Hi,

I have some questions, and would appreciate it if some one could .

Typically when a company gets internet access for all of the nodes in
the company, do they get a subnet and network, or a whole network in
an address class (or multiple networks in an address class, so they
can supernet).

If they do get a subnet, is it possible to re-subnet? Maybe, for
example, I have a subnet with so many addresses, but I want to make
more subnets out of that subnet for security or efficiency reasons. Is
that done?

Or, do you have to just buy networks assigned by address class?

thanks.

"Doug" <douglass_davis@earthlink.net> writes:

> Typically when a company gets internet access for all of the nodes in
> the company, do they get a subnet and network, or a whole network in
> an address class (or multiple networks in an address class, so they
> can supernet).

Classful address allocation is obsolete. Blocks of IP addresses are
allocated according to the number of addressable hosts which the
organization needs (and is willing to pay for), with some allowance
for future growth. Most often, those addresses are sub-assigned out
of blocks held by your ISP, though independent portable address blocks
are available to those with the need and the money (for example, so
that you can have redundant connections through different ISPs for the
thousands of hosts in your colocation facility.)

> If they do get a subnet, is it possible to re-subnet? Maybe, for
> example, I have a subnet with so many addresses, but I want to make
> more subnets out of that subnet for security or efficiency reasons. Is
> that done?

Yes, you can subnet to suit your needs. At one point, I had a /27
block (32 addresses) provided for me by my ISP, and carved out a /29
(8 addresses) as a DMZ for publicly-visible servers and routers, and
used the rest of the addresses for our inside hosts.

Remember, though, that in each subnet, the all-0s and all-1s host
addresses are unuseable for hosts, and one port of the router needs to
have a host address in each subnet, so carving things up too fine can
result in wasted IP addresses. With a prefix of /29, or equivalently a
netmask of 0xfffffff8, there are 8 host addresses, but only 5 of them
can belong to the hosts of that subnet.

> Or, do you have to just buy networks assigned by address class?
>
> thanks.

Note that many find it more cost-effective to pay for publicly-routed
addresses only for their outside mailserver and similar public
services, addressing inside client hosts using non-public IP space,
and using NAT to give those inside hosts access to the outside world.
It depends on your needs. Running your internal network with
non-routable IP space and NATing as needed, besides saving money, also
makes it much easier to renumber if you find that you need to change
ISPs.

I used to work for a company which held a legacy /16 (what was called
a class B network when it was first assigned to them), but ran their
internal network using net 10.0.0.0/8, with subnets by department or
floor, and provided permanent NATing to publicly routable addresses
only for hosts for which a need was proven. Users' desktop machines
were NATed dynamically to a pool of public addresses for web-browsing
and the like. That is fairly typical these days.

--
Chris Jewell chrisj@puffin.com PO Box 1396 Gualala CA USA 95445-1396

On 4 Apr 2007, in the Usenet newsgroup comp.protocols.tcp-ip, in article
<1175717399.325660.311410@n59g2000hsh.googlegroups .com>, Doug wrote:

>Typically when a company gets internet access for all of the nodes in
>the company, do they get a subnet and network, or a whole network in
>an address class (or multiple networks in an address class, so they
>can supernet).

2050 Internet Registry IP Allocation Guidelines. K. Hubbard, M.
Kosters, D. Conrad, D. Karrenberg, J. Postel. November 1996.
(Format: TXT=28975 bytes) (Obsoletes RFC1466) (Also BCP0012)
(Status: BEST CURRENT PRACTICE)

4632 Classless Inter-domain Routing (CIDR): The Internet Address
Assignment and Aggregation Plan. V. Fuller, T. Li. August 2006.
(Format: TXT=66944 bytes) (Obsoletes RFC1519) (Also BCP0122)
(Status: BEST CURRENT PRACTICE)

RFC2050 would be a good place to start - you'll have to come up with an
idea of how much address space you need. Depending, you _might_ get it
from a Regional, National, or Local Internet registry - or perhaps from
an Internet Service Provider. Classful (Class A, B, C, etc) hasn't been
a term of reference since the early 1990s, with RFC4632 being the current
document.

>If they do get a subnet, is it possible to re-subnet? Maybe, for
>example, I have a subnet with so many addresses, but I want to make
>more subnets out of that subnet for security or efficiency reasons. Is
>that done?

Typically, you'll get a block of addresses. How you may divide these up
behind your perimeter gateway is (within reason) your decision. If
yourcompany.example.com gets a block of (example) 768 addresses, your
upstream will be routing packets in that range to your router, but as
768 isn't a binary number, you will possibly be breaking that up behind
the perimeter into usable chunks - perhaps 3 /24 or 6 /25 or something
similar.

>Or, do you have to just buy networks assigned by address class?

Classful hasn't been available for over 14 years - though you may be
assigned a /16 (former Class B) if there is a demonstrated need. As of
the middle of last month, the five RIRs (AFRINIC, APNIC, ARIN, LACNIC
and RIPE) had allocated/assigned some 2.45 billion addresses world wide
(about 66.1 percent of available IPv4 address space) in 79300
assignments in 209 sized blocks from 26 to 9175040 addresses. Most
computers (really a function of the operating system) want networks
sized on a power of two - see the tables in RFC1878 as examples.

