Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IP Scheme Migration - Looking for guidance


  • Please log in to reply
14 replies to this topic

#1 jonathan.richards

jonathan.richards

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:04:25 PM

Posted 17 October 2014 - 09:48 AM

I have just recently taken over the role of IT Administrator / Director for a medium sized manufacturing company and one of the first tasks I have been assigned from our corporate headquaters is to do a complete IP scheme migration off of the 192.168.0.0/22  scheme we have right now over to a 172.21.0.0/20 to allow room for expansion. I have never needed to do a migration from one ip scheme to another because i have not supported a company of this size before. 

 

Could anyone give me some direction on how to plan something like this.

 

If you have on the job experience could you tell me some of the problems you faced and how you resolved them?

 

Any and all information is greatly appreciated.

 

Thank you all in advance, 

 

Jonathan


Edited by jonathan.richards, 17 October 2014 - 09:48 AM.


BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 17 October 2014 - 10:25 AM

Unclear why you would want to change the subnet but have the same amount of hosts [4096] as you have presently.  You could easily supernet to /18 your present subnet and end up with 4x the hosts.

 

That aside here is how I would do it:

 

1. Document your ip plan as to what ranges are for what hosts [servers, switches, routers, user equipment...] and your dhcp scope.  If you are running AD you will need to update subnets in Sites and Services.

 

Then you have two choices:

1. over a weekend set your dhcp scope to the new subnet and manually go around and edit the static ips on equipment then update DNS. 

2. set everything to dhcp except the servers/routers and do ip reservations according to your ip plan for the equipment.

 

A lot depends on staffing, locations and complexity of the network as to which method is best for you.



#3 jonathan.richards

jonathan.richards
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:04:25 PM

Posted 17 October 2014 - 11:03 AM

Honestly I agree with you. Corporate is just trying to get this location to match their current address policy. 

 

I have started finding out that there are a lot of inconsistencies within the network the further I dig into it so re-doing the addresses will give me a good opportunity to clean up all the clutter and get a uniform set-up going.



#4 jonathan.richards

jonathan.richards
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:04:25 PM

Posted 17 October 2014 - 11:52 AM

I did not provide the correct information when posting originally but, here is what we are trying to accomplish.

  • OLD : 192.168.140.0/22 with no VLANS allow only 1022 equipments.
  • NEW : 172.21.0.0/20 with VLNS per address which separate du flux and allow 4094 equipments.

thoughts?



#5 Ivy74

Ivy74

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Behind a keyboard
  • Local time:06:25 PM

Posted 17 October 2014 - 01:46 PM

Well first and foremost you need to make a list of what has static IP's if any.

 

Best practices if you need that large of a range I would block about 100 IP's for static assigned items (1 to 100).

I usually use the first 10 for servers

20 to 40 peripherals

50 to 60 printers 

and so on

I would make one big range, and then do that block or more of IP excluded from the range. By doing that if you need to make future changes/additions it's easier to administer. 


***Note***

My job has blocked Europe by the firewall which means I can't access this site from the office anymore. So I will barely be here if at all. In case you cared.  :smash:


#6 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 17 October 2014 - 02:33 PM

lol /20 in the 3rd octet is WAY different than /22 in the 4th. So that clears that up.

 

The only thing I'd add is document document document. The more detailed the better. Just make sure in the new scheme you leave room for growth. And you leave a clear map for the next person.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#7 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 17 October 2014 - 04:00 PM

172.21.0.0/20 = not a good plan.  You should start with 172.21.0.0/16  /16=255.255.0.0 which is a class b subnet which goes with a class B subnet mask.  This way you have the whole enchilada.

THEN you subnet. 

 

This is also where it starts getting complicated.  There is a misconception due to the misinterpretation of Cisco training that you need vlans AND different subnet per vlan.  This is for huge enterprises but I have seen folks due this on relatively small lans.  It adds cost [you have to have layer 3 switches for vlan routing/subnet routing] and imo unnecessary maintenance overhead.

 

Most sites can use one subnet and vlans to separate traffic.  This would be the case if you had departments you wanted in their own secure vlan domains but all can access the servers/internet.  Since using vlans you don't have the collision/broadcast domains concerns you would if everyone was all in the same vlan/subnet.  You can do this with a layer 2 managed switch.

 

Now if you have multiple buildings/sites the story changes.  Then you would consider providing a subnet for each building/site which you could further divide with vlans.

 

An example of building/site subnetting using the class b subnet/subnet mask would look like so

172.21.0.0 /24 gives you 172.21.0.0 - 172.21.0.255 *254 hosts

172.21.1.0 /24 gives you 172.21.1.0 - 172.21.1.255 *254 hosts

or

172.21.2.0 /23 gives you 172.21.2.0 - 172.21.3.255 *510 hosts

or

172.21.4.0 /22 gives you 172.21.4.0 - 172.21.7.255 *1022 hosts

 

As you can see from this example you need to plan the max number of hosts you expect to use.  I do my planning like for a 254 hosts I do 510 and reserve the other 254 address for future growth.  That means all I have to do is change from /24 to /23 and I am done in the future.  I am not caught between two occupied ranges that now requires me to either renumber the entire plan or pull out another subnet from the entire range [whole enchilada] and renumber the entire site.


Edited by Wand3r3r, 17 October 2014 - 05:51 PM.


