On 15 Aug 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) om>, taihc wrote:
>I'm new to networking and have some questions on my mind that I hope
>can be answered.
http://www.ietf.org/rfc/rfc0950.txt
0950 Internet Standard Subnetting Procedure. J.C. Mogul, J. Postel.
August 1985. (Format: TXT=37985 bytes) (Updates RFC0792) (Also
STD0005) (Status: STANDARD)
http://tldp.org/guides.html
* The Linux Network Administrator's Guide, Second Edition
version: 1.1
authors: Olaf Kirch and Terry Dawson
last update: March 2000
ISBN: 1-56592-400-2
available formats:
1. HTML (read online)
2. HTML (tarred and gzipped package, 690k)
3. PDF (1.5MB)
>I understand that subnets make managing networks easier, but what
>benefits are there of having hosts in the same subnet as opposed to
>different subnets? why are some servers placed in the same subnets and
>some placed in different subnets when they all need to communicate with
>one another?
That's a great big "That depends" type of question. The original reason
for subnets was to break a large network (back when we were using Class A
now called a /8, Class B, now called a /16 - in addition to a Class C now
called a /24) down into manageable/usable size. The original Ethernet
(10Base5) had a limitation such that there could be no more than 65025
hosts on the wire (255 physical networks of 255 hosts each). In _practical_
terms, that was ludicrous - as all were effectively sharing the same wire
and only ONE computer can "talk" at a time. A "Class A" network had
2^24-2 (16,777,214) usable addresses, while a "Class B" had 65534 usable.
How were you supposed to get that many computers onto an Ethernet? (The
other technology - Token Ring - was even more restricted.) The answer was
to subnet - to break those "large" blocks into smaller ones. Thus, we used
a /22 (255.255.252.0 or 0xfffffc00) mask, which allowed 1022 hosts on each
subnet. (In fact, we never had more than about 750 on each.)
So, how to break things into manageable chunks. The answer is - it's up
to you. You might break things down based on one subnet per building, or
per floor, or per wing (physical). You might break it down according to
departments - sales, accounting, engineering (organizational) or just
about any other criteria. Hey, it's your network, do _your_ thing.
Now, some practical points. Traffic through a router is slower - it's a
"choke point" and remember, only one conversation at a time. Thus, you
want to put the file servers locally. Security - the original Ethernets
were a "party line", and anyone on the network could "hear" all conversations
on the network. Thus, you isolated "sensitive" systems to their own net. This
also carries over to the idea of having a DMZ or isolated network that will
run riskier (public accessible) applications/services. Traffic density -
you want to isolate "talkative" networks, making them smaller perhaps, so
that other systems can have a chance to "talk".
In about 1994, a new network appliance called a 'switch' became available.
This allowed you to further break down your subnets, because the switch only
routed traffic between source and destination ports. The Kalpana Etherswitch
had 16 ports. We broke our 10Base5 subnets into smaller sections, such that
there was no more than 50 hosts on any port, and the routers and file servers
each got their own port. Vast improvement in throughput, with no changes on
the individual hosts - for a mere US$7,000 each. (A 24 port dual speed
[10/100BaseT] switch today costs well under US$1000.)
Nearly all networks today use a switch technology. The problem is that these
are limited in the number of ports (288 port switches are available) and
bandwidth. Briefly, the switch has to have the horsepower to "repeat" some
significant fraction of the bits trying to go through it. Let's say you
have a ten port 100BaseT switch - the switch has to be able to listen to
the incoming port long enough to see where the packet is going (first six
bytes of the packet), set up an internal route from input port to output
port, and then _repeat_ the packet to this output port. Oh, and while you
are goofing off, there's another packet coming in on that other port that
needs to go "there" - pull yer finger out!!! Total bandwidth is more
expensive than ports - but neither one is cheap as dirt.
So - look at your network. What traffic is going where? What (if any)
security problems need to be (can be) taken care of. Perhaps you have only
a limited number of 'public' IP addresses, and need to look at those systems
that need to be publicly reachable, verses those that can use an RFC1918
address range and be NATed when they need to reach out. In short, what does
your network need.
Old guy
Similar Threads
Linear Mode
