Network gurus - basic question

  • Thread starter Hetzkes Ballet Teacher
  • Start date

Status
Not open for further replies.
H

Hetzkes Ballet Teacher

Guest
I'm having an utter mental blank here - can someone put me out of my misery??

I know a single NIC/port can have multiple IPs assigned to it, but can they be on different subnets?

Say you've got a switch with three hosts attached, configured like this ([..]= a NIC), where Host A is also the gateway to the internet.

+---[192.168.1.1/24, 192.168.2.1/24] - Host A - [WAN IP] <----> internet
+---[192.168.1.2/24] - Host B
+---[192.168.2.2/24] - Host C

Am I right in thinking that B and C be will able to communicate with A and the internet, but not with each other (unless A is configured to route between them)?

In other news, I've also started to dribble and forget my name.
 
I think the router would need sub-interfaces configured on it to allow cross VLAN? communication, so yes - but I'm no guru* !!



*because I didn't know you could assign 2 IP addresses to one NIC
 
I think the router would need sub-interfaces configured on it to allow cross VLAN? communication, so yes - but I'm no guru* !!



*because I didn't know you could assign 2 IP addresses to one NIC

Nee VLANs here, just regular LAN.

It's quite common to have multiple IPs on a single NIC. For example you might have one physical server on your intranet, that serves multiple internal web sites. You can do that by making it look like it's at several IP addresses on the same subnet, one for each web site (news.server.local, porn.server.local, etc). Though of course that's not the only way - you could use one IP but different page names, ports, etc.


Is that an authoritative yes, a talking shite yes, or an authoritative but talking shite yes?
 
:idea::idea::idea::idea:

Turned out it was possible. You can have any number of subnets on one physical segment that you like, as long as you assign the router's connection (to that segment) an IP in each of them, to be the default gateway for each. The router will route between them just like it would if they were on different physical segments.

When the router is a WS2008 box, that's not a problem, you just used the "Advanced" button on the TCP/IP options dialog box, and hoy the IPs in there.

If you're using its DHCP server, you also have to create a scope for each of the subnets as normal, but you then have to put them inside a superscope for the segment.

You learns summat every day on the SMB!
 
Yeah, I do this all the time in network courses where they don't have a dedicated router. Windows Server from NT onwards has had the ability to act as an IP router.
 
Yeah, I do this all the time in network courses where they don't have a dedicated router. Windows Server from NT onwards has had the ability to act as an IP router.

All versions of Windows can, even clients since 2000. The point here was having multiple subnets on a single segment though, and I couldn't get a straight answer anywhere about it! So I just tried it and for once it worked.

I probably should have used VLANs, but that sounds like a bigger can of worms.
 
All versions of Windows can, even clients since 2000. The point here was having multiple subnets on a single segment though, and I couldn't get a straight answer anywhere about it! So I just tried it and for once it worked.

I probably should have used VLANs, but that sounds like a bigger can of worms.

wrong.
 
All versions of Windows can, even clients since 2000. The point here was having multiple subnets on a single segment though, and I couldn't get a straight answer anywhere about it! So I just tried it and for once it worked.

I probably should have used VLANs, but that sounds like a bigger can of worms.

yeah what I should have said is that I often run 2 subnets off a single NIC and route between them. Handy when you're running a network analyzer as they can see all the packets when trying to see why some are ignored whilst others picked up when reading either MAC or IP headers.
 

What's wrong?

yeah what I should have said is that I often run 2 subnets off a single NIC and route between them. Handy when you're running a network analyzer as they can see all the packets when trying to see why some are ignored whilst others picked up when reading either MAC or IP headers.

"Route between them" is an interesting phrase. I'm using MS Forefront TMG (on WS2008 R2) for routing/firewalling/bandwidth control/etc (replaces RRAS), and that usually has to be told what to route between.

But just adding the extra IPs (one in each subnet) to the single NIC has updated the routing tables, and everything can talk to everything on that segment, irrespective of subnet.

