mirror of https://github.com/tLDP/LDP
631 lines
22 KiB
Plaintext
631 lines
22 KiB
Plaintext
|
<!doctype linuxdoc system>
|
||
|
|
||
|
<article>
|
||
|
|
||
|
<!-- Title information -->
|
||
|
|
||
|
<title>IP Sub-Networking Mini-Howto
|
||
|
|
||
|
<author>Robert Hart, <tt/hartr@interweft.com.au/
|
||
|
<date>v1.1, 30 August 2001
|
||
|
|
||
|
<!-- correct typos reported by users, 30 August 2001 -->
|
||
|
<!-- Greg Ferguson / linux-howto@metalab.unc.edu -->
|
||
|
|
||
|
<abstract>
|
||
|
This document describes why and how to subnetwork an IP network - that
|
||
|
is using a single A, B or C Class network number to function correctly on
|
||
|
several interconnected networks. </abstract>
|
||
|
|
||
|
<!-- Copyright 1997, Robert Hart -->
|
||
|
|
||
|
<sect>Copyright
|
||
|
<p>
|
||
|
This document is distributed under the terms of the GNU Public License (GPL).
|
||
|
|
||
|
<p>
|
||
|
This document is directly supported by InterWeft IT Consultants
|
||
|
(Melbourne, Australia).
|
||
|
|
||
|
<p>
|
||
|
The latest version of this document is available at the InterWeft WWW
|
||
|
site at <url url="http://www.interweft.com.au/" name="InterWeft IT
|
||
|
Consultants"> and from <url url="http://sunsite.unc.edu/LDP" name="The
|
||
|
Linux Documentation Project">.
|
||
|
|
||
|
<sect>Introduction
|
||
|
<p>
|
||
|
With available IP network numbers rapidly becoming an endangered
|
||
|
species, efficient use of this increasingly scarce resource is
|
||
|
important.
|
||
|
|
||
|
<p>
|
||
|
This document describes how to split a single IP network number up so
|
||
|
that it can be used on several different networks.
|
||
|
|
||
|
<p>
|
||
|
This document concentrates on C Class IP network numbers - but the
|
||
|
principles apply to A and B class networks as well.
|
||
|
|
||
|
<sect1>Other sources of information
|
||
|
<p>
|
||
|
There are a number of other sources of information that are of
|
||
|
relevance for both detailed and background information on IP numbers.
|
||
|
Those recommended by the author are:-
|
||
|
|
||
|
<itemize>
|
||
|
|
||
|
<item><url url="http://sunsite.unc.edu/LDP/LDP/nag/nag.html" name="The
|
||
|
Linux Network Administrators Guide">.
|
||
|
|
||
|
<item><url url="http://linuxwww.db.erau.edu/SAG/" name="The Linux System
|
||
|
Administration Guide">.
|
||
|
|
||
|
<item><url url="http://www.ora.com/catalog/tcp/noframes.html"
|
||
|
name="TCP/IP Network Administration by Craig Hunt, published by O'Reilly
|
||
|
and Associates">.
|
||
|
|
||
|
</itemize>
|
||
|
|
||
|
<sect>The Anatomy of IP numbers
|
||
|
<p>
|
||
|
Before diving into the delight of sub-networking, we need to establish
|
||
|
some IP number basics.
|
||
|
|
||
|
<sect1>IP numbers belong to Interfaces - <bf/NOT/ hosts!
|
||
|
<p>
|
||
|
First of all, let's clear up a basic cause of misunderstanding - IP
|
||
|
numbers are <bf/not/ assigned to hosts. IP numbers are assigned to
|
||
|
network interfaces on hosts.
|
||
|
|
||
|
<p>
|
||
|
Eh - what's that?
|
||
|
|
||
|
<p>
|
||
|
Whilst many (if not most) computers on an IP network will possess a
|
||
|
single network interface (and have a single IP number as a consequence),
|
||
|
this is not the only way things happen. Computers and other devices can
|
||
|
have several (if not many) network interfaces - and each interface has
|
||
|
its own IP number.
|
||
|
|
||
|
<p>
|
||
|
So a device with 6 active interfaces (such as a router) will have 6 IP
|
||
|
numbers - one for each interface to each network to which it is connected. The
|
||
|
reason for this becomes clear when we look at an IP network!
