LAN IP addresses

Hi,

I am not a specialist on network, but I have a network on
192.168.0.0 / 255.255.255.0

I fear not to have enough IP addresses. I know, that the solution would
be to get another router and to get a second sub-network.

I just wonder if I change my LAN ( 192.168.0.x/255.255.255.0 ) to
192.168.x.x / 255.255.0.0
- Would it be possible to do that ?
- Would it get me all IP addresses like : 192.168.0.2 and 192.168.3.4
accessible on the same network ?
( ... that could solve my problem and five me more IP addresses ..... )

Thanks for your help

Am Fri, 05 Sep 2008 10:33:53 +0100 schrieb Steve:

[color=blue]
> I just wonder if I change my LAN ( 192.168.0.x/255.255.255.0 ) to
> 192.168.x.x / 255.255.0.0
> - Would it be possible to do that ?[/color]
Sure why not.
But better you route between 2 /24 networks, otherwise you get the whole
/16 broadcasts to ever machine.
[color=blue]
> - Would it get me all IP addresses like : 192.168.0.2 and 192.168.3.4
> accessible on the same network ?[/color]

Yes, but it's better to route that.
[color=blue]
> ( ... that could solve my problem and five me more IP addresses ..... )
>
> Thanks for your help[/color]

My suggestions for you is, that you set up you networks as /24 and set the
route via the right interface, so you still take control between the
subnets and you don't have so much sensless traffic like broadcasts from
windows hosts.

cheers

Burkhard Ott wrote:[color=blue]
> Am Fri, 05 Sep 2008 10:33:53 +0100 schrieb Steve:
>
>[color=green]
>> I just wonder if I change my LAN ( 192.168.0.x/255.255.255.0 ) to
>> 192.168.x.x / 255.255.0.0
>> - Would it be possible to do that ?[/color]
> Sure why not.
> But better you route between 2 /24 networks, otherwise you get the whole
> /16 broadcasts to ever machine.
>[color=green]
>> - Would it get me all IP addresses like : 192.168.0.2 and 192.168.3.4
>> accessible on the same network ?[/color]
>
> Yes, but it's better to route that.
>[color=green]
>> ( ... that could solve my problem and five me more IP addresses ..... )
>>
>> Thanks for your help[/color]
>
> My suggestions for you is, that you set up you networks as /24 and set the
> route via the right interface, so you still take control between the
> subnets and you don't have so much sensless traffic like broadcasts from
> windows hosts.
>
> cheers[/color]


Hi,

thanks for your reply.

When you say " routing between 2* /24 network" do you mean using a NAT
? ( If not.. what do you mean AND How to do that ?? )
.. that will decrease useless Broadcast !?

Cheers,

Am Fri, 05 Sep 2008 11:13:51 +0100 schrieb Steve:[color=blue]
> Hi,
>
> thanks for your reply.
>
> When you say " routing between 2* /24 network" do you mean using a NAT
> ? ( If not.. what do you mean AND How to do that ?? )[/color]


Let's assume you have a router with 3 seperate interfaces.

if0 has 192.168.0.0/24
if1 has 192.168.1.0/24
if2 has 192.168.2.0/24

If you want traffic from 192.168.0.0/24 to 192.168.2.0/24 your packet
arrives if0, here you can have filter policies ot whatever and the packets
leve the machine on if2, thats ist.
[color=blue]
> .. that will decrease useless Broadcast !?[/color]

If you have an broadcast message on if0 and the ip 1-254 get those
packets, nobody from if1 or if2.
On every interface you can filter,nat,snat or wheterever you want.


cheers

Burkhard Ott wrote:[color=blue]
> Am Fri, 05 Sep 2008 11:13:51 +0100 schrieb Steve:[color=green]
>> Hi,
>>
>> thanks for your reply.
>>
>> When you say " routing between 2* /24 network" do you mean using a NAT
>> ? ( If not.. what do you mean AND How to do that ?? )[/color]
>
>
> Let's assume you have a router with 3 seperate interfaces.
>
> if0 has 192.168.0.0/24
> if1 has 192.168.1.0/24
> if2 has 192.168.2.0/24
>
> If you want traffic from 192.168.0.0/24 to 192.168.2.0/24 your packet
> arrives if0, here you can have filter policies ot whatever and the packets
> leve the machine on if2, thats ist.
>[color=green]
>> .. that will decrease useless Broadcast !?[/color]
>
> If you have an broadcast message on if0 and the ip 1-254 get those
> packets, nobody from if1 or if2.
> On every interface you can filter,nat,snat or wheterever you want.
>
>
> cheers[/color]


