Change netmask from /24 to /23

networking subnet active-directory

I realize this is old, but maybe it can help someone else with the same question.

First, this is not a comprehensive plan. You need to follow good business practices, build out a full procedure with back out and test stages along the way. There may be brief network outages at the static devices if adjusting the Netmask causes the interface to reset. Don't connect over the interface that you are changing.

Second, going larger is by far the easier direction to change a Netmask, but make really sure you are not better off with separate segments before you go this route because going back smaller is not fun. You may also find hosts configured incorrectly when you do this process. Hosts can work with bad netmask entries in certain circumstances, but this is really dependent on the host IP stack.

Netmask defines if a given host is part of a particular network and if it can communicate directly with another host. It determines if the the packet needs to interact with a router or gateway to reach a particular destination node.

DNS: Nothing in DNS uses the netmask. That is why you don't need a DNS server in your current segment for it to work. Ditto for mail or any other IP based service.

DHCP Scope: You only need to change the DHCP Scope if you want the DHCP server to provide addressing within the new space. Since a DHCP scope needs to be contiguous addresses, and you cannot define multiple groups within an address space, you may run into a problem if your gateway IP address specifically or any of your static servers fall into the new scope and is assigned to another system unless a static DHCP assignment is created for all of those devices even if they are set static on the host. A coded assignment prevents the DHCP from assigning the IP, but since it is based on MAC address, the card breaking will break this static setting. Really, just don't do it, you are asking to break things.

The DHCP server needs to be in the same segment as the hosts it serves because a broadcast packet is used when a client queries for an address. Broadcast packets are not routed by their very nature.

Making the space larger increases your potential collision domain. That means more hosts that potentially can't talk at the same time if you have cheap switch hardware. Increasing the address domain may have performance impacts if your network has chatty broadcast services since all hosts receive broadcast packets even in a switched network.

Note: Depending on what address space you currently use is going to determine if the new addresses will be above or below your current range.

  • In your /24, if the existing 3rd octet is odd, then then the /23 space will be below the address space you are in now. Yes x.x.zero.x is a valid range. If you are in x.x.1.x and want to use x.x.2.x then you need to expand even further into a /22 which will also include x.x.3.x.
  • In your /24, if the existing 3rd octet is even, then then the /23 space will be above the address space you are in now.
  • You will want to make sure that any new space included is not in use in another segment of your network before making the change.

Going larger means that your existing gateway will still be in the the masked address space. If you ever had to go smaller, you would need to define a new gateway in the new network space and then update all of the hosts with their correct gateway and mask information.

Prior to the change: I would prepare the DHCP assigned machines by getting them into a more frequent address update timing -- 30-60 minutes.

If your DHCP lease is a day or more you'll want to make this change that much ahead of when you plan to do the cut-over. This way when you make the change the end hosts will get their update sooner and allow you to begin confirming everything is working for those hosts. After everything is confirmed working you can extend the lease time back to where it was.

You don't need to do this if you plan on manually clearing the leases and rebooting all of them, but the whole idea of DHCP is to have the DHCP function provide the update, and its possible that you will miss something. Let DHCP do its thing. This way if you have statically assigned DHCP addresses they will get updated properly.

Time of change

  • Update your router(s) to recognize the new space on the interface.
  • core servers - test
  • update DHCP Server - That Netmask is what propagates to the hosts. Then wait until all the hosts should have the new netmask before you do testing. You can look at the DHCP lease entries to see when they were last provided.
  • While you are waiting for DCHP to do its thing for all of those hosts, you can configure the all of the manual hosts and devices.

Related

Setup an Email server [closed]
CRL distribution point with multiple names
apt-get install -y doesn't work with license agreements, how to automate that?
Create smaller subnets from a large subnet which overlaps
How to convert configmap to azure keyvault
How to check if a Product is installed from launch condition of msi?
HTTP server through reverse ssh tunneling
NGINX setup for REST API returning default configuration
nginx redirect or return single location
dovecot + memcached, how to?
tail command retry flag not working with wildcards?
Turning an IBM lto6 sas HH drive from library to standalone, how?