|
||
|
|
||
|
<p>
|
||
|
Despite this, most people refer to <em/host addresses/ when referring to an
|
||
|
IP number. Just remember, this is simply shorthand for <em/the IP number
|
||
|
of this particular interface on this host/. Many (if not the majority)
|
||
|
of devices on the Internet have only a single interface and thus a
|
||
|
single IP number.
|
||
|
|
||
|
<sect1>IP Numbers as &dquot;Dotted Quads&dquot;
|
||
|
<p>
|
||
|
In the current (IPv4) implementation of IP numbers, IP numbers consist
|
||
|
of 4 (8 bit) bytes - giving a total of 32 bits of available information.
|
||
|
This results in numbers that are rather large (even when written in
|
||
|
decimal notation). So for readability (and organisational reasons) IP
|
||
|
numbers are usually written in the 'dotted quad' format. The IP number
|
||
|
|
||
|
<tscreen><verb>
|
||
|
192.168.1.24
|
||
|
</verb></tscreen>
|
||
|
|
||
|
is an example of this - 4 (decimal) numbers separated by (.) dots.
|
||
|
|
||
|
<p>
|
||
|
As each one of the four numbers is the decimal representation of an 8
|
||
|
bit byte, each of the 4 numbers can range from 0 to 255 (that is take on
|
||
|
256 unique values - remember, zero is a value too).
|
||
|
|
||
|
<p>
|
||
|
In addition, part of the IP number of a host identifies the network on
|
||
|
which the host resides, the remaining 'bits' of the IP number identify
|
||
|
the host (oops - network interface) itself. Exactly how many bits are
|
||
|
used by the network ID and how many are available to identify hosts
|
||
|
(interfaces) on that network is determined by the network 'class'.
|
||
|
|
||
|
<sect1>Classes of IP Networks
|
||
|
<p>
|
||
|
There are three classes of IP numbers
|
||
|
|
||
|
<itemize>
|
||
|
|
||
|
<item>Class A IP network numbers use the leftmost 8 bits (the leftmost
|
||
|
of the dotted quads) to identify the network, leaving 24 bits (the
|
||
|
remaining three dotted quads) to identify host interfaces on that
|
||
|
network.<newline>
|
||
|
Class A addresses <bf/always/ have the leftmost bit of the leftmost
|
||
|
byte a zero - that is a decimal value of 0 to 127 for the first dotted
|
||
|
quad. So there are a maximum of 128 class A network numbers
|
||
|
available, with each one containing up to 33,554,430 possible
|
||
|
interfaces.
|
||
|
|
||
|
<newline><newline>
|
||
|
|
||
|
However, the networks 0.0.0.0 (known as the default route) and 127.0.0.0
|
||
|
(the loop back network) have special meanings and are not available for
|
||
|
use to identify networks. So there are only 126 <em/available/ A class
|
||
|
network numbers.
|
||
|
|
||
|
<item>Class B IP network numbers use the leftmost 16 bits (the leftmost two
|
||
|
dotted quads) to identify the network, leaving 16 bits (the last two
|
||
|
dotted quads) to identify host interfaces. Class B addresses always have
|
||
|
the leftmost 2 bits of the leftmost byte set to 1 0. This leaves 14 bits
|
||
|
left to specify the network address giving 32767 available B class
|
||
|
networks. B Class networks thus have a range of 128 to 191 for the first
|
||
|
of the dotted quads, with each network containing up to 32,766 possible
|
||
|
interfaces.
|
||
|
|
||
|
<item>Class C IP network numbers use the leftmost 24 bits (the leftmost
|
||
|
three bytes) to identify the network, leaving 8 bits (the rightmost
|
||
|
byte) to identify host interfaces. Class C addresses always start with
|
||
|
the leftmost 3 bits set to 1 1 0 or a range of 192 to 255 for the
|
||
|
leftmost dotted quad. There are thus 4,194,303 available C class network
|
||
|
numbers, each containing 254 interfaces. (C Class networks with the
|
||
|
first byte greater than 223 are however reserved and unavailable for use).