#8 jonathan.richards

jonathan.richards
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:04:25 PM

Posted 24 October 2014 - 03:07 PM

172.21.0.0/20 = not a good plan.  You should start with 172.21.0.0/16  /16=255.255.0.0 which is a class b subnet which goes with a class B subnet mask.  This way you have the whole enchilada.

THEN you subnet. 

 

This is also where it starts getting complicated.  There is a misconception due to the misinterpretation of Cisco training that you need vlans AND different subnet per vlan.  This is for huge enterprises but I have seen folks due this on relatively small lans.  It adds cost [you have to have layer 3 switches for vlan routing/subnet routing] and imo unnecessary maintenance overhead.

 

Most sites can use one subnet and vlans to separate traffic.  This would be the case if you had departments you wanted in their own secure vlan domains but all can access the servers/internet.  Since using vlans you don't have the collision/broadcast domains concerns you would if everyone was all in the same vlan/subnet.  You can do this with a layer 2 managed switch.

 

Now if you have multiple buildings/sites the story changes.  Then you would consider providing a subnet for each building/site which you could further divide with vlans.

 

An example of building/site subnetting using the class b subnet/subnet mask would look like so

172.21.0.0 /24 gives you 172.21.0.0 - 172.21.0.255 *254 hosts

172.21.1.0 /24 gives you 172.21.1.0 - 172.21.1.255 *254 hosts

or

172.21.2.0 /23 gives you 172.21.2.0 - 172.21.3.255 *510 hosts

or

172.21.4.0 /22 gives you 172.21.4.0 - 172.21.7.255 *1022 hosts

 

As you can see from this example you need to plan the max number of hosts you expect to use.  I do my planning like for a 254 hosts I do 510 and reserve the other 254 address for future growth.  That means all I have to do is change from /24 to /23 and I am done in the future.  I am not caught between two occupied ranges that now requires me to either renumber the entire plan or pull out another subnet from the entire range [whole enchilada] and renumber the entire site.

 

Normally I would agree with you but we are not going to come close to using the 4096 addresses in the scheme that we are moving to so, I am not sure what good expanding the range for up to 65534 addresses is going to do besides give me more to do.



#9 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 24 October 2014 - 04:06 PM

Nothing more to do with a ip plan whether 254 hosts of 65K hosts.  But if you start with your max subnet of /20 you have no ability to add without a complete renumbering of the ip plan and its assignments.  Now you are talking some real work. 

 

I have seen in my IT career a huge growth of ip assigned devices.  Want to add a VoIP phone system?  Allowing smartphones/tables on the net? What tech is next to use ip addresses?  Something to think about.

 

So you are planning on like 16 vlans for all of this?


Edited by Wand3r3r, 24 October 2014 - 04:11 PM.


#10 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 24 October 2014 - 04:11 PM

How big of a place are you in? Will you ever reach any where near that many IP devices?


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#11 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 24 October 2014 - 04:16 PM

 "medium sized manufacturing company" and "1022 equipment's"

 

Having worked for Hyundai doing chip manufacturing there can be a lot of equipment networked and then you have the administration side of the business which is also networked.  We used a class A subnet to accomplish this.


Edited by Wand3r3r, 24 October 2014 - 04:20 PM.


#12 jonathan.richards

jonathan.richards
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:04:25 PM

Posted 24 October 2014 - 04:39 PM

We already have IP phones, and IP camera, and all the other devices you would normally see on a standard domain (Laptops, computer, printers, routers, switches, servers) and we are still not using all of the ip's already. Right now there is only about 75-100 people on staff, there was 340 and they still did not use up the entire original ip scheme.

 

Even if we add a 5th building bigger than the other ones put together we would never come close to a full Class B subnet off of 172.21.0.0 /16. We are however planning on bringing more machines back as well as hiring back personnel to get back up to 300-ish. That is the main reason we are moving schemes even though we are not going to even use half of the 4096 devices from the ip scheme that we are working on putting in place. 



#13 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 24 October 2014 - 04:42 PM

  • OLD : 192.168.140.0/22 with no VLANS allow only 1022 equipments.

 

I read that as his current IP scheme only allows 1022 not that he has that many. Which tells me that his place isn't close to that and the new scheme is WAY over kill. I'd just spread out the addressing and just roll with it. 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#14 jonathan.richards

jonathan.richards
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas
  • Local time:04:25 PM

Posted 24 October 2014 - 04:48 PM

Yeah, that is pretty much what I was thinking too. If I were estimating I would say that the current addressing scheme is not even half way used up. The scheme we are trying to put in place now would multiply the current available addresses x4 and this is to allow for the future expansion of the plant and allow room for an additional BUILDING or two.

 

I am not saying that using a true Class B subnet is a bad idea, I just think it's overkill for this situation.



#15 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 24 October 2014 - 06:04 PM

You are already going to a class b subnet :-)

 

My point is you are subnetting that subnet from the gitgo.  This prevents you from further subnetting in the future without doing a complete renumbering.  Just because you have ips available doesn't mean you are using them.

 

For example I have 9 sites in two states.  Our class b subnet plan has the entire 172.16.0.0 subnet.  Each site takes a chunk.  But that only goes up to 172.16.68.0 which is a long way from using the entire class.

 

So you are planning on like 16 vlans for all of this?  In other words are you keeping in mind your collision and broadcast domain sizes?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users