Thank you

On Fri, 05 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <g9queg$l3j$1$8302bc10@news.demon.co.uk>, Steve wrote:
[color=blue]
>I am not a specialist on network, but I have a network on
>192.168.0.0 / 255.255.255.0
>
>I fear not to have enough IP addresses. I know, that the solution
>would be to get another router and to get a second sub-network.[/color]

As Burkhard Ott suggests, the router and additional /24s would be a
good solution.
[color=blue]
>I just wonder if I change my LAN ( 192.168.0.x/255.255.255.0 ) to
>192.168.x.x / 255.255.0.0
>- Would it be possible to do that ?[/color]

Trivial, but maybe not the best solution.
[color=blue]
>- Would it get me all IP addresses like : 192.168.0.2 and 192.168.3.4
>accessible on the same network ?[/color]

But do you _need_ all of those addresses? Or would another 256
addresses without buying new hardware be enough?
[color=blue]
>( ... that could solve my problem and five me more IP addresses ..... )[/color]

Network Netmask start end hosts
192.168.0.0 / 255.255.255.0 = 192.168.0.1 - 192.168.0.254 254
192.168.0.0 / 255.255.254.0 = 192.168.0.1 - 192.168.1.254 510
192.168.0.0 / 255.255.252.0 = 192.168.0.1 - 192.168.3.254 1022
192.168.0.0 / 255.255.248.0 = 192.168.0.1 - 192.168.7.254 2046

Contrary to what everyone thinks, you don't HAVE to have a mask
of ONLY 255.0.0.0 or 255.255.0.0 or 255.255.255.0. Changing the
network mask to (example) 255.255.254.0 on _EVERY_ system makes a
network twice as big - meaning that 192.168.0.1 through 192.168.1.254
are all on the same network.

Advantage: No new hardware (other than the cables and hub/switches
needed to connect the "new" computers to the LAN).

Disadvantage: Twice the traffic is _possible_ on the LAN, and if
everyone decides to talk at the same time... you've been to a party
before, haven't you? This is why on simple networks, a mask of
255.255.248.0 or wider is usually a bad idea, and 255.255.252.0 with
a thousand hosts may be to much.

Buying a router and connecting two LANs (192.168.0.0 / 255.255.255.0
and 192.168.3.0 / 255.255.255.0 for example) reduces the disadvantage
UNLESS you have a lot of systems on LAN 1 that want to talk to LAN 2
(traffic is a little heavy on the M3 today, why is everyone going to
Southampton/London now).

Note that having a wider than needed network mask does not BY ITSELF
create more traffic/noise. It makes no difference if you have 275
computers on 192.168.0.0 / 255.255.254.0 or 10.0.0.0 / 255.0.0.0 -
it's still 275 computers.

Old guy

Steve wrote:
[color=blue]
> Hi,
>
> I am not a specialist on network, but I have a network on
> 192.168.0.0 / 255.255.255.0
>
> I fear not to have enough IP addresses. I know, that the solution would
> be to get another router and to get a second sub-network.
>
> I just wonder if I change my LAN ( 192.168.0.x/255.255.255.0 ) to
> 192.168.x.x / 255.255.0.0
> - Would it be possible to do that ?
> - Would it get me all IP addresses like : 192.168.0.2 and 192.168.3.4
> accessible on the same network ?
> ( ... that could solve my problem and five me more IP addresses ..... )
>
> Thanks for your help[/color]

This is just a side note.

As Burkhard Ott recommends you should be routing traffic between smaller
subnets, except you have many machines wanting to talk to few ones.

IANA ([url]http://www.iana.org[/url]) says there are 256 subnets with a maximum of
256-2 (one network base and one broadcast address) addresses each in the
192.168.x.y address space. Bigger subnets should use 172.16-31.x.y which
allows 16 subnets with a maximum of (256^2)-2 = 65534 addresses each. Or,
if even larger subnets are required, use 10.x.y.z which allows one huge
subnet of (256^3)-2 = 16777214 addresses.
This is a relict of the old times when there were no netmasks, but it is
still valid...

So if you intend to widen up your netmask you should also use appropriate
address space.

