asked on
resubneting a network
hi all,
we currently have a 255.255.255.0 network (192.168.0.0) meaning - up to 254 ip addersses.
we also have an "atelis" ip telephony system , meaning that our phone lines also take ip addresses.
we have one Forigate FW which is also defined as a gateway on all computers. ( it has DMZ zone in it if its relevant..)
Other than that our network is pretty simple. one domain, one site.2 DC and one dhcp.
our available addresses are runing out..
we need to expand our network so it can handle and give out ip addresses up to about 10,000 computers in the future. ( so we dont have to make a change every time the network grows )
any suggestions of how to do it?
i would also be happy if anyone can refer my to a good and relevant article or site .( iv'e looked but couldnt realy find..)
thank you in advanced :)
we currently have a 255.255.255.0 network (192.168.0.0) meaning - up to 254 ip addersses.
we also have an "atelis" ip telephony system , meaning that our phone lines also take ip addresses.
we have one Forigate FW which is also defined as a gateway on all computers. ( it has DMZ zone in it if its relevant..)
Other than that our network is pretty simple. one domain, one site.2 DC and one dhcp.
our available addresses are runing out..
we need to expand our network so it can handle and give out ip addresses up to about 10,000 computers in the future. ( so we dont have to make a change every time the network grows )
any suggestions of how to do it?
i would also be happy if anyone can refer my to a good and relevant article or site .( iv'e looked but couldnt realy find..)
thank you in advanced :)
Windows NetworkingNetwork ArchitectureSwitches / Hubs
Last Comment
Aaron Street
Change the subnet to 255.255.252.0
i would suggests you keep the subnets quite small, and have mutiply 255.255.255.0 subnets with 254 hosts in each.
Having one large network of 10,000 pc in a single subnet is not a good idea. (its one very large broacast domain)
its much better to have subnets that have about 200 to 400 address in each one and route the traffic between them. This allows you to control traffic flow much better and its much simpler to see what traffic is what. (if you have a problem with a PC with an ip adress of 192.168.0.25 and you knwo thats the address range of building X 1at floor. Then it makes tracking it down very simple. You can still run a single DHCP server and forward requests between subnets. (I Would suggest running two DHCP servers at least for that amount of PC's)
a 255.255.248.0 subnet gives you 2000 addresses.
but i would suggest get a decent core router with mutiply ports and hang your current 255.255.255.0 network of it. then as you need more space you can add on more subnets in to it and incress the size of the over all network as you go along.
By keeping each bit of it relitivly small, and seperates (by routers) from the rest of the network. you will have a nice moduler network that is very easy to expand in the future.
Having one large network of 10,000 pc in a single subnet is not a good idea. (its one very large broacast domain)
its much better to have subnets that have about 200 to 400 address in each one and route the traffic between them. This allows you to control traffic flow much better and its much simpler to see what traffic is what. (if you have a problem with a PC with an ip adress of 192.168.0.25 and you knwo thats the address range of building X 1at floor. Then it makes tracking it down very simple. You can still run a single DHCP server and forward requests between subnets. (I Would suggest running two DHCP servers at least for that amount of PC's)
a 255.255.248.0 subnet gives you 2000 addresses.
but i would suggest get a decent core router with mutiply ports and hang your current 255.255.255.0 network of it. then as you need more space you can add on more subnets in to it and incress the size of the over all network as you go along.
By keeping each bit of it relitivly small, and seperates (by routers) from the rest of the network. you will have a nice moduler network that is very easy to expand in the future.
If you have most of the systems using DHCP then it is easy to switch IP plans. I am guessing this is the case. I am also assuming that you will not have 10000 new machines in the near furture you just don't want to worry about it. The advice from DevilWAH makes sense if you are expecting large growth and you have a budget. Here is a simple solution.
1. Identify all systems with static IP's (servers, swtiches, routers)
2. Go to the DHCP server and change the lease duration to 4 hours or some other small amout of time the day before you make any changes.
3. Change subnet mask on switches first (255.255.0.0)
4. Change the DHCP scope to reflect the new subnet mask and change the servers subnet mask.
5. Change any routers subnet mask.
These steps will minimize the down time of the network.
1. Identify all systems with static IP's (servers, swtiches, routers)
2. Go to the DHCP server and change the lease duration to 4 hours or some other small amout of time the day before you make any changes.
