I am working on a network where the inside interface of the edge router is addressed as 10.1.1.1/24. Its peer is R2 addressed as
10.1.1.2/30. R2 also has an interface addressed as 10.1.1.5/30 that goes to R3 (10.1.1.6/30) in another office.
I do not know whether the inconsistent use of the subnet mask was accidental or intentional. Even if this is completely OK, I need to understand how this works so I can properly set the mask for other devices on the 10.1.1.x network.
Please explain how to determine the effects of using inconsistent subnet masks.
Its doubtful that it was intentional, most likely totally a total accident or lack of thought process that goes into it.
All is not lost though.
The subnet mask is a fairly simple construct.
It simply differentiates the IP range. Having overlapping ranges is not an error, or will cause major problems, just simple ones.
The worst thing that happens is that R1, nor anybody behind R1 will be able to reach R2 and R3. Assuming there are other IP ranges behind R2 and R3, those other IP ranges will be routable and fully available.
Because, according to its subnet mask setting, 10.1.1.6/30 should be part of its inside interface. So, it will not forward along packets destined for 10.1.1.6/30, but instead assume something on the inside interface will speak up for them (ie. ARP respond for them) and route there.
Note, this can change depending on smaller subnet routes entered into R1, but might not be worth it.
The main consideration if you want to change this is if you want to monitor R2 & R3 from behind R1, it might be best to renumber everything to be seperate and distinct, but its not going to break anything hard to leave it this way.
Doug, Thanks for trying to help me with this. I've thought a lot about what you said. If I understood you correctly, the problem with inconsistent subnet masks is that it causes address resolution issues. Is this correct?
After do> The worst thing that happens is that R1, nor anybody behind R1 will be
I understand why R1 might not be able to reach R3 (see below) but not why R1 would not be able to reach R2. R2 is directly connected to R1 and on its /24 subnet.
As I understand it, R1 will ARP for any devices on connected networks, then create the L2 header and forward packets directly to the destination. If so, R1 will ARP for R2, which will respond for itself. Right?
To send packets to R3, R1 will need R2's MAC. From what I read, it seems that there should be two ways for R1 to get this: (a) install a permanent mapping for R3's MAC in R1's ARP cache (b) turn on proxy ARP in R2 for R3
Please let me know if I've misunderstood some key (or minor) point here. Thanks! Bob
Yes to reach R3 (10.1.1.6), R1 (10.1.1.1) will simply ARP for
10.1.1.6. By default on Cisco Proxy ARP is enabled so unless it has been turned off with no ip proxy-arp, R2 will respond with it's MAC and R1 will install R2's MAC for R3. Confused?
After ping 10.1.1.2 ping 10.1.1.6
R1's ARP table will look like
10.1.1.2 R2-MAC
10.1.1.6 R2-MAC
I always use consistent masks and if I remember I turn off proxy ARP to reduce possible (future) confusion.
You pretty much seem to have cracked it. I wrote the following before I read your second post and I may as well post it now:(
The subnet mask specifies which addresses are local to the interface and which are remote. Remote addresses are accessed via the routing table (maybe containing only the default gateway) and local addresses are accessed directly simply using ARP. Sometimes the router (also called a gateway) will be configured to do proxy ARP and will respond on behalf of remote addresses. On Cisco routers proxy ARP is enabled by default. I always turn it off in the basis that I want to know how the network works and don't want to relay on hidden magic.
There is NO ALTERNATIVE to getting into the binary to understand subnet masks.
In your case
10.1.1.1/24 and 10.1.1.2/30 will communicate correctly since they both agree that both are local to each other.
10.1.1.1/24 thinks that local addresses are: 10.1.1.1-10.1.1.254 with 10.1.1.0 reserved and 10.1.1.255 for directed broadcast
10.1.1.2/30 thinks that local addresses are: 10.1.1.1-10.1.1.2 with 10.1.1.0 reserved and 10.1.1.3 for directed broadcast
I have been doing this so long and these are easy addresses so the above ranges and stuff just come into my head without any effort at all:-)
Since the directed broadcast address is virtually never used BOTH agree that 10.1.1.1 and 10.1.1.2 are on the same network and both ARP for each other so all is well.
The best thing is to get the inconsistent masks fixed at some time so that there is no confusion as to how the network might be working.
If you want more help post the routing tables and arp cache entries for the devices with any further questions.
The inconsistent masks will on the other hand break some/many/all dynamic routing protocols. I don't care whether it is some or many or all 'cos I simply always use consistent subnet masks.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.