Felix

Felix Tiede wrote:[color=blue]
> IANA ([url]http://www.iana.org[/url]) says there are 256 subnets with a maximum of
> 256-2 (one network base and one broadcast address) addresses each in the
> 192.168.x.y address space. Bigger subnets should use 172.16-31.x.y which
> allows 16 subnets with a maximum of (256^2)-2 = 65534 addresses each. Or,
> if even larger subnets are required, use 10.x.y.z which allows one huge
> subnet of (256^3)-2 = 16777214 addresses.
> This is a relict of the old times when there were no netmasks, but it is
> still valid...[/color]

No, its not valid anymore. The whole purpose of netmasks is to replace
the old class A, class B and class C concept.
[color=blue]
>
> So if you intend to widen up your netmask you should also use appropriate
> address space.[/color]

Normally there shouldn't be any need to do so. You _do_ have an 64K
space available in the 192.168.x.y range.

That having said, we _did_ have some issues when we moved from a /24 to
a /23 netmask at work years ago. That must have been in 2001 IIRC.
We changed our netmask to join two adjacent formerly class C address
blocks -located in a public address range- into a single broadcast
domain. Some of our equipment didn't support that; most notably:
-- some -already old at that time- Tektronix X-terminals
-- a few -recent at that time- Dell network printers.
Those printers and X-terminals _did_ support the netmask concept
properly to divide a formerly class C network into smaller subnets,
but failed when moving the netmask in the other direction.


Regards,

Kees.

--
Kees Theunissen.

On Sat, 06 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <6if0vbFpbhs9U1@mid.individual.net>, Felix Tiede wrote:
[color=blue]
>IANA ([url]http://www.iana.org[/url]) says there are 256 subnets with a maximum
>of 256-2 (one network base and one broadcast address) addresses each
>in the192.168.x.y address space. Bigger subnets should use
>172.16-31.x.y which allows 16 subnets with a maximum of (256^2)-2 =
>65534 addresses each. Or, if even larger subnets are required, use
>10.x.y.z which allows one huge subnet of (256^3)-2 = 16777214
>addresses.[/color]

Actually, RFC1918 states

3. Private Address Space

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

We will refer to the first block as "24-bit block", the second as
"20-bit block", and to the third as "16-bit" block. Note that (in
pre-CIDR notation) the first block is nothing but a single class A
network number, while the second block is a set of 16 contiguous
class B network numbers, and third block is a set of 256 contiguous
class C network numbers.

An enterprise that decides to use IP addresses out of the address
space defined in this document can do so without any coordination
with IANA or an Internet registry.

It _MENTIONS_ pre-CIDR Class-ful sizes for those who missed the word
that RFC1517 replaced the class-ful notation two years earlier. What
that document does NOT do is specify what network mask to use.

By the way, there is nothing sacred about the "zero" address, and some
operating systems specifically do allow use of the "network" address
as a _host_ address.
[color=blue]
>This is a relict of the old times when there were no netmasks, but
>it is still valid...[/color]

Why look at page 4 of RFC0923 and think what kind of network setup
had to be used for the first few networks listed there. Bear in mind
that Ethernet had a physical limit of 4100 meters between the furthest
hosts, and an unrealistic maximum of 62250 systems on a single
collision domain (DIX document XNSS-018211). So if they could only
have 62250 hosts on a network, how did they use a /16 (or a "Class B"
as it was called then) - never mind a /8 or "Class A"? Did they only
use 62250 addresses? Any idea how big Yuma Proving Grounds is?[1]

You may want to read RFC0950 - it predates RFC1918 by ten years, and
RFC1517 (CIDR) by eight.

0950 Internet Standard Subnetting Procedure. J.C. Mogul, J. Postel.
Aug-01-1985. (Format: TXT=37985 bytes) (Updates RFC0792) (Also
STD0005) (Status: STANDARD)
[color=blue]
>So if you intend to widen up your netmask you should also use
>appropriate address space.[/color]

Is the block large enough to contain your networks? 192.168.0.0/16 is
large enough to hold a single 255.255.0.0 - and that is all that counts.

Look again at RFC0791. No one cares how you arrange your address block.
If you want to create 16384 /30 subnets within a /16, or use it as a
single /16 (or anything in between), go ahead and do so. NO ONE CARES
how it looks "inside", as that is _your_ problem, not the world's.

Old guy

[1] about 1200 square miles, or 4200 square kilometers

Hello,

Moe Trin a écrit :[color=blue]
>
> By the way, there is nothing sacred about the "zero" address, and some
> operating systems specifically do allow use of the "network" address
> as a _host_ address.[/color]

RFC 1812 states otherwise in § 4.2.2.11, 4.2.3.1, 5.3.5. If such an
address is used, it must be treated as a broadcast and cannot be used as
a host address. One exception is of course when using a /31 prefix on a
point-to-point link as defined in RFC 3021.

