Security Basics mailing list archives
[OT] IP Address scheme for branch office
From: martin <martiniscool () gmail com>
Date: Wed, 11 Nov 2009 12:12:48 +0000
Hi All this isn't really a security quesiton, more of a network question, but I hope somebody can help. I'm working in an environment where the network designe was inherited from people who were here a long long time before I started !! Obviously the network design is dated and neets a bit of a re-think Currently, we have WAN links to all of our branch office. The WAN links are MPLS links which are managed by a 3rd party. Currently we have 10 24-bit subnets assigned to each office. eg, 192.168.0.0/24-192.168.9.0/24 is assigned to office 1, 192.168.10.0-192.168.19.0/24 is assigned to office 2 etc. Each one of the 10 subnets is for a specific purpose, eg subnet 5 is for desktops (in the second example it would be subnet 15 etc), 9 is for guests etc etc. Additionally, now we'd like to segment the network further in each branch and create a separate segment for servers etc. The problem with the design above, is that there's no easy way to route all the subnets for a particular office using just one route. Additionally, each time we need to setup a new subnet at a branch office, we have to get the MPLS provider to add a new route for that subnet. I know we could set up the routes for all 10 offices in advance, but for reasons too difficult to explain here, we don't want to go down that route !! The easiest way (that I can see) of re-designing the network to minimize the routes is to give each office 8 24-bit subnets instead of 10. Then we can cover each office with one route using a /21 route on the MPLS routers. The problem with this, is that each office will no longer have a "5" subnet - the first office will have 192.168.0.0/24 - 192.168.7.0/24, the second office will have 192.168.8.0/24-192.168.15.0/24 but the 3rd will have 192.168.16.0-23 ... so there's no 5 subnet !! The reason we like to keep certain subnets for different usage is to make it easier for our helpdesk staff to remember. I'd appreciate any suggestions anybody has on how to make this eaiser, or how you do this in your own environment Thanks in advance M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- [OT] IP Address scheme for branch office martin (Nov 12)
- Re: [OT] IP Address scheme for branch office Jared Curtis (Nov 12)
- Message not available
- Re: [OT] IP Address scheme for branch office martin (Nov 26)