Question Bad subnet mask/IP?

[MreSpin]

HI,
I need help with the Internet interface parameters I received.
WAN IP: X.Y.238.68
Subnet Mask: 255.255.255.254
Gateway IP Address: X.Y.238.67
When I fill it into the WAN interface router (Draytek 2860) says:
"Warning !! The WAN IP and Gateway IP you set are not in the same IP network."
Is the subnet mask correct for those IP (I checked bits and seems not right)?
Is there a way to run this network by i.e. adjusting the subnet mask to 255.255.255.248 (I tried but do not work)?
Thank you.

 

[bill001g]

That subnet mask is not valid for a device that uses ethernet. Ethernet needs a extra 2 that are wasted for the network and broadcast ip.

A 254 mask is used on a point to point line, something like a t1 or oc3 type of connection that home routers do not support. You can on cisco commercial routers force a ethernet to run on that mask but you must set a special option so it does not complain.

Maybe it works if you use PPPoE but I have also seen them use 255.255.255.255 on pppoe. It has been a long time since I had a connection like this so I don't remember what is possible.

I would try to get detailed instructions from the ISP. I have seen strange stuff like this from att when you pay for multiple IP addresses but with att you generally have to use their routers and they support stuff other routers do not.

 

[MreSpin]

Thank you for the answer.
The real problem at this moment is not that it's 255.255.255.254 subnet but not matching IP to the subnet. I am not an expert and just want someone to have a look into it.
PS Draytek complains, but it's alow to save whatever I type as subnet/IP.
Can you run a commercial router with the wrong subnet/IP?

 

[bill001g]

That is a very uncommon subnet mask so I did my math wrong.

When you use 254 mask the pairs of ip would be

66-67 or 68-69

I can find no way to use 67 and 68 in the same subnet unless you use the mask 248 as you mention.

So that mask and ip combination would be rejected even on a commercial router.

The concept of subnet really doesn't mean much when you are looking at a internet connection. Even if there are other devices in the same subnet you are really only sending your data to the ISP router to be sent farther into the internet. Even if they allowed it you would never talk to other devices on the same WAN subnet, it would be something like you neighbors routers.

It is extremely wasteful to use small subnet which is why you see ISP going to things like 255.255.252.0 network. Now if they are using private IP addresses then you don't care so much about wasting them.

I guess if it works you just ignore that it is wrong. I suspect that there are routers it does not work on if they enforce the subnet mask rules.

 

[MreSpin]

Thank you for the answer.
The engineer testing that connection said:
"I had a problem when testing on my laptop where it wouldn’t accept the subnet 255.255.255.254 and had to use .240 – I think this is an issue with Windows though."
But these settings (subnet mask 255.255.255.240 and 248) on the router do not make the interface work.
What should I say to the engineer?

 

[ex_bubblehead]

.....What should I say to the engineer?

Personally, I'd tell him to find another job as he's obviously not qualified for the one he has.

 

[bill001g]

Tell him to go read about subnet masks and valid IP addresses.

The reason wrong subnet mask cause issue is if your machine would attempt to do a ARP for a IP it thought was in the same subnet but if it was actually in a different one it would never get a response. None of this really applies on a internet connection where all the communication is with the ISP main router and not between the other device.
The other reason it may not work is the IP broadcast IP is different. The IP broadcast IP is not used for a lot of stuff on ethernet, since it uses mac level broadcast. It might mess up DHCP stuff but if you are hard coding the IP and mask then you don't need DHCP.

It is very hard to say why it doesn't work. .254 is not really a valid mask for ethernet. When you try to do it on a cisco router you have to put in a special option to avoid getting a warning message. Then again many consumer routers are very stupid, there are some that will not let you use anything other than 255.255.255.0 on the lan subnet.

 

[MreSpin]

Thank all of you,
I submitted the request for fixing directly to the company that send me these IPs, together with a link to this forum.
Thus, comments can be read by people who set them up.
FYI,
This same router worked fine before (different IP) with subnet mask 255.255.255.254
Thank you again for your support

 

[~cw]

A /31 mask (255.255.255.254) is valid per RFC 3021 for point-to-point links, it sounds like your connection fits this definition. Your router has no need of a broadcast address for WAN connectivity, just routing to your provider's network, so a /31 is suitable.

Some more details about your connectivity provider would be useful. What is your deployment scenario? Has your ISP fitted an Internet connection presented as Ethernet, is it a PPPoE/VLANned connection for which you have to enter connection authentication details on the Draytek, or is it something else like an EFM/managed network or MWAN/VPLS?


The Draytek is possibly complaining because its network address validation probably doesn't expect a /31 on the WAN. It is possibly validating the IP and netmask based on classful addressing - where networks had more clearly defined 'boundaries'. Nowadays something called CIDR (Classless Inter-Domain Routing) allows more efficient usage of IP addresses through what is called Variable Length Subnet Masking. https://www.auvik.com/franklyit/blog/classful-classless-addressing/


I'm slightly puzzled if you're using a Vigor 2860, because those are primarily marketed as ADSL/VDSL routers. I understand the 2862, 2865 and 2866 can support networks like FTTP using the WAN2 port and some configuration (https://www.draytek.co.uk/support/guides/kb-fttp-wan-setup has a decent set of instructions if you've not seen them already). Have you spoken to Draytek to see what they make of your configuration?

I would expect in your scenario, once you've entered the IP, netmask and gateway IP then done any required Draytek reboots, that you'd be able to ping the .68 gateway IP from the Draytek. Go to its web interface, choose Diagnostics then Ping Diagnosis. (PDF of the manual at https://www.draytek.co.uk/support/downloads/vigor-2860/send/344-vigor-2860/1062-v2860-ug-v45 )

You likely won't be able to ping the gateway from your PC as Windows has always had issues with /31 nets, but provided the connection comes up correctly you should be able to ping things on the wider internet like 8.8.8.8 or 1.1.1.1 from a command prompt.


For the sake of comparison, I have a Gigabit fibre connection which presents as an Ethernet socket in my house. My ISP assigns me a static WAN IP with a 255.255.255.248 netmask (a /29) - more common by convention, but less efficient as it 'wastes' IP addresses in the subnet due to reservation for things like a broadcast address (not used in this scenario).

 

[ajohnson30]

definitely weird. A /31 does technically allow for 2 ip addresses, but as ~cw mentions, the broadcast address and "network address" are usually there and expected, which for any "normal" subnet, use up 2 addresses. Normal WAN router interface design has most admins put a /30 (255.255.255.252) on them at a minimum, giving 4 ip addresses, 2 usable along with the network and broadcast addresses.

....I hope we didn't just answer some kids homework...