gbauer17
asked on
Best Practices for Subnet
Hello,
I am on the verge of redesinging our network infrastructure, but I am not sure what the best practices are for this. The reason I am doing this is because we are starting to run out of IP Addresses, we currently use 192.168.100.1 - .254. I want to be able to create multiple different subnets for our organization because it is a fast growing company, is the past 2 years we have grown 286%. I was originally going to use 192.168.32.1 - 192.168.63.254 with a Subnet Mask of 255.255.224.0. The only problem I have with this is that I cannot implement that idea over time because a 192.168.32.1 will not ping a 192.168.100.5 address. Is there any other IP Subnets that you can think of that I can implement over time as well as being a good standard for growing. Is there any documents that anyone can point me to to get best practices. Thanks
I am on the verge of redesinging our network infrastructure, but I am not sure what the best practices are for this. The reason I am doing this is because we are starting to run out of IP Addresses, we currently use 192.168.100.1 - .254. I want to be able to create multiple different subnets for our organization because it is a fast growing company, is the past 2 years we have grown 286%. I was originally going to use 192.168.32.1 - 192.168.63.254 with a Subnet Mask of 255.255.224.0. The only problem I have with this is that I cannot implement that idea over time because a 192.168.32.1 will not ping a 192.168.100.5 address. Is there any other IP Subnets that you can think of that I can implement over time as well as being a good standard for growing. Is there any documents that anyone can point me to to get best practices. Thanks
How did you configure the router that deals with the subnets?
I used to work with a network of 1000+ nodes and a "licensed" Class B address space (meaning we had 65,000 public IPs - and no, we weren't an ISP). We discussed this a couple of times and it became clear that using a CLASS B mask was a REALLY BAD IDEA. When doing that, broadcast traffic can get overwhelming and is, quite simply, not advisable. What I would recommend is getting a REAL router or some switches capable of VLANing and setting up a series of CLASS C address spaces. Divide up your organization based on some logical items - departments, geography, floors, something you don't have TOO many of but where each unit will be AT MOST 100 systems. Then use Class C masks and addresses (255.255.255.0 is a class C mask). You will now need to know something about routing, but with this scheme you should have PLENTY of growth room while not causing inefficiencies in your network due to high broadcast loads.
What we did was assign a subnet (CLASS C Networks) to each building (we had about 20) and in one case, each floor of a building. We also segregated the IT dept from another dept. in the same building and finally, we had MOST of the servers (50+, excluding clusters) on their own subnet.
What we did was assign a subnet (CLASS C Networks) to each building (we had about 20) and in one case, each floor of a building. We also segregated the IT dept from another dept. in the same building and finally, we had MOST of the servers (50+, excluding clusters) on their own subnet.
There are a number of things to take into consideration. Firstly I would try to estimate what are the maximum number of hosts that you will require in a single subnet. If this is likely to be more than 200 than you will need to look at using subnet masks other than 255.255.255.0. The second estimate you should take is the number of physical subnets you require, you will require at least one subnet for each LAN site. There might be reasons where you would allocate more than one subnet to a site .e.g., a subnet for a factory LAN and a subnet for an Office LAN.
Once you have this information you can choose the most appropriate of the private IP address ranges. 10.x.x.x, 192.168.x.x or 172.(16 to 31).x.x. These subnets provide different levels of scalability.
I would try to maintain standards over each subnet .i.e., only use two different subnet mask sizes one for large sites one for small sites. Standardise on IP addresses for the default gateway on each site. Standardise on ranges on IP addresses that servers, printers and PCs can use. This will aid management of the network as it grows.
You want to take the last 2 comments into consideration and factor in your expected growth, then add another 20-25% for each subnet
Class B Effective Effective
# bits Mask Subnets Hosts
2 255.255.192.0 2 16382
3 255.255.224.0 6 8190
4 255.255.240.0 14 4094
5 255.255.248.0 30 2046
6 255.255.252.0 62 1022
7 255.255.254.0 126 510
8 255.255.255.0 254 254
9 255.255.255.128 510 126
10 255.255.255.192 1022 62
11 255.255.255.224 2046 30
12 255.255.255.240 4094 14
13 255.255.255.248 8190 6
14 255.255.255.252 16382 2
Leew's comments on broadcast domains are important for performance, and the reason WHY you dont want to use one subnetmask for the entire network. Saineolai's comments about grouping computers and servers that access each other into one subnet are also very important in order to minimize your local traffic to a specific subnet.
