Do I subnet

[McLarnon]

I have a network that uses a class C adressing scheme (192.65.144.x, 255.255.255.0). Due to a large user increase I will soon use up my 254 addresses. My question is do I subnet to increase the number of address I have?

The addresses are currently assigned from the DHCP server (Winnt Server4.0) with only certain address specific devices using static IP's.

What would be the best forward in my situation?

Apologies if I have not included enough detail, thanks in advance.

 

[bierhunter]

One of the first things I would do if at all possible is to switch to a private address space for your internal network. If you're using all public addresses, you'll need to go to your provider and ask for more addresses.

With private addresses, you can do anything you want with them. Plus, this will help protect your network from outside access.

 

[manarth]

McLarnon - is this purely an internal network, or does this connect to the outside world (i.e. the internet!) as well?

If it does connect to the internet, by using a public IP range (192.65.x.x is a public IP) - even if your users are behind a NAT router, you're excluding your users from accessing the legitimate 192.65.x.x range.

As bierhunter says, use a private IP range.

Firstly, a simple change to your DHCP server will alter the IPs across the network.

If all your network devices use CIDR, you can supernet the 192.168.x.x/24 subnet (i.e. 192.168.x.x with subnet mask 255.255.255.0) to a /23 subnet. This will double your available host IPs.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[bierhunter]

Good point Manarth about the users accessing the legitimate address range if that's the case.

I used to work for an ISP a few years back. We had a customer order a class-C from us. They insisted on not using NAT (I don't know why). Later on, they left us for another provider. Instead of resubnetting, they finally went NAT, but they kept their old class-C we assigned to them for their internal network.

A few months later, one of their business associates became our customer and was assigned an address from the old class-C the first customer used to have. Needless to say, once that happened, they could no longer communicate with one another. After a month of playing phone tag with their sys admins, we finally figured out what was happening.

 

[McLarnon]

Thanks for the replies.

It is a private address space already so I will be subnetting.

 

[manarth]

McLarnon: our point is that 192.65.x.x is not a private address space.

The private address spaces are:

10.x.x.x/8
172.16.x.x - 172.31.x.x/12
192.168.x.x/16


apologies if that was a typo in your first post - but it's important that other people reading this post don't misinterpret 192.65 to be a private IP.

good luck with the migration!

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[McLarnon]

Thank you again for all your response.

I can 100% verify that my company does not own the public address 192.65.144.x. We have every device on our network configured within this address range. All traffic leaving the network goes past our Cisco router and all Internet traffic is controlled via MS Proxy server.

What I'm saying is that although it is not in the private address scheme

10.x.x.x/8
172.16.x.x - 172.31.x.x/12
192.168.x.x/16

it still works just fine and is private.

 

[manarth]

Yes, this IP config is perfectly feasible, but not recommended.

The disadvantage for operating this way is that your clients won't be able to access the legitimate 192.65.x.x address which exists on the web.

Because your clients are using this as their subnet, traffic for this IP range will not go through your router, instead it will connect to your internal IP.

The actual result is that some domains will be unavailable to you.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[bierhunter]

Manarth is right. Although the current addressing appears to be working ok for now, it's exactly like what happened to my past customers in my above post.

If your company tries to communicate with someone who really does have the 192.65.144.x subnet, your packets will never get there; because your router thinks that is your internal subnet.

Doing a whois check shows that 192.65.144.0 /24 is currently assigned to Specialix International plc in the UK. I guess as long as you don't do business with them, you'll be ok; but if you're going to resubnet anyway, it would be a good idea to go ahead and change to an actual private address range to avoid potential future problems and follow a more standard design.

 

[McLarnon]

Interesting Manarth. This addressing scheme was configured some time before I joined the company and I wasn't aware of this.
Although in saying that we've never had a problem connecting to domains via our ISP's DNS server.

I am now thinking that to answer my original question, I will need to upgrade my entire network to a private Class B range 172.16.x.x - 172.31.x.x.

Thanks

 

[Chr1sUK]

&quot;I have a network that uses a class C adressing scheme (192.65.144.x, 255.255.255.0). Due to a large user increase I will soon use up my 254 addresses. My question is do I subnet to increase the number of address I have?&quot;

Correct me if I am wrong here, but wouldn't subnetting in this case actually reduce the number of hosts available?

 

[manarth]

i think he means 'supernet'

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[McLarnon]

It was a typo on my part, I meant supernet. However I will be changing it to a Class B range now.

 

[Chr1sUK]

ooh rite!

Thats fair enough then

I've not yet done this on my Cisco course....would anybody care to give me a brief summary of what it is/how it works?