All--
Sorry for that mis-send a minute ago! I'm still trying to
get a hang on this #%$! CDE mailtool. :-)
Mike--
When you subnet you lose the two ends of your address space.
Please see my explanation below.
> Firewall relevance:
> -------------------
>
> Splitting a C class network in two, in order to create a DMZ.
------201.202.203.[0-127]
|
201.202.203.0------
|
------201.202.203.[128-255]
>
> Question:
> ---------
>
> What can go wrong if a 255.255.255.128 netmask is used? RFC 950
> and Comer's "Internetworking With TCP/IP" recommends not using
> subnet masks with all zeros or ones in the subnet's network field.
> With one bit of subnetting, it would obviously be "all 1" or "all 0".
>
> Quote from RFC-950:
>
> It is useful to preserve and extend the interpretation of these
> special addresses in subnetted networks. This means the values
> of all zeros and all ones in the subnet field should not be
> assigned to actual (physical) subnets.
>
So the result of your subnetting on one bit means that your lower
range will have a *.0, which is the true network number and your high
range will have *.255, which is your true broadcast address.
Basically, when using subnets, you effectively lose the two end blocks
of your address space. By using an additional bit, you actually have
some address space to use. By using one bit, you've subnetted yourself
out of address space! ;-)
So, if you subnet your class C into 4 subnets, you will be able to
use the middle two blocks. Hope this helps.
--Todd
> What would be the best solution, when a subnet of > 60 hosts is needed?
> Also, renumbering of the current *.*.*.1 - *.*.*.50 range of machines
> is highly undesirable.
How much greater is the key question.
_____________________________________________________________________________
R. Todd Truitt Todd .
Truitt @
evolving .
com
Evolving Systems, Inc.
|
|
