I'm tasked with coming up with an IP plan for an very large lab
network. I want to maximize route table manageability and
router/firewall log readability. I was thinking of building this
lab with the following address space:
1.0.0.0 /8
10.0.0.0 /8
100.0.0.0 /8
I encourage my competitors to do this.
or read another way, this is fairly stupid, but as log as
this stupidity doesn't affect me, I don't care. However the
person tasked with cleaning tha crap up behind you may not feel
the same.
Doing something right, the first time saves having to do it over
again and again and again and again.
>
> 1.0.0.0 /8
> 10.0.0.0 /8
> 100.0.0.0 /8
I encourage my competitors to do this.
or read another way, this is fairly stupid, but as log as
this stupidity doesn't affect me, I don't care. However the
person tasked with cleaning tha crap up behind you may not feel
the same.
Doing something right, the first time saves having to do it over
again and again and again and again.
Or they could use any addresses they want, and give themselves a way out of
the nightmare by using DHCP, bootp or some other sort of similar technology
to allow them to migrate thousands of physical or virtual hosts to a new
numbering topology.
If the lab your are connecting to already has burned up most RFC1918 space,
give yourself an out if you have to renumber the whole thing before you can
get it live on the Internet.
Deepak Jain
AiNET
If this is a test lab or a learning/practice lab where the users will be
simulating real-world scenarios and/or doing NAT and other things that
involve public/private addressing issues, then it would IMHO be suitable
to use a mix of reserved private space and routable space as appropriate.
This would also be useful if it's being used to do a dry-run configuration
of networks that will eventually be connected to the Internet. This way
once the bugs are worked out, you can cut-and-paste the configurations
onto the production network.
As long as the people running the lab have it sufficiently firewalled
that lab bogosities, BGP sessions, etc. are constrained to the lab
itself, it shouldn't matter. Another caveat is that the students or
persons using the lab are sufficiently well trained in the differences
between routable and reserved private space. No sense in teaching even
more people to use public space for private networks that later need to
connect to the world but don't/won't/can't renumber. Worse yet are those
who want to advertise 10/8 to the rest of us. There are enough of both
out there already.
As far as any need for the lab to access the Internet for software
downloads, general browsing, etc., a well-implemented and firewalled
proxy server might be a good idea.
What the "right" answer is depends to a great extent on the purpose of
the lab and the clue level of its users.