Hello,
What things come to your minds and consider when need to upgrade a network, extending it?
I'm trying to extend the faculty network to optimize services. Know this is a little out of topic but your experienced suggestions can be useful for other newbies like me (think so).
I'll strongly appreciate the knowledge and time involved in your replays.
PD: some howto or docs would be appreciated too.
Alain Reguera alain.reguera@gmail.com wrote:
Hello, What things come to your minds and consider when need to upgrade a network, extending it? I'm trying to extend the faculty network to optimize services. Know this is a little out of topic but your experienced suggestions can be useful for other newbies like me (think so). I'll strongly appreciate the knowledge and time involved in your replays. PD: some howto or docs would be appreciated too.
"Upgrade" a network? "Extend" a network? I have no context whatsoever to work with.
"Upgrade" a network? "Extend" a network? I have no context whatsoever to work with.
Thanks for replay Bryan. Excuse me for my low knowledge level. I'll try to explain it.
Imagine you need to give service(mail, web, browsing etc.) to different institutions. Some institution connect using commuted lines and others directly through the main ISP router. The location of the node where all the servers and the main local router are, is inside one of these institutions. In this moment, the network of the node have a subneted C class range and the local institution (where is the node place) is connected using a PC with 2 interfaces that connects both networks.
At this time all is working, but new workstations are planed to arrive and we need to increase the number of stations in the local institution, so 254 PCs actually are not enough. So we are looking a way to extend or increase the number of possibles workstation.
I proposed the idea of create various networks and separate the local institutional services from the node, to make them independent one of another. So, connected to the main local router will be a switch, this will be the top level local switch where the node and the local institution will be.
The node is formed by various servers that will be connected directly to the switch. The main objective of the node is to administer mail accounts and RADIUS service (don't know it at all) and control browsing for the users connected.
The institution is formed by a PC with various eth interfaces, one to connect to the router, and a serie of 192.168.1-2-3-...n.0 that permit us to connect 254 workstation for each one. Maybe will be needed more than 1 box here, think that the number of eth interfaces in a PC is limited. The main objective here are browsing, mail and web publishing.
That's it, don't know if I explain my self. Don't know if my idea is correct, just an idea of what I've been reading on Douglas E. Comer TCP/IP (my first reading about networks).
Again, thanks Bryan for replaying.
Any suggestion or idea of how make this will be strongly appreciated.
On Thu, 2006-01-05 at 22:06, Alain Reguera wrote:
The institution is formed by a PC with various eth interfaces, one to connect to the router, and a serie of 192.168.1-2-3-...n.0 that permit us to connect 254 workstation for each one. Maybe will be needed more than 1 box here, think that the number of eth interfaces in a PC is limited. The main objective here are browsing, mail and web publishing.
That's it, don't know if I explain my self. Don't know if my idea is correct, just an idea of what I've been reading on Douglas E. Comer TCP/IP (my first reading about networks).
If you are using private addresses on the inside interface(s) and NATting to a smaller number of public addresses there are any number of solutions to increase the number of addresses available on the inside. The simple one is to change the netmask of the interface to allow a larger range. However you may want to consider the bandwidth you need and whether it would be better to distribute it over more interfaces or add add additional servers.
If these workstations don't need public addresses, and bandwidth isn't an issue, (100 Mbps shared is OK) try the following:
1) pick 1 of the 254 IP addresses currently in use, 2) buy a $20 router at your local Office Depot, 3) use the web thingie on the $20 router, assign the fixed IP (picked in #1 above) for the "Internet" side, 4) Change the "private" side so that the "x" in 192.168.x.y doesn't conflict with your existing institution network, 5) connect all the other 254 PCs on the backside of $20 router, 6) Change the admin password to something reasonably secure.
$20, one afternoon. Enjoy! There's the quick, cheap answer. Use at your own risk.
For a RELIABLE answer, find a qualified network engineer, and PAY HIM/HER WHAT HE/SHE IS WORTH.
When 254 people lose their productivity, the cost can be stunning. Even paying your staff a baseline US wage of $10/hour will cost you AT MINIMUM $2,540 PER HOUR of downtime. This doesn't even factor in lost sales. Getting somebody in there that knows what he/she is talking about should only cost an afternoon or two of consultant's pay, and some reasonably decent quality routers and should provide something you can count on.
-Ben
On Thursday 05 January 2006 20:06, Alain Reguera wrote:
At this time all is working, but new workstations are planed to arrive and we need to increase the number of stations in the local institution, so 254 PCs actually are not enough. So we are looking a way to extend or increase the number of possibles workstation.
