m.andrews@trl.oz.au (Murray Andrews) (07/06/90)
I have a basic question about subnet routing that has probably been asked
many times but I can't locate an answer in any article sitting around
here so ....
Is it possible to route between subnets of a class B address when the
subnets are separated by another network?
For example, given the following topology:
+---------+
| Host C1 |
+---------+ 192.9.200.5
|
--------+-----+----- Net 192.9.200 ----------+---------
| |
+----------+ 192.9.200.1 +----------+ 192.9.200.2
| Gate GB1 | | Gate GB2 |
+----------+ 137.147.1.10 +----------+ 137.147.2.20
| |
------+------+------- --------+---+------
| |
+----------+ 137.147.1.11 +----------+ 137.147.2.21
| Host B11 | | Host B21 |
+----------+ +----------+
^ Subnet 1 of 137.147 ^ ^ Subnet 2 of 137.147 ^
|____________________________| |_______________________________|
Host C1, and gateways GB1 and GB2 all connect to the one network - in this
example a class C network with number 192.9.200 (don't worry - we are not
actually using this number).
Gateways GB1 and GB2 are gateways to 2 subnets of the the class B
network 137.147 with subnet mask 255.255.255.0. There is no connection
between the two subnets except via 192.9.200.
The question is does this work?
Can hosts on either subnet route to hosts on the other (e.g. B11 <-> B21)?
Can hosts on either subnet route to host C1?
Can C1 route correctly to both B11 and B21?
Can other networks gatewayed onto 192.9.200 successfully route to hosts
on the 137.147 subnets?
If it works is there anything special I have to do to the gateways?
If this works a *lot* of IP addresses can be saved. If this doesn't work
the only alternative appears to be to get a class B address for each
subnet (since they have up to 1000-2000 PC's each).
Any help would be much appreciated.
--------------
Murray Andrews
Telecom Australia Research Labs. (m.andrews@trl.oz.au)medin@NSIPO.NASA.GOV ("Milo S. Medin", NASA ARC NSI Project Office) (07/08/90)
In article <1867@trlluna.trl.oz>, m.andrews@trl.oz.au (Murray Andrews) writ es: > I have a basic question about subnet routing that has probably been asked > many times but I can't locate an answer in any article sitting around > here so .... > > Is it possible to route between subnets of a class B address when the > subnets are separated by another network? The short answer is no. Well, that's not quite right. This depends on your routing protocol and how your routers actually forward packets. > For example, given the following topology: > > +---------+ > | Host C1 | > +---------+ 192.9.200.5 > | > --------+-----+----- Net 192.9.200 ----------+--------- > | | > +----------+ 192.9.200.1 +----------+ 192.9.200.2 > | Gate GB1 | | Gate GB2 | > +----------+ 137.147.1.10 +----------+ 137.147.2.20 > | | > ------+------+------- --------+---+------ > | | > +----------+ 137.147.1.11 +----------+ 137.147.2. 21 > | Host B11 | | Host B21 | > +----------+ +----------+ > > > ^ Subnet 1 of 137.147 ^ ^ Subnet 2 of 137.147 ^ > |____________________________| |______________________________ _| > > Host C1, and gateways GB1 and GB2 all connect to the one network - in thi s > example a class C network with number 192.9.200 (don't worry - we are not > actually using this number). > > Gateways GB1 and GB2 are gateways to 2 subnets of the the class B > network 137.147 with subnet mask 255.255.255.0. There is no connection > between the two subnets except via 192.9.200. > > The question is does this work? No. The reasons is that the Gateways will only advertise a route to 137.147 .0.0 (not to a particular subnet of that network) over the 192.9.200.0 subnet th ey are connected too. Again, this depends on the routing protocol and routers. It is certainly easy enough to configure the OSPF protocol to make this work. In fact, the NASA Science Internet network (built of Proteon p4200 routers) does exactly this. We have 2 NSI routers seperated by a class C network, and both routers can deal with parts of 128.161 on both "sides" of the class C net. This is a consequence of variable length subnet support, and how OSPF areas are configured. . . . The only way it *might* work is to give the interfaces that connect the two gateways a second IP address (in this case from another subnet of 137.147) and use a bit of static routing in the hosts. Two subnets (from different n et numbers would then share the same physical network). cisco routers support secondary interface addresses but will never generate an IP packet with the secondary IP address - which is why you might have to us e