[CentOS] Re: OT: RIP settings for private netblocks

Mon Oct 6 17:03:03 UTC 2008
James B. Byrne <byrnejb at harte-lyne.ca>

On : Sat, 4 Oct 2008 14:50:37 +0200, "Mr Shunz" <mrshunz at gmail.com> wrote:

> Hi,
>
[snip]

>> Presently the setting for rip is:
>>
>> router rip
>>  version 2
>>  passive-interface [[FastEthernet]]0/0
>>  network aaa.bbb.ccc.0
>>  no auto-summary
>
> is that aaa.bbb.ccc.0 a *public* IP class?

Yes. It is a routable 'c' class address.

> if it is with the conf below:
>
>> router rip
>>  version 2
>>  passive-interface [[FastEthernet]]0/0
>>  network aaa.bbb.ccc.0
>>  network 192.168.0.0
>>  network 10.0.0.0
>>  no auto-summary
>
> you inject private addresses to the other (public?) router...
>
> if aaa.bbb.ccc.0 is another *private* class the configuration
> should be ok...
>
> maybe i misunderstood your question ...
>

This is possibly because I an so unfamiliar with routing that I lack the
terminology to ask it more clearly.

Our internal networks date back to the spring of 1995 and at the time we
used portions of our assigned C class netblock for all hosts.  This
arrangement has survived to the present day.

I wish to move to a private netblock for internal use but I am
operationally constrained to do so gradually.  What I want to do is in the
interim allow host 1 with the public IPv4 addr of aaa.bbb.ccc.171 to
co-exist on the same lan segment as a host with an address of
192.168.2.151 say.  On said segement there is but one gateway to the
Internet, located at IPv4 aaa.bbb.ccc.1.  The rest of the settings are as
in the first example above.  If I add 192.168.0.0 to the list of networks
handled by RIPv2 at the router (and configure the router Eth0 with a
suitable virtual IP from the same network, say: 192.168.71.1) , will
internal traffic originating at a host with an address of 192.168.2.71
reach an internal host at 192.168.61.151 and can 192.168.2.71 also reach
aaa.bbb.ccc.171?

I will deal with NAT issues for these hosts at a later time.  For now I am
concerned only with hosts that should not reach or be reached from the
public Internet in any case and therefore do not need a public IP or NAT.

I do not know if that is any clearer or not.  Basically, I do not wish to
start physically segregating the internal lan into private and public
segments using an internal router.  I want both address spaces to co-exit
on the same switch until the transformation is finalized and then we will
look at whether it makes sense to segregate.

We are taking about dozens of hosts, not thousands.  But we do have legacy
systems that require devoted multiple virtual IPS on a single interface so
the number of IPs in use is several times the number of hosts.

I hope this question makes my desires clearer and provides sufficient
background detail for sensible commentary.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3