On Sun, 07 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <ga0eje$1m51$1@biggoron.nerim.net>, Pascal Hambourg wrote:
[color=blue]
>Moe Trin a écrit :[/color]
[color=blue][color=green]
>> By the way, there is nothing sacred about the "zero" address, and
>> some operating systems specifically do allow use of the "network"
>> address as a _host_ address.[/color]
>
>RFC 1812 states otherwise in § 4.2.2.11, 4.2.3.1, 5.3.5.[/color]

Perhaps the word "sacred" is to strong. None the less with the advent
of CIDR, the meaning of the "network" and "broadcast" address can not
be known to outsiders, and some operating systems now allow the
network address to be used for hosts. I know someone who has a
security monitor set to that address, just because he knows that
every skript kiddie in the world knows not to bother looking at it.
But then, a lot of people misinterpret RFC1122 Section 3.2.1.3 on
page 31 (third paragraph below (g)) as prohibiting a zero (or -1
which they don't understand) in any host part.
[color=blue]
>If such an address is used, it must be treated as a broadcast and
>cannot be used as a host address.[/color]

The "network" address has not been used as a broadcast address for a
long time - 4.2BSD was replaced by 4.3 a bit over twenty years ago.

While it's a work in progress, you may want to read through the
draft-gont-opsec-ip-security-01.txt document available through your
favorite RFC Editor or mirror.

Old guy

Moe Trin a écrit :[color=blue]
>[color=green][color=darkred]
>>>By the way, there is nothing sacred about the "zero" address, and
>>>some operating systems specifically do allow use of the "network"
>>>address as a _host_ address.[/color]
>>
>>RFC 1812 states otherwise in § 4.2.2.11, 4.2.3.1, 5.3.5.[/color]
>
> Perhaps the word "sacred" is to strong. None the less with the advent
> of CIDR, the meaning of the "network" and "broadcast" address can not
> be known to outsiders,[/color]

Wasn't this true already with subnetting, even before CIDR ?
[color=blue]
> But then, a lot of people misinterpret RFC1122 Section 3.2.1.3 on
> page 31 (third paragraph below (g)) as prohibiting a zero (or -1
> which they don't understand) in any host part.[/color]

Hey, I interpret this paragraph this way too ! :-o
I quote it for completeness :

IP addresses are not permitted to have the value 0 or -1 for
any of the <Host-number>, <Network-number>, or <Subnet-
number> fields (except in the special cases listed above).

To me it clearly means that the host number part of a unicast host
address cannot be 0. What I am reading wrong ?
[color=blue][color=green]
>>If such an address is used, it must be treated as a broadcast and
>>cannot be used as a host address.[/color]
>
> The "network" address has not been used as a broadcast address for a
> long time - 4.2BSD was replaced by 4.3 a bit over twenty years ago.[/color]

Anyway at least one modern OS, Linux, still interprets it as an
alternate directed broadcast address.

On Mon, 08 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <ga2ub7$1vpv$1@biggoron.nerim.net>, Pascal Hambourg wrote:
[color=blue]
>Moe Trin a écrit :[/color]
[color=blue][color=green]
>> None the less with the advent of CIDR, the meaning of the "network"
>> and "broadcast" address can not be known to outsiders,[/color]
>
>Wasn't this true already with subnetting, even before CIDR ?[/color]

To a lesser extent, yes. But with CIDR, even the slender clues of
"Class" are missing. Is 41.190.68.0 a host, or a network? Is
24.38.143.255 a host or a broadcast? Without using a whois query,
you can't tell (neither are hosts).
[color=blue][color=green]
>> But then, a lot of people misinterpret RFC1122 Section 3.2.1.3 on
>> page 31 (third paragraph below (g)) as prohibiting a zero (or -1
>> which they don't understand) in any host part.[/color]
>
>Hey, I interpret this paragraph this way too ! :-o
>I quote it for completeness :
>
> IP addresses are not permitted to have the value 0 or -1 for
> any of the <Host-number>, <Network-number>, or <Subnet-
> number> fields (except in the special cases listed above).
>
>To me it clearly means that the host number part of a unicast host
>address cannot be 0. What I am reading wrong ?[/color]

What is the "host number part"? Most people wrongly assume that this
refers to the right-most octet only, and thus that x.y.z.0 and
x.y.z.255 can not (except in the special cases noted) be a host. If
I have 198.18.56.0 with a mask of 255.255.252.0, can I have a host
numbered 198.18.56.255 or 198.18.57.0? Of course I can, because
the "network" address is 198.18.56.0, and the broadcast address is
198.18.59.255, and NO OTHER ADDRESS IN THAT RANGE IS SPECIAL.