some static routing. I've done something like this at Macquarie University to support CSIRO's links into that campus, but at that site it's a case of two networks on the same cable, not a partititioned subnets (which is illegal according to the RFC), This is a real kludge, and any hosts on the net in the middle may cause problems because of improper handling of broadcast packets. As I said, with the right routing protocol, this situation can work. We actually discovered this accidentally one day, when we configured things in such a way that this behavior resulted, and then decided that it wasn't supposed to work! After thinking things through however, it was clear this was a topology the system could support. Now, I wouldn't go off recommending this approach to people, but it certainly can be useful at times, especially during transitions, and for other reasons too. So, Murray, the answer to your question is yes, given you have OSPF routers involved. Otherwise, I think the kludges you need would be pretty ugly and not work well. OSPF is brought to you by the IETF, and is documented in RFC 1131. Expect to see a multivendor demo at InterOp this fall. Ask for it by name, accept no substitutes! Thanks, Milo
pte900@csc.anu.oz (Peter Elford) (07/08/90)
In article <1867@trlluna.trl.oz>, m.andrews@trl.oz.au (Murray Andrews) writes: > I have a basic question about subnet routing that has probably been asked > many times but I can't locate an answer in any article sitting around > here so .... > > Is it possible to route between subnets of a class B address when the > subnets are separated by another network? The short answer is no. > For example, given the following topology: > > +---------+ > | Host C1 | > +---------+ 192.9.200.5 > | > --------+-----+----- Net 192.9.200 ----------+--------- > | | > +----------+ 192.9.200.1 +----------+ 192.9.200.2 > | Gate GB1 | | Gate GB2 | > +----------+ 137.147.1.10 +----------+ 137.147.2.20 > | | > ------+------+------- --------+---+------ > | | > +----------+ 137.147.1.11 +----------+ 137.147.2.21 > | Host B11 | | Host B21 | > +----------+ +----------+ > > > ^ Subnet 1 of 137.147 ^ ^ Subnet 2 of 137.147 ^ > |____________________________| |_______________________________| > > Host C1, and gateways GB1 and GB2 all connect to the one network - in this > example a class C network with number 192.9.200 (don't worry - we are not > actually using this number). > > Gateways GB1 and GB2 are gateways to 2 subnets of the the class B > network 137.147 with subnet mask 255.255.255.0. There is no connection > between the two subnets except via 192.9.200. > > The question is does this work? No. The reasons is that the Gateways will only advertise a route to 137.147.0.0 (not to a particular subnet of that network) over the 192.9.200.0 subnet they are connected too. > Can hosts on either subnet route to hosts on the other (e.g. B11 <-> B21)? > > Can hosts on either subnet route to host C1? > > Can C1 route correctly to both B11 and B21? > > Can other networks gatewayed onto 192.9.200 successfully route to hosts > on the 137.147 subnets? > > If it works is there anything special I have to do to the gateways? The only way it *might* work is to give the interfaces that connect the two gateways a second IP address (in this case from another subnet of 137.147) and use a bit of static routing in the hosts. Two subnets (from different net numbers would then share the same physical network). cisco routers support secondary interface addresses but will never generate an IP packet with the secondary IP address - which is why you might have to use some static routing. I've done something like this at Macquarie University to support CSIRO's links into that campus, but at that site it's a case of two networks on the same cable, not a partititioned subnets (which is illegal according to the RFC), Peter Elford, AARNet
medin@NSIPO.NASA.GOV ("Milo S. Medin", NASA ARC NSI Project Office) (07/09/90)
Peter, I expect about 5-6 implementations there, though Proteon's is the only real vendor shipping today. I certainly don't want to speak for the vendors on this; I'm sure they'll do it themselves. This is just my best guess of course, based on meetings at IETF and such. Note that it's a little tricky to implement variable length mask support unless the IP forwarder is designed to support it. Most of the vendor's I know who are supporting OSPF have or are rewriting their forwarder code, and this is a major change in the way their routers work, so it takes more than just OSPF itself if your forwarder doesn't support this functionality already. Thanks, Milo
