New Subnets 2008
Les Cottrell & Yee-Ting Li, created 8/23/08, last updated 9/1/08
Introduction
Due to security, network performance and network resilence requirements
of next generation local area networks at SLAC, all hardwired, non-DHCP
hosts (visitor) will need to be re-IP'd over the next few months.
Each building will be required to have it's own subnet(s) and there will
no longer be large spanning tree's that stretch across campus. A prime
example is that of the PUB-'n' subnets.
This document provides guidelines on the both the subnet and vlan naming
and numbering procedures.
Location Naming Convention
All official SLAC buildings on campus are designated an unique three
digit number. This number, appended with sufficient other information
shall be unique and help to quickly identify a specific location on campus.
-
The physical building location of the device shall be included in the
form 'Bxxx' where 'xxx' indicates the numerical label of the building.
Names and aliases shall not be used. * problem is that there are
actually 4 digits....
-
If the building has many floors, then the floor on which the switch
is kept shall be appended onto the building number in the form 'Fn'
where 'n' is the floor number in the American convention (floor 1 is
the ground floor). NOTE: Basements?
-
Should there be many racks on that building, the rack identifier
shall be used instead of the floor (as typically the rack number
shall include floor information). The rack id shall be prepended
with 'R' to indicate the rack.
Examples:
B115
B044f1
B050R2AH08
Network Device Naming Convention For Buildings
Due to the number of buildings present on the SLAC campus, a flexible
naming scheme to quickly identify the location of switches was paramount.
It was decided that a functional approach to switch naming would be
inflexible due to the dynamic workforce at SLAC and the ever changing
roles buildings take.
-
The type of device will be preprended onto the name. Current valid
types of devices are Layer 2 Switches: 'SWH-', Routers: 'RTR-',
Hubs: 'TT-', Terminal Servers: 'TS-'
-
The location of the network device shall then be appended. The
naming conventions are outlined above.
Examples:
swh-b050f1
swh-cgb2AH08 *** haha.. doesn't work...
rtr-kavli1 *** nor does this
Subnet Naming Convention
The purpose of subnet naming is to provide transparency and quick
identification of the location and function of hosts contained within
that subnet. As such, the following convention should be followed:
The general format is to utilise the switch naming convention to quickly
identify where a subnet terminates and to also include the type of hosts
connected to that device. The latter shoudl provide us flexibily to
further segregate by functions should we choose to expland those in the
future.
-
The subnet name shall begin location of a device as outlined under
'Location Naming Convention'
-
An enumerated list of host group types shall be appended to the end
of the location. This list is TBD.
Examples:
B280-PUBLIC
B044f1-IFZ
B050-TRAINING
VLAN Naming and Numbering Convention
Unqiue VLAN numbers are not really necessary as we shall not be spanning
vlans beyond the connection between the BLDGCORE and individual building
switches. However, in order to reduce potential problems with trunking
the wrong vlans etc., unqiue vlan numbers are recommended.
Simarily, to aid with the human interaction, the names of those vlans
should also be unqiue.
-
The name of the VLAN shall be identical to the name of the subnet
that is carried upon it. This assumes a one-to-one mapping of vlan
to subnet.
-
VLAN number shall be allocated depending upon the IP and mask of
the subnet that is carried upon it. It will also use the
SLAC vlan numbering scheme.*** More info on algorithm etc.
Subnet Ranges
- The minimum size of a subnet will be 64 (i.e. a /26, see
Subnet masks). In general subnets will be sized to be
at least twice the number of existing hosts in the subnet.
N.b. some addresses are reserved in each subnet (e.g. 4th quadrant
for /22s are currently used for IFZ, 1-15 are used for
darknet scanning -
this number of hosts for darknet may be reduced).
- PUBLIC subnets numbers will be chosen from the free subnets in our
public address
space (class B 134.79.xxx.yyy). We will also look for subnets that
we can reclaim (e.g. no host pingable and no host in CANDO, the latter hosts
are blocked anyway ), see for example
reclaimable subnets and
switch hosts.
Jared volunteered to contact the owners to start this process.
- Printers and IFZ hosts will go in class B
PRIVATE
subnets in the 172. range, one subnet for each
group per switch.
IFZ-LITE is not being implemented until we get the equipment/resources.
- We will try and allocate the PUBLIC subnets in contiguous ranges
to simplify firewall ACLs. We may also try and leave empty /26 subnets
available next to used /26 subnet to simplify later expansion. There
is also consideration to keeping big chunks available where possible.
- For the old scheme for /22 subnets the router is the first address
in the fourth octet. For /24 subnets the fourth octet is 1, for /25 and
/26 subnets the router is the first address in the subnet range.