Subnetting and masking

[Stephan Barr]

I have 5 public IPs. I've setup a router for each and now want to create
static routes for each so they can all see each other. Details:
nnn.nnn.55.81/248.
router0 = ISP router with all ports open
router1 = 55.82; router2 = 55.83; router3 = 55.84 and so on.

On router1
Destination LAN IP = nnn.nnn.55.83
Subnet Mask = .248
DG = nnn.nnn.55.81
and so for the other routers

Is this the right idea...? Many thanks.

 

[Roland Hall]

:
: I have 5 public IPs. I've setup a router for each and now want to create
: static routes for each so they can all see each other.

Is there a need for 5 routers rather than putting the whole subnet on one
router? Your ISP is going to route traffic for the subnet. Normally they
do not make 5 separate routes for each address.

Details:
: nnn.nnn.55.81/248.

So, what class is this? The class is determined by the first octet.

: router0 = ISP router with all ports open

Now I see why you didn't list the whole IP address if it is public. Define
ISP router. Router at ISP's location or router ISP is pointing to. If the
ISP is routing 5 distinct routes, rather than routing a subnet, then we need
to know, otherwise, it's irrelevant.

: router1 = 55.82; router2 = 55.83; router3 = 55.84 and so on.

So, 5 of these or 4 and 1 counting the ISP's router?

: On router1
: Destination LAN IP = nnn.nnn.55.83
: Subnet Mask = .248
: DG = nnn.nnn.55.81
: and so for the other routers

..81 is the ISP's WAN address? If so, then this doesn't work. 80 would be
the network address, 87 broadcast, 81-86 available for use. This means your
other routers will be in conflict if they're addressed sequentially. .252 is
your smallest usable address, which give you network, 2 user addresses and a
broadcast. With a mask of 248, you have an 8 address subnet.

Is there a firewall on the router(s)? If one of your routers supports
one-one NAT, then you don't need more than one router if your goal here is
to map a specific public address with a specific private one.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech

 

[Stephan Barr]

Goal is to set up a lab environment to simulate a w2k domain over a WAN
connection hence the routers each with their own public IPs.

:
: I have 5 public IPs. I've setup a router for each and now want to create
: static routes for each so they can all see each other.

Is there a need for 5 routers rather than putting the whole subnet on one
router? Your ISP is going to route traffic for the subnet. Normally they
do not make 5 separate routes for each address.

Details:
: nnn.nnn.55.81/248.

So, what class is this? The class is determined by the first octet.

Class A 24.nnn.55.81/248

: router0 = ISP router with all ports open

Now I see why you didn't list the whole IP address if it is public. Define
ISP router. Router at ISP's location or router ISP is pointing to. If the
ISP is routing 5 distinct routes, rather than routing a subnet, then we need
to know, otherwise, it's irrelevant.

The ISP router is local and routing 5 distinct subnets.
24.nnn.55.81/248 (.82 - .86)

: router1 = 55.82; router2 = 55.83; router3 = 55.84 and so on.

So, 5 of these or 4 and 1 counting the ISP's router?

router0 is ISP providing 5 subnets so router1 = 55.82; router2 = 55.83;
router3 = 55.84; router4 = 55.85 and router5 = 55.86

: On router1
: Destination LAN IP = nnn.nnn.55.83
: Subnet Mask = .248
: DG = nnn.nnn.55.81
: and so for the other routers

.81 is the ISP's WAN address?

81 is the ISP WAN address

If so, then this doesn't work. 80 would be

the network address, 87 broadcast, 81-86 available for use. This means your
other routers will be in conflict if they're addressed sequentially. .252 is
your smallest usable address, which give you network, 2 user addresses and a
broadcast. With a mask of 248, you have an 8 address subnet.

Is there a firewall on the router(s)?

Yes they have firewall capability

If one of your routers supports

one-one NAT, then you don't need more than one router if your goal here is
to map a specific public address with a specific private one.

Goal is to set up a lab environment to simulate a w2k domain over a WAN
connection hence the routers each with their own public IPs. I plan to NAT
on each router a 192.168.0.0 networkThanks much for your reply and advice.

--

 

[Roland Hall]

:
: Goal is to set up a lab environment to simulate a w2k domain over a WAN
: connection hence the routers each with their own public IPs.

That might have been important to include in your original post. I
apologize if I missed it.

Still, you cannot route individuals addresses where routers are over-lapping
their subnets.
If you want to use mask: 255.255.255.248 or CIDR: /29, then you need to set
your subnets on your routers on boundaries of 8.
Ex.
192.168.51.0/29 - network (all 0s)
192.168.51.1-6/29 - user
192.168.51.7/29 - broadcast

Next subnet:
192.168.51.8/29 - network (all 0s)
192.168.51.9-14/29 - user
192.168.51.15/29 - broadcast

....and so on...