pte900@csc.anu.oz (Peter Elford) (07/09/90)
In article <9007080605.AA00749@cincsac.arc.nasa.gov>, medin@NSIPO.NASA.GOV ("Milo S. Medin", NASA ARC NSI Project Office) writes: > > Is it possible to route between subnets of a class B address when the > > subnets are separated by another network? > > The short answer is no. > > Well, that's not quite right. This depends on your routing protocol and how your > routers actually forward packets. .. diagram deleted ... > No. The reasons is that the Gateways will only advertise a route to 137.147 > .0.0 > (not to a particular subnet of that network) over the 192.9.200.0 subnet th > ey > are connected too. > > Again, this depends on the routing protocol and routers. It is certainly easy > enough to configure the OSPF protocol to make this work. In fact, the NASA > Science Internet network (built of Proteon p4200 routers) does exactly this. > We have 2 NSI routers seperated by a class C network, and both routers can > deal with parts of 128.161 on both "sides" of the class C net. This is > a consequence of variable length subnet support, and how OSPF areas > are configured. We are still just exploding out of the stone age Internet wise down here, so it was pretty safe to assume RIP and normal (ie. fixed length) subnet masks. > The only way it *might* work is to give the interfaces that connect the two > gateways a second IP address (in this case from another subnet of 137.147) > and use a bit of static routing in the hosts. Two subnets (from different n > et > numbers would then share the same physical network). > > cisco routers support secondary interface addresses but will never generate > an > IP packet with the secondary IP address - which is why you might have to us > e > some static routing. I've done something like this at Macquarie University > to > support CSIRO's links into that campus, but at that site it's a case of two > networks on the same cable, not a partititioned subnets (which is illegal > according to the RFC), > > This is a real kludge, and any hosts on the net in the middle may cause problems > because of improper handling of broadcast packets. As I said, with the right > routing protocol, this situation can work. I wasn't recommending the kludge; just using it as an example of what the problems associated with partitioning subnets (of the RFC950 flavour). > Now, I wouldn't go off recommending this approach to people, but it certainly can > be useful at times, especially during transitions, and for other reasons too. > > So, Murray, the answer to your question is yes, given you have OSPF routers > involved. Otherwise, I think the kludges you need would be pretty ugly and > not work well. I think Milo is saying that unless you are keen enough to dive into OSPF then the answer is no ! > OSPF is brought to you by the IETF, and is documented in RFC 1131. Expect to > see a multivendor demo at InterOp this fall. Ask for it by name, accept no > substitutes! How many vendors do you expect to see Milo ? (genuine interest, no sarcasm) Regards, Peter Elford, AARNet
staw@marvin.enet.dec.com (Tony Staw - REO2-G/G9 830-3908 09-Jul-1990 1037) (07/09/90)
This topology would also be supported by dual IS-IS routing, which like OSPF supports variable-length subnet masks. Tony
medin@NSIPO.NASA.GOV ("Milo S. Medin", NASA ARC NSI Project Office) (07/09/90)
Tony, you are of course right. All the modern IGP designers learned from the mistakes of the past and do/will support variable length masks. I was just differentiating OSPF's support for this sample topology in comparison to "old style" IGP's like RIP, IGRP, etc, which do not carry around mask information with the route information. But to be fair to them, the routers IP forwarders didn't support variable length masks either, with the possible exception of fuzzballs, which were trailblazers for many of the concepts now common in the Internet. Thanks, Milo PS The "old style" protocols are still adequate for many people's topologies, and are still widely used. It's just that these days, people want a lot more from their IGP's, like variable length mask support, authentication, multicast updates, rapid convergence, route tagging, low overhead, etc... OSPF was built with all these goals in mind, whereas the others didn't have nearly as full of a plate requirements wise when they were built... Of course, that's why the IETF formed a working group to build such a protocol. And Dual IS-IS should also be able to do those things as well...
