machiens to solve a lot of NAT problems dynamically.

The big difference and reason why private address space is used a lot is that public address space is just damn expensive. there's no significant difference aside from the fact that private addresses are not publically routable. That can be overcome as above with port forwarding, port triggering and upnp. private addresses are used because they are essentially free. Thus you actually should use private IP for internal networks. to do otherwise is expensive and leave security risks as each machine with a public IP is publically routable and public open to attack. If you've seen otherwise, there better be a good reason or the network design is inelegant and probably inefficient and insecure.

is there something more specific that's confusing?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.