Troubleshooting TCP/IP Communication Issues, Part2: Subnets
Articles and Tips: article
Proactive Resolution Team
Novell Worldwide Support
ncashell@novell.com
07 Jun 2000
Last month, we began looking at some of the more common TCP/IP communication issues that the TCP/IP group at Novell Technical Support receive. There we presented a simple example network that illustrated common IP problems and looked at six different communication trouble spots as well as some procedures on how to solve them.
This month, we'll finish up our common TCP/IP communication issues with two other issues that deal with subnet masking. As with the last column, this article is divided into two parts: understanding the concepts behind subnet masking, and then troubleshooting common TCP/IP problems as they relate to subnets.
The Subnet
Subnetting an IP Network can be done for a variety of reasons. The most common reason is to control network traffic, but subnetting can also be used to segment organizational boundaries, segment different physical media (such as Ethernet, FDDI, WAN, etc.), preserve address space, and ensure security.
But controlling network traffic is the most common reason. For example, in an Ethernet network, all nodes on a segment see all the packets transmitted by all the other nodes on that segment. Performance can be adversely affected under heavy traffic loads, due to collisions and the resulting retransmission of packets. You use a router to connect IP networks and therefore minimize the amount of traffic each segment receives.
Subnet Masking
Applying a subnet mask to an IP address allows you to identify the network and node parts of the address. Performing a bit-wise logical AND operation between the IP address and the subnet mask results in the Network Address or Number.
For example, using a Novell registered IP address and the default Class B subnet mask, we get:
|
10000011.00111001.01111001.11001000 |
131.57.121.200 |
Novell Class B IP Address |
|
11111111.11111111.00000000.00000000 |
255.255.0.0 |
Default Class B Subnet Mask |
|
10000011.00111001.00000000.00000000 |
131.57.0.0 |
Network Address |
The default subnet masks for each class is as follows:
Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000 Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000 Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000
You can add additional bits added to the default subnet mask for a given Class to further subnet, or break down, a network. When a bit-wise logical AND operation is performed between the subnet mask and IP address, the result defines the Subnet Address.
To calculate the number of subnets or nodes, use the formula (2^n) where n = number of bits in either field (or 2^n - 2 if IP stacks in your network do not support the 1-bit subnet masks defined by RFC 1878). Multiplying the number of subnets by the number of nodes available per subnet gives you the total number of nodes available for your class and subnet mask.
For this example, we'll use a 3-bit subnet mask:
|
10000011.00111001.01111001.11001000 |
131.57.121.200 |
IP Address |
|
11111111.11111111.11100000.00000000 |
255.255.224.0 |
Subnet Mask |
|
10000011.00111001.01100000.00000000 |
131.57.96.0 |
Subnet Address |
|
10000011.00111001.01111111.11111111 |
131.57.127.255 |
Broadcast Address |
There are 8 subnets available with this size mask (assuming that subnets with all 0's and all 1's are allowed). Each subnet has 8190 nodes. Each subnet can have nodes assigned to any address between the Subnet address and the Broadcast address. This gives a total of 65,520 nodes for the entire class B address that is subnetted this way. Notice that this is less than the 65,534 nodes that an unsubnetted class B address would have.
Some Restrictions Apply
There are some restrictions that apply to the subnet address. A subnet address cannot be all "0"s or all "1"s. Node addresses of all "0"s are reserved to specify the local network (when a host does not know it's network address) and all "1"s are reserved to specify all hosts on the network (broadcast address). This restriction also applies to subnets.
As another restriction, a 1-bit subnet mask is not allowed. This restriction is required because older standards enforced this restriction. However, recent standards that allow use of these subnets (defined in RFC 1878) have superceded these standards and allow 1 bit subnet masks, but many "legacy" devices do not support the newer standards. If you are operating in a controlled environment, such as a lab, you can safely use these restricted 1-bit subnets. Note that Novell's TCP/IP stack does allow for the 1-bit subnet mask.
Subnetting always reduces the number of possible nodes for a given network. For those of you who hate counting in binary, you can download a free IP subnet calculator from the http://www.net3group.com/download.asp URL. The calculator tool comes with complete subnet tables available for Class A, Class B and Class C. These tables list all the possible subnet masks for each class, along with calculations of the number of networks, nodes and total hosts for each subnet.
Troubleshooting Common Subnet Problem
Continuing on from last month's column on common IP problems and their solutions, let's now turn our attention to common subnet problems. As with last month's column, we'll again use the example network to illustrate some of the most common subnet problems. This example network is shown in Figure 1.