Class B Effective Effective
# bits Mask Subnets Hosts
2 255.255.192.0 2 16382
3 255.255.224.0 6 8190
4 255.255.240.0 14 4094
5 255.255.248.0 30 2046
6 255.255.252.0 62 1022
7 255.255.254.0 126 510
8 255.255.255.0 254 254
9 255.255.255.128 510 126
10 255.255.255.192 1022 62
11 255.255.255.224 2046 30
12 255.255.255.240 4094 14
13 255.255.255.248 8190 6
14 255.255.255.252 16382 2
Leew's comments on broadcast domains are important for performance, and the reason WHY you dont want to use one subnetmask for the entire network. Saineolai's comments about grouping computers and servers that access each other into one subnet are also very important in order to minimize your local traffic to a specific subnet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Listed below is what I have in our Network as well as what I want to do
Servers:
1 Exchange Server
4 IIS Servers that host internal Web Applications
4 SQL Servers
1 Fax Server
2 Active Directory Servers
3Com 4924 that handles Layer 3 Switching
I want to cut down on our broadcast domains as well as plan for the future. I was thinking of doing all Computers on 1 Subnet, then all Servers on 1 Subnet, all Switches, Routers etc. on 1 Subnet and then our VOIP 3 Com V3000 on its own subnet. I do not know if I am trying to break them up too much. Thanks
Servers:
1 Exchange Server
4 IIS Servers that host internal Web Applications
4 SQL Servers
1 Fax Server
2 Active Directory Servers
3Com 4924 that handles Layer 3 Switching
I want to cut down on our broadcast domains as well as plan for the future. I was thinking of doing all Computers on 1 Subnet, then all Servers on 1 Subnet, all Switches, Routers etc. on 1 Subnet and then our VOIP 3 Com V3000 on its own subnet. I do not know if I am trying to break them up too much. Thanks
I'm not sure about the switches, but I *THINK* they may need an IP in each subnet. I would definitely put the phones on their own subnet - in fact, I'd probably put the phones on their own switches. Then the servers could have their own subnet (though you don't have THAT many servers). Again, I'd probably break up the subnets by departments/floors/buildin
Generally the more breakup the better... If the switches are breaking up the broadcast domains, they will need an IP on each subnet the switch is connected to... You won't techincally need a subnet just for the switches, unless you you use 802.1q vlan trunking. Then you might use it and possibly setup some of the QoS tagging too for your switch vlan so you can still administer it if you ever had a broadcast storm.
!!!!!!!WATCH OUT FOR LACP IF YOU ARE USING HP PROCURVE SWITCHES ANYWHERE!!!!!!
LET ME SAY IT AGAIN
!!!!!!!WATCH OUT FOR LACP IF YOU ARE USING HP PROCURVE SWITCHES!!!!!!!!
It will KILL you! DEATH! BLEEdING!!! CRYING and GNASHING OF TEETH! FIRING!!!! Ouch!!!
if you have HP switches get to the config term mode and type this command: no lacp all. It WILL save your life and career.
LACP doesn't seem to cause problems on Cisco eqiupment so far.
All that said your plan sounds great!
regards,
c
!!!!!!!WATCH OUT FOR LACP IF YOU ARE USING HP PROCURVE SWITCHES ANYWHERE!!!!!!
LET ME SAY IT AGAIN
!!!!!!!WATCH OUT FOR LACP IF YOU ARE USING HP PROCURVE SWITCHES!!!!!!!!
It will KILL you! DEATH! BLEEdING!!! CRYING and GNASHING OF TEETH! FIRING!!!! Ouch!!!
if you have HP switches get to the config term mode and type this command: no lacp all. It WILL save your life and career.
LACP doesn't seem to cause problems on Cisco eqiupment so far.
All that said your plan sounds great!
regards,
c
this wil give you a ton more ip adresses, 192.168.0.1 - 192.168.255.254
if you want different subnets and you still want conectivity between them you will need to place routers between the subnets.