Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
nndocs [2019/02/17 02:11]
naptastic [Design Decisions And Conventions] make more sense of things
nndocs [2019/05/11 23:01] (current)
naptastic [Design Decisions And Conventions]
Line 44: Line 44:
 So, we can grow in terms of locations, or networks per location, or any combination thereof, as our needs dictate. I estimate this allows us to expand by about 16,000 hosts distributed however we want, before running into problems where we have to rearrange subnets to accommodate growth. (That 16,000 number **includes VMs**.) So, we can grow in terms of locations, or networks per location, or any combination thereof, as our needs dictate. I estimate this allows us to expand by about 16,000 hosts distributed however we want, before running into problems where we have to rearrange subnets to accommodate growth. (That 16,000 number **includes VMs**.)
  
-  * Reservations (how it should be; not quite how it actually is right now):+  * Reservations (how it actually is right now, not how it should be. Infrastructure is painted into too small a corner.):
     * 172.x.0.1 is always the external gateway for your location.     * 172.x.0.1 is always the external gateway for your location.
     * 172.x.0.* and ranges immediately above it are for site infrastructure:​ switches, access points, cameras, printers, televisions,​ IoT and other spy devices...     * 172.x.0.* and ranges immediately above it are for site infrastructure:​ switches, access points, cameras, printers, televisions,​ IoT and other spy devices...
-    * 172.x.64.* is casual DHCP. +    * 172.x.1.* is casual DHCP. 
-    * 172.x.96.* is for nomadic ​VMs. +    * 172.x.{2..127}.* is for physical hosts and VMs homed to those hostsThe last octet gets divided up however that host's administrator chooses. 254 addresses for //​whatever//​
-    * 172.x.128-254.* are mapped to physical hosts. +      * VMs homed to this specific ​host get IPs from this range. 
-      * Hosts with multiple interfaces can have multiple IPs+      * A host could also be a router or firewall with some kind of lab behind it
-      * VMs homed to this host will have an IP in its range. +      * The lab might still want to be addressable from outside. 
-      * A host could also be a router or firewall with some kind of lab behind it, and the lab still wants to be addressable from outside. IDK, let your imagination run wild. +      * IDK, let your imagination run wild. 
-    Anything not specifically reserved can be further split or expanded at the local administrator'​s discretion.+      (My current plan: Reserve .1 for the interface you expect **always** to have connected. Reserve 1..63 for physical interfaces and 64..254 for homed VMs.) 
 +    * 172.x.{129..254}.* are for nomadic VMs.
  
 +Nothing here is set in stone. If your installation calls for something else, the only restriction is that it has to be in the right IP space so access **could** be fully shared if we wanted it to be. (You should always consider the security implications of allowing connections from remote networks. Even from "​friendly"​ networks, you should probably start with "​reject all" and just add exceptions as you need them.)
 ==== Security ==== ==== Security ====
  
nndocs.1550369470.txt.gz · Last modified: 2019/02/17 02:11 by naptastic
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki