Date: Mon, 29 May 2006 00:27:37 -0500 From: Scott Sipe <cscotts@mindspring.com> To: Atom Powers <atom.powers@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Network Design Message-ID: <665F85C4-B52B-448A-8CEB-62006287CAA4@mindspring.com> In-Reply-To: <df9ac37c0605282149w54042fbn7eeb2d9f6d0da74a@mail.gmail.com> References: <8C402A85-9C04-4454-B846-7A5F0D47841C@mindspring.com> <df9ac37c0605282149w54042fbn7eeb2d9f6d0da74a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 28, 2006, at 11:49 PM, Atom Powers wrote: > > >> Their main office location has: >> - 3 external static IPs on a DSL connection (all aliased on one nic) >> - an internal network of 10.0.0.0/255.0.0.0 > > How many computers are on this network? Probably less than 253. Make > sure your DHCP server is only giving out leases in, say, 10.0.0.1-254 > range and then change it to a /24 subnet, or whatever fits your > environment. Small network--about 20 at the main location, and maybe 2-3 at the secondary location, once it's up. > >> - a wireless network with IP range 192.168.1.0/255.255.255.0 (nat'ed >> and running off the firewall box) > > NATed from the 10/8 network too? You may want to just route between > the wired and wireless, it will save you some headaches > troubleshooting things later. Security policies between the networks > should be implemented by the firewall. Yeah, it was setup this way a couple years ago, and hasn't been changed in the meanwhile. I was thinking it would probably be a good idea to just do normal routing, which it sounds like you've confirmed :) >> They are adding a second warehouse location. It will also have one >> static IP address (running on dsl also). I'd like to get a IPsec >> connection going between the location so all warehouse traffic goes >> through the main branch. I've done this much before. >> >> They also want to subdivide up the network at their main location so >> some terminals can be on gige and some are on 100. I believe I've >> read you shouldn't mix and match 100/1000? > > Do you know what your bandwidth usage is? Chances are very good that > the peak usage for the workstations is around 8-10Mbps. In other > words, you almost certainly don't need GigE. Even my file servers, > that service several hundred roaming profiles, peak around 70-80MBps. > Find out what your bandwidth usage is before you go out and spend > several thousand dollars on an upgrade that won't do you any good. ( > I use cacti and SNMP agents to watch my bandwidth usage. ) It's not an issue for most of the workstations, but there are several workstations that do large file transfers (working with graphics, etc) on a regular basis. They support gige already (macs), the fileserver has gige (em interface) and there's an unused SMC switch available. I thought it was more complicated I think. > Assuming you have a switched network, you should have no problems > mixing your 10/100Base network with your 10/100/1000Base network. Even > if you were using hubs you shouldn't have a problem. (Do they even > make 1000Base Ethernet hubs?) > That's good to know. I had been unsure if there were issues relating to MTU issues--like if I enabled jumbo frames (the switch I have available supports jumbo frames, which I had read were good to enable) >> I don't really have any experience with how subnetting and IP ranges >> should work for a configuration like this (local network, remote >> ipsec location, wireless network, etc). > > Simple subnetting alone won't *really* separate two network if they > share physical infrastructure. You would need to either completely > separate the physical networks or do something with 802.1q VLANs. > Either way you will need a router. > >> Looking for any assistance (advice, links, anything!) on how to setup >> a sane and well designed network. > > Head down to your local privately owned book store and grab the > biggest book on TCP/IP that you can find. Chances are it will be > terribly dry and not very useful, but it is a place to start. > > This book is very good, but probably way too technical for what you > are trying to do: > The Protocols (TCP/IP Illustrated, Volume 1) (Hardcover) > by W. Richard Stevens Thanks for all your advice, I'll check that book out. thanks, Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?665F85C4-B52B-448A-8CEB-62006287CAA4>