If these routers are in different locations then the ISP will route them
separately. If the ISP is routing all of them to one location, and you had
4 subnets, then they would route a 32 address subnet and you would subnet it
out on your end. You lose two usable addresses for each subnet, so 2 * 4 =
8. 32 - 8 = 24. So, you can assign 24 addresses. If you need more then
the ISP has to provide addressing not in the same subnet or increase the
subnet size which would mean 64 or greater depending.

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech

 

[Stephan Barr]

My apologies; You didn't miss anything.
In my lab all the routers are local but the project I'm working on will have
routers in different locations. I've been trying to pick this up from
technical books but I'm not getting it. I'm hoping if I see it in action it
will make sense. So to summarize...
router1 will look like this...

Ex.
192.168.51.0/29 - network (all 0s)
192.168.51.1-6/29 - user
192.168.51.7/29 - broadcast

router2 looks like this...

Next subnet:
192.168.51.8/29 - network (all 0s)
192.168.51.9-14/29 - user
192.168.51.15/29 - broadcast

Is that right? If I need say 50 addresses then increase the subnet...?

 

[Roland Hall]

:
: My apologies; You didn't miss anything.
: In my lab all the routers are local but the project I'm working on will
have
: routers in different locations. I've been trying to pick this up from
: technical books but I'm not getting it. I'm hoping if I see it in action
it
: will make sense. So to summarize...
: router1 will look like this...
: > Ex.
: > 192.168.51.0/29 - network (all 0s)
: > 192.168.51.1-6/29 - user
: > 192.168.51.7/29 - broadcast
:
: router2 looks like this...
: > Next subnet:
: > 192.168.51.8/29 - network (all 0s)
: > 192.168.51.9-14/29 - user
: > 192.168.51.15/29 - broadcast
:
: Is that right? If I need say 50 addresses then increase the subnet...?

Yes. Maybe.

If you need 50 usable addresses, not counting the network address and the
broadcast address, then you need a 64 address subnet, IF, all 50 are pointed
to the same location. Otherwise, each locations determines the size of each
subnet.

Your network design is important here and will determine what you actually
need. One important aspect of your design should be to ask yourself this
question: "How will I support my users in this location and in each remote
location?" This assumes you are at one location and you are the
administrator. If not, you're asking for the admin. Ex. You're a contract
consultant.

The most important obvious question is how will the users communicate?
....and others...
Do the WANs connect via private or public routes? This is very important.
Here are two scenarios:

1. You have numerous locations that each have access to the Internet. You
connect across the Internet from one office to another.

What is involved here? Firewall at each location, VPN for remote access,
etc.
The subnet here is not related to the other locations.
What would work best for this location? A NAT router with one-one address
translation if you need to perform remote administration across the
Internet. It should also support VPN.
Are any server services offered here? Yes? Subnet size is determined by how
many devices need to be accessed from the Internet publicly. No? You need
a public address for the router. Everything behind the router will use
private addressing.

2. You have numerous location that each have access to the Internet. You
connect across private WANs from one office to another.

You only need addressing for publicly served services. Everything else
should be private.

3. You have numerous locations but only 1+ have access to the Internet.
Offices that do not have direct access to the Internet route across private
WANs to an office that has direct access to the Internet.

Again, you only need addressing for publicly served services. Everything
else should be private.

Note: You will have to consider that if you need VPN access for scenario 2
or 3, your VPN needs will determine what your public addressing needs are.

So, if host your own web server, mail server, etc. You'll need NAT one-one
addressing for the mail server and the web server will go in the DMZ but you
still need a public address.

Whatever design you come up with, you should always have enough public
addressing that offers you growth. The last thing you want to do is have to
change all your addressing. Been there, done that.

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech

 

[Stephan Barr]

I fit scenario 1. 5 remote locations each with some server services
required; file sharing, printing. I can NAT with one-to-one addressing
for administration and such. I want child domains in each location with
the parent domain in my location. Domains already exist in each location
with no child-parent relationship.

 

[Roland Hall]

:
: I fit scenario 1. 5 remote locations each with some server services
: required; file sharing, printing. I can NAT with one-to-one addressing
: for administration and such. I want child domains in each location
with
: the parent domain in my location. Domains already exist in each location
: with no child-parent relationship.

When I mentioned server services, I mean available to the Internet, not
intranet. Do you have a need to share files from one location to another?
If so, that is what VPN's are for.

---
I made an error in my previous post. The email server doesn't have to have
a one-one relationship with the NAT server but it would be better if it did.
---

Define: child domains in each location with the parent domain in your
location

If you're referring to Windows 2000 domains parent-child-grandchild-etc...,
then you'll need to establish transitive trusts. Before creating a child
domain, you need to create a DNS sub-domain. Perhaps you can do this
through a VPN but I never have.

This document may help you with some of this:
http://techrepublic.com.com/5100-6268-1048141-1.html

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201