Running out of IPs

[heyjim]

Hey,

I've taken over a company's network and one of the first things I've noticed is that we're running out of IP addresses - We probably have 10-15 left.

We're running SBS 2003 which handles the DHCP, our current range is 10.0.0.* with a subnet of 255.255.255.0.

Whats involved in increasing the number of IP's? I've read that I could simply change the subnet while I've also read using multiple subnets.

I've never really been in this situation so any help would be appreciated!

Thanks

 

[drebo]

Since you're 10.0.0.0/24, you could simply change the subnet mask to 255.255.254.0 and that would change your network to 10.0.0.0/23, which encompasses 10.0.0.0 - 10.0.1.255, effectively doubling your IP space.

No renumbering necessary, just change the subnet mask on the appropriate equipment (anything statically assigned, basically) and update the DHCP scope. Minimal effort.

 

[heyjim]

Great, thanks for that

Would a device with the IP 10.0.0.50 be able to communicate with a device with the IP 10.0.1.50 with this setup?

 

[kevnich2]

How many locations do you have right now? Are all of your systems under one roof? Are all systems on DHCP presently? If so, you simply need to modify the subnet to 255.255.254.0 of your dhcp scope and increase the scope to whatever you want the new DHCP range to be.

 

[kevnich2]

Great, thanks for that

Would a device with the IP 10.0.0.50 be able to communicate with a device with the IP 10.0.1.50 with this setup?

As long as your subnet on both systems is 255.255.254.0, then yes.

 

[spidey07]

They've got it covered. For something like this just expand the mask. Luckily you are on a bit boundary and you don't need a different subnet. Just change the mask on the DHCP server as described.

One last thing - you'll have to change the mask on any static IP devices as well like servers. And don't forget the routers - technically it is the ROUTER that defines the network/subnet and mask.

 

[Lemieux66]

If there are servers and workstations that currently share that network I would take this opportunity and separate them.

Leave the servers in the current /24 network and created a new network for workstations. This would make securing the server network easier in the future. This however would require use of vlans and/or additional network gear.

 

[mammador]

How many users and/or nodes do you have currently? The class A private addressing scheme is extremely large, so just use extra addresses.

It may be best you institute VLANs, and section subnets per use.

 

[Lithium381]

as mammador suggested, THINK about how you're growing the scheme and lay it out logically. Either per floor of the buidling or per business unit. If you anticipate any growth at all, making a plan now is MUCh easier to deal with than having to think about it and renumber down the road.

Use different networks for different purposes:
Guest 10.0.255.0/24
Wifi 10.0.3.0/24
storage 10.0.4.0/24

/24 masks just to keep it simple, but it helps in troubleshooting and in growth cases. have a plan, and leave room between the subnets to grow them as needed. you've got a lot of space to work with so don't corner yourself.

 

[heyjim]

How many locations do you have right now? Are all of your systems under one roof? Are all systems on DHCP presently? If so, you simply need to modify the subnet to 255.255.254.0 of your dhcp scope and increase the scope to whatever you want the new DHCP range to be.

Just the 1 site, everythings currently under one roof. Apart from our statics everythings on DHCP. We do have another site but it is only used for large jobs every now and again - the routers have a VPN connection between them. Theres only 2 or 3 workstations on the other site.

If there are servers and workstations that currently share that network I would take this opportunity and separate them.

Leave the servers in the current /24 network and created a new network for workstations. This would make securing the server network easier in the future. This however would require use of vlans and/or additional network gear.

I have thought about that before but never really in much detail. All of our switches on unmanaged - I assume this isn't possible unless we buy some managed ones?

How many users and/or nodes do you have currently? The class A private addressing scheme is extremely large, so just use extra addresses.

It may be best you institute VLANs, and section subnets per use.

We've only got 35ish users but we've also got IP phones, CCTV, CNC machines, printers, access points, users connecting over the VPN, mobile phones and tablets.

as mammador suggested, THINK about how you're growing the scheme and lay it out logically. Either per floor of the buidling or per business unit. If you anticipate any growth at all, making a plan now is MUCh easier to deal with than having to think about it and renumber down the road.

Use different networks for different purposes:
Guest 10.0.255.0/24
Wifi 10.0.3.0/24
storage 10.0.4.0/24

/24 masks just to keep it simple, but it helps in troubleshooting and in growth cases. have a plan, and leave room between the subnets to grow them as needed. you've got a lot of space to work with so don't corner yourself.

It's looking likely that we may expand so I'll definitely keep that in mind.

Thanks for all your help!

 

[drebo]

Don't needlessly complicate things. Just expand the network to a /23. It's no more or less difficult to "troubleshoot" than a /24.

And for the love of god don't use 10.0.3.0/24 for anything. Always put your subnets on a proper boundary. I like to leave two bits between subnets. I.e. if 10.0.0.0/24 is my first subnet, the next one would be 10.0.4.0/24. That way, I could grow to a /22 and it'd be fine.