|
||
|
</itemize>
|
||
|
|
||
|
In summary:
|
||
|
|
||
|
<tscreen><verb>
|
||
|
Network class Usable range of first byte values (decimal)
|
||
|
A 1 to 126
|
||
|
B 128 to 191
|
||
|
C 192 to 254
|
||
|
</verb></tscreen>
|
||
|
|
||
|
<p>
|
||
|
There are also special addresses that are reserved for 'unconnected'
|
||
|
networks - that is networks that use IP but are not connected to the
|
||
|
Internet, These addresses are:-
|
||
|
|
||
|
<itemize>
|
||
|
<item>One A Class Network<newline>
|
||
|
10.0.0.0
|
||
|
<item>16 B Class Networks<newline>
|
||
|
172.16.0.0 - 172.31.0.0
|
||
|
<item>256 C Class Networks
|
||
|
192.168.0.0 - 192.168.255.0
|
||
|
</itemize>
|
||
|
|
||
|
<p>
|
||
|
You will note that this document uses these sequences throughout to avoid
|
||
|
confusion with 'real' networks and hosts.
|
||
|
|
||
|
<sect1>Network numbers, interface addresses and broadcast addresses
|
||
|
<p>
|
||
|
IP numbers can have three possible meanings:-
|
||
|
|
||
|
<itemize>
|
||
|
|
||
|
<item>the address of an IP network (a group of IP devices sharing common
|
||
|
access to a transmission medium - such as all being on the same Ethernet
|
||
|
segment). A network number will always have the interface (host) bits of
|
||
|
the address space set to 0 (unless the network is sub-networked - as we
|
||
|
shall see);
|
||
|
|
||
|
<item>the broadcast address of an IP network (the address used to 'talk',
|
||
|
simultaneously, to all devices in an IP network). Broadcast
|
||
|
addresses for a network always have the interface (host) bits of the the
|
||
|
address space set to 1 (unless the network is sub-networked - again, as
|
||
|
we shall see).
|
||
|
|
||
|
<item>the address of an interface (such as an Ethernet card or PPP interface
|
||
|
on a host, router, print server etc). These addresses can have any value
|
||
|
in the host bits <bf/except/ all zero or all 1 - because with the host bits all
|
||
|
0, the address is a network address and with the host bits all 1 the
|
||
|
address is the broadcast address.
|
||
|
|
||
|
</itemize>
|
||
|
|
||
|
<p>
|
||
|
In summary and to clarify things
|
||
|
|
||
|
<tscreen><verb>
|
||
|
For an A class network...
|
||
|
(one byte of network address space followed by three bytes of host
|
||
|
address space)
|
||
|
|
||
|
10.0.0.0 is an A Class network number because all the host
|
||
|
bits of the address space are 0
|
||
|
10.0.1.0 is a host address on this network
|
||
|
10.255.255.255 is the broadcast address of this network
|
||
|
because all the host bits of the address space are 1
|
||
|
|
||
|
For a B class network...
|
||
|
(two bytes of network address space followed by two bytes of host
|
||
|
address space)
|
||
|
|
||
|
172.17.0.0 is a B Class network number
|
||
|
172.17.0.1 is a host address on this network
|
||
|
172.17.255.255 is the network broadcast address
|
||
|
|
||
|
For a C Class network...
|
||
|
(three bytes of network address space followed by one byte of host
|
||
|
address space)
|
||
|
|
||
|
192.168.3.0 is a C Class network number
|
||
|
192.168.3.42 is a host address on this network
|
||
|
192.168.3.255 is the network broadcast address
|
||
|
</verb></tscreen>
|
||
|
|
||
|
<p>
|
||
|
Almost all IP network numbers remaining available for allocation at
|
||
|
present are C Class addresses.
|
||
|
|
||
|
<sect1>The network mask
|
||
|
<p>
|
||
|
The network mask is more properly called the subnetwork mask. However,
|
||
|
it is generally referred to as the network mask.
|
||
|
|
||
|
<p>
|
||
|
It is the network mask and its implications on how IP addresses are
|
||
|
interpreted <em/locally/ on an IP network segment that concerns us most
|
||
|
here, as this determines what (if any) sub-networking occurs.
