Network Design

[Atom Powers]

On 5/28/06, Scott Sipe <cscotts at mindspring.com> wrote:
>
> I'm helping a small business expand their networking.

Good for you.

> right now they have one office location (with a freebsd firewall box,
> and a freebsd box running db, web, samba, etc).

Good for them.

> Their main office location has:
> - 3 external static IPs on a DSL connection (all aliased on one nic)
> - an internal network of 10.0.0.0/255.0.0.0

How many computers are on this network? Probably less than 253. Make
sure your DHCP server is only giving out leases in, say, 10.0.0.1-254
range and then change it to a /24 subnet, or whatever fits your
environment.

> - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed
> and running off the firewall box)

NATed from the 10/8 network too? You may want to just route between
the wired and wireless, it will save you some headaches
troubleshooting things later. Security policies between the networks
should be implemented by the firewall.

> They are adding a second warehouse location. It will also have one
> static IP address (running on dsl also). I'd like to get a IPsec
> connection going between the location so all warehouse traffic goes
> through the main branch. I've done this much before.
>
> They also want to subdivide up the network at their main location so
> some terminals can be on gige and some are on 100. I believe I've
> read you shouldn't mix and match 100/1000?

Do you know what your bandwidth usage is? Chances are very good that
the peak usage for the workstations is around 8-10Mbps. In other
words, you almost certainly don't need GigE. Even my file servers,
that service several hundred roaming profiles, peak around 70-80MBps.
Find out what your bandwidth usage is before you go out and spend
several thousand dollars on an upgrade that won't do you any good.  (
I use cacti and SNMP agents to watch my bandwidth usage. )

Assuming you have a switched network, you should have no problems
mixing your 10/100Base network with your 10/100/1000Base network. Even
if you were using hubs you shouldn't have a problem. (Do they even
make 1000Base Ethernet hubs?)

If users are complaining about poor network performance, and aren't
doing something crazy like live database replication to their
desktops, I would bet cold hard cash that bandwidth isn't the problem.

> I don't really have any experience with how subnetting and IP ranges
> should work for a configuration like this (local network, remote
> ipsec location, wireless network, etc).

Simple subnetting alone won't *really* separate two network if they
share physical infrastructure. You would need to either completely
separate the physical networks or do something with 802.1q VLANs.
Either way you will need a router.

> Looking for any assistance (advice, links, anything!) on how to setup
> a sane and well designed network.

Head down to your local privately owned book store and grab the
biggest book on TCP/IP that you can find. Chances are it will be
terribly dry and not very useful, but it is a place to start.

This book is very good, but probably way too technical for what you
are trying to do:
The Protocols (TCP/IP Illustrated, Volume 1) (Hardcover)
by W. Richard Stevens



-- 
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--