0

Background:

I'm redesigning a network of virtual machines. The virtual machines are all on 10.0.2.0/24 and 10.0.3.0/29 networks, the physical network is a 172.32.255.225/28 network, which stands between the virtual machines and the internet. I'd like to change the virtual networks, which will be broken into three VLSM subnets, to use the preceding subnets in the 172.32.255.0 range. The last subnet in the virtual network functions as a DMZ and will use the /29 subnet mask.

Question:

Because the physical network is the last network in the supernet, I am unable to place the virtual networks after that network, while staying within the current subnetting scheme. I'm wondering if it technically possible to have a smaller subnet surrounded by two larger subnets, or must they be sequential networks?

As an example:

  1. 172.32.224.192/28
  2. 172.32.224.208/29
  3. 172.32.224.224/28

vs

  1. 172.32.224.192/28
  2. 172.32.224.208/28
  3. 172.32.224.228/29
Ron Maupin
  • 99,565
  • 26
  • 120
  • 195
Davidw
  • 115
  • 1
  • 1
  • 8
  • Network classes are dead (please let them rest in peace), killed in 1993 (26 years ago, two years before the Internet went commercial in 1995!) by RFCs 1517, 1518, and 1519, which defined CIDR (Classless Inter-Domain Routing). Modern networking does not use network classes. – Ron Maupin May 31 '19 at 05:34
  • Noted and removed. – Davidw May 31 '19 at 05:40
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can provide and accept your own answer. – Ron Maupin Dec 15 '19 at 03:20

1 Answers1

1

No matter what you do, if the VMs are different networks than the network between them and the Internet, you will need a router to connect them to the intervening network. Routers route packets between networks.

Based on your description:

                                           |-> VM Network 1
Internet <-> Router <-> Physical Network <-|
                                           |-> VM Network 2

That must actually be:

                                                        |-> VM Network 1
Internet <-> Router <-> Physical Network <-> Router 2 <-|
                                                        |-> VM Network 2

Understand that no matter how you subnet a network, the subnetted network no longer exists as a separate network, it is a supernet of the subnets. Each subnet is a separate network, and you need a router to send packets from one network to another network.

Also, the first router would need to be told, either with static routes, or through a routing protocols, about the networks behind the second router.

The only other way to accomplish this is with a bridge (switch). Bridges connect hosts on the same network. You could have something like this:

                                                      |-> VMs on Physical Network
Internet <-> Router <-> Physical Network <-> Bridge <-|
                                                      |-> VMs on Physical Network

Also, this two-part answer has sections about subetting, and the problems with subnetting with different network sizes, and how to avoid the inherent problem.

(Hint: your first subnet plan will require a /29 unused subnet between Subnet 2 and Subnet 3.)

Ron Maupin
  • 99,565
  • 26
  • 120
  • 195
  • There's effectively a bridge between the vm's, and the physical network, the WAN virtual switch (the hypervisor is Hyper-V server) is on the physical network, there's two internal virtual switches connected to that via a pair of PFSense vm's, one on each side of the DMZ and the LAN that function as routers. – Davidw May 31 '19 at 06:34
  • 1
    @Davidw So you do have routers in between the subnets. – Zac67 May 31 '19 at 08:01