On Subnets

I recently joined in a discussion on the Spiceworks Forums, reprinted here for your benefit.

First a lesson on what Class A/B/C means, and then a suggestion for supernetting:

The Class A/B/C designations are more or less meaningless now as we have CIDR (classless subnets) to give us nearly whatever subnet we want in any number space we want as long as the rest of the network allows it. Originally an IP address starting with 10 would automatically be divided into one big 10.0.0.0/8 subnet — i.e. a really huge networks. An address starting with 172 would automatically be divided into 172.x.0.0/16-sized subnets, and 192 would be divided into 192.x.x.0/24-sized subnets. See the explanation here. Problem is, that was really cumbersome for anyone who wanted an address starting with 10 but with a smaller network address range. CIDR was invented, and now you can have an internet IP address of 70.1.2.3/29 which is supposedly “Class A” because of the 70 but only gives me 6 usable IP addresses because of the /29 subnet (255.255.255.248.)

So in summary, Class A/B/C is more accurately used nowadays to refer to the size of a subnet (/8, /16, /24) rather than its old strict classful meaning of addresses within the (0-127, 128-191, and 192-223) spaces.

If you want to keep your situation simple, I recommend supernetting.

To supernet, let’s assume you have a network address of 192.168.19.0/24. You’ll use a subnetting tool to see what the adjacent subnets are (in this case, 192.168.18.0/24, because of the binary nature of subnetting) and then double-check that a larger subnet will contain both desired subnets (the range of 192.168.18.0/23 goes from 18.1 thru 19.254 — looks good.) Change the subnet mask on your DHCP servers and all static devices, and then allocate your new addresses as desired. Remember that anything not configured with the proper subnet mask won’t be able to communicate fully with the other half of the address space.

If you choose to use VLANs, you must keep the subnets separate as a computer cannot route from itself at 192.168.5.100 to a computer on another network with address 192.168.5.101 — this is because the computer knows the 5.101 number is within its own address range, and so the traffic is never sent to the default gateway for routing (even if it were, the router would get very confused routing from interface X1 at 192.168.5.100 to interface X2 at 192.168.5.101) — so, you might make VLAN1 = 192.168.5.0/24 , VLAN2 = 192.168.6.0/24, and so on, with a router connected to each VLAN as the default gateway with routing rules to send traffic as desired.

Since allowing VLANs to communicate with each other requires router configuration and maintenance, I recommend supernetting for situations where addresses are simply running out but there are no performance issues. VLANs can be good, but are necessarily complex once you (inevitably) need them to communicate with each other (hellooo, router bottleneck!)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s