What are the implications of expanding an internal subnet mask?

subnet ip

Maybe not the best design:
Are you sure that is the route you want to go? It should work fine, but then you are using the entire 192.168.x.x network for one broadcast domain. That is going to give you 65534 hosts. If your company grows, you are going to have re-subnet the entire network again or start using 10.x.x.x or 172.16-172.31.x.x address.

A More Standard Way to Approach it:
I think a more normal approach be to use a subnet per location, or office floor, etc.

  1. Start with how many machines might end up at each location and then maybe bump up to the subnet above that.

For Example:
So if you think you might have 254 devices on the network per area, bump it up to 255.255.252.0, the next subnet up. This will give you a host range of 192.168.0.1-192.168.3.254. Then when it becomes time to expand, the next range using the same subnet mask would be 192.168.4.1 to 192.168.7.254.

A Simple Way:
A simple way if your office is small, would be just to set the DHCP range to something like 192.168.0.1-150, and then use the rest of the IPs in that address space for static assignment. Your DHCP server should have the option to specify a host range to hand out that doesn't line up with network mask. And if it only works by subnet masks, you could always cut the subnet in half with a mask of 255.255.255.128.

A Good Subnetting Read:
I recommend reading Evan's answer to How does Subnetting Work, and How do you do it?.


Immediate Implications:

It shouldn't cause too much disruption. But you should be aware that devices which renew their leases into the additional space of the /16 won't be able to communicate with devices still on the /24 and vice versa.

Future Implications:

A /16 is one very big broadcast domain and not the most efficient way to manage a large network. Even if you aren't expanding the number of devices on the network, consider separating the devices onto separate networks/broadcast domains and routing between them at a common point. Assuming that they won't exceed the capacity/throughput of the router.


Rather than changing to 255.255.0.0 I would be inclined to change to something like 255.255.252.0, for the same reasons that Dan C mentions. This will give you 1022 usable IP addresses on your network, which should cover your immediate requirements as well as give you headroom for growth and the partitioning you want. 192.168.0.x would remain your DHCP range, 192.168.1.x, 192.168.2.x and 192.168.3.x would be available for other devices.

You will also need to reconfig your router and/or firewalls to recognise the new range of internal IP addresses, otherwise you might find that traffic coming to them from an internal device is not recognised as being on the same network.

It might not be a big deal, but your networks broadcast address will also change here.


"Neat and tidy" was something that I did when I was younger and more idealistic. Now I just let devices pull DHCP or randomly assign them IP addresses. Everything gets assigned a name in the DNS, and I refer to everything by name. I couldn't care less what IP address a given device has. I don't see much of a business case for being "neat and tidy" w/ IP address assignments. You can just use DNS.

It's a different story entirely if you're talking about breaking up your network into multiple subnets in order to create VLANs and firewall off parts of the network from each other. Likewise, if you're assigning devices into different parts of a subnet in order to make effective edge firewall rules (servers live in the 192.168.0.0/28 range of the 192.168.0.0/24 subnet, for example) then that's also a worthwhile goal.

It sounds like you have a pretty good handle on what's going to happen already.

If you change the subnet mask on the statically-configured devices at the same time as you change the subnet mask on DHCP server(s) then you'll see no changes in behaviour. If you leave devices with the old subnet mask they'll only be able to talk to devices that still have addresses in the old subnet's range. (So, don't go moving your printers into 192.168.0.0/16 until the server computers that queue for those printers have /16 subnet masks).

Think hard about why you're doing this. If you really do need the address space and you're going to make some use of the "neat and tidy" IP addresses besides looking at them with your eyes then it probably makes sense. If you just want to get the satisfaction of knowing that all printers have "192.168.2.0/24" addresses (but aren't putting them into a VLAN or making some firewall rules based on their location in the address space) then I suspect it's not really worth it.

Related

Adding new root/enterprise CA without disturbing existing one?
Ubuntu server 9.10 freezes up after ~10 minutes
How to provide proper backups for multiple Linux based servers? [closed]
How can I get BIND and Microsoft DNS to work together well?
How do I add outbound only mail service for local tools to a 'minimal' debian system?
How to connect to an AWS RDS database (deployed in VPC) with an SQL client?
How to best migrate a server to new hardware
Find what PHP script is running on each HTTPD process
Linux traffic shaping using TC
How do I make Nginx redirect all requests for files which do not exist to a single php file?
Testing a server before installing an OS
nginx HTTPS WWW redirect to non-WWW