Oh, and you may also want to notice the "<Subnet-number>" mentioned
above (also mentioned in RFC1812 and the various 'Assigned Numbers"
RFCs like RFC1700), and then look at RFC3330. It was common with some
operating systems that the lowest and highest _subnet_ were considered
unusable.

Old guy

Moe Trin a écrit :[color=blue]
> Pascal Hambourg wrote:[color=green]
>>Moe Trin a écrit :[color=darkred]
>>>
>>>But then, a lot of people misinterpret RFC1122 Section 3.2.1.3 on
>>>page 31 (third paragraph below (g)) as prohibiting a zero (or -1
>>>which they don't understand) in any host part.[/color]
>>
>>Hey, I interpret this paragraph this way too ! :-o
>>I quote it for completeness :
>>
>> IP addresses are not permitted to have the value 0 or -1 for
>> any of the <Host-number>, <Network-number>, or <Subnet-
>> number> fields (except in the special cases listed above).
>>
>>To me it clearly means that the host number part of a unicast host
>>address cannot be 0. What I am reading wrong ?[/color]
>
> What is the "host number part"?[/color]

It is the right-most part of the IP address which has the corresponding
bits in the netmask set to 0 ass assumed in the RFC. Isn't it what you
meant by "host part" ?
[color=blue]
> Most people wrongly assume that this
> refers to the right-most octet only,[/color]

They're wrong. This is true only for /24.
[color=blue]
> Oh, and you may also want to notice the "<Subnet-number>" mentioned
> above (also mentioned in RFC1812 and the various 'Assigned Numbers"
> RFCs like RFC1700), and then look at RFC3330. It was common with some
> operating systems that the lowest and highest _subnet_ were considered
> unusable.[/color]

I knew about this. Actually I tend to consider that the subnet number is
deprecated since the advent of CIDR. An IP address contains a prefix and
a host number. Whether the prefix is the result of subnetting does not
matter to me, and I believe it should not matter to any network
equipement either.

On Tue, 09 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <ga5i36$2otb$1@biggoron.nerim.net>, Pascal Hambourg wrote:
[color=blue]
>Moe Trin a écrit :[/color]
[color=blue][color=green]
>> Oh, and you may also want to notice the "<Subnet-number>" mentioned
>> above (also mentioned in RFC1812 and the various 'Assigned Numbers"
>> RFCs like RFC1700), and then look at RFC3330. It was common with
>> some operating systems that the lowest and highest _subnet_ were
>> considered unusable.[/color][/color]
[color=blue]
>I knew about this. Actually I tend to consider that the subnet number
>is deprecated since the advent of CIDR.[/color]

Not really - it depends on your perspective. If you are looking from
"outside", you probably have no idea what mask may be used on the LAN,
and in fact it doesn't matter anyway. Systems on the Internet merely
need to know that (for example) packets for 198.18.8.0/22 and
198.18.12.0/23 should ultimately be sent to a certain router in South
Whoozit that is acting as a gateway to the network that runs from
198.18.0.0 to 198.18.13.255.

On the "inside" of a LAN, the mask must reflect the size or design of
the local setup. It probably has a route (or several) that encompasses
the Internet values - it the case of this example, perhaps they are
using /24 subnets, and a host on the "first" subnet might have a
routing table that looks something like

198.18.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
198.18.8.0 198.18.8.252 255.255.252.0 UG 0 0 0 eth0
198.18.12.0 198.18.8.252 255.255.254.0 UG 0 0 0 eth0
0.0.0.0 198.18.8.254 0.0.0.0 UG 0 0 0 eth0

where 198.18.8.252 is the router to the rest of the LAN, and
198.18.8.254 is the gateway to the world.
[color=blue]
>Whether the prefix is the result of subnetting does not matter to me,
>and I believe it should not matter to any network equipement either.[/color]

Most operating systems I'm familiar with don't care any more. There
are/were a few that prefer to (or must) use a single network mask,
which might make the above routing table look like

198.18.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
198.18.9.0 198.18.8.252 255.255.255.0 UG 0 0 0 eth0
198.18.10.0 198.18.8.252 255.255.255.0 UG 0 0 0 eth0
198.18.11.0 198.18.8.252 255.255.255.0 UG 0 0 0 eth0
198.18.12.0 198.18.8.252 255.255.255.0 UG 0 0 0 eth0
198.18.13.0 198.18.8.252 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 198.18.8.254 0.0.0.0 UG 0 0 0 eth0

but that's a problem for the admin who needs to configure things, and
otherwise has no effect.

Old guy