Solved

How to change internal IP scheme on production network?

Posted on 2014-12-01
9
416 Views
Last Modified: 2014-12-29
Hello EE,

We currently have a network connecting several locations.  Each has a private IP scheme (IPs changed for example below, but idea is the same):
Corp 192.x.1.x/21
Site 1 192.x.50.x/21
Site 2 192.x.30.x/21

I would like to change to a /16 bit subnet so I could use more IPs and not risk running out.
Corp 192.168.x.x/16
Site 1 192.178.x.x/16
Site 2 192.188.x.x/16

I am wondering if anyone has done this and has a design plan/article they followed and would share.  I'm figuring router first (internal), firewall, switches, servers, DHCP.  Any guidance would be appreciated.
0
Comment
Question by:operationsIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40473833
192.178.x.x/16 and 192.188.x.x/16 ranges are not for LAN usage, would causes routing problems. Consider use 172.16.0.0/16 and 172.17.0.0/16 (per example)
0
 

Author Comment

by:operationsIT
ID: 40474172
Hello Miguel,   These aren't my true IPs just using for example to show overall goal and looking for suggestions on steps i.e. do I do DC first, routers first, firewalls first or start clients and static first and roll to network gear?  

If somebody has done this they may have list of steps that worked they could share.
0
 

Expert Comment

by:Son Do
ID: 40475305
This wont be a problem if you can schedule a downtime change. We do not have your network detail, however which we should notice is:
- DHCP
- Default Gateway
- NAT and Access Rules on Firewall
- Then change subnet mask / IP on devices currently set static IP address
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 9

Expert Comment

by:Donboo
ID: 40477496
Since you have several locations keep in mind that routing needs to updated also and VPN tunnels if used.
Also keep in mind printers and other equipment with static IP that need to be changed.

I would also like to advice to subnetting each /16 into /24 to limit L2 domains.

You should also if doing L3 segmentation take into consideration any crAPPLE devices that need to be reachable via L2.
0
 

Author Comment

by:operationsIT
ID: 40479834
@Donboo - yes I plan downtime, but the order you would do is:
DHCP scope
Firewall (VPN tunnels)
Static devices (servers and printers)
Last switches and routers

Can you elaborate on the recommendation to limit L2 domains and crApple devices?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 40480536
I normally use /24 for each subnet so I dont get too big a broadcast domain. Of course this is depending on what kind of clients and host use the network but looking at Windows clients they tend to broadcast a lot. Also printers may use proprietary protocols  that broadcast packets you dont want but you are unable to turn off as this is what the vendor wants.

In regards to crAPPLE devices they use bonjour to locate each other and say you have a TV and you want you other Apple devices to be able reach it via airplay function then you either need them to be on the same IP net or somehow bring the L2 multicast over L3.
0
 

Author Comment

by:operationsIT
ID: 40507936
So what traffic would you recommend to vlan apart:
1. Servers/Network
2. Clients
3. Printers
4. Apple

I'll keep the /24 in mind.  What do you do for roll out order?
Do you start with
1. Lower DHCP Lease
2. Change DNS and DC server
3. DHCP Configuration
4. Servers
5. Printers
6. Sites and Services
7. IIS
8 . Applications
9. WAN/VPN tunnels

Or is there a template of the best order to make the changes
0
 
LVL 9

Accepted Solution

by:
Donboo earned 500 total points
ID: 40508129
There is really no template for changing IP scheme however there is some logic in what you can do before hand and what comes first. This of course depends on the scheme you choose.

Depending on what is expected I tend to migrate everything away from server IP net as servers can be a pain to change IP add on. Not in a literally understanding but more all the things that comes after that were bound to the old IP and not a DNS name like web or DB calls etc.

Its easier to migrate DHCP klients away from the server net .

Look at your current scheme especially for servers and see if you can work that into your wanting IP scheme.

Lowering DHCP lease time does not help you as you most likely implement new IP adresses.

Before hand you can probably do a number of things to check if the new IP scopes work granted that you network infrastructure support VLAN, you can actually implement the entire scheme without any interrupt to normal operations.

If this can be done you can move Printers one at a time the you can move sections of clients as well as you can adjust VPN and routing to include the new IP scheme.

One of the things I learned many times the hard way (drawback of being a network consultant) is that if you or your customer don´t have a fully understanding of all the applications, servers, DBs etc. and to where they call what name or server they are depending on to function, and you try and pull this off in a onetime show... you might be in for a long weekend....

Also remember that you have 2 other RFC1918 network to choose from besides 192.168.0.0/16
0
 

Author Closing Comment

by:operationsIT
ID: 40522340
Thanks for the feedback
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question