[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Access to sub network unreachable.

On Sat, Jan 10, 2009 at 03:00:42PM +1030, Tim wrote:
> A division of one network into more than one.

Note, however, that for this to work you have to have an IP-aware switch
or router somewhere in the mix--it is what blocks or passes packets
based on destination IP and network.

> The subnet mask, the thing being discussed, is the thing
> that tells the equipment where the boundary is (our LAN or not our LAN;
> or more to the point, our subnet of it, versus not).

Very specifically:  Every set bit from the left of the netmask indicates
the part of the IP address that is to be interpreted as 'network'; unset
bits to the right indicate 'device'.  SO,  = 11111111 11111111 11111111 00000000

meaning 24 bits are the network, 8 bits are the devices on the network.
As another example, it's not uncommon to find a netmask such as the
following assigned from your ISP: = 11111111 11111111 11111111 11111100

This means your address range is x.x.x.252-255.  More on that in a
second.  Incidentally, a common notation for network and netmask is to
indicate the netmask after a network description with a slash; in the
first example, then, it might be 192.168.1/24, while in the restricted
one it would be  (A bit of history:  In The Old Days,
it was fixed that Class 'A' Addresses has an 8-bit netmask; Class 'B'
addresses, a 16-bit mask; and Class 'C' a 24-bit mask, and this was
known and supported by network devices.  When IP addresses got tight,
they came up with CIDR--Classless Inter-Domain Routing--which allowed
netmasks of any size, not just terminating on octet boundaries.  That's
what we're dealing with here.)

Note that one implication of this is that a netmask can't have any unset
bits to the left--e.g., on one malformed network I once diagnosed, I
found a netmask set everywhere of  I asked the "IT guy"
why--and it turned out he thought it just had to be a unique number.

> > Okay, for a small private network of up to 2 dozen boxes, is there a
> > standard or convention for selecting the final numbering system,  eg
> > to 125 vs to 25 ?  Is there a need to
> > distinguish between computer,printer or router in the numbering
> > heirarchy?
> Not really.  Although it's common practice to make a router either an
> x.y.z.254 address, or x.y.z.1 address.  But nothing really depends on
> using such a scheme, other than some old windows clients that, pretty
> much, demanded that the interconnect sharing computer (a computer acting
> as a router), was

Well, yes and no.  Yes, in that there *are* two addresses you can never
use in a range--the very lowest, and very highest.  The lowest refers to
the entire network; the highest is the broadcast address for the
network.  In the very restricted network range given above, then, you
only have four addresses--and only two can be used:

  x.x.x.252 : Network
  x.x.x.253 : Address (usually gateway)
  x.x.x.254 : Address (usually your lone usable IP from the ISP)
  x.x.x.255 : Broadcast address

That said, as mentioned the _convention_ is to use the lowest usable
address on the network for the gateway, x.x.x.1.  Some ISPs have taken
to using the highest usable address, x.x.x.254 (no, I don't know
why--maybe someone else does.)

BUT.  It's *very* common to follow an internal convention to make
identification of devices and assignment of addresses easy, and to
actually let you understand what's talking on your network when
maintaining it.  An extremely common approach for, say, what used to be
called a Class C network (Netmask of would be:     : Entire network     : Gateway    : Networking devices (Switches, routers, WAPs, etc.)  : Servers  : Network peripherals (printers, network scanners, etc.) DHCP assigned addresses Static addresses, VPN addresses    : Broadcast address

Of course this would have to be adjusted for your LAN--you may want to
push the DHCP start lower because you don't have enough printers to
justify such a large range.  But note that none of this, except the very
first and very last address, is enforced.

FINALLY:  We've been slinging addresses around.  You should be aware
that the private address ranges actually are specified--RFC1918 (google
for it).  These are ranges of addresses reserved for use within private
organizations--they should never be passed to the Internet, and this is
enforced by networking hardware, firewalls, routers and switches.

These address ranges are:    - (10/8)  - (172.16/12) - (192.168/16)

The last range is the one most people are familiar with--it's usually
used by domestic and small-business routers, firewalls, switches, etc.
out of the box.  The first one is often seen, however; usually with a
24-bit netmask.  I haven't seen many people use the second range, but
that may be because it's a bit confusing, since it's only a part of an
old Class 'B' address (e.g., its netmask isn't, as you might
expect, but rather

Hm.  I got a bit more long-winded than I really intended to; this comes
from actually getting 8 hours of sleep last night, I guess...  Hope
someone found it useful.  I'll shut up now.

	Dave Ihnat
	dihnat dminet com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]