A teacher told us about VLSM and "nested subnetting":
- you should NOT use all-1 / all-0 subnets
- the same public network you got, can be split up in subnetworks of different size / having different subnet masks
- you can nest subnets, so that the same IP actually belongs to 2 subnetworks: in the example below the range of B is from 193.174.26.161 to 190, but C is nested inside from 193.174.26.189 to 193.174.26.190; furthermore B & C are nested in A
- the aim of this is to waste less IPs
- it is not supported by routers, but theoretically it would work
The teacher gave us examples with requirements like these:
- you got 193.174.26.0 /24 from your ISP
- A: 140 hosts
- B: 20 hosts
- C: 2 hosts
- given: C should be nested in B
–> using equally sized subnets without nesting will not work
The solution:
┌───────┬──────────────┬──────────┬──────┬──────────┬─────────┬─────────┐ │network│net address │last octet│suffix│first host│last host│broadcast│ ├───────┼──────────────┼──────────┼──────┼──────────┼─────────┼─────────┤ │A │193.174.26.0 │0000 0000 │/24 │1 │254 │255 │ ├───────┼──────────────┼──────────┼──────┼──────────┼─────────┼─────────┤ │B │193.174.26.160│1010 0000 │/27 │161 │190 │191 │ ├───────┼──────────────┼──────────┼──────┼──────────┼─────────┼─────────┤ │C │193.174.26.188│1011 1100 │/30 │189 │190 │191 │ └───────┴──────────────┴──────────┴──────┴──────────┴─────────┴─────────┘
I had never head about it and could not find very much information, so I have some questions about it:
- I think C is an all-1-subnet, am I right?
- What happens if a router (e.g. the router connecting the local network to the internet) receives a packet with target = 193.174.26.255? How does it decide, whether to route it to all hosts (everyone between 193.174.26.1 and 193.174.26.254, no matter, whether it is in subnet B or C) or just to the hosts, that are directly in network 193.174.26.0 (the root of the nested networks)
- Who will receive packets addressed to 193.174.26.191? All hosts in B including C or only the hosts in C?
- In general, even if you do not use VLSM and nesting, but you ALLOW all-0 / all-1-networks: How do you distinguish between the network / broadcast address of the "super-network" and the sub-network? (following the linked article it should work meanwhile)
- Does anyone use this technique in real life?
Cisco article about all-1 and all-0 subnets
http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13711-40.html
Best Answer
"Nesting" (overlapping networks) requires proxy-arp and therefore SHOULD be avoided at all costs. No enterprise router will allow such a broken configuration -- each interface/subnet must be completely independent, which means out in the real world, where real IP addresses are routed, this method of "conservation" cannot be used. (aka: nonsense) [*]
It SHOULD not be attempted by anyone not thoroughly versed in networking. (i.e. if you haven't been designing, setting up, and maintaining large, complex networks for a decade or more, you shouldn't even be talking about this type of damage.)
(Full disclosure)
I'm doing this exact thing in an OpenStack development environment right now. 192.168.xx.0/24 has a /29 behind one of the machines in the larger /24. That machine has to have a number of specific, non-default setting changed to pretend to be hosts within the /29 slice. (aka proxy-arp) Yes, I can add a route for the /29 on the router, but the machines in the /24 still won't be able to talk to the /29 because their larger netmask means they're link-local; I'd have to add that /29 route to all the machines in the /24 for them to work.
All-0 and All-1
Those concepts haven't had any tangible meaning in modern networking for decades. Nothing you're likely to run into on the internet makes any assumptions about network size -- everything is classless now. Yes, there used to be issues using an all-0 (or 1) subnet -- say 199.72.0.0/24 (the first subnet from 199.72.0.0/16) (true story) -- because some random system on the internet (AIX) applied class logic to the range. Nothing does that today. So, with 199.72.0.0/16, the address range is 0.0 to 255.255 -- with the those too addresses being the /16's network and broadcast addresses. Those are always the /16's network and broadcast, even if a /24 were nested with it somewhere.
The active netmask ALWAYS defines the network and broadcast. Yes, that means a nested construct has multiple broadcast addresses, but due to different netmasks, nodes within different zones (sub-network, parent-network, ...) listen to different addresses. At layer-2 (ethernet), all hosts in the same domain (eg. vlan) see the same broadcasts but the host will filter out, at layer-3, the "foreign" broadcasts, unless they're sent to the "all nodes" broadcast address of 255.255.255.255.
[*] ISPs wanting to conserve space like this do it via bridging, but that has it's own problems.
[*] I warned my idiot ("we know more than you") coworkers not to use 199.72.0.0/24, but they did it anyway -- putting the webdev desktops in 0.0/25. A day later came the "What. Did. I. Tell. You." after complaints from every single person about random places on the internet they simply couldn't get. That was in 1997.