lieing about the subnet mask


JQ Johnson (jqj@drizzle.uoregon.edu)
Wed, 18 Nov 87 12:19:18 PST


RAF@NIHCU.BITNET recently asked about multiple IP subnets on a single
wire and similar permutations of the homogeneous one subnet per wire IP
layout.

A number of people responded to him by mail suggesting that he lie to
some hosts about the subnet mask. To simplify the example, suppose that
we have 2 connected Ethernet cables configured as two subnets of a
class B net: subnet A, 128.223.8.0, whose hosts think the subnet mask
is 255.255.255.0 (8-8); subnet B, 128.223.16.0, whose hosts think the
subnet mask is 255.255.240.0 (4-12). Given most current subnetting
implementations, hosts must think the class B network is homogeneous.
Thus, hosts on A think that there are 15 8-bit subnets 128.223.16.0,
128.223.17.0 ...; hosts on B think that A is part of a 4-12 subnet.
Note that hosts on B *must* route to subnet 128.223.9.0 (if it exists)
through the same gateway as they route to subnet A [though redirects
may change the routes to individual hosts on 128.223.9.0]; thus the
physical topology should be hierarchical. And the gateway's RIP code
needs to be hacked to advertise on A not just 128.223.16.0 but
128.223.16+x.0.

OK, so if the connection topology is hierarchical and we have control
over the gateway code, then the routing seems to work. But what happens
with broadcast addresses? Suppose a host on A sends to 128.223.8.255.
For the gateway to know this is a broadcast, its subnet mask must be
the same as the host's. Similarly for B -- a local broadcast to
128.223.31.255 on cable B needs to be interpreted as a local broadcast
by the gateway; if the gateway thinks it has 16 addresses on cable B
and that the subnet mask on B is 8-8, it will interpret this as a
letter bomb (aka directed broadcast) destined for subnet 128.223.31.0,
and may well rebroadcast it on the same cable! That would lead to
meltdown. Even if the gateway doesn't forward letter bombs, it needs
to be able to generate broadcasts on B itself.

So the gateways need to be smart and have different subnet
masks for the two subnets. They can't fake it by considering the
larger subnet to be several small subnets; they must have the same
view as do the hosts on the subnet.

Note that it is impossible for hosts to send directed broadcasts -- a
host on A who wants to send a directed broadcast to B will send to
128.223.16.255 or something, which the gateway had better interpret as
a host address on B. So we've made directed broadcasts impossible; bfd
perhaps, but a violation of the RFCs. And I bet we can't run a stock
4.3BSD system as the gateway. The KA9Q code probably works (?).

We'd better not allow any hosts on subnet B to have addresses of the
form 128.223.16+x.255 (x={0,...,14} either, since that looks like a
broadcast address from the viewpoint of a host on A.

What else breaks? I dunno. None of the above is particularly
disasterous, and a site trying it may get good enough performance and
connectivity to think it's working even if there are hidden serious
problems. However, it is complex enough that I'm worried that something
else which IS disasterous will come along. The apparently innocuous
suggestion has certainly increased the complexity of the protocol
substantially! Am I being a nervous nellie? Has anyone analyzed this
carefully?



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:39:56 GMT