lars@spectrum.CMC.COM (Lars Poulsen) (07/10/90)
In all our pride about how OSPF will allow you to build a network that contains discontiguous subnets, lets not forget to explain to the new people that this is not recommended, precisely because the earlier and most widely available routing protocols do not deal well with such a case. Disjoint subnets can only be expected to work if all interconnections between the disjoint subnets are under the same administration and is running a routing protocol that passes the mask. The normal way to implement the topology that was asked about, would be to have the connecting network (C1 in the example) be anotehr class-C sized subnet of the same class B network as the disjoint segments. The most common case where clients ask about disjoint subnets, is where an enterprise is geographically disjoint (say offices in Los Angeles, Denver and Boston) and wants to attach each office separately to the Internet, while assigning all host addresses out of the same class B network number. This of course is utterly undesirable (would OSPF allow it to be set up at all ?) and contravenes all the intentions for which subnets were invented. Thus, for "commercial use" the simple, practical and almost true answer is that disjoint subnets are not allowed. -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM
medin@NSIPO.NASA.GOV ("Milo S. Medin", NASA ARC NSI Project Office) (07/10/90)
Lars, you are quite correct that use of non-contiguous subnets should be with good reason. In many cases, you can do something architecturally pure, and avoid kludging, which is always a good idea. But, there are valid cases to do non-contiguous subnets as well. As usual, the reason you need really smart people is to tell the difference between the cases. I don't think that the issue of older protocols not supporting such a configuration is an issue. Time moves on, and progress gets made. In my environment, new capabilities are eagerly received, and put to good use right away, because we tend to operate close to the edge of the envelope anyway. And of course, at that point, the market tends to demand these new capabilities, and people implement them to be competitive. Your case about the business with the disjoint offices all wanting their own Internet interconnects while still using a single class B won't work, but not because of OSPF, but because that organization's connections to the various regional or brand X networks and those net`s connections to each other typically use EGP, which does not allow the passing of subnet data. If everyone was glued together by one supernetwork, all running an IGP like OSPF, then yes, it could work. But that's not likely to be the way people's connections would work in any case. Thanks, Milo
tsuchiya@THUMPER.BELLCORE.COM (Paul Tsuchiya) (07/10/90)
> .............. > The most common case where clients ask about disjoint subnets, is where > an enterprise is geographically disjoint (say offices in Los Angeles, > Denver and Boston) and wants to attach each office separately to the > Internet, while assigning all host addresses out of the same class B > network number. This of course is utterly undesirable (would OSPF allow > it to be set up at all ?) and contravenes all the intentions for which > subnets were invented. > > Thus, for "commercial use" the simple, practical and almost true answer > is that disjoint subnets are not allowed. > -- > / Lars Poulsen, SMTS Software Engineer > CMC Rockwell lars@CMC.COM > Hmmm. Why is it <of course> utterly undesirable that one organization in locations separated by the Internet not split up a Class B address? The only reason I can think of is that Internet routers are incapable of looking at subnet parts of the address--in other words, our Internet routers (or routing protocols) are inadequate. The thing just simply wouldn't work. However, I don't necessarily see something inherently bad about this. I mean, given today's address structure (net.subnet.host), what are the alternatives? First, the organization could have multiple class C addresses? However, this puts a load equal to subnetted class B addresses on the Internet. Each router must maintain one routing table entry for each location. But, it is highly unlikely that a single class C address will suffice for a location, so the organization probably needs a different class B address for every location. We still haven't decreased the load on the internet (one routing table entry for each location), but we have managed to make bad use of our address space. In other words, by not having protocols that allow the Internet routers to look into the subnet, we have NOT decreased the amount of routing overhead, but we HAVE used our limited address space poorly. Does BGP have masks? If so, it could look at the subnet part. This would at least allow use to use addresses a little more efficiently. However, a more general, multi-level hierarchical address scheme coupled with an efficient address assignment scheme is what's needed. Hear my ideas on this at the UCB IETF, or if you can't be there, ask me and I'll send you a paper on the topic. PT
jh@tut.fi (Juha Heinanen) (07/10/90)
In article <1990Jul10.003628.5859@spectrum.CMC.COM> lars@spectrum.CMC.COM (Lars Poulsen) writes:
Thus, for "commercial use" the simple, practical and almost true answer
is that disjoint subnets are not allowed.
