Network Design

[Scott Sipe]

On May 28, 2006, at 11:49 PM, Atom Powers wrote:
>
>
>> Their main office location has:
>> - 3 external static IPs on a DSL connection (all aliased on one nic)
>> - an internal network of 10.0.0.0/255.0.0.0
>
> How many computers are on this network? Probably less than 253. Make
> sure your DHCP server is only giving out leases in, say, 10.0.0.1-254
> range and then change it to a /24 subnet, or whatever fits your
> environment.

Small network--about 20 at the main location, and maybe 2-3 at the  
secondary location, once it's up.

>
>> - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed
>> and running off the firewall box)
>
> NATed from the 10/8 network too? You may want to just route between
> the wired and wireless, it will save you some headaches
> troubleshooting things later. Security policies between the networks
> should be implemented by the firewall.

Yeah, it was setup this way a couple years ago, and hasn't been  
changed in the meanwhile. I was thinking it would probably be a good  
idea to just do normal routing, which it sounds like you've confirmed :)


>> They are adding a second warehouse location. It will also have one
>> static IP address (running on dsl also). I'd like to get a IPsec
>> connection going between the location so all warehouse traffic goes
>> through the main branch. I've done this much before.
>>
>> They also want to subdivide up the network at their main location so
>> some terminals can be on gige and some are on 100. I believe I've
>> read you shouldn't mix and match 100/1000?
>
> Do you know what your bandwidth usage is? Chances are very good that
> the peak usage for the workstations is around 8-10Mbps. In other
> words, you almost certainly don't need GigE. Even my file servers,
> that service several hundred roaming profiles, peak around 70-80MBps.
> Find out what your bandwidth usage is before you go out and spend
> several thousand dollars on an upgrade that won't do you any good.  (
> I use cacti and SNMP agents to watch my bandwidth usage. )

It's not an issue for most of the workstations, but there are several  
workstations that do large file transfers (working with graphics,  
etc) on a regular basis. They support gige already (macs), the  
fileserver has gige (em interface) and there's an unused SMC switch  
available. I thought it was more complicated I think.

> Assuming you have a switched network, you should have no problems
> mixing your 10/100Base network with your 10/100/1000Base network. Even
> if you were using hubs you shouldn't have a problem. (Do they even
> make 1000Base Ethernet hubs?)
>

That's good to know. I had been unsure if there were issues relating  
to MTU issues--like if I enabled jumbo frames (the switch I have  
available supports jumbo frames, which I had read were good to enable)

>> I don't really have any experience with how subnetting and IP ranges
>> should work for a configuration like this (local network, remote
>> ipsec location, wireless network, etc).
>
> Simple subnetting alone won't *really* separate two network if they
> share physical infrastructure. You would need to either completely
> separate the physical networks or do something with 802.1q VLANs.
> Either way you will need a router.
>
>> Looking for any assistance (advice, links, anything!) on how to setup
>> a sane and well designed network.
>
> Head down to your local privately owned book store and grab the
> biggest book on TCP/IP that you can find. Chances are it will be
> terribly dry and not very useful, but it is a place to start.
>
> This book is very good, but probably way too technical for what you
> are trying to do:
> The Protocols (TCP/IP Illustrated, Volume 1) (Hardcover)
> by W. Richard Stevens

Thanks for all your advice, I'll check that book out.

thanks,
Scott