geez, that's a lot of questions.
my attempts at answers in-line
----- Original Message -----
From: Murphy, Brennan
To:
Sent: Wednesday, May 02, 2001 1:48 PM
Subject: Generic Summarization Planning Question [7:2952]
> I am curious about best practices concerning subnetting a class B address
> for a large enterprise network.
>
> If a company had 4 data centers spread throughout the globe, for example:
> SanFran
> Austin
> London
> Sydney
>
> One might chop the class B into 4 parts and if need be, reserve some space
> for growth. But what if each site also maintained an "Internet Presence"
> and
Divide the class B space into summarizable sections that provided for both
the growth of the data center proper *and* (the tricky part) all of the
spokes that would come off of that data center. That way, the
interconnections between the data centers could be summarized. You'd
definitely want to use a RP that allowed for VLSM. Also reserve a block of
each allocated data center 'summary' to use for small subnets (30 bit masks)
for serial links, and for things like remote access and the WAN backbone and
DMZs and loopback addresses and other miscellanity.
> had 5 or 6 external subnets being advertised via BGP. Would
> it make sense to re-do the subnetting so that all internal addressing
> was contiguous and all external addressing was contiguous? This way,
You only get to advertise your public block with one AS, so unless you were
using some other registered address space (which is frowned upon if you
already have a big registered block), you'd set up iBGP internally and
(probably) set the Internet access routers so that you didn't advertise
yourself as a transit area. If you're using private B addressing, then your
external doesn't matter because you'd have to use NAT anyway. I suppose
that if you could afford it, you could have both internal and external links
between the data centers so that you could use iBGP on the outside if a
local data center lost its Internet connection you could ride it on the
outside of the firewall, but that is a pretty far-fetched idea. There are
better solutions than that.
> all internal addressing could be summarized with relatively few
statements,
> and external nets as well. Does this sound reasonable? I've been
Take a look at some case studies - good address design and allocation is one
of the trickiest but most fulfilling skills that a Network Engineer can
have, especially if it can be done well. With private address space,
though, that skill has been diminished because we tend to throw caution to
the wind and say "Aww, if I run out of space in 172.16, I can use 172.17"
> browsing the CID book and other documents but havent come across
> anything that seems to address these concerns. Or would it just be better
> to make sure that all nets both internal/external are contiguous for a
> particular data center? Just wondering if anyone has been through this
Your distinction between internal and external is interesting - I'm assuming
that you mean inside the firewall and outside the firewall. Most firewalls
don't pass routing protocol, which makes the distinction and the contiguous
part moot. However, if you did expose your address block to the Internet
(which we did at one company I worked for), it really didn't matter much
that the Internet connection was part of the data center summarizable block.
Actually, the danger there is the "black hole" phenomenon, where the
summarized address 'eats' subnets that are not part of the block but still
being used elsewhere in the enterprise but not behind the data center. It
happens sometimes by accident, seldom by design.
> situation. Not sure if it would matter if OSPF or EIGRP is the IGP
involved.
>
> I cc'ed Howard Berkowitz on this question -- Im told his first book is
> a great reference for this area. Maybe his response would spur me to
> purchase it. :-)
>
Here's one of the best exercises you could do:
o generate the scenario
o start laying out subnets
o see if you could summarize along major subnet boundaries with just the
major sites.
o start simple, with one Internet connection, then throw in one other
Internet connection and see if you could figure out how to:
1. send users to the closest Internet connection
2. have users directed to the other Internet connection if their primary
connection failed
3. prevent your network from becoming an Internet transit
test your design for scaleability by
o adding a 5th and 6th data center (aha! you were going to divide the B
block into 4 parts???)
o using more than the originally alloted address space for one data center
due to spoke or campus growth (want to hear sysadmins complain? tell them
that you underallocated address space in their site, and therefore they have
to readdress)
o create a complex (meshed) WAN behind one or more of the data centers and
see how the addressing holds up.
Hey, I have an idea.. use NAI's global network as your case study! ;-)
-e-
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3007&t=2952
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
