Extending a subnet

Mike Lovell mike at dev-zero.net
Sun Oct 4 01:32:36 MDT 2009

On 10/4/2009 12:06 AM, Kenneth Burgener wrote:
> Hi fellow PLUGers,
> Hopefully a quick basic Network Management question:
> I have a private network behind a NAT switch with a network
> address and a subnet mask.  I wish to expand the subnet to
>  If on the NAT switch I were to just expand out the subnet,
> would it break anything?
> My expectation is the current servers would continue to function as is.
> I could then add new servers, with the expectation that they wouldn't be
> able to speak to servers with the old subnet mask, until updated.  I
> could then slowly update the old configured servers as needed.  All
> servers would then continue to work as expected, and will continue to
> have Internet access.
> Would this break anything else?  Or is my expectation correct?

in theory this could work. the only place i can see problems would be 
with any ip broadcasts between the gateway and the old subnet. dhcp and 
are will still work since they use ethernet broadcasts which are 
independent of the ip networks on top. but if you have much else using 
broadcast, it might break. there is a catch in that would be 
a valid address in the new subnet but you wouldn't be able to use it 
until you migrated everything on the old subnet. you might want to do a 
tcp dump on the network and see if much traffic is going to the 
broadcast address and then try to figure out if traffic to the broadcast 
breaking will cause application problems.

may i also make a recommendation? don't use a (aka /16) 
subnet unless you really need close to 65000 hosts in one subnet. CIDR 
removes the need for classed subnet masks and having a /16 is really 
big. we used a /16 for a network at work and it has caused headaches in 
the past. I would recommend doing something like a /23 ( 
or /22 ( if you need more hosts than that, you should 
consider splitting your network into multiple subnets and routing 
traffic between them. i don't know if you will ever have to worry about 
a security audit, but giant broadcast domains with everything in them 
have a tendency to scare security guys.

hopefully that provided some useful information.


More information about the PLUG mailing list