Extend the Subnet

[Robert]

I am new to networking and would like to seek your advice.

We are using Class C and as the number of devices in the head office is
increased, we believe that it will reach the limit of 254 devices. It is
also get connected to 2 subnets in remote sites via routers.

One fellow suggests us to use 192.17.1.x/19. It seems that it is a Class C
network with Class B subnet mask.

I would like to know, in this way, the number of hosts is increased to 8046
but how should we configure the existing subnets. For instance, the
existing ones are using 192.17.1.x, 192.17.2.x and 192.17.3.x.

Thanks

 

[Richard G. Harper]

You cannot extend the existing 192.17.1.x and 192.17.2.x subnets because
they are already at their maximum number of entries - extending the 1.x
subnet will start whacking addresses out of the 2.x subnet, and extending
the 2.x subnet will start whacking addresses out of the 3.x subnet so those
choices are out unless you are prepared to entirely move a range.

Anyway, I think your addressing scheme currently is illegal - 192.17.x.x is
a non-private address range, you should be using 192.168.x.x addressing.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

 

[Robert]

Dear Richard,

Thank you for your advice.

Do you mean that if we continue to use Class C subnet, you recommend using
192.168.x.x ? If we determine to change to Class C subnet, is there any
valid address suggested (Just to make sure that it is a private address) ?

Thanks

You cannot extend the existing 192.17.1.x and 192.17.2.x subnets because
they are already at their maximum number of entries - extending the 1.x
subnet will start whacking addresses out of the 2.x subnet, and extending
the 2.x subnet will start whacking addresses out of the 3.x subnet so
those choices are out unless you are prepared to entirely move a range.

Anyway, I think your addressing scheme currently is illegal - 192.17.x.x
is a non-private address range, you should be using 192.168.x.x
addressing.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

I am new to networking and would like to seek your advice.

We are using Class C and as the number of devices in the head office is
increased, we believe that it will reach the limit of 254 devices. It is
also get connected to 2 subnets in remote sites via routers.

One fellow suggests us to use 192.17.1.x/19. It seems that it is a Class
C network with Class B subnet mask.

I would like to know, in this way, the number of hosts is increased to
8046 but how should we configure the existing subnets. For instance, the
existing ones are using 192.17.1.x, 192.17.2.x and 192.17.3.x.

 

[Richard G. Harper]

Anything in the range 192.168.0.1 to 192.168.255.255 may be used. You may
also use any address in the 10.x.x.x range or in the range 172.16.x.x to
172.31.x.x - these are all ranges reserved for private (internal) IP
addresses.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

Dear Richard,

Thank you for your advice.

Do you mean that if we continue to use Class C subnet, you recommend using
192.168.x.x ? If we determine to change to Class C subnet, is there any
valid address suggested (Just to make sure that it is a private address) ?

Thanks

You cannot extend the existing 192.17.1.x and 192.17.2.x subnets because
they are already at their maximum number of entries - extending the 1.x
subnet will start whacking addresses out of the 2.x subnet, and extending
the 2.x subnet will start whacking addresses out of the 3.x subnet so
those choices are out unless you are prepared to entirely move a range.

Anyway, I think your addressing scheme currently is illegal - 192.17.x.x
is a non-private address range, you should be using 192.168.x.x
addressing.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

I am new to networking and would like to seek your advice.

We are using Class C and as the number of devices in the head office is
increased, we believe that it will reach the limit of 254 devices. It
is also get connected to 2 subnets in remote sites via routers.

One fellow suggests us to use 192.17.1.x/19. It seems that it is a
Class C network with Class B subnet mask.

I would like to know, in this way, the number of hosts is increased to
8046 but how should we configure the existing subnets. For instance,
the existing ones are using 192.17.1.x, 192.17.2.x and 192.17.3.x.

 

[Phillip Windell]

Dear Richard,
Do you mean that if we continue to use Class C subnet, you recommend using
192.168.x.x ? If we determine to change to Class C subnet, is there any
valid address suggested (Just to make sure that it is a private address) ?

Forget "Classes", they don't mean anything anymore. Just add another 254
host subnet and forget it. Segments need to stay below 250-300 hosts
persegment to remain effiecient and the traditional 24bit mask does that
perfectly.

So add another one of "x.x.4.* /24" and be done with it. You also
*really* need to get away from the illegal 192.17 and change to 192.168.
You *will* get bit in the rear end sooner or later with that because you
don't own them,...someone else on the Internet does,...and you will be in an
address conflict with them sooner or later. It will be a lot of work to
change, but it needs to be done.

Here's who owns those three you use now, they actually own the whole /16 bit
segment of 192.17. They are litterally a 45 minute drive from where I am
sitting. As an FYI, for whoever cares,...."U of I" (in combination with the
Military) was where the Internet was "born".

OrgName: University of Illinois
OrgID: UIUC
Address: 1120 DCL, MC-256
Address: 1304 West Springfield Avenue
City: Urbana
StateProv: IL
PostalCode: 61801
Country: US
NetRange: 192.17.0.0 - 192.17.255.255
CIDR: 192.17.0.0/16


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

 

[Robert]

Dear Phillip,

If we use 192.168.x.x, does it mean that we can create subnets like
192.168.15.x, 192.168.16.x, 192.168.17.x ..... with subnet mask /24 ?

Your advice is sought.

Thanks

Dear Richard,
Do you mean that if we continue to use Class C subnet, you recommend
using
192.168.x.x ? If we determine to change to Class C subnet, is there any
valid address suggested (Just to make sure that it is a private address)
?

