I am eventually switching paths to the Inet. I have a 2nd PIX firewall and the connection has tested well through it. Our net is low on ips anyway(we have to use static IP), so I am going to put in a new 2621 router and add a subnet. Right now we have been using
192.168.1.x and 192.168.5.x with a router between. We have a surplus of 3 routers. I was thinking of adding 192.168.11.x for floor 11 and eventually add a 12 and 13 for those floors. This would limit the subnet size to 100 because that is physically how many people are on each floor. The question is, traffic wise, is this better or would I be better off with using an IP with a larger pool (like 172.16.x.x) and put all 300 people and their printers in one subnet? The servers would have to stay 192.168.1.x for a few legacy reasons. What would you folks suggest? thanks for your help.
All depends on requirements, but to be perfectly honest, subnets up to
500 or even 1000 hosts should be absolutely fine. However, different things may change the 'bigger is better' mantra, namely isolating important applications (things like voip). While a voip vlan can also be 255 addresses, you generally don't want that traffic coexisting on the same source/destination networks are generic data traffic. Additionally, I would always plan for some factor of growth. In your case, using 172.16 or 10.x addresses could be fine (or 192.168.x), and I would just keep it simple at /24s. When you get into DC design, you can also begin to use the subnet numbers and the vlan numbers to create a usable schema. Assuming you have a central core, you can do vlans 0-10 are for core DC functions (0 =3D loopbacks, 1 =3D network interfaces, 2 =3D routing, 3 =3D routing, 4 =3D management interfaces, 5 = =3D wintel, 6 =3D nix, etc. Then 10 and up or 20 and up are users or floors, where 21 =3D floor 1, 22 =3D floor 2, etc. The point is, there is no right/wrong way, other than to ensure you have room for growth, and don't over engineer. This also changes if you begin to do distributed layer 3 where your switches are also their own routers, and then you have to start thinking about summarization as you climb up the distribution and core layers.
Short answer, use a /25 or /24 and be done with it. No reason to split it up smaller (unless you have limited address space or have special requirements to separate traffic). Conversely, I would not go over a /22. Even if you can support it, I also like to keep similarly sizes subnets to keep it simple/clean, and /22s are not really feasible unless the building has many floors or a very large DC. Lastly, another reason to split up subnets is security. If you need some ports to be locked to just the internet or just internal, that is another reason you may need to split things up a little more.
I would use network 10 addressing as it would allow you to put some meaning into the 2nd and 3rd octet should you wish to do that or just assign randomly or sequentially. I would definitely not use
192.168.x.x addressing
10.floor_X.area1.device1
I would always go for smaller subnets for a whole host of reasons /
IP address subnetting can get people stuck in a class based mentality. IP address subnets end up getting assigned based on the original Class B and Class C subnets with subnet masks of either 255.255.0.0 or 255.255.255.0. This results in IP address subnets of either 256 addresses or 65536 addresses without much sizing in between.
For example: If you have 3 floors of a building, the IP address subnets get divided like this:
10.0.1.0 / 255.255.255.0 - floor 1 LAN for PCs
10.0.2.0 / 255.255.255.0 - floor 2 LAN for PCs
10.0.3.0 / 255.255.255.0 - floor 3 LAN for PCs and then continuing with...
10.1.1.0 / 255.255.255.0 - floor 1 seperate subnet for servers
10.1.2.0 / 255.255.255.0 - floor 2 seperate subnet for servers
10.1.3.0 / 255.255.255.0 - floor 3 seperate subnet for servers and then so on for printers, management devices, etc...
Perhaps these 10.0.X.X subnets are used for the common LAN communication, and subnets starting with 10.1.X.X and 10.2.X.X following the same 1,2,3,4,5 numbering in the third octet follow for printer, server, and other subnets on each floor.
I like breaking things down into the available sizes in between of 512,
1024, 2048, 4096, 8192, 16384, and 32768.