|
||
|
|
||
|
<p>
|
||
|
The standard (sub-) network mask is all the network bits in an address
|
||
|
set to '1' and all the host bits set to '0'. This means that the
|
||
|
standard network masks for the three classes of networks are:-
|
||
|
|
||
|
<itemize>
|
||
|
<item>A Class network mask: 255.0.0.0
|
||
|
<item>B Class network mask: 255.255.0.0
|
||
|
<item>C Class network mask: 255.255.255.0
|
||
|
</itemize>
|
||
|
|
||
|
<p>
|
||
|
There are two important things to remember about the network mask:-
|
||
|
<itemize>
|
||
|
<item>The network mask affects only the <bf/local/ interpretation of
|
||
|
<bf/local/ IP numbers (where local means on this particular network segment);
|
||
|
<item>The network mask is <bf/not/ an IP number - it is used to modify
|
||
|
how local IP numbers are interpreted locally.
|
||
|
</itemize>
|
||
|
|
||
|
<sect>What are subnets?
|
||
|
<p>
|
||
|
A subnet is a way of taking a single IP network address and <bf/locally/
|
||
|
splitting it up so that this single network IP address can actually be
|
||
|
used on several interconnected local networks. Remember, a single IP
|
||
|
network number can only be used on a single network.
|
||
|
|
||
|
<p>
|
||
|
The important word here is <bf/locally/: as far as the world outside the
|
||
|
machines and physical networks covered by the sub-netted IP network are
|
||
|
concerned, nothing whatsoever has changed - it is still just a single IP
|
||
|
network. This is important - sub-networking is a <bf/local/ configuration
|
||
|
and is invisible to the rest of the world.
|
||
|
|
||
|
<sect>Why subnetwork?
|
||
|
<p>
|
||
|
The reasons behind sub-networking date back to the early specification of
|
||
|
IP - where just a few sites were running on Class A network numbers,
|
||
|
which allow for millions of connected hosts.
|
||
|
|
||
|
<p>
|
||
|
It is obviously a huge traffic and administration problem if all IP
|
||
|
computers at a large site need to be connected to the same network:
|
||
|
trying to manage such a huge beast would be a nightmare and the network
|
||
|
would (almost certainly) collapse under the load of its own traffic
|
||
|
(saturate).
|
||
|
|
||
|
<p>
|
||
|
Enter sub-networking: the A class IP network address can be split up to
|
||
|
allow its distribution across several (if not many) separate networks.
|
||
|
The management of each separate network can easily be delegated as well.
|
||
|
|
||
|
<p>
|
||
|
This allows small, manageable networks to be established - quite
|
||
|
possibly using different networking technologies. Remember, you cannot mix
|
||
|
Ethernet, Token Ring, FDDI, ATM etc on the same physical network - they
|
||
|
can be interconnected, however!
|
||
|
|
||
|
<p>
|
||
|
Other reasons for sub-networking are:-
|
||
|
<itemize>
|
||
|
<item>Physical site layout can create restrictions (cable run lengths)
|
||
|
in terms of the how the physical infrastructure can be connected,
|
||
|
requiring multiple networks. Sub-networking allows this to be done in an
|
||
|
IP environment using a single IP network number.
|
||
|
<newline><newline>
|
||
|
This is in fact now very commonly done by ISPs who wish to give their
|
||
|
permanently connected clients with local networks static IP numbers.
|
||
|
|
||
|
<item>Network traffic is sufficiently high to be causing significant
|
||
|
slow downs. By splitting the network up using subnetworks, traffic that
|
||
|
is local to a network segment can be kept local - reducing overall
|
||
|
traffic and speeding up network connectivity without requiring more
|
||
|
actual network bandwidth;
|
||
|
<item>Security requirements may well dictate that different classes of
|
||
|
users do not share the same network - as traffic on a network can always
|
||
|
be intercepted by a knowledgeable user. Sub-networking provides a way to
|
||
|
keep the marketing department from snooping on the R & D network traffic
|
||
|
(or students from snooping on the administration network)!
|
||
|
<item>You have equipment which uses incompatible networking technologies
|
||
|
and need to interconnect them (as mentioned above).
