Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
12-06-2005, 03:38 PM
|
#1
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Rep:
|
subnets and subnetting
What does it *really* mean to have a number of computers at your site "on a subnet", wrt another group of computers "on a different subnet"?
I know that your router to the Internet doesn't forward 10.x/172.16.x/192.168.x packets to the outside world... what does it care what your NIC's subnet setting is?
Suppose you have one router, one switch and LAN behind it, and 20 computers on that LAN. Does grouping them into 2 subnets simply mean going to 10 of those computers and setting their subnet mask to one value, then going to the other 10 and setting it to another value? Or does it involve some setting on the router?
Why would it be useful to have multiple subnets on your network? I don't think it buys you any more IP addresses... Is it simply a way to cut down on overall network traffic (i.e. the packets from one group of users don't have to go out over the whole network if most of the time they're only going to someone else in their group/office/subnet)?
Thanks.
|
|
|
12-06-2005, 04:01 PM
|
#2
|
Member
Registered: Aug 2005
Location: /home/teebones
Distribution: sometimes this, sometimes that..
Posts: 502
Rep:
|
it often makes it more easy for the admin (read= more detailed control). e.g. one can block certain netblocks for accessing parts on the network, or route certain netblock traffic though other paths etc etc. and yes, you can create more hosts on a block with smart subnetting techniques! (although this is officially called supernetting).
Maybe you should read some stuff about subnetting and tcp in general. It will give you even more understanding about the advantages of using subnets. (and how to create/calculate them).
Last edited by teebones; 12-06-2005 at 04:06 PM.
|
|
|
12-06-2005, 04:29 PM
|
#3
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
> Maybe you should read some stuff about subnetting and tcp in general.
Thanks. Yeah, I have been. Actually, just now I was looking at Frisch's "Essential System Administration". So far, all the resources I read simply refer to subnetting as a way to divvy up your network into "subnets", and then they go on to describe how you'd set your NIC's subnet using ifconfig.
I'm looking for the big picture though.
|
|
|
12-07-2005, 11:26 AM
|
#4
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
Ok, I found this:
http://www.tcpipguide.com/free/t_IPS...ngConcepts.htm
which was somewhat helpful.
Also, I think I'm understanding it more. The connection I was missing was the routing table. Setting up a subnet seems to entail not only configuring your NIC's IP addy and netmask, but also entails adding routes to routing tables (or having DHCP do this I presume). Further, routing tables work the same for individual hosts as they do for routers -- they're generic.
|
|
|
12-07-2005, 10:37 PM
|
#5
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,091
|
Think of it this way: all of the computers on the same "subnet" can communicate directly with one another. To talk to other subnets, they must send their traffic through a gateway of some sort.
|
|
|
12-09-2005, 12:40 AM
|
#6
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
sundial, so, if you've got two subnets on the same LAN, and you send a packet from one node on one subnet to a node on the other subnet, you're saying that the packet has to bounce off the gateway? I'd think you could just set your routing table to "deliver directly" any packets destined for that subnet...
|
|
|
12-09-2005, 08:20 AM
|
#7
|
Member
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891
Rep: 
|
The rules are these -
If a host wants to send a packet to an IP detination host within its own subnet then it is allowed to arp for the L2 address and then generate and send a frame directly to the destination.
If a host wants to send a packet to a host that is outside of its own subnet then it MUST send that packet via a gateway or router. (In IP terminology the two are the same thing) i.e its arps for the default gateway and the frame is sent with a destination MAC address of the default gateway.
There are no exceptions to this rule.
The host can send to other gateways if it has explicite routing information for the destination, either configured, redirected or learned by routing protocol, otherwise the host will send the packet to its default gateway, hence the name.
Last edited by baldy3105; 12-09-2005 at 08:22 AM.
|
|
|
12-10-2005, 03:41 PM
|
#8
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
Thanks baldy.
2 simple things had me quite confused:
1. I didn't realize that routers besides the ones that
connect your systems directly to the 'Net forward rfc1918
addresses, and
2. I was thinking in terms of using a subnet on one LAN --
on one single wire with a large number of nodes on that
wire (whether connected via hubs or switches). I think
I see now that it doesn't make sense to have more than
one subnet on a single wire (dunno a better word to use
than "wire" here).
I'm still a little confused, but it's getting better. 
Is the usual set-up of networks and subnets like this? :
Code:
Legend:
R == router
H == host
S == switch
(machines connected directly together are via a simple hub)
The Internet
|
|
R1
|
+--------+-------------+
| S1 |
+----+-----+----+----+-+
| | | |
| | | |
| H1 H R2------------ These hosts may be on
| | | | their own subnet, but
+----+------+ H3 H H they don't have to be.
| S2 |
+--+--+-+-+-+
| | | |
H2 H H H These hosts are not
on their own subnet, and
it would make no sense if
they were.
Hm. Now I'm trying to see the difference between when the group with H3 is on its own subnet or not...
|
|
|
12-13-2005, 05:21 AM
|
#9
|
Member
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891
Rep: 
|
Umm, H3 is connected via a router it is on a different subnet by definition.
If H3 was on the same subnet as H1 and H2 then the box labelled R2 would be bridging.
