IP address conflicts

Ted Mittelstaedt tedm at toybox.placo.com
Tue Sep 28 01:46:04 PDT 2004

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Tim Aslat
> Sent: Monday, September 27, 2004 9:39 PM
> To: freebsd-questions at freebsd.org
> Subject: Re: IP address conflicts
> > It's not the number of switches that matter it's the number of active
> > ports.  50 what, 8 port switches?  or 24 port switches?
> Approximately 30 24 port switches, and a mix 'n' match of 8 - 48 port
> units.  Being a legacy network, it's not what you would call
> standardised.

So, about $10K, time, and a lot of judicious purchasing would get you all
switches that would be managed, same manufacturer.  That's if you buy them
yourself off Ebay.  If you get a network vendor like Network Hardware Resale
to put together a package like this your talking maybe $15-$20K

> > Of course, there are some other ways of handling this too.  "Oppps,
> > looks like another switch died, we are just having a rash of these
> > failures lately!
> > Must be bad power.  And amazing - it's the switch that the head of the
> > Engineering department and his staff are using!  Guess they will just
> > have to go without since we don't have the money for new switches"
> > It's amazing how money will appear out of thin air if certain oxen get
> > gored.
> I'm tempted to try it.  However, the bureaucracy in this place is
> incredible.  They would rather cannibalise a smaller part of the network
> than just buy a new router/switch/whatever.

"oops, the switch you are suggesting I cannibalise uses the EtherToken
totally incompatible, would have to buy all new adapters for all the PC's"

I've played that game too.  What you have to keep in mind is that the people
running things that think they know how stuff works, they really don't know
how it works.  If you dig in your heels, as long as you don't pull the
switch routine too often, they will back down.

When dealing with a bureaucracy I have found the most effective method is
"vise" treatment.  Bureaucracies work to preserve themselves.  Problems are
viewed as threats that can disrupt the stability of the bureaucracy.  If you
have a couple heart-to-heart talks with the top kingpins of the
(who are quite often fighting the bureaucracy themselves) completely off
of course, and then make things -very-bad- for the people at the bottom by
simply doing nothing and allowing the bandaids to fall apart, the
will find itself under pressure from the top and pressure from the bottom,
like a stuck turd being freed, money will come spewing out as the
fights to keep itself preserved.

An axiom you should remember is that no bureaucracy ever spends money unless
it is afraid for it's life - and then in a panic it always spends far too
money on whatever solutions present themselves at the time.

This is why you read stories about the competent network admin being fired
because people were complaining about niggling problems, even though the
admin was doing everything under budget, and an incompetent admin being
hired to replace him who knows nothing whatsoever about anything, spends
like water, and rapidly creates so many bigger problems that the users
all about the niggling ones that caused them to complain in the first place.
(then the incompetent admin brings in an outside consulting firm and after
getting it firmly established, quits his post and goes to work for the
consulting firm, bleeding the organization dry.)

But as a competent network admin, it is easy enough to figure all this out
and do exactly what the incompetent admin does - and what that is, is make
people scared that unless they spend a lot of money that they will not
be able to keep their cushy jobs.

> > If you do go this route then screw the desktop switches, get yourself
> > some decent slotted hubs.  You want a much higher port density than
> > the crummy 24 in a typical rack mounted switch.  Besides that, the
> > switch vendor is gonna want to use your school as an example of how to
> > do things right. Remember,
> > if your going to go begging then you need to beg for the best stuff
> > they have.
> Anything in particular that you would recommend?

Cisco is the obvious choice here to go beg from.  First they are a rich
company.  Second they are still trying to break out of the "we're only a
router manufacturer" image and they want people to believe that they
know how to produce switches.  heh.

The top of the line in the business of course is the 3com Switch 7700
but good luck prying them free.  3com is tops, they know they are tops,
everyone thinks they are tops, and everyone wants their stuff.  They don't
need to give away things to get market share.  But, you can always try.

Enterasys is also another good one to go begging to, particularly because
they are still trying to create a name for themselves.  As you may know they
are a spawn of Cabletron.  Cabletron had some very good switching products,
and that technology has transferred over to Enterasys, unfortunately though
the fame of the name didn't.

Nortel is a wildcard to go begging to - their Passport 8600 fits the bill,
but unfortunately Nortel is such an enormously bloated company that you
may never get through the layers of flappers to someone who actually can
help you.  But, they definintely have a much better long term survival than
Enterasys in my opinion - after all with a fat pig of a company if it loses
there's lots and lots of fat to prune away.

> I'll just have to be smarter than them, or faster.  That's why I'm
> asking for help here.  At least I'm finally moving away from the NT
> servers that were here, and replacing them with FreeBSD.  Only 2 more to
> go and I'm MS Free, at least as far as the servers are concerned, which
> should make my job a bit easier.

No, it probably won't.  The sooner you get it through your head that this
is a layer-2 MAC war and the operating system is totally immaterial, the
faster you will catch on.

The exact same thing can be done with a Netware IPX network, or a Macintosh
network or a UNIX network.  It's the hubs, not the OS, that are your

> True, however it's only 1% or less of the kids I have to watch out for,
> the rest haven't got enough clue to be a real problem.

Unfortunately when the 1% realize what the game is, they will start
scripts for the script kiddies to run.

> None of this network is standardised, some buildings switches are in a
> central location, others are in the building itself, some are even daisy
> chained through different buildings.  It's a nightmare.

Don't get overwhelmed by it, just break it down into a lot of smaller
problems and do those 1 by 1.

> Should I get a sandwich board made up with "The End of the World is
> NIGH" written on it?   It might work, it's a private/catholic school.
> Perhaps predictions of Armageddon would be better...... I might even be
> able to dig up a few horsemen :)

Set the MAC of the most attacked server to 00:EA:55:FE:ED:EE and the smart
might get the message.


More information about the freebsd-questions mailing list