LAN Redesign - Breaking Up /16 into /24s 1

[Cheradenine]

Hi there

I've inherited a LAN that's comprised of several hundred hosts in several /24 subnets, all mashed together into one big flat noisy network by way of a /16 subnet mask. There are a few sparsely used vlans, but most hosts are in vlan1.

As you can imagine, it's almost grinding to a halt, and broadcast traffic is crippling the network. I've been tasked with redesigning the network. I know the basics, but I'm by no means a network pro.

We're not using Cisco hardware, but this seemed like the best forum to post to. I'm not after switch configs, more design help and to gain a better understanding of some concepts.

Can anyone recommend a text on LAN design best practice?

Is it OK if I keep asking questions here until I have a good understanding of what's required? This is a good opportunity for me to grow my skill-set, and you guys seem like a very appropriable, knowledgeable lot.

 

[vipergg]

It could be as simple as using /24 vlans then assigning the switchports into the correct vlans . The routing would be on a L2/3 switch with access switches hung off of that .. You can trunk to the access switches if more than 1 vlan is needed on a given switch.

 

[PScottC]

I would start with the CCNA study materials (to learn and understand IP), then ask lots and lots of questions. If you can, talk to other network engineers and have them give you a tour of their network setup.

PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[meneerB]

What I'm telling here is more a guideline, then how it's done in you situation.
To give you an idea how things work.
It's how a started in the beginning also

To keep it simple (I allways approach it like that) the basic is 1 layer 3 switch, on which several 'simple' L2 switches are connected.
The L3 switch is a L2 switch which does also the routing between the vlans.

For your network you may always use L3 switches for all switches, but thats more complicated. If you don't need routing on 'floor level, don't use it.


Most important:
Make a visio diagram of what you have now, and what you want.
and a copy of all configs.

create x /24 vlans
- servers in vlan 100
- printers in vlan 101
- subnet between network and firewall 102
etc
- dhcp scope 1 in vlan 103
- dhcp scope 2 in vlan 104
etc

So top-down (may be not the same in you situation, but again a guideline)
1. L3 switch is the master, which routes all vlans and traphic to the outside world.
2. all vlans have an ipaddress: .1
(10.20.100.1, 10.20.101.1, etc)
you create those on the master layer 3 switch.
Again, if you have more L3 switches not on them for simplicity.
3. all vlans are created on all switches. (In large networks you would only allow some necessary vlans on switches, but that is finetuning)
4. all devices are put 1 one of the created vlans, and should have the default gateway of that vlan
5. keep / migrate vlan 1 empty.

6. put the L3 switch in the serverroom.
if you have enough 1gb ports, connect all servers and al L2 sswithes to that one.
7. if not, connect all L2 switches to the L3 switch, and a gigabit L2 serverswitch to the L3 switch.
For peformance, the minimum is a l3 switch with gigabit to the L2 switches and the servers.
The L2 switches for users may have 100Mb or 1gb to the pc's.

8. you can do this now, on a working network! Create all vlans e.g. if you use vlans between 1 and 99, use for the new vlans 100-199.
9. you can put an access port in the new vlan and test if you can access the servers/ other part of the network.

10. plan to migrate pc per pc to the the newly created vlans.
put the pc in the new vlan, and give the pc it's new ipaddress, subnet + gw.
At best, pre-create the vlans on the dhcp server, then you only have to put the switchport in the new vlan.

11. servers are a bit difficult, you cannot change ipaddress like you want...
In basic: if all servers are in the same vlan, you may keep them there.
(maybe all clients are connecting on ipaddress to an applicationson the servers, so changing the ipaddresses of the servers an only be done if all clients use dns etc.)

for simplicity you could use the 3rd octed as a vlan name.
so if you have 10.20.100.0 /24, vlan=100
10.20.101.0/24, vlan=101 etc.

ps. what kind and model switches do you have now?

 

[Cheradenine]

Thanks for the detailed reply. After doing lots of reading over the last week, that's pretty much how I've been thinking of approaching this, but I've only been brainstorming and didn't have a step by step plan. It's good to know I'm on the right track

We have 2 stacked 48 port 3Com 5500G EL switches as our core. They are layer 3 100/1000 fully managed devices. Our servers connect directly to the core. We have around 15 physical servers with 1 Gb links (a few have teamed dual links), and 4 VM hosts with 4 X 1Gb per host, running around 60 VM servers.
The core has 1Gb links to distribution switches, which are a mix of 10/100 L2 and 100/1000 L3 switches. Links are copper within the main building, and fibre to other buildings. I'm hoping to get some more copper links so I can trunk a 1Gb from each core to each distribution switch in the main building.

One question I have is, how do vlans effect WINS and netbios? 3Com have what they call the UDP helper service, which can be configured to bridge UDP broadcasts, but wouldn't that defeat the purpose of subnetting and vlanning in the first place? The helper can be configured to convert broadcasts to a unicast address, so I could channel netbios broadcasts to a WINS server, for example.

How do you guys deal with netbios and other UDP broadcast traffic?

 

[PScottC]

Helper" services typically limit which broadcasts that they forward to only DHCP requests. You would need to have DHCP in each VLAN if this type of service did not exist (the point is moot for devices with statically assigned IPs).

NetBIOS is a broadcast based service which will be cut off by the separation of broadcast domains with subnets.

WINS and DNS are unicast based and would be processed like any other unicast packet.

PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[Cheradenine]

Yeah, I understand the DHCP helper service, but thanks for explaining NETbios. I was wondering if I'd need a WINS service in each VLAN if I didn't enable the WINS helper service. It makes perfect sense now you've explained it - I was getting myself confused

NETbios is actually one of my biggest problems at the moment. We have a lot of research teams who have a habit of mis-configuring VMs and services. They are constantly generating ARP and NETbios broadcasts for non existent devices, or devices on non-existent subnets. I guess that'll continue to happen until I succeed in educating them, but at least it'll only be their local subnet they pollute.

There are far too many ARP broadcasts, and it's not all caused by the reasons I just mentioned. Some of it appears to be for valid addresses. I understand the basics of ARP, but I'll be reading up on that tomorrow.

I'm also seeing unicast flooding when I sniff the network, something else to read up on...

I'm sure I'll have some more questions! Thanks again to everyone for helping me get to grips with this

 

[meneerB]

Goodluck Cheradenine,

I think I stick to max 5 line posts next time..

 

[PScottC]

Can anyone recommend a text on LAN design best practice?
Is it OK if I keep asking questions here until I have a good understanding of what's required?

meneerB -- Your post was excellent... Be sure to stay on topic.

For the record, I use 14 VLANs in my network. Each is used for different purposes, such as Network Management, Servers, or Wireless. They provide broadcast separation and a method of distinguishing different host types. Each VLAN is a /24 network that has been sliced out of a /16 network, allowing me to summarize routes between sites. This also makes building firewall and router ACLs very easy.

PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers