why subnet?

goasakawagoasakawa Member Posts: 58 ■■□□□□□□□□
why subnett for more IP addresses when the W2k server has a DHCP or the physical router has a DHCP?

PS: Im still trying to grasp the subnetting concept.


  • Ten9t6Ten9t6 Member Posts: 691
    It allows you to efficiently use your assigned IPs. DHCP only assigns addresses that are available.

    If your ISP gives you a class C block of addresses but you have multiple networks...how are you going to do this with one block of addresses? You can subnet your network (divide it into multiple smaller networks). Also...think about a router with a point to point connection would you want to waste an entire block of addresses when you only need two addresses to make the connection? This is why you would subnet.

    Does this make sense?

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • DrakonblaydeDrakonblayde Member Posts: 542
    Ok, quick and dirty...

    Ethernet is a broadcast medium. That means for every packet that's a broadcast, every node on that subnet will see it. If you've got 2000 machines on a subnet, and only one of them needs to see it, you're generating a whole lot of unnecessary traffic, and if multiple machines are issuing broadcast packets, you can bring the network to it's knees. This is known as a broadcast storm.

    By subnetting your address space, you make the broadcast domain smaller, and thereby improve your efficiency. Imagine a global network all on one subnet.

    Subnetting is also a kind of lowlevel security. Let's say you've got an R&D department and they need to connect to some company wide servers as well as each other. Well, if the entire site is on the same subnet, then all machines are going to see whatever traffic those nodes are sending, could sniff the packets, and possibly obtain sensitive data. If it's subnetted, then the traffic can be confined to the machines that should be seeing it. Now note, that this isn't as much of a concern as it used to be with the advent of switches getting cheaper. Switches establish a point to point connection, so the only node that sees the traffic is the node it's destined for. But back when hubs were mainly in use, this was a concern.

    On another security note, again take the concept of an R&D department with sensitive information. They may need services outside of their subnet, but no one else besides those need to talk to them. It's easiest jus tto put the R&D on it's own subnet and setup an access list allowing the servers that have to talk to them access to them and just deny everyone else.

    Then there's the simple fact that if you have multiple sites, you kind of have to subnet. If I've got an office in Asia and an office in the States, and a public IP address space to assign, unless you're directly connecting those offices with no provider in between, you have to traverse other networks to get info between the offices, which means they can't be in the same address space. This creates discontigous subnets, which is bad juju for internet routing tables, but it still happens.

    Basically, all subnetting is is taking a given address space and parceling it out in smaller numbers because in the case of Class A's and Class B's, you're not likely to use all those IP's in one place. Whatever you don't use, can't be assigned, and therefore goes to waste... unless you subnet to make them available.

    Think of subnetting like a pizza. Say you've got 5 friends, and all of you are equally hungry. If you get an uncut pizza, how are you going to feed your friends equal amounts? You can't, so you cut the pizza into 6 equal pieces.

    DHCP has no bearing on subnetting (well, ok, it does if you're running one DHCP server for the entire organization, and then you need to setup relays, but I personally thing each subnet should have it's own DHCP server). All DHCP does is allocate and automatically configure the nodes for the address pool they've been given. DHCP doesn't play a part in determining how large a subnet is, or what IP's it gets, it's the other way around, the subnet determines what addresses are available to DHCP.
    = Marcus Drakonblayde
    ==[X]===[X]====[ ]=====[ ]====[ ]==
Sign In or Register to comment.