So I'm assuming that routing over a single segment is (unlike across segments) an automatic IP stack function (packet arrives at NIC, IP stack sees destination is on same NIC, packet heads off out the NIC again). If the subnets were on different NICs I'd have to explicitly tell FF TMG what to do, or they wouldn't communicate.

Or summat. Hats off to proper networking people, some of this stuff is headspinning.
 
What's wrong?



"Route between them" is an interesting phrase. I'm using MS Forefront TMG (on WS2008 R2) for routing/firewalling/bandwidth control/etc (replaces RRAS), and that usually has to be told what to route between.

But just adding the extra IPs (one in each subnet) to the single NIC has updated the routing tables, and everything can talk to everything on that segment, irrespective of subnet.

So I'm assuming that routing over a single segment is (unlike across segments) an automatic IP stack function (packet arrives at NIC, IP stack sees destination is on same NIC, packet heads off out the NIC again). If the subnets were on different NICs I'd have to explicitly tell FF TMG what to do, or they wouldn't communicate.

Or summat. Hats off to proper networking people, some of this stuff is headspinning.

if you give the "middle" system 2 IPs it can see and be seen by everything on that local segment but the system on logical network A won't be able to see the one on logical network B without some routing capability on the middle system. They will, however, pick up owt broadcast based, but ignore it if it's not got their specific IP address or subnet broadcast address on it. I've never used Forefront on a single NIC, but I'd imagine if you were to look in the network rules it's automatically configured itself for routing between the 2 logical networks off the same physical NIC. Turn off Forefront and I'd hazard a guess the routing would stop.
 
if you give the "middle" system 2 IPs it can see and be seen by everything on that local segment but the system on logical network A won't be able to see the one on logical network B without some routing capability on the middle system. They will, however, pick up owt broadcast based, but ignore it if it's not got their specific IP address or subnet broadcast address on it. I've never used Forefront on a single NIC, but I'd imagine if you were to look in the network rules it's automatically configured itself for routing between the 2 logical networks off the same physical NIC. Turn off Forefront and I'd hazard a guess the routing would stop.

That's exactly the point - they can see each other fully (eg. file sharing, ping, etc), and FF doesn't even know anything's changed (you have to refresh it see see the IP/NIC changes)! I was quite surprised. Whatever's routing is doing it "underneath" FF. If there were a simple way to switch it off I would test that, but I don't think there is, short of uninstalling it.
 
That's exactly the point - they can see each other fully (eg. file sharing, ping, etc), and FF doesn't even know anything's changed (you have to refresh it see see the IP/NIC changes)! I was quite surprised. Whatever's routing is doing it "underneath" FF. If there were a simple way to switch it off I would test that, but I don't think there is, short of uninstalling it.

Just had a quick check and FF installs RRAS as a Windows feature on 2008/R2
These Roles and Features are installed by the Forefront TMG Preparation Tool:

  • Network Policy Server.
  • Routing and Remote Access Services.
  • Active Directory Lightweight Directory Services Tools.
  • Network Load Balancing Tools.
  • Windows PowerShell.
http://technet.microsoft.com/en-us/library/dd896981.aspx
 
Aye, it's a weirdun that - it installs RRAS but the RRAS role/service remains disabled. I guess they must use some common components.

FF is typical MS bug ridden crap like - just got a few "out of memory" errors changing the address range associated with a (FF) network. There was 2GB free at the time. :lol:
 
Aye, it's a weirdun that - it installs RRAS but the RRAS role/service remains disabled. I guess they must use some common components.

FF is typical MS bug ridden crap like - just got a few "out of memory" errors changing the address range associated with a (FF) network. There was 2GB free at the time. :lol:

Like leaves on the tracks, or the wrong type of snow, it was probably the wrong type of memory that was free :lol:
 
Status
Not open for further replies.

Back
Top