Forget "Classes", they don't mean anything anymore. Just add another 254
host subnet and forget it. Segments need to stay below 250-300 hosts
persegment to remain effiecient and the traditional 24bit mask does that
perfectly.

So add another one of "x.x.4.* /24" and be done with it. You also
*really* need to get away from the illegal 192.17 and change to 192.168.
You *will* get bit in the rear end sooner or later with that because you
don't own them,...someone else on the Internet does,...and you will be in
an
address conflict with them sooner or later. It will be a lot of work to
change, but it needs to be done.

Here's who owns those three you use now, they actually own the whole /16
bit
segment of 192.17. They are litterally a 45 minute drive from where I am
sitting. As an FYI, for whoever cares,...."U of I" (in combination with
the
Military) was where the Internet was "born".

OrgName: University of Illinois
OrgID: UIUC
Address: 1120 DCL, MC-256
Address: 1304 West Springfield Avenue
City: Urbana
StateProv: IL
PostalCode: 61801
Country: US
NetRange: 192.17.0.0 - 192.17.255.255
CIDR: 192.17.0.0/16


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx

 

[Phillip Windell]

Dear Phillip,

If we use 192.168.x.x, does it mean that we can create subnets like
192.168.15.x, 192.168.16.x, 192.168.17.x ..... with subnet mask /24 ?

I don't know why you would think that you couldn't.

 

[Richard G. Harper]

The thing to keep in mind is that if you go with a 255.255.255.0 subnet mask
you aren't fixing the problem that you asked about in the first place - you
still have only 254 addresses available in each range (255 less one for
broadcast). Since you need to re-address the whole network anyway I would
strongly suggest (once again!) that you be a lot less narrow in your ranges
and allow for growth and expansion.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

 

[Robert]

Dear Phillip and Richard,

Thank you for your advice.

It is my mistake, it should be /19.

192.168.15.x, 192.168.16.x, 192.168.17.x with subnet mask /19. I would like
to know how it will give me 8000 hosts ?

This is because it should be
192.168.15.1 to 192.168.15.254
192.168.16.1 to 192.168.16.254
192.168.17.1 to 192.168.17.254 how can I get more than 254 hosts ?

Thanks

 

[Phillip Windell]

Dear Phillip and Richard,

Thank you for your advice.

It is my mistake, it should be /19.

192.168.15.x, 192.168.16.x, 192.168.17.x with subnet mask /19. I would like
to know how it will give me 8000 hosts ?

This is because it should be
192.168.15.1 to 192.168.15.254
192.168.16.1 to 192.168.16.254
192.168.17.1 to 192.168.17.254 how can I get more than 254 hosts ?

You don't want more than 254 host per segment. I've said that in about every
post I made. Segment your LAN into subnets (buy a LAN Router) and use
however many "254 host" segments you need to cover the size of your LAN.
Ethernet starts become inefficient above 300 hosts because Ethernet is so
"broadcast based" (and Contention Based) that the natural broadcasts start
to eat up too much of the bandwidth. Obviously the effect isn't as visible
in the case of a Gigabit LAN, but the principle still applies. The
principle should still be followed even wtih Gigabit so that it actually
continues to perform like Gigbit instead of having a Gigbit LAN performing
like a 100mbps LAN.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

 

[Robert]

Dear Phillip,

Thank you for your advice. However, some fellow has suggested that the big
downside to a LAN router is you will use your router to send traffic between
the two subnets and it would now be a bottle neck between the two subnets.

Regards,
Robert

Dear Phillip and Richard,

Thank you for your advice.

It is my mistake, it should be /19.

192.168.15.x, 192.168.16.x, 192.168.17.x with subnet mask /19. I would like
to know how it will give me 8000 hosts ?

This is because it should be
192.168.15.1 to 192.168.15.254
192.168.16.1 to 192.168.16.254
192.168.17.1 to 192.168.17.254 how can I get more than 254 hosts ?

You don't want more than 254 host per segment. I've said that in about
every
post I made. Segment your LAN into subnets (buy a LAN Router) and use
however many "254 host" segments you need to cover the size of your LAN.
Ethernet starts become inefficient above 300 hosts because Ethernet is so
"broadcast based" (and Contention Based) that the natural broadcasts start
to eat up too much of the bandwidth. Obviously the effect isn't as
visible
in the case of a Gigabit LAN, but the principle still applies. The
principle should still be followed even wtih Gigabit so that it actually
continues to perform like Gigbit instead of having a Gigbit LAN performing
like a 100mbps LAN.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx

 

[Phillip Windell]

Thank you for your advice. However, some fellow has suggested that the big
downside to a LAN router is you will use your router to send traffic between
the two subnets and it would now be a bottle neck between the two subnets.

First,...everything is a bottle neck at some point and in some
interpretation. So is the nearest traffic signal and the driveway entrance
when the users come to work in the morning.

Second,...I just disagree.

The performance damage caused by too many hosts on a segment has far greater
adverse effects than the lag caused by a router. I mean,...what do we think
Routers and IP Segmenting were invented for? It sure isn't for
security,...Router ACLs were something added on because it was useful and is
a "good" thing, but my guess is that 75% (if not more) of the LAN Routers
out there don't even run ACLs on them. Most ACLs run on edge devices
(firewalls).

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

 

[Dotan_ak]

Don't listen to this fellow of yours. routing traffic between subnets
is fast and safe and is definitely better than having one HUGE
broadcast domain, which is exposed to broadcast storms and the normal
overhead caused by broadcasts and multicasts.

You must use a router or a Layer 3 Switch to move traffic between the
subnets.

Regards,
Dotan