network setup question
in [Debian]
|
From: Kevin Ross on 6 May 2010 01:30 On 5/5/2010 9:11 PM, Alex Samad wrote: > On Wed, 2010-05-05 at 20:55 -0700, Kevin Ross wrote: > >> On 5/5/2010 6:06 PM, Miles Fidelman wrote: >> > [snip] > > >>> - I have two network /27 network blocks that are NOT contiguous - I >>> use one for each box >>> >>> >> I'm not a networking expert, but this part seems wrong to me. I don't >> think you're supposed to have different subnet addresses on the same >> broadcast domain. If they both had the same subnet address, they would >> then talk to each other over the switch and not touch the router. >> > Why do you think this, reason I ask is I had a rather long discussion > with a work college about this and I am wondering were this thinking > comes from. > Which part? The part about different subnets on the same switch or hub? If so, yes I guess there's nothing terribly wrong with doing that, other than causing extra traffic to the router between subnets when they could be talking directly to each other. Or is it the part about the two computers talking directly to each other without the router if they are on the same subnet? If so, I'm speaking strictly of TCP/IP over Ethernet. Let's say you have a simple network with a router IP address of 192.168.1.1, host A with 192.168.1.2, and host B with 192.168.1.3. All have a subnet mask of 255.255.255.0. Since we are operating over Ethernet, the TCP/IP stack needs to determine the Ethernet address to which to send a packet. If host A wants to send a packet to a host within the subnet, for example to 192.168.1.3, then it will first send out an ARP request to get the Ethernet address of 192.168.1.3. When it receives it, it will then send the packet over Ethernet to the address received via ARP, which will cause the packet to go straight to the receiving computer, not to the router (if using a switch not a hub). If the destination IP address is outside of the subnet, then it asks ARP for the address of the router, and sends the packet over Ethernet to the router. >> Another option is to change the subnet mask so that the mask then allows >> > careful you might loose connectivity with the router. > > I was only mentioning it as another possibility. I don't think you will lose connectivity with the router, just with other hosts that the computer now thinks are in the same subnet, but really need to go through the router. But if you know that you'll never want to talk to those hosts, then this is a viable option. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4BE252BD.3080304(a)familyross.net
From: Alex Samad on 6 May 2010 03:10 On Wed, 2010-05-05 at 22:25 -0700, Kevin Ross wrote: > On 5/5/2010 9:11 PM, Alex Samad wrote: > > On Wed, 2010-05-05 at 20:55 -0700, Kevin Ross wrote: > > > >> On 5/5/2010 6:06 PM, Miles Fidelman wrote: > >> > > [snip] > > > > > >>> - I have two network /27 network blocks that are NOT contiguous - I > >>> use one for each box > >>> > >>> > >> I'm not a networking expert, but this part seems wrong to me. I don't > >> think you're supposed to have different subnet addresses on the same > >> broadcast domain. If they both had the same subnet address, they would > >> then talk to each other over the switch and not touch the router. > >> > > Why do you think this, reason I ask is I had a rather long discussion > > with a work college about this and I am wondering were this thinking > > comes from. > > > > Which part? The part about different subnets on the same switch or > hub? If so, yes I guess there's nothing terribly wrong with doing that, > other than causing extra traffic to the router between subnets when they > could be talking directly to each other. The question was why did he think it was bad/wrong to put to different subnets on the same broadcast domain. the extra taffic would be arp requests and broadcasts, but with all unicast packets a switch will switch ie 1 port to another port. There is no technical reason that ip subnets have to be on seperate broadcast domains - there might be security and other reasons. > > Or is it the part about the two computers talking directly to each other > without the router if they are on the same subnet? If so, I'm speaking > strictly of TCP/IP over Ethernet. Let's say you have a simple network > with a router IP address of 192.168.1.1, host A with 192.168.1.2, and > host B with 192.168.1.3. All have a subnet mask of 255.255.255.0. > > Since we are operating over Ethernet, the TCP/IP stack needs to > determine the Ethernet address to which to send a packet. If host A > wants to send a packet to a host within the subnet, for example to > 192.168.1.3, then it will first send out an ARP request to get the > Ethernet address of 192.168.1.3. When it receives it, it will then send > the packet over Ethernet to the address received via ARP, which will > cause the packet to go straight to the receiving computer, not to the > router (if using a switch not a hub). > > If the destination IP address is outside of the subnet, then it asks ARP > for the address of the router, and sends the packet over Ethernet to the > router. > > >> Another option is to change the subnet mask so that the mask then allows > >> > > careful you might loose connectivity with the router. > > > > > > I was only mentioning it as another possibility. I don't think you will > lose connectivity with the router, just with other hosts that the > computer now thinks are in the same subnet, but really need to go > through the router. But if you know that you'll never want to talk to > those hosts, then this is a viable option. well think about it, if we are talking about network 192.168.11.0/24 (for my example I will use 24 instead of 27) the server would have an address 192.168.11.55/24 (for example) and the router would have 192.168.11.1/24 if I change the netmask of the server it can no longer talk to the router because it is in a different ip network ie 192.168.11.55/22 can't talk to 192.168.11.1/24 (you can fake it on linux with iproute - see my other answer to this thread). > > > -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/1273129543.2011.6.camel(a)alex-mini.samad.com.au
