I want to double check what I think is okay to do for my network, before I break an RFC!

I only have 1 physical subnet, but I have up to 500 TCP/IP devices on that 1 subnet. (subnet being defined as every device back from the router)

Needless to say 192.168.1.xxx with a subnet of 255.255.255.0 does not do it for me.

So what I want to do is change my subnet to 255.255.0.0

If I do this, then I will have a surplus of IP addresses to assign.

The things I want to verify is this:

That with the above subnet, 192.168.2.10 and 192.168.3.55 would be on the same network. Yes?

That just seems wrong to me, and yet, according to what I've read, with the modified subnet, they would be on the same network.

Also: I don't want to violate the private addressing rules, but I've read RFC 1918, and this would seem to be allright.

T.I.A.

you're free to use anything within 192.168.0.0/16 without problems... if you don't want to "waste" IP addresses you could always use 192.168.0.0/23 (255.255.254.0) and walk off with only 512 addresses, 192.168.0.1 to 192.168.1.254. The whole 4 octect thing has broken down a lot in the last decade... CIDR notation (/24 /23 /16 etc..) is prefered in many places as it's so much simpler and there's no real difference if a subnet ends exactly on an octet boundary or not... do what you want, it's fine.

acid_kewpie is of course correct, but I just wanted to add: CIDR notation was invented to solve IP shortages for the internet. There is no real "benefit" to be gained from using less than the /16 on a private subnet block, unless you intend to create another subnet at some time on the same physical lan. I would go with at least /22 to give you 1024 ips, to leave some breathing room.

And, for anyone who needs massive IP ranges (bad idea), there's always the 16 million IPs in the 10.0.0.0/8 netblock.

Thank you both.

I will go with the 255.255.254.0 as my need for 500 includes a generous pad.

But just to see if I get the jist of CIDR notation: /22 would be 192.168.0.1 to 192.168.3.254 yes?

And with the exception of changing my router subnet, I can keep the gateway of 192.168.1.1. Yippe!


Matir: since it took me 3 yrs to get 1 pc spec. added to my (just me) dept., I'll back off encouraging the 16 million devices...

Large flat networks have a problem: If you use /16 as a netmask in your router it thinks it is connected to a network of 2^16 machines. In particular it will try to do arp caching for all these 65536 ip addresses. Now you only use 500 or so IPs so that's not really a problem. It will become a problem in the following scenario: Say one of the client computers is infected with a virus that tries to spread. First thing most virii do is just contact every computer in the network they are in. So in such a case you will have a rapid succession of arp requests all of which your router thinks it should be able to resolve. This can easily make the arp cache overflow resulting in a DoS.

You can get around this by increasing the arp cache (defaults to 1024 on most linux distributions) in /proc/sys/net/ipv4/neigh/default/gc_thresh[123]. But a safer solution is to not use /16 but /22 as a netmask as suggested previously.

Edit:
You're right about the ip range of 192.168.0.0/22

Handy link: http://www.subnetmask.info/

demian:

I understand the concept of a virus flooding the router (a little linksys box) with ARP requests, but what I don't understand is how _increasing_ the supposed number of computers avoids that.

Also, if I use /22 is my subnet mask 255.255.252.0?

I followed the link, but it will take time for me to figure out what to do with it.

I'm afraid that while I'm getting the basic concepts, technically I'm way out of my depth at this point. But at least now I know how to fit my network into an IP range. Eventually I'll pick up a book on it. Just now however, with only one subnet and no plans for more in the near (2yrs) future, any dedicated book is overkill.

Increasing the range doesn't AVOID the problem, it could (help) cause it.

You might want to check out this GPL utility for CIDR calculations: http://www.laffeycomputer.com/whatmask.html

I assumed your router was a linux box On the linksys thingy you probably don't have an option to tune the size of the arp cache. However, if it supports /16 subnets it should also have a sufficiently large arp cache.

What increasing gc_thresh does is just increase the size of the kernel's arp table. The default values for me are 128, 512 and 1024 for gc_thresh1,2,3 respectively. Meaning the garbage collector process will not run when the table is smaller than 128. 512 is the soft maximum which can be exceeded for five seconds and 1024 is the hard limit which triggers the garbage collector immediately. During an arp flood the garbage collector might not get rid of stale entries fast enough so if you increase the hard limit to the amount of IP addresses in your net you will evade the DoS effect since legitimate arp requests can still be answered.

Yup, that's right.

Great. I will restructure our network as I deploy our Fedora Core 4 box. I am looking forward to learning more of SAMBA; Linux; routing and fine tuning. This forum has been very supportive, even when there is not a ready answer.

I still haven't made the jump to Linux on my desktop yet. But for servers, I'm sold.


Thank you all again!

One more thing before you go! If you're ever having problems calculating IP address ranges, definitely look into the ipcalc tool. For instance, it answers your question easily:

It even lets you know that you're free to use the network without violating RFC1918 with the last line [noting that it's ``Private''].

Cheers.

Ohhh. Now that's cool!

Thanks!

that means, after 192.168.0.254, i can add 192.168.1.1 - 192.168.1.254 if my network address is 192.168.0.0 and my netmask is 255.255.254.0 that is 192.168.0.0/23 ? right ?

one more thing. do i have to change the netmask for all the clients or do i have to change the netmask at the router only ??

All the clients need to know the new netmask, if you want them to be able to "see" each other.

thanks for the answer. Now i got it.