At this time all is working, but new workstations are planed to arrive and we need to increase the number of stations in the local institution, so 254 PCs actually are not enough. So we are looking a way to extend or increase the number of possibles workstation.
Just because a C class is 254 addresses doesn't mean that's your limit, just specify your network to be bigger than that. For example
**192.168.0.0-192.168.1.255 gives you 510 hosts **192.168.0.0/23
On Thu, 2006-01-05 at 23:06, Alain Reguera wrote:
Imagine you need to give service(mail, web, browsing etc.) to different institutions. Some institution connect using commuted lines and others directly through the main ISP router. The location of the node where all the servers and the main local router are, is inside one of these institutions. In this moment, the network of the node have a subneted C class range and the local institution (where is the node place) is connected using a PC with 2 interfaces that connects both networks.
At this time all is working, but new workstations are planed to arrive and we need to increase the number of stations in the local institution, so 254 PCs actually are not enough. So we are looking a way to extend or increase the number of possibles workstation.
I proposed the idea of create various networks and separate the local institutional services from the node, to make them independent one of another. So, connected to the main local router will be a switch, this will be the top level local switch where the node and the local institution will be.
You need to get a network engineer to design your network. Things you should look at include possibly separating the various departments into their own subnets or at least having each building in a different subnet. Most designs use one or more internal routers (and possibly firewalls) to separate various LANs within a company or large organization. The separation can be based on usage or department or some other criteria you deem appropriate.
As this sounds like a school environment you probably want to separate students access from admin and faculty LANs.
You can always modify the subnet mask to increase the number of hosts that can be in a particular subnet. Just make sure you use switches and not hubs when connecting all those devices.
And you should use real routers instead of using a PC with multiple NICs to provide connectivity.
Thanks for suggestions, have been very useful
I would select: 1. Pay for a network engineer. 2. Pay for new routers and make a more complex design for departments. 3.
just specify your network to be bigger than that. For example 192.168.0.0-192.168.1.255 gives you 510 hosts 192.168.0.0/23
router-------PC with 2NICS--------Institute LAN real IP 192.168.0.0-192.168.1.255 192.168.0.0/23
Is supernetting available this way or can be used only between routers?
Actually I am with the third, because of financial issues.
On Fri, 2006-01-06 at 15:39, Alain Reguera wrote:
I would select:
- Pay for a network engineer.
- Pay for new routers and make a more complex design for departments.
just specify your network to be bigger than that. For example 192.168.0.0-192.168.1.255 gives you 510 hosts 192.168.0.0/23
router-------PC with 2NICS--------Institute LAN real IP 192.168.0.0-192.168.1.255 192.168.0.0/23
Is supernetting available this way or can be used only between routers?
I can't think of any currently useful equipment that is still restricted to address classes. Just give out a netmask of 255.255.254.0. Or 255.255.252.0 for a range up to 192.168.3.255 so you don't have to change again next week. Note that you probably have a DHCP server somewhere that will have to be changed for the range of addresses and netmask along with anything with static assignments.
Thank Les and all of you for your time and suggestions, they are very appreciated. Now I understand better the situation. I always find good orientations here with all of you.
Thanks
Thank Bryan, for such explanatory suggestion, it upgraded a lot my understanding.
Thanks for suggestions, have been very useful I would select:
- Pay for a network engineer.
um-ahem. ;->
- Pay for new routers and make a more complex design for
departments.
Nah, a good layer-3 stack would do nicely. Of course, for 400 systems, that would be $5+K.
Heck, if cost is a real issue, even a layer-3 tier-1 and a layer-2 tier-2 is doable. That would be far less costly.
Remember, managed switches give you a lot of control over your network, especially routing with layer-3. It's cheaper than you think.
- just specify your network to be bigger than that. For
example 192.168.0.0-192.168.1.255 gives you 510 hosts 192.168.0.0/23
Yep, supernetting.
router-------PC with 2NICS--------Institute LAN real IP 192.168.0.0-192.168.1.255 192.168.0.0/23 Is supernetting available this way or can be used only between routers?
You don't need any routing if you're supernetting, other than to get to the Internet.
If you're going to supernet, you might as well do 4+ class Cs, or move to a class B. I recommended supernetting because I assume you don't want to have to change IPs (only subnet masks).
Actually I am with the third, because of financial issues.
Well, if you're buying equipment, you'd be surprised how little it costs to put a layer-3 GbE switch at the top. A layer-3 twelve (12) port GbE is sub-$1,000 these days.
