Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to change internal IP scheme on production network?

Posted on 2014-12-01
9
366 Views
Last Modified: 2014-12-29
Hello EE,

We currently have a network connecting several locations.  Each has a private IP scheme (IPs changed for example below, but idea is the same):
Corp 192.x.1.x/21
Site 1 192.x.50.x/21
Site 2 192.x.30.x/21

I would like to change to a /16 bit subnet so I could use more IPs and not risk running out.
Corp 192.168.x.x/16
Site 1 192.178.x.x/16
Site 2 192.188.x.x/16

I am wondering if anyone has done this and has a design plan/article they followed and would share.  I'm figuring router first (internal), firewall, switches, servers, DHCP.  Any guidance would be appreciated.
0
Comment
Question by:operationsIT
9 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40473833
192.178.x.x/16 and 192.188.x.x/16 ranges are not for LAN usage, would causes routing problems. Consider use 172.16.0.0/16 and 172.17.0.0/16 (per example)
0
 

Author Comment

by:operationsIT
ID: 40474172
Hello Miguel,   These aren't my true IPs just using for example to show overall goal and looking for suggestions on steps i.e. do I do DC first, routers first, firewalls first or start clients and static first and roll to network gear?  

If somebody has done this they may have list of steps that worked they could share.
0
 

Expert Comment

by:Son Do
ID: 40475305
This wont be a problem if you can schedule a downtime change. We do not have your network detail, however which we should notice is:
- DHCP
- Default Gateway
- NAT and Access Rules on Firewall
- Then change subnet mask / IP on devices currently set static IP address
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 9

Expert Comment

by:Donboo
ID: 40477496
Since you have several locations keep in mind that routing needs to updated also and VPN tunnels if used.
Also keep in mind printers and other equipment with static IP that need to be changed.

I would also like to advice to subnetting each /16 into /24 to limit L2 domains.

You should also if doing L3 segmentation take into consideration any crAPPLE devices that need to be reachable via L2.
0
 

Author Comment

by:operationsIT
ID: 40479834
@Donboo - yes I plan downtime, but the order you would do is:
DHCP scope
Firewall (VPN tunnels)
Static devices (servers and printers)
Last switches and routers

Can you elaborate on the recommendation to limit L2 domains and crApple devices?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 40480536
I normally use /24 for each subnet so I dont get too big a broadcast domain. Of course this is depending on what kind of clients and host use the network but looking at Windows clients they tend to broadcast a lot. Also printers may use proprietary protocols  that broadcast packets you dont want but you are unable to turn off as this is what the vendor wants.

In regards to crAPPLE devices they use bonjour to locate each other and say you have a TV and you want you other Apple devices to be able reach it via airplay function then you either need them to be on the same IP net or somehow bring the L2 multicast over L3.
0
 

Author Comment

by:operationsIT
ID: 40507936
So what traffic would you recommend to vlan apart:
1. Servers/Network
2. Clients
3. Printers
4. Apple

I'll keep the /24 in mind.  What do you do for roll out order?
Do you start with
1. Lower DHCP Lease
2. Change DNS and DC server
3. DHCP Configuration
4. Servers
5. Printers
6. Sites and Services
7. IIS
8 . Applications
9. WAN/VPN tunnels

Or is there a template of the best order to make the changes
0
 
LVL 9

Accepted Solution

by:
Donboo earned 500 total points
ID: 40508129
There is really no template for changing IP scheme however there is some logic in what you can do before hand and what comes first. This of course depends on the scheme you choose.

Depending on what is expected I tend to migrate everything away from server IP net as servers can be a pain to change IP add on. Not in a literally understanding but more all the things that comes after that were bound to the old IP and not a DNS name like web or DB calls etc.

Its easier to migrate DHCP klients away from the server net .

Look at your current scheme especially for servers and see if you can work that into your wanting IP scheme.

Lowering DHCP lease time does not help you as you most likely implement new IP adresses.

Before hand you can probably do a number of things to check if the new IP scopes work granted that you network infrastructure support VLAN, you can actually implement the entire scheme without any interrupt to normal operations.

If this can be done you can move Printers one at a time the you can move sections of clients as well as you can adjust VPN and routing to include the new IP scheme.

One of the things I learned many times the hard way (drawback of being a network consultant) is that if you or your customer don´t have a fully understanding of all the applications, servers, DBs etc. and to where they call what name or server they are depending on to function, and you try and pull this off in a onetime show... you might be in for a long weekend....

Also remember that you have 2 other RFC1918 network to choose from besides 192.168.0.0/16
0
 

Author Closing Comment

by:operationsIT
ID: 40522340
Thanks for the feedback
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question