Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Broadcast Packet Issues

Posted on 2011-10-19
8
Medium Priority
?
581 Views
Last Modified: 2012-05-12
OK - I've got an interesting situation, and I'm looking to see if anyone's got any ideas how I can work this out.  I feel I may be pretty out of luck.

So, a quick run through of everything.  I've got two buildings my HQ and Remote.  These two sites are connected via an MPLS\PNT circuit, that routes between buildings using our Private IP space.  Easy enough.  

The part that becomes tricky, is the IP address space we are using.  NOTE: This was an inherited setup, and I would have never had assigned my subsets this way.  So, my HQ network is based off of a subnet 192.168.0.0 mask 255.255.240.0.  MY Remote subnet lives in the 192.168.1.0 255.255.255.0 subnet.  Obviously, the remote subnet lives within the space of my HQ's subnet.

So, my problem - We are seeing enormous amounts of Broadcast traffic going over this MPLS line, and crippling the speed (it's only a single T1 1.5 Mb circuit).  So I want to not allow broadcast traffic over this line.  Changing the remote locations subnet is currently not an option (I do not have anyone in that office capable of helping with such a task).  

The solution I can think of is to build out a VLAN for the link.  Currently my routers are as follows:

192.168.1.0 use 192.168.0.7, where 0.7 is the routers LAN interface.  Also note I DO NOT HAVE ACCESS TO THESE ROUTERS, they are MIS routers managed by AT&T (another thing I would have not done).  

So as far as I can tell, creating a VLAN and adding the uplink to the router to that VLAN would kill the broadcast packets.  Only problem, is that I can't create a VLAN that has a subnet that is within the subnet of the default VLAN, not to mention that the IP address of the router is in my base VLAN as well.

If I could make the subnet change, I'd do something like:
HQ Router: 192.168.50.1
Create a VLAN: 192.168.50.2
Remote Router: 192.168.51.1
Remote Subnet: 192.168.51.x

Then create the route
192.168.51.0 to use 192.168.50.1


Suggestions?  Am I just screwed and will have to re-evaluate my entire IP structure(which I will be doing anyway, but not planned until later this year)

JJ
0
Comment
Question by:JamesonJendreas
  • 5
  • 3
8 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 37000803
I'm working on a plan to show you. Give me some time to get it together.

0
 
LVL 1

Author Comment

by:JamesonJendreas
ID: 37000850
If you've got time, I've got all the time in the world
0
 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 37001190
Suggestions?  Am I just screwed and will have to re-evaluate my entire IP structure(which I will be doing anyway, but not planned until later this year)

You could roll the mask forward to /24 if you have less than 254 Hosts and dodge the bullet for the moment, but you'd still want to create a better design to cover the future.  However I am going to assume you have too many Hosts and, hence, can't change the mask.

I am also going to assume that in spite of this MPLS being a private system,...you don't want to depend on the AT&T routers as your personal LAN Routers,...so we can treat them as if they were a WAN Router and have your own Router on the middle of the LAN that you have control over to handle your local internal routing.

The only right way to do it is exactly that,...and looking at the rest of your post it looks like we are both thinking the same thing.  What I'm going to suggest requires some immediate config and design changes but allows you to keep using the old IP Range for the time being thereby giving you time to phase it out.  But you will have to immediately change the IP Range used by the remote site,...it is stepping on the HQ Range,...and there is no way you can leave it that way.

You may not have access personally to those AT&T Routers but that doesn't mean they can't be adjusted,...it just means you have to work with AT&T to do it.

You could use a Layer3 Switch which is a Router and Switch built into the same device and these give you the most flexibility.

Since you need to run far and fast from the heavily overused low IP ranges of 192.168 (192.168.0.x and 192.168.1.x) you would create two new segments in the HQ LAN and eliminate the existing one. I always try to think of the future when choosing IP ranges so pick something than can be Supernetted together into a single route to reference the HQ LAN, but also pick a higher range so to stay always from the heavily over-used ones.  Your choice of 50 would do that but it does not fall cleanly into a subnet break down when supernetting routes in a routing table.  The one I choose to use below in my example fit into route tables better but are also higher numbers so we are both thinking the same way there.