How about this example where all addresses begin with 10.0.x.x:
10.0.0.0 / 255.255.255.128 - floor 1 LAN for PCs, up to 125
10.0.1.128 / 255.255.255.192 - floor 1 for extra systems, up to 61
10.0.1.192 / 255.255.255.224 - floor 1 for non PCs like time clocks, kiosks, etc.., up to 29
10.0.1.224 / 255.255.255.240 - floor 1 servers, up to 13
10.0.1.240 / 255.255.255.240 - floor 1 for router loopback and switches, up to 13 Summarized route for entire floor: 10.0.0.0 / 255.255.254.0 then repeat for each continuing floor:
10.0.2.0 / 255.255.255.128 - floor 2 LAN for PCs, up to 125
10.0.3.128 / 255.255.255.192 - floor 2 for extra systems, up to 61
10.0.3.192 / 255.255.255.224 - floor 2 for non PCs like time clocks, kiosks, etc.., up to 29
10.0.3.224 / 255.255.255.240 - floor 2 servers, up to 13
10.0.3.240 / 255.255.255.240 - floor 2 for router loopback and switches, up to 13 Summarized route for entire floor: 10.0.2.0 / 255.255.254.0
It is not as pretty on the eyes, but allows summarized routing and efficient use of the address space. With only a few floors, memorziation of the IP address prefix for a floor comes rather quickly and is only the concern of the network administrator. I just hate seeing a block of 65536 IP addresses used for a segment with only 100 PCs and a block of 255 IP addresses used for a segment with only 10 hosts, and situtaitons like that. It probably comes from formerly working in a company that owned a Class A address range on the Internet.
Why not just have the floor switches uplink to a router? Instead of having a physical router on each floor, have a single router on only one floor that has switches from each floor connected to it. Perhaps each floor has Cisco Catalyst 2950 switches and use fiber optic connections into a main Cisco Catalyst 3550 or 4500 series that performs the routing as a "layer 3 switch"?
----- Scott Perry Indianapolis, IN
-----
Now the really stupid question, would I just put in a 2621 router for each floor to make the jump from one subnet to the 192.168.1.x main network?
I already have several 2621 routers. I figured I would configure each with a FE0/0 =3D a different floor ip set(192.168.11.x, 192.168.12.x and
192.168.13.x) and each with FE0/1 =3D a different 192.168.1.x(this is where the servers are and need to stay at least for now.) This allows each floor to have 254 ips for PCs, printers and specialty servers(should be between 100 and 200 per floor most likely). Each router would know how to get to the others would have a permanent
0.0.0.0 route to the inside of the PIX. This would minimize the single point of HW failure and from reading responses and other research, it seems having one extra hop across a router shouldn't slow it down much. Is that not correct?
After thinking on this all night, would it be better to do
192.168.floor.x and subnet 255.255.0.0? I could then leave the servers and printers as they are a1 192.168.1.x and just change their mask to 255.255.0.0. I could then put in one router that points the way to the internet(inside addr of the pix) and points the way to our other offices(192.168.1.officenumber-this side of their router). We are already at ~300hosts and may grow another 100-200. If I am thinking right, anyone in this office can then talk to the servers and printers w/o jumping a router and the servers don't need to be re- ip'ed. Am I totally seeing this wrong? Thanks for all your help. I am trying to weave through legacy mistakes that I and those before have made.
My personal answer is, no. Subnet to /24 or /25, keep it by floor or some logical compartment, and stay away from using supernets as subnets. That isn't to say that 10.0.0.0 can't be location A andd
10.1.0.0 can't be location B, but that kind of logic is better used for large organizations and you do that via route summarization, not single vlans. Just speaking for myself, I would NEVER subnet larger than a /22 (1000+ hosts) within a data center (and we have 38 of them), but would easily summarize to a /16 by site if that is the way it broke up. All in all, I would consider 192.168.0-15 is site 1 (or perhaps 0-7), and then the next 8 or 16 /24s would be site 2, site 3, site 4, etc. This is much more efficient, gives room for growth, and does not carve out some ungodly subnet.
Think of it this way, you acquire a company that uses 192.168.0.0 at their facility. What do you do? You can't use anything in 192.168 because you are using a /16 (unless you want to extend your broadcast domain over your WAN, which would not be such a good idea), so you have to re-address the whole thing, rather than perhaps just the third octet. Yes you can NAT and other things, but think through the evolution of your company/business...including the fact that mergers/ acquisitions/growth will kill a network design if you don't have flexibility.
Overall, carve out some space with growth, and you don't have to match the third octet to floor if you have large floors. Then just use VLAN #, and instead just memorize or document the mapping of subnets to vlan numbers. IE (floor 1 =3D vlan 1 =3D 192.168.4.0 /23), floor 2 =3D vla= n
2 =3D 192.168.6.0 /23). I generally reserve the first few /24s at a site for network management, routing, etc.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.