Currently, our school district is behind a cisco PIX firewall utilizing NAT technology.
Behind our firewall, our internal LANs are numbered 152.157.x.y/24 - where X is the subnet ID of the site or school, and y is the node adderss.
I am attempting to draft a plan to provide a comprehensive guide to renumbering our district, adding OSPF routes to 10.x.y.y/16 networks, to coexist, until the transition is complete.
I had some questions:
Should we use another OSPF process ID? Should we use another area for the 10.0.0.0/16 network? Is there a way to renumber our serial links (which use 198.16.101.x)
100% remotely, to 192.168.1.x? Would it be easier to move to IPv6? Are you aware of any transition to IPv6 guides?
Consider a more flexible network mask. You do not want to have a LAN segment with 2**16 hosts for a lot of reasons consider using /32 masks for loopbacks /31 masks for WAN links /24 or smaller for school subnets
Cisco recomends against doing this is most of their OSPF design guides
I would recommend against doing that You may have need to multiple areas depending on the size of your network for example if some schools are homed to an intermediary school, consider making that a separate OSPF area. Also consider the x.x.x.x format of OSPF numbering so that if necessary hierachy can be built into the numbering
Why not just number out of network 10? You can now have /31 prefix lengths (network mask) for WAN links.
you can also use secondary address on your lan interface at the same time you keep your primary ip address as 152.157.x.y/24. advertise the secondary in your ospf area . once you are satisfied then move the secondary address to the primary address
you can use variable masks - but one of the advantages of net 10 and friends is that there is lots of address space and you can be wasteful.
Use masks that cut down mental arithmetic - the computers dont care, but people work better that way.
Another poster mentioned secondary addresses - just be careful as OSPF doesnt seem to form adjacencies across secondary addresses, so you need to be consistent about which range is primary and secondary. You also may have to alter each router a couple of times to complete.
dont forget the firewall rules, static routes etc will need to be changed as well.
if you dont understand how it works, the golden rule is test it first, or at least make sure you can go back to the original setup.
No - if you do this you then have multiple OSPF networks interconnected at lots of points (each router).
you can let a single OSPF network propagate routes for lots of different network/mask combinations.
no - use the current area structure. if it works now it is good enough to handle the transition.
yes - but if you do this "on the fly" each link will go down as you renumber it - outages and / or topology changes depending on how much resilience you have.
if you have to alter a link, it is best to be able to login to the remote router by another route, or a modem etc.
if not then maybe use a new config file + reboot, but this is dangerous.... no way back from some errors.
sometimes it is just easier to book a good downtime slot and nuke everything in 1 go.
No way. Never a good idea to use software that isnt in widespread use and with no local experience without a good reason. network software is even more susceptable to issues
no
NB - it is unlikely that some of your devices support IPv6 - printers, old PCs, other kinds of devices with embedded code. Others may charge for the upgrade (may well be cisco if you arent up to date).
finally if you have slow serial links the extra address size increase IP overheads - depending on your traffic profile it could be significant.
using the 4 -> 6 transition aids is more complex than sorting OSPF....
personally i like only 254 hosts in a subnet - big flat LANs can be a pain if something goes wrong, and central layer 3 switches are cheap if you use stackables.
main risk is that you are too generous with addresses and run out of ranges -e.g. a lot of IP telephony schemes suggest you split the phone off on a separate subnet - that would double the no. of 10.x ranges you would need.
if the network is static and likely to stay that way then fine.
Unfortunately, we're running into problems with the 254 hosts per subnet...some locations have...an exhorbinant amount of static devices (printers...etc), DHCP ranges are continually being squeezed down and there are too many hosts to fit in that 254 limit.
Fortunately, we aren't likely to add a great number of subnets (24-28 are unused, 37-49 are unused, 53 is unused, 55-69 are unused, 71,
73-75, 77, 79, 80, 82,83,85-99,103-129, 135,137-149, 154,156-159, 161,
163(/28) 164 (/31) 165 (/31) 167-200, 210-254 are all unused)
....so.... ;)
Add 10.x.y.y / 16 as a subint, 10.y.y.y /8 OSPF network mask?
it doesnt sound like there are many routes, dont bother with summarising unless you have some routers with very little memory - so yes that would work.
Well... I'm not the CISCO WAN guy here...but the guy we have in charge of that has NFC. So my process needs to include that. currently, our setup is like such
our interfaces (serial and ethernet) have the following lines no ip route-cache ip ospf hello-interval 15 ip ospf retransmit-interval 10 no ip mroute-cache
router ospf 109 log-adjacency-changes network 152.157.0.0 0.0.255.255 area 24.0.0.0 network 198.83.101.0 0.0.0.255 area 24.0.0.0
Any suggestions for an optimized setup would be great...I believe our slowest WAN link is 224k at this point, but the majority should be
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.