Depends what you mean by "commercial use". If an organization that
previously has had its own IP backbone decides to become a user of a
commercial IP backbone then the situation is excatly such that would
call for connecting geographically separate subnets over another
network.
If this can't be done then the commercial backbone operator is not
likely to get the customer. In Finland, for example, the commercial
DataNet IP backbone will certainly switch from IGRP to OSPF for this
very reason alone if it really can solve the acute problem.
In the ISO world of NSAP addresses each organization can have several
so called routing domains which could be assigned one for each
separate network component.
--
-- Juha Heinanen, Tampere Univ. of Technology, Finland
jh@tut.fi (Internet), tut!jh (UUCP), jh@tut (Bitnet)lars@spectrum.cmc.com (Lars Poulsen) (07/11/90)
I wrote: > The most common case where clients ask about disjoint subnets, is where > an enterprise is geographically disjoint (say offices in Los Angeles, > Denver and Boston) and wants to attach each office separately to the > Internet, while assigning all host addresses out of the same class B > network number. This of course is utterly undesirable (would OSPF allow > it to be set up at all ?) and contravenes all the intentions for which > subnets were invented. Paul Tsuchiya <tsuchiya@THUMPER.BELLCORE.COM> replied: PT>Hmmm. Why is it <of course> utterly undesirable that one organization PT>in locations separated by the Internet not split up a Class B address? PT>The only reason I can think of is that Internet routers are incapable of PT>looking at subnet parts of the address--in other words, our Internet PT>routers (or routing protocols) are inadequate. The thing just simply PT>wouldn't work. Indeed. The intent of IP is to route based on the network number, and for most low-level routers not to have to know very many routes. Subnets were invented to allow an organization to have multiple routes internally while presenting only one logical point of entry to the outside world. PT>However, I don't necessarily see something inherently bad about this. PT>I mean, given today's address structure (net.subnet.host), what are the PT>alternatives? PT>First, the organization could have multiple class C addresses? However, PT>this puts a load equal to subnetted class B addresses on the Internet. PT>Each router must maintain one routing table entry for each location. The organization could be made to connect the disjoint subnets internally; in the worst case, this could be done by tunnelling in the routers. This is not too unlike the old ARPA/MIL/NSF geographical overlay. Each backbone router will route packets to the multi-site organization to the closest point of entry, and that router will get it to where it needs to get to, either directly, or wrapped in an envelope with the backbone address of the entrypoint router on the other end. PT>... However, a more general, multi-level hierarchical address scheme PT>coupled with an efficient address assignment scheme is what's needed. The ultimate in general, multilevel hierachical address schemes is ISO-IP, with its address format codes etc. IMHO, that way leads to utter madness. PT>Hear my ideas on this at the UCB IETF, or if you can't be there, PT>ask me and I'll send you a paper on the topic. Yes, I would like to see the paper. ------- Similarly, Milo S. Medin (NASA ARC NSI Project Office) <medin@nsipo.nasa.gov> says: MM>I don't think that the issue of older protocols not supporting such a MM>configuration is an issue. Time moves on, and progress gets made. but at the same time: MM>Your case about the business with the disjoint offices ... won't MM>work, ... because that organization's connections MM>to the various regional or brand X networks and those net`s connections to MM>each other typically use EGP, which does not allow the passing of MM>subnet data. If everyone was glued together by one supernetwork, all MM>running an IGP like OSPF, then yes, it could work. But that's not MM>likely to be the way people's connections would work in any case. - which was exactly my point. The "real" commercial networks are always years behind the state of the "art". Don't get me wrong: I think OSPF is great, and we should move to deploy it instead of EGP as quickly as we can, from the core out. But so long as not even the regionals are up to that level of sophistication, EGP is the commercial reality, and those of us whose job is to "get me connected NOW" have to find ways to live within those constraints. -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM
tmallory@BBN.COM (07/12/90)
