0

Background:

I'm redesigning a network of virtual machines. The virtual machines are all on 10.0.2.0/24 and 10.0.3.0/29 networks, the physical network is a 172.32.255.225/28 network, which stands between the virtual machines and the internet. I'd like to change the virtual networks, which will be broken into three VLSM subnets, to use the preceding subnets in the 172.32.255.0 range. The last subnet in the virtual network functions as a DMZ and will use the /29 subnet mask.

Question:

Because the physical network is the last network in the supernet, I am unable to place the virtual networks after that network, while staying within the current subnetting scheme. I'm wondering if it technically possible to have a smaller subnet surrounded by two larger subnets, or must they be sequential networks?

As an example:

  1. 172.32.224.192/28
  2. 172.32.224.208/29
  3. 172.32.224.224/28

vs

  1. 172.32.224.192/28
  2. 172.32.224.208/28
  3. 172.32.224.228/29
Ron Maupin
  • 102,040
  • 26
  • 123
  • 202
Davidw
  • 115
  • 1
  • 1
  • 8

1 Answers1

1

No matter what you do, if the VMs are different networks than the network between them and the Internet, you will need a router to connect them to the intervening network. Routers route packets between networks.

Based on your description:

                                           |-> VM Network 1
Internet <-> Router <-> Physical Network <-|
                                           |-> VM Network 2

That must actually be:

                                                        |-> VM Network 1
Internet <-> Router <-> Physical Network <-> Router 2 <-|
                                                        |-> VM Network 2

Understand that no matter how you subnet a network, the subnetted network no longer exists as a separate network, it is a supernet of the subnets. Each subnet is a separate network, and you need a router to send packets from one network to another network.

Also, the first router would need to be told, either with static routes, or through a routing protocols, about the networks behind the second router.

The only other way to accomplish this is with a bridge (switch). Bridges connect hosts on the same network. You could have something like this:

                                                      |-> VMs on Physical Network
Internet <-> Router <-> Physical Network <-> Bridge <-|
                                                      |-> VMs on Physical Network

Also, this two-part answer has sections about subetting, and the problems with subnetting with different network sizes, and how to avoid the inherent problem.

(Hint: your first subnet plan will require a /29 unused subnet between Subnet 2 and Subnet 3.)

Ron Maupin
  • 102,040
  • 26
  • 123
  • 202