6

I have a Windows 2003 domain using 192.168.0.0/24 with all static addresses (no dhcp). I want to move to 192.168.0.0/16 because we need more addresses. I understand that we need to change netmask from all computer from 255.255.255.0 to 255.255.0.0

My questions are:

  1. Is there a way to not change netmask of all computer and changing our domain controller to 192.168.0.0/16?

  2. What change need to be done on DNS side (Active Directory) to be able to handle the new subnet?

jscott
  • 24,204
  • 8
  • 77
  • 99
David
  • 103
  • 1
  • 3
  • Possible duplicates? Q: [Extending a subnet](http://serverfault.com/questions/55709/extending-a-subnet) Q: [What are the implications of expanding an internal subnet mask?](http://serverfault.com/questions/53124/what-are-the-implications-of-expanding-an-internal-subnet-mask) – Nic Feb 15 '12 at 20:33
  • 3
    From a /24 to a /16? Why not a /23 or /22? I seriously doubt you need 64770 additional IP addresses overnight :P A quick question, all of your hosts are connected in the same network segment? And they will continue to be so? – Mathias R. Jessen Feb 15 '12 at 20:38
  • /16 is just standard to me (refering to old CLASS B addresses). And yes all hosts are connected in the same network segment and they will continue to be. – David Feb 15 '12 at 20:54
  • 5
    I'll just point out that this would have been a trivial task had you used DHCP. – John Gardeniers Feb 15 '12 at 20:55
  • 1
    @JohnGardeniers: I agree re: it being a trivial task if DHCP was already in use, but it's still fairly trivial to migrate to a /23 and start using the next contiguous /24 immediately. – Evan Anderson Feb 15 '12 at 20:59
  • 1
    @Evan, I feel that *long* before a /24 subnet needs expanding DHCP should already have been implemented, even if through the use of reservations if all those machines really require fixed IP addresses. – John Gardeniers Feb 15 '12 at 21:49

3 Answers3

10

If you have enough computers that a /24 isn't large enough it is seriously time to start switching over to DHCP.

If the addresses are set, there is no magic where you can set some single setting on the domain controller.

You could possibly build some kind of startup script that used the various command line tools to get the current settings and update them. This could result in broken systems without network access if you don't get it exactly right though.

If didn't mind performance issues you could setup your router to perform a proxy-arp so you don't have to change every system at once. The ability and procedure for this depends on what router you have.

As for DNS, you probably will just need to either additional /24 reverse zones, or remove your existing zone and add a /16. I am not aware of anyway to convert from a /24 to /16 on Windows.

My main concern is, if I change servers' masks from 255.255.255.0 to 255.255.0.0 do you think everyone will still be able to communicate? ... I just want to have time to do it, without having to shutdown the whole network.

Assuming you don't have any other usage in the 192.168.0.0/16 network, then you could start changing masks on systems. Just keep that until the masks are change on all systems, then systems with an IP address 192.168.0.0 - 192.168.0.255 and a /24 mask will not be able to communicate with machine with an address 192.168.1.0 - 192.168.255.254 and the /16 mask. So, you should probably re-number quickly, and you not actually use any of the new address space until you are done.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • My main concern is, if I change servers' masks from 255.255.255.0 to 255.255.0.0 do you think everyone will still be able to communicate (as we have SQL server, Active directory, DNS) ? Also, I know what I need to change netmask on all computer, I just want to have time to do it, without having to shutdown the whole network. – David Feb 15 '12 at 20:48
9

You need to be using DHCP. (When asked "How many computers do you have in a network before you use DHCP?" I always respond "More than 1.")

As long as you keep the default gateway device's address and the addresses of all your servers in the 192.168.0.0/24 network you simply can change the servers' subnet masks to 255.255.254.0 (/23) and start using addresses from 192.168.0.255 to 192.168.1.254 on client computers immediately. (This assumes that only the servers in the 192.168.0.0/24 range need to be able to communicate with the new devices in the "high addresses".) You can do this without making any changes to the existing statically-configured devices.

Once you've done this you can setup a DHCP server for the entire 192.168.0.0/23 network and begin to move the static devices to DHCP (whereupon they will get the new subnet mask).

You should create a 192.168.1.0 DNS reverse lookup zone and change the subnet object in your Active Directory from 192.168.0.0/24 to 192.168.0.0/23. Then you'll be in business.

Edit:

I'm a DHCP maniac. I love DHCP. I use DHCP reservations for all machines with "fixed" IP addresses (both machines that actually obtain their addresses from their reservations via DHCP and machines that truly have static IP addresses configured because they won't or can't use DHCP). I don't believe in the "IP address spreadsheet". The DHCP servers are the canonical reference for IP allocation.

(It does irritate me that Microsoft's DHCP server repeatedly logs errors about scopes that are nearly out or exhausted of IP addresses. I appreciate their concern but I'd love to be able to selectively disable this logging for scopes. I put everything into DHCP, including /30 subnets used between routers or subnets where the entire address space is excluded from address distribution but otherwise needs to be tracked. Getting log entries about these subnets is annoying.)

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
0

  1. No

  2. None

To expand:

All of the hosts need to be configured with the same subnet mask in order to communicate with each other, so you'll need to reconfigure the subnet mask on every host. Start using DHCP, this is going to make your ip addressing administration simpler.

DNS doesn't know or care about subnet masks (except for netmask ordering, which probably has no bearing in your environment).

In addition, if you have subnets defined in Active Directory Sites and Services then you'll want to make the appropriate additions/corrections based on the new subnet mask. If you have a rDNS zone you'll also want to create a new rDNS zone for the new subnet.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171