If you try to configure the same subnet on two interfaces one of two things will happen. Either R2 will tell you you're not allowed e.g. Cisco IOS. Or will accept the config BUT when the router configured connected routes for the interfaces in its route table it will end up picking one interface as the local exit for the subnet. All packets hitting the router will be routed out of the same interface which is not what you want.
Normally one VLAN equals one subnet. You can have more than one subnet on a VLAN if you put secondary addresses on the router interface, but normally theres no point, things are tidier without. You need to remember though that even if a single VLAN has two sunbets on it the packets between subnet A and B MUST still go via the router even though the subnets share the same "wire".
You can have one subnet on two VLANS but only by bridging between them at which point you've just completely destroyed the point of having two VLANS.
All routers can forward the RFC1918 reserved ranges its just that by common consent these ranges are "reserved" from use on the internet. i.e you can pump packets into the internet towards 192.168.1.1 and they will simply follow the defaut route until they hit a router thats been properly configure to filter them out or the default route disappears. You would never get a response as the network doesn't exist as far as the internet is concerned.
Historically we would have used "wire" to refer to an ethernet segment, back in the days where multiple hosts shared one transmission medium or "collision domain". I guess VLAN is now synonymous with "broadcsat domain", so where a network of switches doesn't use VLANs, i.e is a "flat" network, has no hierarchical structure and all ports are in the same broadcast domain we still refer to it as a "single VLAN".
Good diagam btw 
Last edited by baldy3105; 12-13-2005 at 05:24 AM.
|
|
|
12-17-2005, 05:49 PM
|
#10
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
Thanks much for the reply baldy. Sorry it's taken me so long to get back to this thread.
> Umm, H3 is connected via a router it is on a different subnet by definition.
> If H3 was on the same subnet as H1 and H2 then the box labelled R2 would be
> bridging.
Yes. I see that now: Routers separate networks.
> Normally one VLAN equals one subnet.
Check.
Thanks again for the great reply, including clarifying the terms "on the same wire", "VLAN", and "on the same broadcast domain". That helped me a lot also.
I'll get some of this onto the LQ wiki ASAP so you don't have to go through all this again with the next fellow. 
|
|
|
12-17-2005, 07:46 PM
|
#11
|
Member
Registered: Dec 2005
Distribution: Slackware 10.2 - bare.i, Slackware 10.1 - scsi.s, Slackware 9.1 - bare.i
Posts: 47
Rep:
|
Yes, a router (gateway in Unix terminology) is required
Quote:
Originally Posted by johnMG
sundial, so, if you've got two subnets on the same LAN, and you send a packet from one node on one subnet to a node on the other subnet, you're saying that the packet has to bounce off the gateway? I'd think you could just set your routing table to "deliver directly" any packets destined for that subnet...
|
Even on the same LAN segment, if 2 systems reside in two different IP subnetworks, they cannot address one another by MAC address. Two systems in the same subnetwork can address one another by MAC address only. The two that reside in different subnetworks must forward the packet to the nearest router and be routed to the second subnetwork, even though it is on the same LAN. So, the router deduces, you came from ethernet port 5, network 1.1.1.0, and you are destined for network 1.1.2.0. OK, network 1.1.2.0 resides off my ethernet port 5. I will send the packet to that port. Ethernet port 5 sees that the host address is 1.1.2.5, looks up the arp cache for host address 1.1.2.5, and applies the destination MAC address. The routing is now complete, and the ethernet port 5 sends the packet back out on the LAN.
|
|
|
12-17-2005, 08:07 PM
|
#12
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
|
|
|
12-17-2005, 08:17 PM
|
#13
|
Member
Registered: Dec 2005
Distribution: Slackware 10.2 - bare.i, Slackware 10.1 - scsi.s, Slackware 9.1 - bare.i
Posts: 47
Rep:
|
Good info.
Quote:
Originally Posted by johnMG
|
It is more oriented to explain addressing rather than routing. I would be happy to write a routing/network/subnetwork/subnet masking tutorial if we have a place for things like that on this site. I am a new member here and really do not know my way around yet.
|
|
|
12-17-2005, 11:01 PM
|
#14
|
Member
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601
Original Poster
Rep:
|
Feel free to edit the LQ wiki at-will. That's what it's there for.
Regarding that addressing stuff on the Subnet page, I only re-did the text before the "Determining the network address" subsection.
Currently, it seems to me that the networking section at the LQ wiki is somewhat jumbled and could use some refactoring...
Just be careful not to scuff the beautiful gems I leave there on occasion. 
|
|
|
12-17-2005, 11:28 PM
|
#15
|
Member
Registered: Jan 2005
Location: India
Distribution: Fedora Core 2
Posts: 83
Rep:
|
Quote:
Originally Posted by johnMG
Why would it be useful to have multiple subnets on your network?
Thanks.
|
Subnetting helps in accomplishing the following things:
1) Cuts down on unnecessary network traffic thus improving bandwidth available.
2) Is a good way of isolating a group of computers from another group in the same lan. For example, the computers in the accounting department which contains salary records should not be accessible to the guys in say, the marketing department . Thus introducing another security layer.
You can easily subnet using switch (cisco, juniper etc) which is hardware based.
Another way to subnet is using a linux machine acting as the gateway which may contain one or more ethernet cards. If the gateway has only one ethernet card, then you have to associate multiple IP addresses to the single ethernet card (which is easy in linux).
|
|
|
All times are GMT -5. The time now is 06:48 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|