Many network administrators are using secondary addressing and supernets as a way to “simplify” their IP networks.  While there was value in the early days of networking for this practice, many IT managers learned a painful lesson.  To better understand why this should not be considered a best practice for IP networks, it is important to look at the underlying technology of most networks to understand the risks.  That underlying technology is of course Ethenet.

Ethernet was developed as a broadcast medium. At its core Ethernet uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Ethernet at its inception used collisions as a way to handle congestion and give every user access to the communications medium. As networks grew, the need arose for improved bandwidth to the end user. Prior to the invention of the switch, bridges were used to reduce the collision domains in an Ethernet network. Switches are essentially multiport bridges that eliminate collisions and deliver dedicated bandwidth to the end device. It is important to note a this point that while switches control the unicast traffic to the end device, they forward all broadcasts and multicasts to all ports on that VLAN.

In a large switched environment broadcast storms soon became a major issue causing numerous network outages. At this point, the need to reduce broadcast domains became a major design issue. This introduced the concept of VLAN’s. By deploying VLAN’s in the enterprise, network managers were able to reduce the size of the broadcast domains in their networks. This is why many organizations migrated to RFC1918 address space to allow them to assign a subnet to a building, floor, department or other criteria without running out of public addresses.

So the question becomes do I stick with a single class C subnet that gives me 254 addresses per VLAN or do I use variable length subnet masks and supernetting or secondary addressing to create larger broadcast domains. The answer to this question is a definitive NO! It is important to remember that one of the enemies in a network is broadcasts. Supernetting or using secondary addressing increases the broadcast domain and can be detrimental to end user and network performance.

To better understand this issue, we need to review Ethernet as a transport mechanism again. This is where the OSI model comes into the picture. At the physical layer, the modern transport medium for Ethernet is unshielded twisted pair cabling. The next step, data link layer in this case is Ethernet. The third layer, Network is where IP comes into play.

Every station in an Ethernet broadcast domain receives all broadcast and multicast traffic in that domain and must process that packet to determine if it is destined for that machine. After it receives the broadcast Ethernet packet, it strips off the Ethernet header and passes that packet to the Network layer. At this point the end station determines if that broadcast packet needs further processing. Regardless of whether the packet was destined for that end station, it must still perform processing on the packet.

As you can see, supernetting or using secondary addresses can be detrimental to network performance because of the increased processing at the end workstation. In addition, it gives worms, viruses, malware etc access to a greater number of devices due to the increase in users in a common broadcast domain. The next time someone asks you to supernet or use secondary addresses in your network just say no !

Author: Mike Lundy

Posted at Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Tagged with:

Filed under: Data Networking

Like this post? Subscribe to my RSS feed and get loads more!