On Fri, 30 May 2003 bdragon@gweep.net wrote:
I'm tasked with coming up with an IP plan for an very large lab network. I want to maximize route table manageability and router/firewall log readability. I was thinking of building this lab with the following address space:
1.0.0.0 /8 10.0.0.0 /8 100.0.0.0 /8
I encourage my competitors to do this.
or read another way, this is fairly stupid, but as log as this stupidity doesn't affect me, I don't care. However the person tasked with cleaning tha crap up behind you may not feel the same.
Doing something right, the first time saves having to do it over again and again and again and again.
If this is a test lab or a learning/practice lab where the users will be simulating real-world scenarios and/or doing NAT and other things that involve public/private addressing issues, then it would IMHO be suitable to use a mix of reserved private space and routable space as appropriate. This would also be useful if it's being used to do a dry-run configuration of networks that will eventually be connected to the Internet. This way once the bugs are worked out, you can cut-and-paste the configurations onto the production network. As long as the people running the lab have it sufficiently firewalled that lab bogosities, BGP sessions, etc. are constrained to the lab itself, it shouldn't matter. Another caveat is that the students or persons using the lab are sufficiently well trained in the differences between routable and reserved private space. No sense in teaching even more people to use public space for private networks that later need to connect to the world but don't/won't/can't renumber. Worse yet are those who want to advertise 10/8 to the rest of us. There are enough of both out there already. As far as any need for the lab to access the Internet for software downloads, general browsing, etc., a well-implemented and firewalled proxy server might be a good idea. What the "right" answer is depends to a great extent on the purpose of the lab and the clue level of its users. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/