Here's a good example:
A mask of 255.255.252.0 in a route table (not on a Nic) allows the subnets to break as x.x.16-19.x and then the next falls at x.x.20-23.x.   This is also the first "free" address range you have with that "240 Mask" you now have in place. So the idea here is to use the first two (16, 17) in HQ but leave room to expand to 4 (18, 19) for company growth or if you add IP based phones.  That lets your remote sites begin at x.x.20.x
Planning this properly in this manner helps to simplify the routing tables on the WAN Routers between your sites.

HQ
Subnet #1 192.168.16.0 (255.255.255.0)
Subnet #2 192.168.17.0 (255.255.255.0)

Remote Site #1
Subnet #1 192.168.20.0 (255.255.255.0)

[Future] Remote Site #2
Subnet #1 192.168.21.0 (255.255.255.0)
(Or use "22" if you want to leave Remote Site #1 room to grow to 2 segments (IP Phones?)

Anyway, back to the HQ Site.
Do the Router segments like this. If it is a Layer3 Switch you create the router interfaces by creating VLANs.  So:

Default_VLAN = 192.168.16.0/24Router Interface 192.168.16.1
VLAN1 = 192.162.17.0/24  Router Interface 192.168.17.1
VLAN2 = 192.168.0.0 /20  Router Interface <whatever>

Default Gateways:
All segments will use the New LAN router as the default Gateway.  The LAN Router itself will use whatever WAN Router for its Default Gateway.  AT&T will have to reconfigure the LAN Facing interface on the WAN Router to be in the "16" segment. Preferably use 192.168.16.2 for it's interface,...using the first address after the LAN Router's interface keeps things logical.  AT&T will then have to add a static route that lets the device know to use the LAN Router at 192.168.16.1 to reach the other two segments (the "17" one and the old one).  

Putting your old existing segment on VLAN2 allows you to phase out the old overloaded segment and be able to remove it from your LAN Router in a clean manner that leaves a good logical clean config behind when you are finished.  Yet while you have it there it can communicate just fine with the new segments you are creating.


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 29

Expert Comment

by:pwindell
ID: 37001455
Here's how I would envision a nicely laid out system


HQ  (762 Hosts, 254 IP Phones)
Subnet #1 192.168.16.0 (255.255.255.0)  Hosts
Subnet #2 192.168.17.0 (255.255.255.0)  Hosts
Subnet #3 192.168.18.0 (255.255.255.0)  Hosts
Subnet #4 192.168.19.0 (255.255.255.0)  IP Phones


Remote Site #1  (254 Hosts, 254 IP Phones)
Subnet #1 192.168.20.0 (255.255.255.0)  Hosts
Subnet #2 192.168.21.0 (255.255.255.0)  IP Phones

Remote Site #2  (254 Hosts, 254 IP Phones)
Subnet #1 192.168.22.0 (255.255.255.0)  Hosts
Subnet #1 192.168.23.0 (255.255.255.0)  IP Phones

You wouldn't have to be hardcore about the IP Phone -vs- Hosts separation.  You could still have a few Phones on the Hosts segments or a few Hosts on the Phone segments,...functionally it would all still work,...but keep them separated as best you can to keep good performance.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37001496
If you get into IP Phones,..research diligently.  Some of them don't do well with features like the Intercom where you want a voice announcement to come out the hands-free speaker on all phones at the same time if some of the phones are separated by a router (not all phones in the same IP segment).
0
 
LVL 1

Author Comment

by:JamesonJendreas
ID: 37001676
Thanks for the reply, I shall look it over!

Just a heads up, I'm on an IP PBX system already.  We currently have a completely, physically separated LAN for our voice network as well as a secondary 1.5 MPLS line dedicated to voice (althouh we plan to merge these and multi-link)

But, our phone system lives in an entirely different address space 10.10.x.x.  These luckily have no overlap and each of my buildings has their own subnet.
0
 
LVL 1

Author Comment

by:JamesonJendreas
ID: 37001717
BTW - After reading over your post, you pretty much hit on my general plan, and it's good to get confirmation that I'm headed in the correct direction.

Luckily I have a comprehensive addressing scheme I've been planning for some time, as I haven't been too keen on our current setup since I took over administering this network.  
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37001724
If your IP Phones are already separated then leave it that way.
I wouldn't' merge anything
That's one of those "leave well enough alone"  things to me :-)

Good luck!
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question