Underneath it you can use "dumb" layer-2 switches (just FE) with GbE uplinks and at least localize somethings. That's if you're trying to do it on the cheap.
On Thu, 2006-01-05 at 23:06 -0500, Alain Reguera wrote:
Thanks for replay Bryan. Excuse me for my low knowledge level. I'll try to explain it.
I just didn't know what you meant by your terms. Now I see you mean the subnet.
Imagine you need to give service(mail, web, browsing etc.) to different institutions. Some institution connect using commuted lines and others directly through the main ISP router. The location of the node where all the servers and the main local router are, is inside one of these institutions. In this moment, the network of the node have a subneted C class range and the local institution (where is the node place) is connected using a PC with 2 interfaces that connects both networks. At this time all is working, but new workstations are planed to arrive and we need to increase the number of stations in the local institution, so 254 PCs actually are not enough. So we are looking a way to extend or increase the number of possibles workstation.
You _could_ "supernet" Class Cs and increase your subnet mask. E.g. /23 (255.255.254.0) will give you 510 usable addresses, /22 (255.255.252.0) will give you 1022 usable, etc...
I proposed the idea of create various networks and separate the local institutional services from the node, to make them independent one of another. So, connected to the main local router will be a switch, this will be the top level local switch where the node and the local institution will be.
If you want to segment, that will give you separate broadcast domains. If you do that, you either want to have a very fast router on a GbE port, or a layer-3 switch that does direct port-to-port after the IP route has been established between 2 nodes (as well as offering a dynamic routing protocol such as RIPv2 or OSPF).
The best, entry-level layer-3 switch I've seen is the Netgear FSM7328S: http://www.netgear.com/products/details/FSM7328S.php
4xGbE, 24xFE for about $400 list. They have a 52-port version (4xGbE, 48xFE) in the FSM7352S as well, but at that point ($800), you'd probably want to look to a GSM7312 (12xGbE) instead for about the same cost ($900).
The node is formed by various servers that will be connected directly to the switch. The main objective of the node is to administer mail accounts and RADIUS service (don't know it at all) and control browsing for the users connected. The institution is formed by a PC with various eth interfaces, one to connect to the router, and a serie of 192.168.1-2-3-...n.0 that permit us to connect 254 workstation for each one. Maybe will be needed more than 1 box here, think that the number of eth interfaces in a PC is limited. The main objective here are browsing, mail and web publishing.
You really want to _avoid_ using a PC as a router at wire-speeds. It's going to be very slow, unless you spend a _lot_ of money on a powerful system, PCI-X/PCIe cards/channels, etc...
You're far better off going with a dedicated piece of equipment. Not just a router, but a layer-3 switch, which does direct layer-2 switching at the MAC level after routes have been established between two ports.
If you still want to use a PC as a router, be sure to build your kernel so it is optimized as a router (this is a selection in the networking subsystem), and not as a host (which is going to be the default of any kernel build).
But I really would recommend _against_ that, _unless_ you can guarantee that 95% of the traffic is local to the subnet.
[ For the naysayers that might say that several layer-3 switches use Linux, remember that these layer-3 switches have ASIC hardware that is driven by the Linux OS. A PC does _not_. A PC can_not_ do what a layer-3 switch can anywhere near as fast. ]
That's it, don't know if I explain my self. Don't know if my idea is correct, just an idea of what I've been reading on Douglas E. Comer TCP/IP (my first reading about networks). Again, thanks Bryan for replaying. Any suggestion or idea of how make this will be strongly appreciated.
1) Unless 95% of the traffic stays local to the same subnet, I would _not_ use a PC as a router.
2) If you don't need segmentation, then "supernet." _All_ systems can keep the same IP addresses, just their subnet masks need to change.
3) If you want segmentation, but more than 5% of your traffic crosses subnets, get a Layer-3 switch.
- Unless 95% of the traffic stays local to the same subnet, I would
_not_ use a PC as a router.
Having a slow WAN link bottleneck on the other side could also qualify?
2) If you don't need segmentation, then "supernet." _All_ systems can
keep the same IP addresses, just their subnet masks need to change.
I think he needs to be told of the implications -- masks are not to be slipped off their proper left bounds. You can't shorten them beyond the class' network part and you can't (shouldn't) step on other people's networks. As IIRC we don't know if he has private addressing, this should be done under a network engineer surveillance.
-
Alain Reguera -
Benjamin Smith -
Bryan J. Smith -
Chris Mason (Lists) -
Eduardo Grosclaude -
Les Mikesell -
Scot L. Harris