Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Redesign

Status
Not open for further replies.
damesac

damesac

MIS
Jan 4, 2004
26
US
Here's the current setup...(all ips are hypothetical, the point is the same though)

home base to remote site
131.240.165.8/30 for frame-relay wan link
131.240.165.64/26 for switches/servers/workstations

We are currently subnetting an already subnetted class B. The redesign calls for the following...

home base to remote site
131.240.168.252/30 for frame-relay wan link
131.240.168.0/24 for switches/servers/workstaions

The advantage is that we go from only having 62 possible hosts at our remote site to now having 250. We don't have 254 possible hosts due to not using either of the four addresses used with the 30 bit mask.

My question...I have my own opinions about this, but I want to see what others have to say first...what types of problems might any of your foresee with this proposed setup and if you find the problems, what would you recommend? I only have the 131.240.168.0/24 subnet to work with and increasing the amount of hosts is a must.

Thanks in advance!
 
Sort by date Sort by votes
I do not think the router will let you it. I think you will get an error when you try to configure it with something like Bad Mask. But I'm not sure you will need to test it.

You can also do two things.

1. You can use RFC1918 addresses instead of your real addresses.

2. You can also look into IP Unnumbered on your WAN links.

NetEng
 
Upvote 0 Downvote
Okay, the problem your going to have is the subnets overlap... the best you could do would be to have

131.240.168.0/25 = 126 hosts (168.1-168.126)
and
131.240.168.128/25 = 62 hosts (168.129-168.190)
along with the
131.240.168.252/30 = 2 hosts (168.253-168.254) for the WAN connection. the rest of the addresses would only be accessable through the use of smaller segments.

probably you better option would be to set up a NAT pool and use private IP's inside your network and use Public IP's on your server block....


-Mike
 
Upvote 0 Downvote
Hmm interesting, I have 10.254/16 for my wan links and have create /30 address ranges so I can have heaps of subnets.
dont see why your design would not work...
 
Upvote 0 Downvote
The design overlaps as mentioned, you can optimize the use of that subnet, but you are going to have to subnet the remote office. The advantages of subnetting a remote office of 250 users, logically on the router, I could talk for a half an hour, but.... One worth mentioning will be the home office routers. If you duplicate this, assuming you have more offices with a Class C address that are going to have this problem. The home office routers only need to know one address 131.240.168.0 /24.

the routing will be performed at the remote office and keep the decision making as local as possible. Try the following subnets.

WAN Links - Fail Over or Load Balancing (even if not in place yet)
==========================================================
131.240.168.4 /30
131.240.168.8 /30 Fail Over or Load Balancing (even if not in place yet)


Remote Office LANs:
===================
131.240.168.12 /25 | 126 Hosts
131.240.168.140 /28 | 14 Hosts (Server Farm?)

This will prevent overlapping subnets. If you don't have the equipment to move two ethernet subnets at the remote office, you'll have to sacrifice the other 16 address (240-256) to prevent the overlapping problem again.

If you do, it can be used for a management subnet, an administrative subnet, specific VLAN etc...

NOTE: The subnet 131.240.168.12 can be further subnetted if you can break up your users into functional area subnets. For Example:

131.240.168.12 /28
131.240.168.28 /28
etc....

 
Upvote 0 Downvote
If you require more than 126 users in any particular subnet, you'll require NAT to private address space, also as mentioned.

The are further configurations to allow public access to private machines. Be prepared for that planning if you choose to implement NAT / PAT

Good Luck...
 
Upvote 0 Downvote
Thank you very much everyone...the overlapping subnets was exactly what I was looking for. I didn't notice anyone pointing out also thought that in using the 64th subnet created by using the 30 bit mask, the two subnets then would also share the broadcast address. Hmmm...

NAT would be an easy solution, but as I stated in the problem, I only have the 131.240.168.0/24 subnet to work with. All I can say is the customer won't allow it.