OSPF is not the only routing protocol with "advanced" subnet support: BBN has extended the SPF-based routing protocol used by the BBN T/20 Internet Router and the RIG(developed for DARPA and RADC) to use arbitrary hierarchical subnet masks, in which the mask bits need not be contiguous. It will handle the separated subnet scenario with no problems. Tracy Mallory BBN
tsuchiya@THUMPER.BELLCORE.COM (Paul Tsuchiya) (07/12/90)
Lars Poulsen writes: > The ultimate in general, multilevel hierachical address schemes is > ISO-IP, with its address format codes etc. IMHO, that way leads to utter > madness. What is IMHO? Also, ISO-IP addresses are the ultimate in administratively hierarchical address assignment, but have a long ways to go still in having a topologically meaningful hierarchical address. But I'm working on them too. PT
stewart@xyplex.com (Bob Stewart) (07/12/90)
Paul Tsuchiya writes: >Also, ISO-IP addresses are the ultimate in administratively hierarchical >address assignment, but have a long ways to go still in having a >topologically meaningful hierarchical address. But I'm working on them >too. Seems to me that imbedding topological meaning in an address is not necessarily a good idea. That implies that as I move my portable around the network (from hotel to hotel, or, worse yet, on a cross country trip with a mobile phone), its address has to change. We have that problem now with SLIP connections. A name service could track the change so you could always reach me by name, but the more I move the more I have to change the name mapping, and such mappings usually don't appreciate being changed very much. *I*n *M*y *H*umble *O*pinion, hierarchical administration for initial address assignment works nicely, such as with Domain Name Service or Ethernet global addresses, but should really be independent of routing. Of course, flat addresses don't offer any built-in efficiencies for finding the right neighborhood, like IP addresses do now... Tradeoffs, tradeoffs, always tradeoffs. Why can't there just be a right answer? Bob ----------- Bob Stewart (rlstewart@eng.xyplex.com) Xyplex, Boxborough, Massachusetts (508) 264-9900
tsuchiya@THUMPER.BELLCORE.COM (Paul Tsuchiya) (07/12/90)
From Bob Stewart: > > Seems to me that imbedding topological meaning in an address is not > necessarily a good idea. That implies that as I move my portable around the > network (from hotel to hotel, or, worse yet, on a cross country trip with a > mobile phone), its address has to change. We have that problem now with SLIP > connections. A name service could track the change so you could always reach > me by name, but the more I move the more I have to change the name mapping, > and such mappings usually don't appreciate being changed very much. > > *I*n *M*y *H*umble *O*pinion, hierarchical administration for initial address > assignment works nicely, such as with Domain Name Service or Ethernet global > addresses, but should really be independent of routing. Of course, flat > addresses don't offer any built-in efficiencies for finding the right > neighborhood, like IP addresses do now... > > Tradeoffs, tradeoffs, always tradeoffs. Why can't there just be a right > answer? > Yes, tradoffs. In my latest work, I have proposed 1) hierarchical addresses reflecting the topological hierarchy, and 2) institutionalizing multiple addresses to reflect, for instance, those cases where a system is connected into the network in multiple places. This latter thing means that when you go to directory service or DNS, you get back MULTIPLE ADDRESSES. You pick one for your TCP connection (or whatever) based on policy. In other words, each address essentially represents a different path, which you choose by picking an address. I even think that the list of valid addresses should be conveyed to the destination by a TCP option in the call setup, and the destination can send back in the call accept the list, possibly pruned by its policy choices. Well, I'm getting ahead of myself. Anyway, what I have found is, from a system's perspective, shoving part of the routing problem into DNS is a GOOD tradeoff. In general, I think we have concentrated too much on automatic routing, and not enough on automatic address management. Our architecture and protocols do not take advantage of the significant degree of freedom afforded by letting addresses be more flexible--having multiple of them, changing them during a transport connection, stuff like that. Anyway, as I have said, read my paper. It covers a lot of stuff. Also, plan on getting sick and tired of my new-found religious perspective. It's been a while since I've had a soapbox to shout from. PT ps. IMHO. I like that.