Solved

How to change internal IP scheme on production network?

Posted on 2014-12-01
9
335 Views
Last Modified: 2014-12-29
Hello EE,

We currently have a network connecting several locations.  Each has a private IP scheme (IPs changed for example below, but idea is the same):
Corp 192.x.1.x/21
Site 1 192.x.50.x/21
Site 2 192.x.30.x/21

I would like to change to a /16 bit subnet so I could use more IPs and not risk running out.
Corp 192.168.x.x/16
Site 1 192.178.x.x/16
Site 2 192.188.x.x/16

I am wondering if anyone has done this and has a design plan/article they followed and would share.  I'm figuring router first (internal), firewall, switches, servers, DHCP.  Any guidance would be appreciated.
0
Comment
Question by:operationsIT
9 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40473833
192.178.x.x/16 and 192.188.x.x/16 ranges are not for LAN usage, would causes routing problems. Consider use 172.16.0.0/16 and 172.17.0.0/16 (per example)
0
 

Author Comment

by:operationsIT
ID: 40474172
Hello Miguel,   These aren't my true IPs just using for example to show overall goal and looking for suggestions on steps i.e. do I do DC first, routers first, firewalls first or start clients and static first and roll to network gear?  

If somebody has done this they may have list of steps that worked they could share.
0
 

Expert Comment

by:Son Do
ID: 40475305
This wont be a problem if you can schedule a downtime change. We do not have your network detail, however which we should notice is:
- DHCP
- Default Gateway
- NAT and Access Rules on Firewall
- Then change subnet mask / IP on devices currently set static IP address
0
 
LVL 9

Expert Comment

by:Donboo
ID: 40477496
Since you have several locations keep in mind that routing needs to updated also and VPN tunnels if used.
Also keep in mind printers and other equipment with static IP that need to be changed.

I would also like to advice to subnetting each /16 into /24 to limit L2 domains.

You should also if doing L3 segmentation take into consideration any crAPPLE devices that need to be reachable via L2.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:operationsIT
ID: 40479834
@Donboo - yes I plan downtime, but the order you would do is:
DHCP scope
Firewall (VPN tunnels)
Static devices (servers and printers)
Last switches and routers

Can you elaborate on the recommendation to limit L2 domains and crApple devices?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 40480536
I normally use /24 for each subnet so I dont get too big a broadcast domain. Of course this is depending on what kind of clients and host use the network but looking at Windows clients they tend to broadcast a lot. Also printers may use proprietary protocols  that broadcast packets you dont want but you are unable to turn off as this is what the vendor wants.

In regards to crAPPLE devices they use bonjour to locate each other and say you have a TV and you want you other Apple devices to be able reach it via airplay function then you either need them to be on the same IP net or somehow bring the L2 multicast over L3.
0
 

Author Comment

by:operationsIT
ID: 40507936
So what traffic would you recommend to vlan apart:
1. Servers/Network
2. Clients
3. Printers
4. Apple

I'll keep the /24 in mind.  What do you do for roll out order?
Do you start with
1. Lower DHCP Lease
2. Change DNS and DC server
3. DHCP Configuration
4. Servers
5. Printers
6. Sites and Services
7. IIS
8 . Applications
9. WAN/VPN tunnels

Or is there a template of the best order to make the changes
0
 
LVL 9

Accepted Solution

by:
Donboo earned 500 total points
ID: 40508129
There is really no template for changing IP scheme however there is some logic in what you can do before hand and what comes first. This of course depends on the scheme you choose.

Depending on what is expected I tend to migrate everything away from server IP net as servers can be a pain to change IP add on. Not in a literally understanding but more all the things that comes after that were bound to the old IP and not a DNS name like web or DB calls etc.

Its easier to migrate DHCP klients away from the server net .

Look at your current scheme especially for servers and see if you can work that into your wanting IP scheme.

Lowering DHCP lease time does not help you as you most likely implement new IP adresses.

Before hand you can probably do a number of things to check if the new IP scopes work granted that you network infrastructure support VLAN, you can actually implement the entire scheme without any interrupt to normal operations.

If this can be done you can move Printers one at a time the you can move sections of clients as well as you can adjust VPN and routing to include the new IP scheme.

One of the things I learned many times the hard way (drawback of being a network consultant) is that if you or your customer don´t have a fully understanding of all the applications, servers, DBs etc. and to where they call what name or server they are depending on to function, and you try and pull this off in a onetime show... you might be in for a long weekend....

Also remember that you have 2 other RFC1918 network to choose from besides 192.168.0.0/16
0
 

Author Closing Comment

by:operationsIT
ID: 40522340
Thanks for the feedback
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now