3. Change subnet mask on switches first (255.255.0.0)
4. Change the DHCP scope to reflect the new subnet mask and change the servers subnet mask.
5. Change any routers subnet mask.
These steps will minimize the down time of the network.
One thing i have lernt in networks.
if you expand from a subnet of 254 addresses to 1000 address. At the time you think that will be plenty for years.
2 years down the line you are again pushing the limit and have to move it again. up to say 2000 addresses. this time its harder beacuse there are more devices, that need ip address information and gateways changed.. (ok if there DHCP but by now you probable have about 50 servers and other static devices you need to change!!
its much better to expand by adding extra network on alongside. give server room A a sub net of 1000 addresses, server room B the same. (ok you wont use them all but at least once you have set that up once you will never need touch it again). dont worry so much about numbers of clients in each subnet. Just orginise the network in to logical/physical groups with subnets (with private ip address range you have thousands to choses from!)
you invest in a room full of new machines. Plop a decent Layer 3 switch/router in there. give it a new subnet address range. Link it back to the core router and add in the routing information (on a cisco this is a single command on the core switch) and you have your expandability.
With this you would have to set up the core router now. get the routing working correctly for the couple of subnet you will start with. But then adding new ones will be a simple 5 min job. and belive me. when you have a few 1000's machines connected to a flat single subnet network. you will start to think that you need to breack it up. IF only to keep you sanity and get your head round what is going on on it..
I think do your self a favour, learn your subnetting and routing while its still a small network (for 250 clients a cheap layer 3 switch like a Cisco 3750 would be plenty for your core router , and you can simple copy and past the config over when and if you need to get a more powerfull one). Honestly its not much work to sort out, you will learn a lot about how your network. And it will be far far more flexable than a flat network ever will be. Belive me I've worked on a network that had 2000 clients on it which where a mix of switchs, server, client pc, etc, etc. IT was a nightmare!!
if you expand from a subnet of 254 addresses to 1000 address. At the time you think that will be plenty for years.
2 years down the line you are again pushing the limit and have to move it again. up to say 2000 addresses. this time its harder beacuse there are more devices, that need ip address information and gateways changed.. (ok if there DHCP but by now you probable have about 50 servers and other static devices you need to change!!
its much better to expand by adding extra network on alongside. give server room A a sub net of 1000 addresses, server room B the same. (ok you wont use them all but at least once you have set that up once you will never need touch it again). dont worry so much about numbers of clients in each subnet. Just orginise the network in to logical/physical groups with subnets (with private ip address range you have thousands to choses from!)
you invest in a room full of new machines. Plop a decent Layer 3 switch/router in there. give it a new subnet address range. Link it back to the core router and add in the routing information (on a cisco this is a single command on the core switch) and you have your expandability.
With this you would have to set up the core router now. get the routing working correctly for the couple of subnet you will start with. But then adding new ones will be a simple 5 min job. and belive me. when you have a few 1000's machines connected to a flat single subnet network. you will start to think that you need to breack it up. IF only to keep you sanity and get your head round what is going on on it..
I think do your self a favour, learn your subnetting and routing while its still a small network (for 250 clients a cheap layer 3 switch like a Cisco 3750 would be plenty for your core router , and you can simple copy and past the config over when and if you need to get a more powerfull one). Honestly its not much work to sort out, you will learn a lot about how your network. And it will be far far more flexable than a flat network ever will be. Belive me I've worked on a network that had 2000 clients on it which where a mix of switchs, server, client pc, etc, etc. IT was a nightmare!!
ASKER
Thank you very much DevilWAH and m-moloney.
I liked the idea - sounds very logical to me.
my only question is can you please give an example of such decent core router ?
and perhaps refer me to an article on the subject.
thanks
I liked the idea - sounds very logical to me.
my only question is can you please give an example of such decent core router ?
and perhaps refer me to an article on the subject.
thanks
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks buddy. you have explained it great!
one last thing if it allright with you..
just to make sure i understood you correctly,
what you are saying is that i can for example keep my 192.168.0.0 subnet, and create more subnets such as 10.10.0.0 or any other subnets as i wish with no limitations?
and also , should i separate two different subnets on two different switches? ( or at list on two different Vlans on the same switch )
one last thing if it allright with you..