|
||
|
</itemize>
|
||
|
|
||
|
<sect>How to subnetwork a IP network number
|
||
|
<p>
|
||
|
Having decided that you need to subnetwork your IP network number, how
|
||
|
do you go about it? The following is an overview of the steps which will
|
||
|
then be explained in detail:-
|
||
|
|
||
|
<itemize>
|
||
|
<item>Set up the physical connectivity (network wiring and network
|
||
|
interconnections - such as routers;
|
||
|
<item>Decide how big/small each subnetwork needs to be in terms of the
|
||
|
number of devices that will connect to it - ie how many usable IP
|
||
|
numbers are required for each individual segment.
|
||
|
<item>Calculate the appropriate network mask and network addresses;
|
||
|
<item>Give each interface on each network its own IP address and the
|
||
|
appropriate network mask;
|
||
|
<item>Set up the routes on the routers and the appropriate gateways,
|
||
|
routes and/or default routes on the networked devices;
|
||
|
<item>Test the system, fix problems and then relax!
|
||
|
</itemize>
|
||
|
|
||
|
<p>
|
||
|
For the purpose of this example, we will assume we are sub-networking a single C
|
||
|
class network number: 192.168.1.0
|
||
|
|
||
|
<p>
|
||
|
This provides for a maximum of 254 connected interfaces (hosts), plus
|
||
|
the obligatory network number (192.168.1.0) and broadcast address
|
||
|
(192.168.1.255).
|
||
|
|
||
|
<sect1>Setting up the physical connectivity
|
||
|
<p>
|
||
|
You will need to install the correct cabling infrastructure for all the
|
||
|
devices you wish to interconnect designed to meet your physical layout.
|
||
|
|
||
|
<p>
|
||
|
You will also need a mechanism to interconnect the various segments
|
||
|
together (routers, media converters etc.).
|
||
|
|
||
|
<p>
|
||
|
A detailed discussion of this is obviously impossible here. Should you
|
||
|
need help, there are network design/installation consultants around who
|
||
|
provide this sort of service. Free advice is also available on a number of
|
||
|
Usenet news groups (such as comp.os.linux.networking).
|
||
|
|
||
|
<sect1>Subnetwork sizing
|
||
|
<p>
|
||
|
There is a play off between the number of subnetworks you create and 'wasted'
|
||
|
IP numbers.
|
||
|
|
||
|
<p>
|
||
|
Every individual IP network has two addresses unusable as interface
|
||
|
(host) addresses - the network IP number itself and the broadcast
|
||
|
address. When you subnetwork, each subnetwork requires its own, unique
|
||
|
IP network number and broadcast address - and these have to be valid
|
||
|
addresses from within the range provided by the IP network that you are
|
||
|
sub-networking.
|
||
|
|
||
|
<p>
|
||
|
So, by sub-networking an IP network into two separate subnetworks, there
|
||
|
are now <bf/two/ network addresses and <bf/two/ broadcast addresses -
|
||
|
increasing the 'unusable' interface (host) addresses; creating 4
|
||
|
subnetworks creates <bf/eight/ unusable interface (host) addresses and
|
||
|
so on.
|
||
|
|
||
|
<p>
|
||
|
In fact the smallest usable subnetwork consists of 4 IP numbers:-
|
||
|
<itemize>
|
||
|
<item>Two usable IP interface numbers - one for the router interface on
|
||
|
that network and one for the single host on that network.
|
||
|
<item>One network number.
|
||
|
<item>One broadcast address.
|
||
|
</itemize>
|
||
|
|
||
|
<p>
|
||
|
Quite why one would want to create such a small network is another
|
||
|
question! With only a single host on the network, any network
|
||
|
communication must go out to another network. However, the example does
|
||
|
serve to show the law of diminishing returns that applies to
|
||
|
sub-networking.
|
||
|
|
||
|
<p>
|
||
|
In principle, you can only divide your IP network number into 2^n (where
|
||
|
n is one less that the number of host bits in your IP network number)
|
||
|
equally sized subnetworks (you can subnetwork a subnetwork and combine
|
||
|
subnetworks however).
|
||
|
|
||
|
<p>
|
||
|
So be realistic about designing your network design - you want the
|
||
|
<bf/minimum/ number of separate local networks that is consistent with
|
||
|
management, physical, equipment and security constraints!