I also need you all to understand that this is an outsiders' design and I have been told that it will work. I need to know how because all I see, right off the bat, is that this plan defies some very simple subnetting principles. Not to mention, getting on a test 2509 (same as production router) and merely trying to configure the serial and ethernet interfaces in this fashion returns errors.

The bottom line is with the subnets overlapping like they do, how is the router to decide which way to send a packet that it sees destined for the /30 subnet being that those addresses also exist on the /24 subnet?

I wish there were a way to program the router to exclude certain ips from a subnet and "trick" it into thinking that they are a /30 subnet of there own. Am I smoking crack on that one?

I am told by the designers that OSPF will do the distinction between the two subnets for us being that it looks not only at the destination ip address, but also the mask. In creating an OSPF table on the remote site with only the serial interface configured, (because I can't configure both (unless I shut one of them down))
I can't even advertise the /24 network to home base because it says the network overlaps with an existing network. No sh*t.

Can you sense my frustration? I've been told by the designer (20 years networking experience) that 3 CCIEs have said this will work. I have reason to believe that this designer has alterier motives of making my team fail at implementing this re-design. I just need to make sure that I've exhausted all efforts of attempting to find a solution out of what I've given you. Please tell me if I'm missing something.
 
Upvote 0 Downvote
Tell me the specifics of the remote office, how many subnets can you have? Are you free to redistribute as long as they are all in the allocated subnet? How many users do you absolutely need. with that information, I'll build "their way" and see if it works. I just believe you are going to get undesired results.
What switches do you implement?

I do design, I know what I told you will work great, again as long as you don't require more than 126 users in any one subnet. Your designers should be happy that you are summarizing and locally distributing routes. Not to mention you will maintain hierarchy.

I'll check here again, later today.

 
Upvote 0 Downvote
The specifics of the remote site, unfortunately don't matter, at this point. The design calls for utilizing the entire /24 subnet at the site, no ifs, ands, or buts, about it. We have to use the entire subnet. We are not allowed to subnet it any further on the users side. The plan says to use the /24 bit mask at the site and the /30 mask on the WAN link. Please note, although I appreciate all ideas for "what else you should do", I am not looking for alternatives. I am looking for documented proof that this is impossible.

With my knowledge, I know that this is just wrong and I am merely asking for verification and reasoning. I know there are folks out there with much more knowledge than I and I'm just needing their input right now so that I can prove to these designers that their plan is flawed.

I checked into the IP Unnumbered thing, but it appears as though, once that's implemented, you can no longer remotely administer that piece of hardware. Being that that router is 100 miles away from me, that can not be an option. I am curious about testing that though. Not only that, but being that the WAN link interfaces would be "unnumbered", that doesn't follow the plan of using a /30 mask. I need to prove the plan will not work, not develop a better solution...not at this stage anyways...

Thank everyone so much for the input they've already given.
 
Upvote 0 Downvote
One way around this would be to use ip unmubered on your wan interface which basically use one of your configured ethernet interfaces as the serial ip . You can go to cisco.com to look at the explanation but it looks like this might work in your case which then leaves you with the whole /24 subnet to use .
 
Upvote 0 Downvote
Well if you can't make the call on design, then I'll tell you that I have checked my entire library from Troubleshooting Cisco Internetworks, to design, to CCNP, to CCIE, etc..

The only working overlapping networks that I have implemented or can find, are on page 552 of Designing Cisco Networks ISBN: 1-57870-105-8. Note that all of this requires a NAT interface.

The routes will cross if you overlap the interfaces. I'm going to attempt to construct this network. As I know not everything possible can be read or "looked up"

When you implemented this and got the usual, expected error of the "this interface overlaps...." did you verify in show running-config that the ip address was not configured on the interface?
If it was, then attempt to route.

If not, then you are getting the same results that I am and I still stick by subnetting or unnumbered interfaces and then /24 remotely.

Doesn't seem your "designers" are doing you any favors.

