Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-edu (108 mails)

< Previous Next >
RE: [suse-linux-uk-schools] address ranges
  • From: Christopher Dawkins <cchd@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 15 Sep 2003 21:01:28 +0000 (UTC)
  • Message-id: <20030915203314.Y12379-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

> ... I'm surprised that, as yet, no one has looked at the reason for
> sub-netting. Just 'because it exists' is a bad reason.

We subnet geographically. We are working towards a gigabit "core" network
extending through 25 buildings over forty acres, with a router in each
serving that building (or a group) at 100M. We also have a few two-machine
subnets for various good reasons*. Though there is considerable
cross-network traffic because much is aimed at central servers (actually,
servers in four well-separated centres), the subnetting allows firewalls
on each router (marvellous for controlling Blaster traffic!) and easy
location-identification. Portables, of course, need to pick up a new
address from DHCP when moved from building to building, but this seems to
work OK.

Without subnetting, some of our cheaper switches would soon hit their
1000-MAC-address limits.

We use Class B, scheme 10.<net>.<machine-type>.<number> and DHCP is locked
down to hand out fixed addresses - we register MAC addresses in
dhcpd.conf. This has the big advantage that I always know a particular
machine has a particular number.

Servers are mostly statically configured, which helps when they all have
to reboot following a major power cut (though they do need to wait for
DNS, NFS and NIS servers).

I know 10.x.y.z is defined as Class A, but it all works well with a Class
B netmask.

*example. We do have one single Windows server running an SQL database. It
is on its own subnet, protected by a very restrictive SQL-only firewall on
a separate dual-interface machine. All the other servers are FreeBSD and
most have external addresses on a Class C allocation we have, protected by
a firewall with many large holes. The main protection we have is that all
clients have local addresses that can't be seen externally: their external
access is basically through Squid and Postfix. We have no NAT.

--
Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG
01371-822698, mobile 07816 821659 cchd@xxxxxxxxxxxxxxxxxxxx




< Previous Next >
References