Coming from more of a networking background than an AD background I wouldn't have immediately thought of super-netting out right, myself. So the point is well taken. If given this problem with no other background I'd probably think more in terms of 'brouting' (bridged routing) or using Server 2000/2003 routing features to bridge the two segments rather than do some bridging through more traditional networking means. Either is possible - even viable it depends more on the individual preferences and topology. You could certainly test both options to see which gives you the best performace. Though I suspect that using the brouter technique, off loading some of the processing to the network may give the best performance in the longer run, no?
Been a long time since I have even said the term 'brouter'. Sounds so ancient. Theres my fuel to the fire, Enjoy! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. "joe" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 01/28/2007 09:00 AM Please respond to ActiveDir@mail.activedir.org To <ActiveDir@mail.activedir.org> cc Subject RE: [ActiveDir] Overlapping AD Subnet Boundaries > I think that someone knowing this wouldn't have post the question. I don't agree with this part. A lot of people don't think you can supernet AD subnets. In fact I have had people tell me outright it is impossible to do that in AD even when I tell them it has been my standard practice since Windows 2000 RTM'ed. They think it is just like the routing subnets where you have to very careful what you are doing or you will break packet routing. I see this question on a pretty regular basis in various forums, at least once per month. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 3:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries I know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com ----- Original Message ----- From: joe To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com ----- Original Message ----- From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I’d have to manually enter if this is not the case. I don’t mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax Message scanned by TrendMicro Message scanned by TrendMicro