just to make sure i understood you correctly,
what you are saying is that i can for example keep my 192.168.0.0 subnet, and create more subnets such as 10.10.0.0 or any other subnets as i wish with no limitations?
and also , should i separate two different subnets on two different switches? ( or at list on two different Vlans on the same switch )
yes seperate switchs per subnet (a vlan is in effect a seperate switch), i often plan a network as seperate physical switchs, and then condence it down to VLAN's if possible or needed. Plan networks logicaly first and then think of how you will do it physicaly :)
and yes about the keeping your current network address range..
it works somethign like
the core router/switch. has the first port assigend an IP address of 192.168.0.1 (this becomes your default gate way for all devices attached to switchs connected back to that port though the network)
and I would assing the last port to have a network address of some thing like 10.0.0.1 with a subnet of 255.255.255.252. then set the internal IP address of your router /gateway /firewall as 10.0.0.2 255.255.255.252.
(most people set either the first or the last port/ipaddress in a network as the default gate way)
then you simple enable routing proticol and enter the networks you want to be routed.
and set on the switch that 10.0.0.2 is the default gate way for the core switch, any destination networks ip address it dose not know about it forwards to the exteranal connected router and so you are connected to the internet.
in this case 192.168.0.0 255.255.255.0
and 10.0.0.0 255.255.255.252
this will forward all data between networks and the internet.
you can then look in to access list where you can block data with rules between networks.. (may be you only want people to be able to talk to the servers on a small range of port addresses)
when adding a new network. you simple log on to the core switch/router. give the port you are going to use and ip address and subnetmask
on a cisco switch this is simple
#interface gig1/0/5 (switch number/module number/ port number. this is for if you have a stack of switchs mutiple modules installed, all Cisco switchs use the same basic IOS)
then type
#ip address xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy (hard aint it ;) )
and then go in to the routing protcol console page and type
#network xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
thats it for basic routing set up..
of course with access lists and stuff there is lots more to it. but that is the simplest way it will work. after that its up to you how far you want to take it.....
set it up on a test switch, play with it for a bit (infact get packet tracer 4.1 you can serch and find a download its a nice simple cisco network simulator with very easy to set up configs that you can even copy and past in to a real switch config!!) and you can even view the packets graphicaly going over the network step through. see waht is happening when they hit the switch. Its a great way to practic you network.
get it up and running and have fun :)
duel-switchs.jpg
and yes about the keeping your current network address range..
it works somethign like
the core router/switch. has the first port assigend an IP address of 192.168.0.1 (this becomes your default gate way for all devices attached to switchs connected back to that port though the network)
and I would assing the last port to have a network address of some thing like 10.0.0.1 with a subnet of 255.255.255.252. then set the internal IP address of your router /gateway /firewall as 10.0.0.2 255.255.255.252.
(most people set either the first or the last port/ipaddress in a network as the default gate way)
then you simple enable routing proticol and enter the networks you want to be routed.
and set on the switch that 10.0.0.2 is the default gate way for the core switch, any destination networks ip address it dose not know about it forwards to the exteranal connected router and so you are connected to the internet.
in this case 192.168.0.0 255.255.255.0
and 10.0.0.0 255.255.255.252
this will forward all data between networks and the internet.
you can then look in to access list where you can block data with rules between networks.. (may be you only want people to be able to talk to the servers on a small range of port addresses)
when adding a new network. you simple log on to the core switch/router. give the port you are going to use and ip address and subnetmask
on a cisco switch this is simple
#interface gig1/0/5 (switch number/module number/ port number. this is for if you have a stack of switchs mutiple modules installed, all Cisco switchs use the same basic IOS)
then type
#ip address xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy (hard aint it ;) )
and then go in to the routing protcol console page and type
#network xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
thats it for basic routing set up..
of course with access lists and stuff there is lots more to it. but that is the simplest way it will work. after that its up to you how far you want to take it.....
set it up on a test switch, play with it for a bit (infact get packet tracer 4.1 you can serch and find a download its a nice simple cisco network simulator with very easy to set up configs that you can even copy and past in to a real switch config!!) and you can even view the packets graphicaly going over the network step through. see waht is happening when they hit the switch. Its a great way to practic you network.
get it up and running and have fun :)
duel-switchs.jpg