And contrary to what a lot of people (most of whom don't actually understand the concept of subnetting) will say, a /22 is not too large for a LAN subnet. I wouldn't go much bigger, but 1000 hosts isn't terribly bad if they're all contained within a semi-small area. Now, if you're bridging them across wifi links or other slow links, then yeah it's going to be a problem. But if they're all on a 100mb or 1gb network that isn't too strung out, you'll be fine.

 

[heyjim]

Don't needlessly complicate things. Just expand the network to a /23. It's no more or less difficult to "troubleshoot" than a /24.

And for the love of god don't use 10.0.3.0/24 for anything. Always put your subnets on a proper boundary. I like to leave two bits between subnets. I.e. if 10.0.0.0/24 is my first subnet, the next one would be 10.0.4.0/24. That way, I could grow to a /22 and it'd be fine.

And contrary to what a lot of people (most of whom don't actually understand the concept of subnetting) will say, a /22 is not too large for a LAN subnet. I wouldn't go much bigger, but 1000 hosts isn't terribly bad if they're all contained within a semi-small area. Now, if you're bridging them across wifi links or other slow links, then yeah it's going to be a problem. But if they're all on a 100mb or 1gb network that isn't too strung out, you'll be fine.

Can I ask what you mean by /24 and /23 etc? I've never dug this deep into networking!

 

[Bricked]

Can I ask what you mean by /24 and /23 etc? I've never dug this deep into networking!

The slash numbers tell you what the subnet mask is. For example, /24 is a subnet mask of 255.255.255.0 and /23 is 255.255.254.0. The subnet mask determines the way that the network is split up into subnetworks.

 

[drebo]

The slash numbers tell you what the subnet mask is. For example, /24 is a subnet mask of 255.255.255.0 and /23 is 255.255.254.0. The subnet mask determines the way that the network is split up into subnetworks.

It determines whether or not a host sees an IP as "local" or not. If an IP is in the same subnet as the host's assigned IP, the host will use ARP for that IP and send responses directly to the L2 address of that IP. Otherwise, the host will send replies to the L2 address of its assigned gateway. The L3 address remains the same in both cases.

Hence why if you have one device assigned as 10.0.0.2/24 and one device assigned as 10.0.1.2/23 they will not be able to communicate. The 10.0.0.2 device sees 10.0.1.2 as a foreign IP address whereas the 10.0.1.2 device sees 10.0.0.2 as a local address. Thus, the 10.0.0.2 device will put the L2 address of its gateway when replying to packets from 10.0.1.2.

 

[Gryz]

It's rather important to understand where that number /24 comes from.

You should see an IP address as a string of bits.
And IP address is a string of 32 bits.

The first bits are the "network address". They determine to which network a packet needs to be sent.
The last bits are the "host address". They determine to which machine on a network the packet needs to be send.

How many bits are "the first part" and how many bits are "the second part" ?
You get to determine that yourself.
You do this with the "prefix-length". Aka a /24 means that 24 bits are reserved for the first part (the network address) and the remaining bits are for the second part (the host part). A /24 means 24 bits network address, and 8 bits (32-24=8) for the host address.
With 8 bits for the host part, you can have maximum 2^8=256 hosts on a network. (In practice, 254 to be precise).

The /24 notation is "relatively" new. It was introduced somewhere in the mid-nineties. Unfortunately lots of people, and lots of user-interfaces still use the old concept. That was called a "subnet-mask". it's the same thing, just a different notation.
Basically you take a 32-bit long bitstring. You set all the bits for the network part to 1. And all the bits for the host part to 0. You then convert the bitstring to the notation of a regular IP address. 255 means 8 bits in a row (2^7-1). 255.255.0.0 means 16 bits in a row.

So if you want to say that the network part of your addresses are 8 bits long, you can say either: "we are using a /8". Or you say "my subnet mask is 255.0.0.0". So a /16 is also called 255.255.255.0. You yourself are using a subnetmask of 255.255.255.0, which can also be called /24. A /23 means your network-part is 1 bit shorter, and your host-part is 1 bit longer. Written as a subnet-mask, a /23 becomes 255.255.254.0.

Others above said the same thing. But when you don't realize that the 24 in /24 means "my network part of the address is 24 bits long", you'll never understand what it all means.

If I were you, to make things easier, I'd go from a /24 to a /16. That's going from a mask of 255.255.255.0 to 255.255.0.0. You then have 16 bits for the host part. And thus you can then have 2^16-2= 65000 hosts on your ethernet. Much simpler.

 

[heyjim]

It's rather important to understand where that number /24 comes from.

You should see an IP address as a string of bits.
And IP address is a string of 32 bits.

The first bits are the "network address". They determine to which network a packet needs to be sent.
The last bits are the "host address". They determine to which machine on a network the packet needs to be send.

