From owner-freebsd-questions@FreeBSD.ORG Mon May 29 05:27:40 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E00A16AAD5 for ; Mon, 29 May 2006 05:27:40 +0000 (UTC) (envelope-from cscotts@mindspring.com) Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by mx1.FreeBSD.org (Postfix) with SMTP id A40D743D48 for ; Mon, 29 May 2006 05:27:39 +0000 (GMT) (envelope-from cscotts@mindspring.com) Received: (qmail 21039 invoked from network); 29 May 2006 05:27:38 -0000 Received: from unknown (HELO ?192.168.1.101?) (unknown) by unknown with SMTP; 29 May 2006 05:27:38 -0000 X-pair-Authenticated: 68.79.15.21 In-Reply-To: References: <8C402A85-9C04-4454-B846-7A5F0D47841C@mindspring.com> Mime-Version: 1.0 (Apple Message framework v750) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <665F85C4-B52B-448A-8CEB-62006287CAA4@mindspring.com> Content-Transfer-Encoding: 7bit From: Scott Sipe Date: Mon, 29 May 2006 00:27:37 -0500 To: Atom Powers X-Mailer: Apple Mail (2.750) Cc: freebsd-questions Subject: Re: Network Design X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 May 2006 05:27:40 -0000 On May 28, 2006, at 11:49 PM, Atom Powers wrote: > > >> Their main office location has: >> - 3 external static IPs on a DSL connection (all aliased on one nic) >> - an internal network of 10.0.0.0/255.0.0.0 > > How many computers are on this network? Probably less than 253. Make > sure your DHCP server is only giving out leases in, say, 10.0.0.1-254 > range and then change it to a /24 subnet, or whatever fits your > environment. Small network--about 20 at the main location, and maybe 2-3 at the secondary location, once it's up. > >> - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed >> and running off the firewall box) > > NATed from the 10/8 network too? You may want to just route between > the wired and wireless, it will save you some headaches > troubleshooting things later. Security policies between the networks > should be implemented by the firewall. Yeah, it was setup this way a couple years ago, and hasn't been changed in the meanwhile. I was thinking it would probably be a good idea to just do normal routing, which it sounds like you've confirmed :) >> They are adding a second warehouse location. It will also have one >> static IP address (running on dsl also). I'd like to get a IPsec >> connection going between the location so all warehouse traffic goes >> through the main branch. I've done this much before. >> >> They also want to subdivide up the network at their main location so >> some terminals can be on gige and some are on 100. I believe I've >> read you shouldn't mix and match 100/1000? > > Do you know what your bandwidth usage is? Chances are very good that > the peak usage for the workstations is around 8-10Mbps. In other > words, you almost certainly don't need GigE. Even my file servers, > that service several hundred roaming profiles, peak around 70-80MBps. > Find out what your bandwidth usage is before you go out and spend > several thousand dollars on an upgrade that won't do you any good. ( > I use cacti and SNMP agents to watch my bandwidth usage. ) It's not an issue for most of the workstations, but there are several workstations that do large file transfers (working with graphics, etc) on a regular basis. They support gige already (macs), the fileserver has gige (em interface) and there's an unused SMC switch available. I thought it was more complicated I think. > Assuming you have a switched network, you should have no problems > mixing your 10/100Base network with your 10/100/1000Base network. Even > if you were using hubs you shouldn't have a problem. (Do they even > make 1000Base Ethernet hubs?) > That's good to know. I had been unsure if there were issues relating to MTU issues--like if I enabled jumbo frames (the switch I have available supports jumbo frames, which I had read were good to enable) >> I don't really have any experience with how subnetting and IP ranges >> should work for a configuration like this (local network, remote >> ipsec location, wireless network, etc). > > Simple subnetting alone won't *really* separate two network if they > share physical infrastructure. You would need to either completely > separate the physical networks or do something with 802.1q VLANs. > Either way you will need a router. > >> Looking for any assistance (advice, links, anything!) on how to setup >> a sane and well designed network. > > Head down to your local privately owned book store and grab the > biggest book on TCP/IP that you can find. Chances are it will be > terribly dry and not very useful, but it is a place to start. > > This book is very good, but probably way too technical for what you > are trying to do: > The Protocols (TCP/IP Illustrated, Volume 1) (Hardcover) > by W. Richard Stevens Thanks for all your advice, I'll check that book out. thanks, Scott