7

We are running out of IP addresses on our expanding network. The current range is 192.168.1.0/24. Considerations:

We use an ISA server as a proxy for all web traffic, this is our current default gateway

Our current backbone is 4 x L2 dell switches connected by LAGs to effectively create 168 port backbone

We have remote site2site vpns connecting into our network from 192.168.102.0,192.168.103.0 etc. They will need access to all the internal networks

2 possible solutions:

  1. Change the mask from 255.255.255.0 to 255.255.252.0, which gives us the range of 192.168.0.1 to 192.168.3.254. The downside is we need to change the mask in a lot of places (static ip hosts, dhcp server etc)

  2. Put a layer3 switch in before the L2 switches, and split it into vlans. This would be a simpler fix. We would change the default gateway to the layer 3 switch, and have the ISA as the gateway for the switch. Would we use the L3 switch as the default gateway for clients then, or could we leave it as the ISA?

What's the best method of gaining some extra IP addresses? Anything to look out for or be wary of?

JKK
  • 71
  • 1
  • 1
    for what it's worth, if you do change your network range i'd suggest avoiding 192.168.0 or similar common ranges, as it may make things easier down the line if you get bought / buy another company and have to merge networks. It may not, but its worth doing if renumbering anyway. It can save doing some NAT shenanigans. – Sirex Feb 10 '12 at 14:55
  • 1
    There is this thing called IPV6 that will solve that problem of address depletion, as well at NAT. – Jim B Feb 10 '12 at 15:13
  • 2
    yea, but.... who uses that, right ? – Sirex Feb 10 '12 at 15:34
  • wouldn't it have been better to use 192.168.128.0/17 for the subnet of remote site2site vpns – ratchet freak Feb 10 '12 at 20:38

6 Answers6

10

Well, I run a backbone and distribute a lot of /24 to different locations. I would NOT change netwok masks - not worth it. Put decent cheap routers in there. Gives you more flexibility.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • This is correct. You don't need a l3 switch to run multiple vlans. Throw in a cheap (enterprise grade) router to do your routing and split it up into vlans. – resmon6 Feb 10 '12 at 21:31
  • A couple of mikrotik's would do the job well enough. – hookenz Dec 06 '12 at 20:57
  • Plan/design what an expanded network will look like, and then make incremental changes that takes you there. – hookenz Dec 06 '12 at 20:59
7

We recently went through the same problem. We decided to change the subnet mask, and while it's a bit of a PITA, good documentation made it easy to track down every last device where it's IP is configured manually. Changed DHCP to match and everything was updated within a week.

Chris S
  • 77,945
  • 11
  • 124
  • 216
2

Why not jump to 10.x.x.x? For example 10.3.0.10. In the format 10.a.b.x have each site have its own 'a' value, then each group at that site could have a 'b' value. Each device would get an 'x' value. That's is our structure and we have close to 5K

Ethan
  • 137
  • 4
1

When realising you are running out IP addresses you should consider reviewing how your network is expanding and what sort of solutions are needed now, and in the future. Expanding your current 192.168.x.x at the the main office isn't an Ideal solution as it is a Class C(A.K.A CIDR /24) address scheme and is only suppose to provide up to 255 nodes per /24 subnet. I feel that you should look at using a class B IP scheme which will help your solution now and in future growth. Read the following aritcles at Cisco to help making the right decision.

Cisco IP Classes

Private IP adresses ranges

onxx
  • 200
  • 1
  • 1
  • 12
  • 3
    -1 Classful networking is no longer relevant. Even the Cisco article you linked to says "These terms are rarely used in the industry anymore because of the introduction of classless interdomain routing (CIDR).". – Nic Feb 10 '12 at 18:40
  • @Nic Thanks for the feedback, although it does state that, alot of companies still have these classes for private IP addressing in place. All that CIDR really refers to is how many bits are turned on in the subnet. Without a general understanding of why we use 192.168.x.x over variations can confuse the use of IP ranges for private schemes Vs Public schemes. These articles are a great starting point full of information for anyone who doesn't understand or is new in the world of IP addressing. Alternative, extra step one would also suggest that IPv4 is being phased out with IPv6 – onxx Feb 10 '12 at 19:35
1

The other answers here all provide good solutions.

I agree that you should consider avoiding 192.168.x.0, especially 0 or 1 for the third octet. Consider the other reserved/private ranges. Using a different subnet is sound; 255.255.252 is fine.

I would manage this change via DHCP, but in the weeks before you make the change, decrease the lease length. By default on many DHCP providers, the lease is 7 days. A couple of weeks before you make the cutover, shorten the lease to no more than a day (even 4 or 8 hours.) Be aware that your DHCP server will see increased load.

Static devices are going to be a problem. Take a good audit of what devices are configured manually well in advance, and consider scripting the change for the servers that you can do this to. Other devices (printers, etc.) seldom provide you with a good way to remotely change the IP, unfortunately.

Above all, I recommend a meticulous plan of steps that you are going to take when it's "go-time". Not having to think about "what's next" is a huge time-saver.

gWaldo
  • 11,957
  • 8
  • 42
  • 69
1

Layer 3 switches aren't cheap, and in my opinion one is not needed in this setup seeing as you could accomplish the same thing by changing subnet mask.

I'm guessing you should be able to redo all your static devices in one day - when I last had to do this, I started when everyone left on a Friday at 17:00 and was finished by 23:00 - even if you got double time for overtime I'm guessing this is massively cheaper than a L3 switch.

Also the switch will be an additional single point of failure, and adding devices such as these will never improve bandwidth/latency/reliability so in my opinion should be avoided unless actually needed.

The only downside I observed with changing the subnet mask was on the Monday morning when everyone came back in, for some reason Windows was often reporting printers offline when they weren't but this seemed to quickly settle down.

Robin Gill
  • 2,513
  • 14
  • 13