How many bits are "the first part" and how many bits are "the second part" ?
You get to determine that yourself.
You do this with the "prefix-length". Aka a /24 means that 24 bits are reserved for the first part (the network address) and the remaining bits are for the second part (the host part). A /24 means 24 bits network address, and 8 bits (32-24=8) for the host address.
With 8 bits for the host part, you can have maximum 2^8=256 hosts on a network. (In practice, 254 to be precise).

The /24 notation is "relatively" new. It was introduced somewhere in the mid-nineties. Unfortunately lots of people, and lots of user-interfaces still use the old concept. That was called a "subnet-mask". it's the same thing, just a different notation.
Basically you take a 32-bit long bitstring. You set all the bits for the network part to 1. And all the bits for the host part to 0. You then convert the bitstring to the notation of a regular IP address. 255 means 8 bits in a row (2^7-1). 255.255.0.0 means 16 bits in a row.

So if you want to say that the network part of your addresses are 8 bits long, you can say either: "we are using a /8". Or you say "my subnet mask is 255.0.0.0". So a /16 is also called 255.255.255.0. You yourself are using a subnetmask of 255.255.255.0, which can also be called /24. A /23 means your network-part is 1 bit shorter, and your host-part is 1 bit longer. Written as a subnet-mask, a /23 becomes 255.255.254.0.

Others above said the same thing. But when you don't realize that the 24 in /24 means "my network part of the address is 24 bits long", you'll never understand what it all means.

If I were you, to make things easier, I'd go from a /24 to a /16. That's going from a mask of 255.255.255.0 to 255.255.0.0. You then have 16 bits for the host part. And thus you can then have 2^16-2= 65000 hosts on your ethernet. Much simpler.

Thanks, that makes it a bit clearer, I'll definately have to learn more about it though

Just on the last bit you mentioned, is it possible to go from 255.255.255.0 to 255.255.0.0 in the same way as 255.255.254.0 - basically without doing any extra config?

 

[debian0001]

What subnet do your servers run on? Is that /24 all DHCP?

 

[Gryz]

Thanks, that makes it a bit clearer, I'll definately have to learn more about it though

You're welcome.
I see I made a few typos. I hope they didn't make it too confusing.

Just on the last bit you mentioned, is it possible to go from 255.255.255.0 to 255.255.0.0 in the same way as 255.255.254.0 - basically without doing any extra config?

You can go from /24 to /16, just as easily as you go from /24 to /23.

However, it does require configuration.
As others have pointed out earlier in this thread, you need to make sure that all devices on a network agree on the exact same prefix-length/subnet-mask. If that's not the case, things get a lot more complex. An experienced guy can probably make something work with a bunch of kludges. But to keep things simple, just do the right thing: and make sure they all have the new subnet-mask.

There are 2 types of IP addresses.
Dynamic addresses, handed out by a DHCP server, via the DHCP protocol. Most of the time, a router functions as the DHCP server.
And then there are static addresses. Those are configured by hand. Nowadays, it's mostly the interfaces of the routers that need to be manually configured.

So one thing you need to do is:
reconfigure the subnet-mask/prefix-length on the internal interfaces on your routers. I believe you have only one router, so that's easy: keep the IP address the same, just change the subnetmask to 255.255.0.0, (or the prefix-length from /24 to /16. It's the same thing).

If you're lucky, that would automatically cause the router to hand more IP addresses via DHCP. And tell all the DHCP-clients that the subnet-mask has changed.
You probably need to reboot all machines on the network. Or unplug the ethernetcable for 10-20 seconds (so the machines notice they are disconnected), and then reconnect the ethernetcable. I believe there's also a dos-commando to do it.

You might have more devices on the network, that need static address configuring. If that is the case, you need to change the subnetmask on those too. (Although I doubt you got more devices with static addresses, because if you are not aware of what you are doing, the static and dynamic addresses would have been likely to collide).

 

[Lithium381]

Don't needlessly complicate things. Just expand the network to a /23. It's no more or less difficult to "troubleshoot" than a /24.

And for the love of god don't use 10.0.3.0/24 for anything. Always put your subnets on a proper boundary. I like to leave two bits between subnets. I.e. if 10.0.0.0/24 is my first subnet, the next one would be 10.0.4.0/24. That way, I could grow to a /22 and it'd be fine.

And contrary to what a lot of people (most of whom don't actually understand the concept of subnetting) will say, a /22 is not too large for a LAN subnet. I wouldn't go much bigger, but 1000 hosts isn't terribly bad if they're all contained within a semi-small area. Now, if you're bridging them across wifi links or other slow links, then yeah it's going to be a problem. But if they're all on a 100mb or 1gb network that isn't too strung out, you'll be fine.

it also depends on the behavior of the hosts on that subnet. If they like to do broadcasts then you're hosed . . . but if you get a lot of unicasts you can scale much higher. . . .