PHWinfo - Afficher un message - subnetting, supernetting, address classes

04/04/2007, 23h21

"Doug" <douglass_davis@earthlink.net> writes:

> Typically when a company gets internet access for all of the nodes in
> the company, do they get a subnet and network, or a whole network in
> an address class (or multiple networks in an address class, so they
> can supernet).

Classful address allocation is obsolete. Blocks of IP addresses are
allocated according to the number of addressable hosts which the
organization needs (and is willing to pay for), with some allowance
for future growth. Most often, those addresses are sub-assigned out
of blocks held by your ISP, though independent portable address blocks
are available to those with the need and the money (for example, so
that you can have redundant connections through different ISPs for the
thousands of hosts in your colocation facility.)

> If they do get a subnet, is it possible to re-subnet? Maybe, for
> example, I have a subnet with so many addresses, but I want to make
> more subnets out of that subnet for security or efficiency reasons. Is
> that done?

Yes, you can subnet to suit your needs. At one point, I had a /27
block (32 addresses) provided for me by my ISP, and carved out a /29
(8 addresses) as a DMZ for publicly-visible servers and routers, and
used the rest of the addresses for our inside hosts.

Remember, though, that in each subnet, the all-0s and all-1s host
addresses are unuseable for hosts, and one port of the router needs to
have a host address in each subnet, so carving things up too fine can
result in wasted IP addresses. With a prefix of /29, or equivalently a
netmask of 0xfffffff8, there are 8 host addresses, but only 5 of them
can belong to the hosts of that subnet.

> Or, do you have to just buy networks assigned by address class?
>
> thanks.

Note that many find it more cost-effective to pay for publicly-routed
addresses only for their outside mailserver and similar public
services, addressing inside client hosts using non-public IP space,
and using NAT to give those inside hosts access to the outside world.
It depends on your needs. Running your internal network with
non-routable IP space and NATing as needed, besides saving money, also
makes it much easier to renumber if you find that you need to change
ISPs.

I used to work for a company which held a legacy /16 (what was called
a class B network when it was first assigned to them), but ran their
internal network using net 10.0.0.0/8, with subnets by department or
floor, and provided permanent NATing to publicly routable addresses
only for hosts for which a need was proven. Users' desktop machines
were NATed dynamically to a pool of public addresses for web-browsing
and the like. That is fairly typical these days.

--
Chris Jewell chrisj@puffin.com PO Box 1396 Gualala CA USA 95445-1396

04/04/2007, 23h21	#2
Chris Jewell Messages: n/a Hébergeur:	Re: subnetting, supernetting, address classes "Doug" <douglass_davis@earthlink.net> writes: > Typically when a company gets internet access for all of the nodes in > the company, do they get a subnet and network, or a whole network in > an address class (or multiple networks in an address class, so they > can supernet). Classful address allocation is obsolete. Blocks of IP addresses are allocated according to the number of addressable hosts which the organization needs (and is willing to pay for), with some allowance for future growth. Most often, those addresses are sub-assigned out of blocks held by your ISP, though independent portable address blocks are available to those with the need and the money (for example, so that you can have redundant connections through different ISPs for the thousands of hosts in your colocation facility.) > If they do get a subnet, is it possible to re-subnet? Maybe, for > example, I have a subnet with so many addresses, but I want to make > more subnets out of that subnet for security or efficiency reasons. Is > that done? Yes, you can subnet to suit your needs. At one point, I had a /27 block (32 addresses) provided for me by my ISP, and carved out a /29 (8 addresses) as a DMZ for publicly-visible servers and routers, and used the rest of the addresses for our inside hosts. Remember, though, that in each subnet, the all-0s and all-1s host addresses are unuseable for hosts, and one port of the router needs to have a host address in each subnet, so carving things up too fine can result in wasted IP addresses. With a prefix of /29, or equivalently a netmask of 0xfffffff8, there are 8 host addresses, but only 5 of them can belong to the hosts of that subnet. > Or, do you have to just buy networks assigned by address class? > > thanks. Note that many find it more cost-effective to pay for publicly-routed addresses only for their outside mailserver and similar public services, addressing inside client hosts using non-public IP space, and using NAT to give those inside hosts access to the outside world. It depends on your needs. Running your internal network with non-routable IP space and NATing as needed, besides saving money, also makes it much easier to renumber if you find that you need to change ISPs. I used to work for a company which held a legacy /16 (what was called a class B network when it was first assigned to them), but ran their internal network using net 10.0.0.0/8, with subnets by department or floor, and provided permanent NATing to publicly routable addresses only for hosts for which a need was proven. Users' desktop machines were NATed dynamically to a pool of public addresses for web-browsing and the like. That is fairly typical these days. -- Chris Jewell chrisj@puffin.com PO Box 1396 Gualala CA USA 95445-1396