VLANs and subnets
Revision as of 18:54, 29 May 2016 by Adj (talk | contribs) (→tabular representations of the network segments)
Rationale
There is a large quantity of network devices to be found here in fnordland. It might be nice to segregate them by function and restrict who may talk to whom. We can do this with VLANs (broadcast domains), network address spaces, and some firewall.
Goals
- Management devices need not be accessible to stuff like the BluRay player
- Network and server management needs no access to the Internet at large
- Shared infrastructure services (DNS, email, ...) get their own space that client systems can get to
- I'm sure there are more...
tabular representations of the network segments
| VLAN ID | IPv4 address space | IPv6 address space | notes |
|---|---|---|---|
| 0 | there is no such thing as VLAN 0 | ||
| 1 | 172.16.0.0/24 | 2001:470:ba93:10::1/64, 2001:470:1f0f:5be::1/64 | Legacy 172.16.0.0/24 RFC1918 network and Hurricane Electric provided IPv6 space. We need to move devices away from this space. |
| 99 | 10.10.0.0/24 | tbd | Server, network mgmt network. For server IPMIs, UPS interfaces, network attached PDUs, tape libraries, other sorts of switches, ... |
| 1000 | 172.16.1.0/24 (There's a lot of room here in this 172.16.0.0/12 space, isn't there?) | tbd | Server network |
| 1990 | 192.168.90.0/24 | tbd | guest network |