 
Upvote 0 Downvote
I reconfigured the test bed today thus implementing the ip unnumbered theory. Got rid of OSPF and utilized IGRP...eww, but it worked, like a charm. I must say though, I only did it for my own satisfaction of knowing whether or not it would work.

Yes, it works, BUT...the word of the day...once again... the designers sware by the /30 mask over the wan link. I just don't see how. My company will be approaching the designers tomorrow for some more detailed information on how this is to be pulled off. We'll undoubtebly get into a p*ssing contest about the basics of subnetting and ip addressing and see where it goes from there.

Do a google search for "ip unnumbered" and the first result will be from cisco themselves outlining how to configure this approach. Before they get into the details, they make it very clear that, and I quote...

"On a Cisco router, every interface connecting to
network segment must belong to a unique subnet.
Directly connected routers have interfaces connecting
to the same network segment and are assigned IP
addresses from the same subnet."


Sounds pretty straight forward to me. Please keep the comments coming. Any certifications and/or credible skills noted will be outstanding so that I may make reference to others' I've spoken with about this matter.

Happy Networking!
 
Upvote 0 Downvote
If you use address pools within your subnet, and the following, this should work.

I hope you read this before you go to work. One important issue will be IOS Release version, 12.1 ED, etc....you'll see it; and the other is hardware compatability -- Note the supported platforms --

Syty
MCP, MCSA, MCSE, CCNA, CCDA

 
Upvote 0 Downvote
Just wanted to let everyone know that the "meeting of the minds" happened today where the designers and I got together to discuss the problems associated with implementing their plan. The problem became clear to the designers once they saw the generated errors with their own eyes. They wrote it off to it maybe having something to do with the IOS version. Umm... The test-bed I have set up utilizes two 2509s both running 12.0(5d). Anyone hear of any IOS later than this that overrides the very principles that IP addressing and subnetting are based on?

"Be the packet."
 
Upvote 0 Downvote
Just my two cents, but why not use private addresses on the WAN links? That way you don't have to NAT, nor do you have the problem with ipunnumbered. Since they're just P2P or P2MP links, private addresses aren't being propagated, just used by the routers to cross the link. Use the WAN as OSPF area 0 and connect everything on the edges with individual areas.
 
Upvote 0 Downvote
This a "saga". Their seems to be two restraints, the "designers" admitting when they are wrong, and the client refusing NAT.

Either way, they will now have to do it another way which should be bring us back to the actual statemetns that have been made throughout by all of us.

damesac, no I haven't heard of anything that allows overlapping addresses without the Pools or NAT.....glad it worked out for you. How do you intend to move forward at this point?

cluebird, NAT was refused by the client in question. And the sky must be purple, if the client said so....

 
Upvote 0 Downvote
I just got back from the remote site and implementing the "new plan". Went on without a hitch. From the time we brought the link down, it was back up within a couple minutes. The designers have yet to produce any proof that their orignal plan would work, nor will they be able to. The designers and I, together, formulated a new plan to use the 30 bit mask over the WAN link and a 25 bit mask on the user side and not overlapping the two. This doubles their current capacity and gives us some room to play with different subnets in the future at that site. All in all it worked out, as I knew it would. I just wish people could admit when there is a problem and not just write it off as in-experience.

"Be the packet."
 
Upvote 0 Downvote
Glad to help. If you ever wonder about subnetting go back to the binary. This is the way to master subnetting. Lay it all out and it becomes obvious to everyone very quickly when a subnet doesn't work(if the understnad the binary). And if all else fails test it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
244
badwolf1686
B
jobsp90
  • Locked
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
292
DavetheChef
DavetheChef
Delta5
  • Locked
  • Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
1K
iggsterman
iggsterman
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
271
acabezas2014
acabezas2014
JDCre63
  • Locked
  • Question
SIP sets behind CISCO firewall connecting to public IP
Replies
1
Views
255
nyy1023
nyy1023

Part and Inventory Search

Sponsor

Back
Top