Old guy

Chris Jewell wrote:
> ...
> I used to work for a company which held a legacy /16 (what was called
> a class B network when it was first assigned to them), but ran their
> internal network using net 10.0.0.0/8, with subnets by department or
> floor, and provided permanent NATing to publicly routable addresses
> only for hosts for which a need was proven. Users' desktop machines
> were NATed dynamically to a pool of public addresses for web-browsing
> and the like. That is fairly typical these days.
>

thanks.

On Apr 5, 9:06 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
....
> Classful hasn't been available for over 14 years - though you may be
> assigned a /16 (former Class B) if there is a demonstrated need. As of
> the middle of last month, the five RIRs (AFRINIC, APNIC, ARIN, LACNIC
> and RIPE) had allocated/assigned some 2.45 billion addresses world wide
> (about 66.1 percent of available IPv4 address space) in 79300
> assignments in 209 sized blocks from 26 to 9175040 addresses. Most
> computers (really a function of the operating system) want networks
> sized on a power of two - see the tables in RFC1878 as examples.
>
> Old guy

thanks

On Apr 4, 5:21 pm, Chris Jewell <chr...@puffin.com> wrote:
>
> Remember, though, that in each subnet, the all-0s and all-1s host
> addresses are unuseable for hosts, and one port of the router needs to
> have a host address in each subnet, so carving things up too fine can
> result in wasted IP addresses. With a prefix of /29, or equivalently a
> netmask of 0xfffffff8, there are 8 host addresses, but only 5 of them
> can belong to the hosts of that subnet.


ok. i thought about it, and there's something else i don't really
understand. I haven't seen any literature that explains it.

say i am a company, and i have a 210.10.10.0 / 24

but, i want to use a 255.255.255.240 as a subnet mask (taking 4 more
bits from the host)

It seems like 210.10.10.0 is now ambiguous. first of all, it refers
to the network address of the overall network (which i assume only has
a router connected to it now), but also it refers to the network
address of the first subnetwork (subnetwork #0000).

Is that a problem?

In article <1176166577.584219.27540@b75g2000hsg.googlegroups. com>,
"Doug" <douglass_davis@earthlink.net> wrote:

> On Apr 4, 5:21 pm, Chris Jewell <chr...@puffin.com> wrote:
> >
> > Remember, though, that in each subnet, the all-0s and all-1s host
> > addresses are unuseable for hosts, and one port of the router needs to
> > have a host address in each subnet, so carving things up too fine can
> > result in wasted IP addresses. With a prefix of /29, or equivalently a
> > netmask of 0xfffffff8, there are 8 host addresses, but only 5 of them
> > can belong to the hosts of that subnet.
>
>
> ok. i thought about it, and there's something else i don't really
> understand. I haven't seen any literature that explains it.
>
> say i am a company, and i have a 210.10.10.0 / 24
>
> but, i want to use a 255.255.255.240 as a subnet mask (taking 4 more
> bits from the host)
>
> It seems like 210.10.10.0 is now ambiguous. first of all, it refers
> to the network address of the overall network (which i assume only has
> a router connected to it now), but also it refers to the network
> address of the first subnetwork (subnetwork #0000).
>
> Is that a problem?

No, because all contexts where it might care about the distinction
should be given a network mask to apply, or a straightforward rule that
says how to disambiguate them. With a /24 mask 210.10.10.0 refers to
the network address of the whole network. With a /28 mask it refers to
the address of the lowest subnet.

For example, all modern routing protocols include explicit network masks
in the advertisements.

If you use something ancient like RIP version 1, there are heuristics
used to determine the appropriate mask to apply. If a route is received
on an interface within the subnetted network, and the route is within
the same network, the mask of the interface is used, otherwise the
classful mask is used. So if you receive an advertisement for
210.10.10.0 on an interface with address 210.10.10.17/28, it's treated
as an advertisement for 210.10.10.0/28; but if you receive it on an
interface with address 211.100.200.17/28, it's assumed to be an
advertisement for 210.10.10.0/24.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

On Apr 9, 9:08 pm, Barry Margolin <bar...@alum.mit.edu> wrote:
>
> No, because all contexts where it might care about the distinction
> should be given a network mask to apply, or a straightforward rule that
> says how to disambiguate them. With a /24 mask 210.10.10.0 refers to
> the network address of the whole network. With a /28 mask it refers to
> the address of the lowest subnet.
>
> For example, all modern routing protocols include explicit network masks
> in the advertisements.
>
> If you use something ancient like RIP version 1, there are heuristics
> used to determine the appropriate mask to apply. If a route is received
> on an interface within the subnetted network, and the route is within
> the same network, the mask of the interface is used, otherwise the
> classful mask is used. So if you receive an advertisement for
> 210.10.10.0 on an interface with address 210.10.10.17/28, it's treated
> as an advertisement for 210.10.10.0/28; but if you receive it on an
> interface with address 211.100.200.17/28, it's assumed to be an
> advertisement for 210.10.10.0/24.
>
> --
> Barry Margolin, bar...@alum.mit.edu
> Arlington, MA


Thanks.

Just did some more reading.... So, nowadays subnet 0 is no longer a
problem? It used to be people avoided using it, and I wonder if some
people are still cautious about using it?