- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- New LAN Implementation on to existing network
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-26-2016 12:09 PM
тАО04-26-2016 12:09 PM
New LAN Implementation on to existing network
Hey Guys,
I kinda got stuck in a network mess at my new job. To give you some background info: Our dept is a sub dept of huge company. And our network was originally desgined to be a flat L2 network. Someway along the line some crafty network guru introduced VOIP and other private networks on the existing network. Now our situation is we are implementing a new private lan 10.15.100.0/22 to the existing public lan 170.115.38.0 /23 network because we are running out of ip addresses. Our core router 170.115.38.1 is in another building and we cannot manage it. The network architect at our company's NOC gave us an "overlaid" network on the existing network to migrate to.
The core switches have had an ip address given on the new subnet and to get the subnet working there has been a route made on our firewall for the new subnet to route through the ip address of 170.115.38.4. This is causing multiple connectivity issues to servers that have their default gateway set to 170.115.38.2. You can ping them, but you have issues connecting to websites our internal servers host and other bizarre issues. Not to mention congestion. Also having two subnets on the default VLAN creates two broadcasts. What are some solutions I could implement?
I am attaching a visio diagram I quickly made that explains what I'm dealing with. I can provide switch configs if necessary.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2016 01:36 AM
тАО04-27-2016 01:36 AM
Re: New LAN Implementation on to existing network
I'd try to get watchguard out of the loop for traffic between old and new subnet.
On watchguard, already start using IP in new range (10.15.100.x) and dump the old address 170.115.38.2.
Use this 170.115.38.2 as secondary address on the L3 switch already having IP address 170.115.38.4
To get rid of the double broadcast.....just finalize the migration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2016 07:54 AM
тАО04-27-2016 07:54 AM
Re: New LAN Implementation on to existing network
Thanks for the reply.
The issue is I have a lot of app servers and I am not sure how they are designed to behave, so I want to keep the old scheme for my servers until I migrate them one by one. I can cut the users over to a new DHCP. Some users are statically assigned, without using reservations.
How would I implement the new lan while keeping interconnectivity between the old lan and the new lan? Right now I'm having some intermittent issues of 10.15.100.0/22 computers not being able to access their network drives. And I believe it's because of the multiple broadcasts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2016 05:53 PM
тАО04-27-2016 05:53 PM
Re: New LAN Implementation on to existing network
The way I've done migrations like this is this:
1. Create a new VLAN on the network core and give it a new subnet.
2. Trunk the new VLAN from the Core to one of the Access cabinets
3. Swap one of the PCs on this Access cabinet to the new VLAN, test DHCP & connectivity
4. If test succeeds, migrate all ports in this Access cabinet to the new VLAN.
(Often, I will leave a few hard-basket devices on the old VLAN, for various reasons).
5. Return to 1. and repeat for each Access cabinet in turn, giving each one its own /24 VLAN.
A few queries about what you've described.
- why do they want you to use a /22 network? You've already learnt the hard way that segmentation is good, segment everything properly - by Access cabinet. It's not like you need to be stingy with 10.../24 subnets, there being 2^16 of them to choose from...(I once worked on the 3rd-biggest sub-company of the 2nd-biggest network in the world, all sharing the same 10.../8 space. We had ample subnets for our 50+ sites).
- putting the new subnet on the same VLAN as the old flat L2 network. Crazy. Once you start segmenting using VLANs, it simplifies things immensely.
- I doubt very much that broadcasts have anything to do with your connectivity problems. A flat network twice as big as yours would probably result in 10Mb interfaces failing. I've seen flat networks with many thousands of devices on them that still worked most of the time.
- why is the routing being done on the firewall? Your Core switch should be doing it. Adding a new subnet/VLAN to the core switch then requires no fiddling with routing, except on the firewall which needs a route for each new subnet, pointing at the core. (Or better yet, an intelligent summary).
- I don't really understand the routing you describe. If the new 10. network deosn't exist on the FW, then the FW should have a route pointing at the Core switch. You then describe having two L3 interfaces in the 172.. subnet. What's this all about? Each subnet should have one L3 interface.
Reading between the lines, I am guessing the design flaw here is that the same 172.. subnet is being routed on both the Core and the FW. This is wrong. The FW and Core both being L3 devices, should have a point-to-point subnet linking them, with nothing else on it.
If the Network Core isn't under your control, you might want to take control of your own routing.
Ask for a block of 10.../24 subnets to use. Use one of these blocks as a point-to-point link between your "core" and the main parent company "Core". The main Core needs routes sending traffic for your block of subnets across that link.
Then, at your end, deploy those 10.../24 subnets as you please without the deficient design of the parent company being involved, migrating to them as per the process I outlined..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2016 01:37 PM
тАО05-09-2016 01:37 PM
Re: New LAN Implementation on to existing network
This subnet was given from the main office. I have no control of what they give me. I told them this is how many workstations I have and they gave me a /22. The original network was entirely L2 so they went with a firewall to connect a comcast line and use the firewall to provide comcast clients a way to the 170.115.38.1 router.
The 172 networks were desgined in house becuase of the IP dilemma. They will be eliminated once the new network is set up.