6

Our network is currently working on a 192.168.0.x subnet, all controlled through DHCP, except for the few main servers who have hard-configured IP address settings.

What would I kill if I changed the DHCP-published subnet mask from 255.255.255.0 to 255.255.0.0?

The reason for doing this is not because we have a huge sudden influx of machines, but because I'd like to start partitioning specific devices into specific IP ranges (to be neat and tidy). For what its worth, I don' plan on changing the allocated DHCP address range, but rather want to move some of the reserved and excluded DHCP addresses out of the address pool.

e.g. printers will be 192.168.2.x

I will obviously need to change the subnet mask manually on my manually configured devices.

LapTop006
  • 6,466
  • 19
  • 26
Philip
  • 630
  • 5
  • 8
  • 18

4 Answers4

4

Maybe not the best design:
Are you sure that is the route you want to go? It should work fine, but then you are using the entire 192.168.x.x network for one broadcast domain. That is going to give you 65534 hosts. If your company grows, you are going to have re-subnet the entire network again or start using 10.x.x.x or 172.16-172.31.x.x address.

A More Standard Way to Approach it:
I think a more normal approach be to use a subnet per location, or office floor, etc.

  1. Start with how many machines might end up at each location and then maybe bump up to the subnet above that.

For Example:
So if you think you might have 254 devices on the network per area, bump it up to 255.255.252.0, the next subnet up. This will give you a host range of 192.168.0.1-192.168.3.254. Then when it becomes time to expand, the next range using the same subnet mask would be 192.168.4.1 to 192.168.7.254.

A Simple Way:
A simple way if your office is small, would be just to set the DHCP range to something like 192.168.0.1-150, and then use the rest of the IPs in that address space for static assignment. Your DHCP server should have the option to specify a host range to hand out that doesn't line up with network mask. And if it only works by subnet masks, you could always cut the subnet in half with a mask of 255.255.255.128.

A Good Subnetting Read:
I recommend reading Evan's answer to How does Subnetting Work, and How do you do it?.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
2

Immediate Implications:

It shouldn't cause too much disruption. But you should be aware that devices which renew their leases into the additional space of the /16 won't be able to communicate with devices still on the /24 and vice versa.

Future Implications:

A /16 is one very big broadcast domain and not the most efficient way to manage a large network. Even if you aren't expanding the number of devices on the network, consider separating the devices onto separate networks/broadcast domains and routing between them at a common point. Assuming that they won't exceed the capacity/throughput of the router.

Dan Carley
  • 25,189
  • 5
  • 52
  • 70
  • The devices in 192.168.0.0/16 will be able to communicate with devices in 192.168.0.0/24 just fine, provided that both devices communicating have addresses that fall into the portion of 192.168.0.0/16 that overlaps 192.168.0.0/24. – Evan Anderson Aug 12 '09 at 12:00
  • Evan, won't the broadcast addressess be wrong? Ie when 192.168.2.x arps for 192.168.0.x, the latter will never see it because the request is sent outside of its range? – David Mackintosh Aug 12 '09 at 12:46
  • @David: Read what I said again. Devices in the 192.168.0.0/24 range and devices in the part of 192.168.0.0/16 that overlaps 192.168.0.0/24 will be able to talk to each other. Devices in 192.168.2.0/16 aren't in the part of 192.168.0.0/16 that overlaps 192.168.0.0/24. ARP doesn't care about subnet masks. Look at the ARP packet format-- there's nothing about a subnet mask in there. ARP is a layer 2 protocol, and machines in the same broadcast domain will "hear" the same layer 2 broadcasts. – Evan Anderson Aug 12 '09 at 17:07
1

Rather than changing to 255.255.0.0 I would be inclined to change to something like 255.255.252.0, for the same reasons that Dan C mentions. This will give you 1022 usable IP addresses on your network, which should cover your immediate requirements as well as give you headroom for growth and the partitioning you want. 192.168.0.x would remain your DHCP range, 192.168.1.x, 192.168.2.x and 192.168.3.x would be available for other devices.

You will also need to reconfig your router and/or firewalls to recognise the new range of internal IP addresses, otherwise you might find that traffic coming to them from an internal device is not recognised as being on the same network.

It might not be a big deal, but your networks broadcast address will also change here.

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
1

"Neat and tidy" was something that I did when I was younger and more idealistic. Now I just let devices pull DHCP or randomly assign them IP addresses. Everything gets assigned a name in the DNS, and I refer to everything by name. I couldn't care less what IP address a given device has. I don't see much of a business case for being "neat and tidy" w/ IP address assignments. You can just use DNS.

It's a different story entirely if you're talking about breaking up your network into multiple subnets in order to create VLANs and firewall off parts of the network from each other. Likewise, if you're assigning devices into different parts of a subnet in order to make effective edge firewall rules (servers live in the 192.168.0.0/28 range of the 192.168.0.0/24 subnet, for example) then that's also a worthwhile goal.

It sounds like you have a pretty good handle on what's going to happen already.

If you change the subnet mask on the statically-configured devices at the same time as you change the subnet mask on DHCP server(s) then you'll see no changes in behaviour. If you leave devices with the old subnet mask they'll only be able to talk to devices that still have addresses in the old subnet's range. (So, don't go moving your printers into 192.168.0.0/16 until the server computers that queue for those printers have /16 subnet masks).

Think hard about why you're doing this. If you really do need the address space and you're going to make some use of the "neat and tidy" IP addresses besides looking at them with your eyes then it probably makes sense. If you just want to get the satisfaction of knowing that all printers have "192.168.2.0/24" addresses (but aren't putting them into a VLAN or making some firewall rules based on their location in the address space) then I suspect it's not really worth it.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328