|
||
|
|
||
|
<sect1>Calculating the subnetwork mask and network numbers
|
||
|
<p>
|
||
|
The network mask is what performs all the <bf/local/ magic of dividing
|
||
|
an IP network into subnetworks.
|
||
|
|
||
|
<p>
|
||
|
The network mask for an un-sub-networked IP network number is simply a
|
||
|
dotted quad which has all the 'network bits' of the network number
|
||
|
set to '1' and all the host bits set to '0'.
|
||
|
|
||
|
<p>
|
||
|
So, for the three classes of IP networks, the standard network masks
|
||
|
are:-
|
||
|
<itemize>
|
||
|
<item>Class A (8 network bits) : 255.0.0.0
|
||
|
<item>Class B (16 network bits): 255.255.0.0
|
||
|
<item>Class C (24 network bits): 255.255.255.0
|
||
|
</itemize>
|
||
|
|
||
|
<p>
|
||
|
The way sub-networking operates is to <em/borrow/ one or more of the
|
||
|
available host bits and make then make interfaces <bf/locally/ interpret
|
||
|
these borrowed bits as part of the network bits. So to divide a network
|
||
|
number into two subnetworks, we would borrow one host bit by setting the
|
||
|
appropriate bit in the network mask of the first (normal) host bit to '1'.
|
||
|
|
||
|
<p>
|
||
|
For a C Class address, this would result in a netmask of
|
||
|
<newline>
|
||
|
11111111.11111111.11111111.10000000
|
||
|
<newline>
|
||
|
or 255.255.255.128
|
||
|
|
||
|
<p>
|
||
|
For our C Class network number of 192.168.1.0, these are some of the
|
||
|
sub-networking options you have:-
|
||
|
|
||
|
<code>
|
||
|
No of No of
|
||
|
subnets Hosts/net netmask
|
||
|
2 126 255.255.255.128 (11111111.11111111.11111111.10000000)
|
||
|
4 62 255.255.255.192 (11111111.11111111.11111111.11000000)
|
||
|
8 30 255.255.255.224 (11111111.11111111.11111111.11100000)
|
||
|
16 14 255.255.255.240 (11111111.11111111.11111111.11110000)
|
||
|
32 6 255.255.255.248 (11111111.11111111.11111111.11111000)
|
||
|
64 2 255.255.255.252 (11111111.11111111.11111111.11111100)
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
In principle, there is absolutely no reason to follow the above way of
|
||
|
subnetworking where network mask bits are added from the most
|
||
|
significant host bit to the least significant host bit. However, if you
|
||
|
do not do it this way, the resulting IP numbers will be in a <em/very/
|
||
|
odd sequence! This makes it extremely difficult for us humans to decide
|
||
|
to which subnetwork an IP number belongs as we are not too good at thinking
|
||
|
in binary (computers on the other hand are and will use whatever scheme
|
||
|
you tell them with equal equanimity).
|
||
|
|
||
|
<p>
|
||
|
Having decided on the appropriate netmask, you then need to work out
|
||
|
what the various Network and broadcast addresses are - and the IP number
|
||
|
range for each of these networks. Again, considering only a C Class IP
|
||
|
Network number and listing only the <em/final/ (host part) we have:-
|
||
|
|
||
|
<code>
|
||
|
Netmask Subnets Network B'cast MinIP MaxIP Hosts Total Hosts
|
||
|
--------------------------------------------------------------------------
|
||
|
128 2 0 127 1 126 126
|
||
|
128 255 129 254 126 252
|
||
|
|
||
|
192 4 0 63 1 62 62
|
||
|
64 127 65 126 62
|
||
|
128 191 129 190 62
|
||
|
192 255 193 254 62 248
|
||
|
|
||
|
224 8 0 31 1 30 30
|
||
|
32 63 33 62 30
|
||
|
64 95 65 94 30
|
||
|
96 127 97 126 30
|
||
|
128 159 129 158 30
|
||
|
160 191 161 190 30
|
||
|
192 223 193 222 30
|
||
|
224 255 225 254 30 240
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
As can be seen, there is a very definite sequence to these numbers,
|
||
|
which make them fairly easy to check. The 'downside' of sub-networking is
|
||
|
also visible in terms of the reducing total number of available host
|
||
|
addresses as the number of subnetworks increases.
