[CentOS] Re: OT: RIP settings for private netblocks
Ross Walker
rswwalker at gmail.com
Mon Oct 6 20:26:43 UTC 2008
On Mon, Oct 6, 2008 at 1:03 PM, James B. Byrne <byrnejb at harte-lyne.ca> wrote:
>
> On : Sat, 4 Oct 2008 14:50:37 +0200, "Mr Shunz" <mrshunz at gmail.com> wrote:
>
>> Hi,
>>
> [snip]
>
>>> Presently the setting for rip is:
>>>
>>> router rip
>>> version 2
>>> passive-interface [[FastEthernet]]0/0
>>> network aaa.bbb.ccc.0
>>> no auto-summary
>>
>> is that aaa.bbb.ccc.0 a *public* IP class?
>
> Yes. It is a routable 'c' class address.
>
>> if it is with the conf below:
>>
>>> router rip
>>> version 2
>>> passive-interface [[FastEthernet]]0/0
>>> network aaa.bbb.ccc.0
>>> network 192.168.0.0
>>> network 10.0.0.0
>>> no auto-summary
>>
>> you inject private addresses to the other (public?) router...
>>
>> if aaa.bbb.ccc.0 is another *private* class the configuration
>> should be ok...
>>
>> maybe i misunderstood your question ...
>>
>
> This is possibly because I an so unfamiliar with routing that I lack the
> terminology to ask it more clearly.
>
> Our internal networks date back to the spring of 1995 and at the time we
> used portions of our assigned C class netblock for all hosts. This
> arrangement has survived to the present day.
>
> I wish to move to a private netblock for internal use but I am
> operationally constrained to do so gradually. What I want to do is in the
> interim allow host 1 with the public IPv4 addr of aaa.bbb.ccc.171 to
> co-exist on the same lan segment as a host with an address of
> 192.168.2.151 say. On said segement there is but one gateway to the
> Internet, located at IPv4 aaa.bbb.ccc.1. The rest of the settings are as
> in the first example above. If I add 192.168.0.0 to the list of networks
> handled by RIPv2 at the router (and configure the router Eth0 with a
> suitable virtual IP from the same network, say: 192.168.71.1) , will
> internal traffic originating at a host with an address of 192.168.2.71
> reach an internal host at 192.168.61.151 and can 192.168.2.71 also reach
> aaa.bbb.ccc.171?
>
> I will deal with NAT issues for these hosts at a later time. For now I am
> concerned only with hosts that should not reach or be reached from the
> public Internet in any case and therefore do not need a public IP or NAT.
>
> I do not know if that is any clearer or not. Basically, I do not wish to
> start physically segregating the internal lan into private and public
> segments using an internal router. I want both address spaces to co-exit
> on the same switch until the transformation is finalized and then we will
> look at whether it makes sense to segregate.
>
> We are taking about dozens of hosts, not thousands. But we do have legacy
> systems that require devoted multiple virtual IPS on a single interface so
> the number of IPs in use is several times the number of hosts.
>
> I hope this question makes my desires clearer and provides sufficient
> background detail for sensible commentary.
You can do this, no prob, make sure the private IPs terminate at the
firewall/proxy with NAT'ing and don't get RIP'd to the edge router
beyond.
I would probably only route 1 set of private IP addresses though,
pick 192.168.0.0/16 or 10.0.0.0/8, but not both. You can subnet 10.0.0.0
into as many subnets you want with variable subnetting. Use vlans on
the routers/switches, one vlan for the public IPs, one for the private IPs
and as hosts are migrated from public to private IPs you will remove
them from vlan A and add them to vlan B, if you use DHCP it makes
things sooo much easier as all you need to do is change the vlan
assignment.
Here I have a class B allocated from 10.X.X.X for each office site, and
separate class Cs for each network within those sites.
Turn subnet auto-summation off too.
If you want more detailed config info email me off-list.
-Ross
More information about the CentOS
mailing list