From: Kevin Ross on 6 May 2010 04:10 On 5/6/2010 12:05 AM, Alex Samad wrote: > > well think about it, if we are talking about network 192.168.11.0/24 > (for my example I will use 24 instead of 27) > > the server would have an address 192.168.11.55/24 (for example) and the > router would have 192.168.11.1/24 > > if I change the netmask of the server it can no longer talk to the > router because it is in a different ip network ie 192.168.11.55/22 can't > talk to 192.168.11.1/24 (you can fake it on linux with iproute - see my > other answer to this thread). > Sorry if I'm being dense, I said I'm not a networking expert. But I have thought about this, and I am not seeing how it wouldn't work. 192.168.11.1 is: 11000000 10101000 00001011 00000001 192.168.11.55 is: 11000000 10101000 00001011 00110111 So, the computer at 192.168.11.55 will think it's subnet is the first 22 bits of the address, which is 11000000 10101000 000010, which matches the first 22 bits of the router address. So far so good. Client side will think the machine at 192.168.11.1 is on the same IP subnet, so it will do an ARP request for 192.168.11.1 (ARP doesn't care about subnet masks, it just does an Ethernet broadcast), which will succeed, and the server will be able to send to the router. The reverse direction is also true. What am I missing? -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4BE27852.6010804(a)familyross.net
From: Anand Sivaram on 6 May 2010 04:10 >if I change the netmask of the server it can no longer talk to the >router because it is in a different ip network ie 192.168.11.55/22 can't >talk to 192.168.11.1/24 (you can fake it on linux with iproute - see my >other answer to this thread). That does not look correct. Just to see how it works, I just chaged the netmask of my pc from /24 to /16, it is working router - 192.168.1.1/255.255.255.0 pc1 - 192.168.1.50/255.255.0.0, gw 192.168.1.1, broadcast 192.168.255.255 This pc1 could reach all other machines on 192.168.1.0/24 network with the above configuration, also it could access internet using 192.168.1.1 as the gateway. In your example, network 192.168.11.55/22 (netmask 255.255.252.0) means 192.168.8.0 to 192.168.11.255. It could very well reach 192.168.11.1. But on the other hand 192.168.11.1/24 could reach only 192.168.11.0 to 192.168.11.255 machines.
From: Anand Sivaram on 6 May 2010 05:10 On Thu, May 6, 2010 at 13:35, Kevin Ross <kevin(a)familyross.net> wrote: > On 5/6/2010 12:05 AM, Alex Samad wrote: > >> >> well think about it, if we are talking about network 192.168.11.0/24 >> (for my example I will use 24 instead of 27) >> >> the server would have an address 192.168.11.55/24 (for example) and the >> router would have 192.168.11.1/24 >> >> if I change the netmask of the server it can no longer talk to the >> router because it is in a different ip network ie 192.168.11.55/22 can't >> talk to 192.168.11.1/24 (you can fake it on linux with iproute - see my >> other answer to this thread). >> >> > > Sorry if I'm being dense, I said I'm not a networking expert. But I have > thought about this, and I am not seeing how it wouldn't work. > > 192.168.11.1 is: > 11000000 10101000 00001011 00000001 > > 192.168.11.55 is: > 11000000 10101000 00001011 00110111 > > So, the computer at 192.168.11.55 will think it's subnet is the first 22 > bits of the address, which is 11000000 10101000 000010, which matches the > first 22 bits of the router address. So far so good. Client side will > think the machine at 192.168.11.1 is on the same IP subnet, so it will do an > ARP request for 192.168.11.1 (ARP doesn't care about subnet masks, it just > does an Ethernet broadcast), which will succeed, and the server will be able > to send to the router. The reverse direction is also true. > > What am I missing? > > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a > subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org > Archive: http://lists.debian.org/4BE27852.6010804(a)familyross.net @Kevin Ross You are correct. Nice explation with details. Just to see what happens when two different networks/broadcast domain on the same switch, I updated my configuration below. router: 192.168.1.1/255.255.255.0 pc1: cat /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.1.50 netmask 255.255.255.0 gateway 192.168.1.1 auto eth0:0 iface eth0:0 inet static address 192.168.10.50 netmask 255.255.255.0 broadcast 192.168.10.255 pc2: cat /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.1.100 netmask 255.255.255.0 gateway 192.168.1.1 auto eth0:0 iface eth0:0 inet static address 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255 pc1 and pc2 could reach each other using both 192.168.1.0/24 and 192.168.10.0/24 addresses. Also they could access the router and internet using 192.168.1.0/24 address. Then I changed pc2 to be. pc2: cat /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.10.100 netmask 255.255.255.0 With this pc2 could only access pc1 using 192.168.10.0/24 address. It could not access the router or internet.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: isn't sed s,x,x, one big no-op? Next: empathy does not log in accounts |