One of my client sites called to ask me to change the subnet masks of the Linux servers I manage there while they re-IP/change the netmask of their network based on a 10.0.0.x scheme.
"Can you change the Linux server netmasks from 255.255.255.0 to 255.240.0.0?"
You mean, 255.255.240.0?
"No, 255.240.0.0."
Are you sure you need that many IP addresses?
"Yeah, we never want to run out of IP addresses."
A quick check against the Subnet Cheat Sheet shows:
- a 255.255.255.0 netmask, a /24 provides 256 hosts. It's clear to see that an organization can exhaust that number of IP addresses.
- a 255.240.0.0 netmask, a /12 provides 1,048,576 hosts. This is a small < 200-user site. I doubt that they'd allocate more than 400 IP addresses, ever… Maybe 500, but at that point, more subnets/VLANs should be established.
I suggested something that provides fewer hosts, like a /22 or /21 (1024 and 2048 hosts, respectively), but was unable to give a specific reason against using the /12 subnet.
Is there anything this customer should be concerned about? Are there any specific reasons they shouldn't use such an incredibly large mask in their environment?
Best Answer
As stated in other answers, having too many hosts in the broadcast domain can really start to make broadcasts a mess.
They'll need a lot of expansion in the subnet before it becomes a potential problem.
Future growth planning becomes a mess.
Adding extra sites with their own IP space gets difficult when you've already laid a needlessly huge footprint down in the available space.
Internal network security boundaries become impossible.
Assigning different subnets to different groups of users and splitting up low security servers/high security servers/restricted management interfaces of servers/storage/network devices goes out the window.
Any ol' user's laptop that picked up a virus at home can ARP poison the network and take the servers down or man-in-the-middle them. You have no way to keep a compromised device away from sensitive network locations, like out-of-band management interfaces of servers. A typo in an innocent reconfig of network settings can potentially IP conflict with any other device on the network.
If they're not planning on growing in any way that would ever require more subnets, and not planning on ever adding any complexity or security to their network, then it's fine, since it's effectively identical to their current network configuration -- but if they're asking for this, they're obviously planning on expanding.
Needless at best, and seriously bad idea at worst.