Re: Subnetting, private networks & default routes

In article <1145771488.306405.59950@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
chriswaltham@xxxxxxxxx wrote:

Barry Margolin wrote:
There are 3 or 4 172.16.x networks that are all connected to the same
switch (e.g. 172.16.1, 172
.16.10, 172.16.11) but there's also a handful of 172.16.x networks that
are in remote locations and thus connected by routers. Which is why I
get confused..! :-\
Well, that's just bad design. You need to configure the address ranges
to match the network topology. Different subnets should be connected by
routers, same subnets should be connected by switches.

That's where I get confused though, I'm not real sure of the best
practise in this case. Seeing as I just inherited it and all...

I would be happy with 172.16 being location A, and 172.17 being
location B; but unfortunately (at the moment) .16 is a mix of several
locations. I don't see what's so bad, though, if 172.16.1 and 172.16.2
are in different locations?

If the subnet mask is 255.255.0.0, then they will not send to a router
to communicate with each other, because they think they're on the same
subnet.


You also need to rearrange the addressing. The remote networks
shouldn't be 172.16.x.

Okay

However, you can probably get what you have to work by configuring
proxy-arp on all the routers.

I'll need to look this up. :) I know what ARP is, but haven't
considered it to solving this set of problems.

Proxy-arp means that the router will respond to ARP requests for any
remote subnets. So if a machine on the LAN has its subnet mask too
large, and thinks that remote subnets are local, the router will make up
for the mistake.


java321 wrote:
You should be able to route traffic between subnets with different mask. For
example172.16.x.x/16 in the core and 172.30.x.x/24 in DMZ or remote
locations.

But if I want the two nets to communicate, shouldn't the two masks be
the same? In a perfect world, anyway.

Different networks can certainly have different subnet masks.
172.16.x.x/16 means that all 172.16.*.* addresses are on the local
subnet, so 172.30.x.* are remote. 172.30.x.y/24 means all 172.30.x.*
addresses are on the local subnet, so 172.16.*.* are remote.

--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
.

Relevant Pages

  • Re: VPN or not to VPN SBS to external pcs?
    ... "Claus" wrote: ... I have to admit changing the sub net on the remote sites is the option I ... have to change the SBS subnet, ... Home networks are normally 192.168.0.x or 192.168.1.x ...
    (microsoft.public.windows.server.sbs)
  • Re: I want to link 2 lans at home
    ... > have to change the least significant bit of the sub net mask. ... So that for the original poster to add the two networks ... Anyway, if the two linksys' were just routers, just changing the subnet ... puttin everything on a /22 subnet as discussed previously in the thread. ...
    (comp.os.linux.networking)
  • Re: VPN or not to VPN SBS to external pcs?
    ... I have to admit changing the sub net on the remote sites is the option ... As Leythos points out, there is quite a bit of tuning to it. ... have to change the SBS subnet, ... Home networks are normally 192.168.0.x or 192.168.1.x ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN or not to VPN SBS to external pcs?
    ... If you can influence this at all, I would change the subnet on the remote ... As Leythos points out, there is quite a bit of tuning to it. ... Home networks are normally 192.168.0.x or 192.168.1.x ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN or not to VPN SBS to external pcs?
    ... Are those 14 boxes all at the same site with the same subnet? ... I have to admit changing the sub net on the remote sites is the option I ... the job is to allow the SBS box to connect to 14 XP ... Home networks are normally 192.168.0.x or 192.168.1.x ...
    (microsoft.public.windows.server.sbs)
Loading