Figure 1: Example network for TCP/IP and subnet troubleshooting scenarios.
In this network, Workstation 1 accesses the Internet/WAN through a NetWare server which contains two network adapters, each with its own IP address: 137.65.43.1 and 137.40.3.1. Workstation 2 accesses the Internet/WAN through the Internet Router with the IP address of 137.40.3.4. The NetWare server also communicates to the Internet/WAN through the Internet Router, as well as the Unix box (whose IP address is 137.40.3.3), which also communicates to the Internet/WAN through the Internet Router (137.40.3.4). The Internet Router's IP internet address is 137.30.1.254.
Now let's look at two common subnet problems and their solutions.
Subnet Scenario 1: Creating Variable Length Subnets
Symptom:I have enough IP addresses for all the nodes that I want, but I only need a few nodes on the 137.65.43.1 side of the NetWare server. I really don't want to make 2 equal subnets when I need most of the available addresses on the 137.40.3.1 side, and only a few on the 137.65.43.1 side. Is there a way to make variable_length subnets?
Solution:You can make a smaller subnet, or a "stub" of the network, that is bound to the server's network board presently using the 137.65.43.1 IP address. You can then force proxy ARP on the network board that is bound to 137.40.3.1 as its IP address to make it "listen" for the other board in the server.
To force proxy ARP from the command line (or from the AUTOEXEC.NCF file), include the additional parameter "proxyarp=yes" in the "bind 137.40.3.1" statement. If you are using the INETCFG utility, type INETCFG at the server console prompt, select Bindings, the TCP/IP binding for the 137.40.3.1 board, then select the Expert Bind Options and choose Force Proxy ARP. Change this setting to "Enabled." Press ESC until you reach the INETCFG's initial screen, then select the "Reinitialize System" entry for the change to take effect.
Next, bind the other NetWare board (referred to as 137.65.43.1 in the diagram) with an IP address and subnet mask that define a smaller range (and example would be an address of x.x.x.193 and mask of 255.255.255.248, which would give this board a "stub" subnet between 192 _ 199). You must also enable Proxy ARP on the 137.40.3.1 board (as described earlier), then this board will listen for addresses on the "stub" subnet.
In your Proxy ARP configuration, make sure the "stub" subnet does not have the same subnet broadcast address as the other subnet. For example, suppose you bind your first server board to an IP address of x.x.x.90 with mask 255.255.255.192 and a broadcast address of 255.255.255.127. If you enable Proxy ARP on that board and then try to bind a second board to an IP address of x.x.x.97 with mask 255.255.255.224, the "stub" subnet will also have a broadcast address of 255.255.255.127. Because of this, the second board won't bind, since the broadcast addresses are the same. In the same example, if you use a subnet mask of 255.255.255.240 (outside the first board's range), the broadcast address for the "stub" subnet then will be 255.255.255.111. (See TID #2911147 for more subnetting details.)
Note: When binding the IP address to the second board (the one in the "stub" subnet), you will receive a message saying that the subnet mask that you have used disagrees with the mask on your other network card. This is informational, and not an error. This message is just to help you make sure that you know that you are "stub" subnetting; it does not necessarily mean that IP routing is not working. The board in the "stub" subnet WILL bind and work properly.
Also note that when using variable length subnets in the IP network, the routing protocols must be configured for RIP2 or OSPF to advertise the correct information. RIP, the default routing protocol, has no concept of subnet masks and therefore will never advertise them. Failing to configure RIP2 or OSPF may lead to connectivity problems.
Subnet Scenario 2: Cannot Ping or Communicate with Internet Hosts via a Cisco Router
Symptom:I have a subnet mask of 224 and I have a Cisco router between me and my ISP. I am able to ping my Cisco Router but I can't ping my ISP or out to the internet. If I use the Telnet command to communicate to the Cisco router, I can see that the default route is set correctly and that there is a route to my subnet. I also see an explicit route to the Cisco router from the ISP. I can also use the Show IP Routes command and it displays the IP address of my Cisco router and the networks with their next hop. From the Cisco router I can ping my ISP and other hosts on the Internet.
Solution: When adding a route to the Cisco router, you need to specify the subnet mask for the network. If you add the subnet mask and perform a Show IP Routes command, the table shows the networks with their next hop and the subnet masks. This will allow you to ping any device on the subnetwork that has the correct subnet mask and default route correctly configured.
Then next month, we'll take a look at troubleshooting BorderManager licensing issues.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.