|
||
|
|
||
|
<p> With this information, you are now in a position to assign host and
|
||
|
network IP numbers and netmasks.
|
||
|
|
||
|
<sect>Routing
|
||
|
<p>
|
||
|
If you are using a Linux PC with two network interfaces to route between
|
||
|
two (or more) subnets, you need to have IP Forwarding enabled in your
|
||
|
kernel. Do a
|
||
|
|
||
|
<code>
|
||
|
cat /proc/ksyms | grep ip_forward
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
You should get back something like...
|
||
|
<code>
|
||
|
00141364 ip_forward_Rf71ac834
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
If you do not, then you do not have IP-Forwarding enabled in your kernel
|
||
|
and you need to recompile and install a new kernel.
|
||
|
|
||
|
<p>
|
||
|
For the sake of this example, let us assume that you have decided to
|
||
|
subnetwork you C class IP network number 192.168.1.0 into 4 subnets
|
||
|
(each of 62 usable interface/host IP numbers). However, two of these
|
||
|
subnets are being combined into a larger single network, giving three
|
||
|
physical networks.
|
||
|
|
||
|
<p>
|
||
|
These are :-
|
||
|
<code>
|
||
|
Network Broadcast Netmask Hosts
|
||
|
192.168.1.0 192.168.1.63 255.255.255.192 62
|
||
|
192.168.1.64 192.168.1.127 255.255.255.192 62
|
||
|
192.168.1.128 192.168.1.255 255.255.255.128 124 (see note)
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
Note: the reason the last network has only 124 usable network addresses
|
||
|
(not 126 as would be expected from the network mask) is that it is
|
||
|
really a 'super net' of two subnetworks. Hosts on the other two networks
|
||
|
will interpret 192.168.1.192 as the <em/network/ address of the 'non-existent'
|
||
|
subnetwork. Similarly, they will interpret 192.168.1.191
|
||
|
as the broadcast address of the 'non-existent' subnetwork.
|
||
|
|
||
|
<p>
|
||
|
So, if you use 192.168.1.191 or 192 as host addresses on the third
|
||
|
network, then machines on the two smaller networks will not be able to
|
||
|
communicate with them.
|
||
|
|
||
|
<p>
|
||
|
This illustrates an important point with subnetworks - the usable
|
||
|
addresses are determined by the <bf/SMALLEST/ subnetwork in that address
|
||
|
space.
|
||
|
|
||
|
<sect1>The routing tables
|
||
|
<p>
|
||
|
Let us assume that a computer running Linux is acting as a router for
|
||
|
this network. It will have three network interfaces to the local LANs
|
||
|
and possibly a fourth interface to the Internet (which would be its
|
||
|
default route.
|
||
|
|
||
|
<p>
|
||
|
Let us assume that the Linux computer uses the lowest available IP
|
||
|
address in each subnetwork on its interface to that network. It would
|
||
|
configure its network interfaces as
|
||
|
|
||
|
<code>
|
||
|
Interface IP Address Netmask
|
||
|
eth0 192.168.1.1 255.255.255.192
|
||
|
eth1 192.168.1.65 255.255.255.192
|
||
|
eth2 192.168.1.129 255.255.255.128
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
The routing it would establish would be
|
||
|
|
||
|
<code>
|
||
|
Destination Gateway Genmask Iface
|
||
|
192.168.1.0 0.0.0.0 255.255.255.192 eth0
|
||
|
192.168.1.64 0.0.0.0 255.255.255.192 eth1
|
||
|
192.168.1.128 0.0.0.0 255.255.255.128 eth2
|
||
|
</code>
|
||
|
|
||
|
<p>
|
||
|
On each of the subnetworks, the hosts would be configured with their own
|
||
|
IP number and net mask (appropriate for the particular network). Each host
|
||
|
would declare the Linux PC as its gateway/router, specifying the Linux
|
||
|
PCs IP address for its interface on to that particular network.
|
||
|
|
||
|
|
||
|
<p>
|
||
|
Robert Hart
|
||
|
Melbourne, Australia March 1997.
|
||
|
|
||
|
</article>
|