VLANs and subnets

From FnordWiki
Revision as of 16:46, 21 May 2016 by Adj (talk | contribs) (Created page with "== Rationale == There is a large quantity of network devices to be found here in fnordland. It might be nice to segregate them by function and restrict who may talk to whom. ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Rationale

There is a large quantity of network devices to be found here in fnordland. It might be nice to segregate them by function and restrict who may talk to whom. We can do this with VLANs (broadcast domains), network address spaces, and some firewall.

Goals

  • Management devices need not be accessible to stuff like the BluRay player
  • Network and server management needs no access to the Internet at large
  • Shared infrastructure services (DNS, email, ...) get their own space that client systems can get to
  • I'm sure there are more...

tabular representations of the network segments

caption for VLAN/subnets table
VLAN ID IPv4 address space IPv6 address space notes
0 there is no such thing as VLAN 0
1 172.16.0.0/24 2001:470:ba93:10::1/64, 2001:470:1f0f:5be::1/64 Legacy 172.16.0.0/24 RFC1918 network and Hurricane Electric provided IPv6 space. We need to move devices away from this space.
100 10.10.0.0/24 tbd Server, network mgmt network. For server IPMIs, UPS interfaces, network attached PDUs, tape libraries, other sorts of switches, ...
1000 172.16.1.0/24 (There's a lot of room here in this 172.16.0.0/12 space, isn't there?) tbd Server network
1990 192.168.90.0/24 tbd guest network
Retrieved from "https://wiki.fnord.greeley.co.us/mediawiki/index.php?title=VLANs_and_subnets&oldid=888"