[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 508
  • Last Modified:

Subnet full

Hi There,

I have a subnet at a site that is just about full. Its a C class (Eg 192.168.0.0/255.255.255.0).

I have servers, workstations and printers in this subnet. I have thought of splitting servers into their own subnet (via a VLAN) but am worried about the performance implications of this. If i have to do inter VLAN routing will this reduce the bandwidth available (and increase latency) for the workstations to access servers?

The other option is to stretch out the subnet mask for the existing network (Eg. 192.168.0.0/255.255.255.248) but im already using the above network at another site (Eg 192.168.1.0/255.255.255.0).

Any thoughts?



0
thegewse
Asked:
thegewse
2 Solutions
 
bmakerCommented:
Vlan's will be the easiest solution if you have a good layer 3 switch to do the routing for you.  Bandwidth latency will be dependant on the hardware.  I have not experienced latency on HP and Cisco, 3Com.
0
 
MikkkCommented:
A good practice is to change the subnet mask:
if you use: 192.168.0.0/255.255.254.0
your LAN range will be from 192.168.0.1 to 192.168.1.254 (512 IP avaliable)
I would configure DCHP to range 192.168.1.1 to 192.168.1.254
and let 192.168.0.x be static ip range for printers, routers,switches and servers

The only problem is that you have a 192.168.1.x LAN, so maybe you sould think about changing the IP rank to something like 192.168.100.0/23

I think you have to worry about future growing, and changing mask is the easyest way: if you then reach more than 512 machines, you can change the mask to /22 and get 1024 IPs (192.168.0.1-192.168.3.254)
0
 
orizivCommented:
VLAN routing is another task your switches will have to dill with so, in theory you will pay performance penalty.
However, today's network infrastructure can handle these kind of tasks with latency of a few nano-seconds.

As for the other option, it is recommanded under 2 conditions:
1. You don't own a 3rd layer switch (why buying expensive HW if you can provide solution without costs?)
2. Your other site has no direct connection to the first site (if it has, you'll have to change the other sit's IP subnet to say 192.168.100.0)
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
thegewseAuthor Commented:
Hi All,

Thanks for comments.

Regarding the VLAN option, If i have to create a VLAN subinterface on the LAN interface of one of my routers to route between VLANs. Wont all the traffic from the Server VLAN to the Workstation VLAN have to cross this interface?

If this is a 100Mbit interface will the maximum bandwidth available for all workstations to reach servers be 100Mbit? This would be a significant drop compared to the 1Gbit uplinks i have joining switches currently
0
 
orizivCommented:
Today's switches are smart enaugh to direct rout your traffic if the detination IP is directly connected to the switch. That although the VLAN configuration.
In case the destination IP isn't directly connected to the switch you are right, all traffic will pass through the devided interface.
If you already have the HW, you can try it for a couple of days.
In any case, increasing your subnet by definning a 24 bits mask is the easyest way to deal with the problem.
Just set your DHCP to exclude 192.168.1.0-255 and make the right routing rules.

B.T.W.
Why not change the whole IP network to 10.0.0.0 it will solve your problem with no duplications at all?
0
 
thegewseAuthor Commented:

I think the final solution will be to increase my subnet size, but this will not happen until i have a chance to reconfigure all infrastructure.

I might make a "printer" VLAN in the mean time to give me some breathing space..

Oriziv: I have a private network that uses the 10.0.0.0 range and i dont want to confuse internal LAN ranges with private network ranges..

Thanks for the good advice. Points split between Mikk and oriziv
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now