1

Suppose I have a bunch of facilities, each with a /16 network under the 10.0.0.0/8 private address range. For example, my head office is 10.0.0.0/16, and we have two branches 10.1.0.0/16 and 10.2.0.0/16.

Can I use these network addresses across leased lines or through a VPN to connect between the sites?

voretaq7
  • 79,879
  • 17
  • 130
  • 214
Chris
  • 27
  • 1
  • A `/16` is massive, whilst you don't have to have 6,5534 hosts on the network, you really don't want it to grow that big, so why not reduce it further? I'd favour having multiple /24 subnets at each site rather than a single /16. – Bryan Nov 09 '12 at 23:02
  • The branches on the /16 subnet mask will be segmented down into vlans using the third octet - so /24 for each vlan (10.1.1.0/24, 10.1.2.0/24 etc - then cidr will be used to define the amount of hosts. The branches are in different locations and head office needs to use the resources from servers located at each branch. I believe I need this routed, can this be done using leased lines? – Chris Nov 09 '12 at 23:06
  • 1
    What you want to do is definitely possible, we have a similar set up. You need to purchase a some suitable routing equipment to take care of maintaining a VPN connection between the sites, and configure static routes on the various routers you will have on the network. I don't want to recommend a specific device (off topic here), but you don't need to spend a fortune to implement this type of functionality, especially if you've already got Layer 3 switches at your sites. – Bryan Nov 09 '12 at 23:11
  • 1
    I'm curious, geographically how far apart are these sites? – SpacemanSpiff Nov 10 '12 at 02:22
  • 100 miles apart. – Chris Nov 10 '12 at 23:03

1 Answers1

3

It sounds from the comment discussion like what you're asking is Can I have a bunch of sites, each with a subnet under the 10.0.0.0/8 private address space, and communicate between them over leased lines?

The answer is yes, but if you do it over leased lines you're going to need to invest in routers at each location, and configure your edge/default router to use these private-side routers for private (10-net) traffic.

Another option which you semi-alluded to is VPN tunnels -- this may require you to reconfigure (or replace/supplement) your edge routers, but it's probably a better option: Every site has a public internet connection, and you tunnel traffic between them to create a virtual network between the sites.

Cisco has a great, free, PDF eBook that can help you with the VPN design.
The topology discussions are also useful if you decide to go another route (leased lines).

Once you get the VPN or leased lines and routing bits set up the fact that you're working with private addresses isn't material -- your routers treat the traffic like any other internet traffic and figure out where it should go based on (static or BGP-negotiated) routing tables.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • Thanks for your reply. Can you use VPN over leased lines? I thought that as leased lines are point to point and private, VPN isn't required? – Chris Nov 10 '12 at 01:52
  • 1
    @Chris leased lines would be a physical private network (or more commonly a WAN - Wide Area Network) -- same concepts, only instead of encapsulating and tunneling the traffic (creating a virtual wire through the public internet) you're sending it over a separate physical wire. There's [Cisco books about that too](http://www.ciscopress.com/articles/article.asp?p=25259&seqNum=3) - but they're not free and it's part of the much larger CCNA/CCIE study series. Awesome reading though and highly recommended if this is going to be a big part of your job. – voretaq7 Nov 10 '12 at 01:58
  • 1
    There are other options besides T1/T3 lines and site to site VPNs over the Internet. MetroEthernet, Managed Private VPN, MPLS, VPLS. – SpacemanSpiff Nov 10 '12 at 02:27