It is the preferred Enterprise network security scheme for many network engineers to divide the enterprise's local area network and improve the security of the network through the rational subnet division. Indeed, with the help of the subnet mask, the enterprise network can be divided into several relatively independent networks. The company's confidential department is then placed in a separate subnet to restrict access to the department's network by other department personnel. This is a very good solution. I usually in the enterprise deployment network infrastructure, but also like the use of subnets to the important departments of the enterprise isolation. In addition, some application servers can be isolated by using subnets to prevent the client network from being poisoned and adversely affecting the server.
but the content of the subnet division, in the school to learn very hard, because the textbook is too advanced writing. After work, the actual contact with several projects, but also with some predecessors communicated, think the subnet division is not as difficult as we imagine. In general, a reasonable subnet partitioning scheme can be designed by only six steps.
First step: How many subnets does the enterprise need?
when the enterprise LAN for the subnet planning, the first thing the network administrator to consider is the enterprise in the end to be divided into several subnets. Because you need to confirm the number of bits of the subnet mask based on this data.
as the author of a network planning for a company, after communication with their various departments, decided to set four subnets for them. Research and Development Department, finance department each use a subnet; In order to Application server security, so their mailbox server, ERP system server, OA office automation software server and so on in the same child network, other departments of the client share a network segment.
Enterprise needs to divide 4 network segment, need several subnet mask altogether? Here's a ready-made formula to apply: The number of 2x= subnets, where x is the number of subnet masks needed. According to this case, the number of subnets is 4, then 2x=4. To solve this equation, the subnet mask number is 2.
Step Two: How many hosts are there in each subnet?
The second problem that
network administrators need to consider is how many hosts each subnet might need to deploy. Because the number of hosts in each subnet is limited, the above subnet partitioning scheme is not the final solution. Only when the number of hosts in each network segment can meet the needs of the enterprise can the final decision be adopted.
The author is responsible for the enterprise, research and development departments, the financial Department of the number of hosts are relatively small, research and Development department 10 units, Finance Department 5, and a variety of application servers also need six IP addresses. If scalability is considered, the above two departments can add up to 3 additional IP addresses. And the rest of the department, the existing computer about 40 units. For subsequent extensions, you have to reserve 10 to 20 IP addresses for them.
Step three: Compute the number of legitimate host IPs for an existing subnet
the network administrator will need to calculate according to the first step out of the subnet planning scheme, can meet the needs of enterprise host data. When calculating the legitimate host IP address of a subnet, there is also a formula that can be applied: the number of 2x-2= legitimate host IP addresses (where x represents the number of digits of the subnet mask, that is, the subnet mask is 0 digits). In the first step, we calculated the number of subnet masks is 2, at this time, we need one test.
If we use the C class IP address, its subnet mask is 1 of the maximum eight digits. According to this case, a subnet mask of 2 bits is required, and 6 bits are zero for the subnet mask. Each network segment has a subnet mask of 26-2 = 62 bits. The maximum number of hosts per network segment required by the enterprise is 60 units (the need for future expansion has been considered). Therefore, this subnet partitioning scheme fully meets the needs of the enterprise.
If at this time, the enterprise needs the number of hosts 100 units, then can not use the C class address, but need to use B class address or a class address. In short, the network administrator to ensure that the existing subnet planning scheme, the number of hosts per network segment to meet the needs of enterprises. Otherwise, it is necessary to adjust accordingly.
in making this judgment, the author needs to emphasize two aspects of the problem
first, when considering the number of hosts in a certain network segment, it is not possible to see how many IP addresses are left. But need to consider a certain expansion type. The author here only left about 15% of the expansion space, in fact, is relatively conservative. In general, you may need to have 50% or more reserved space. Because the subnet is deployed, because the IP address is not enough to readjust, it is a very headache.
Two is best from C class, B class, a class address so test. The author prefers to adopt C class address. Only when the C class address can not be satisfied, only consider using Class B, Class A address. In general, in the same number of subnets, Class B, Class A addresses the number of host IP addresses available more than the C class address. Specifically what kind of IP address, generally related to the hobby of network administrator.
Fourth step: What are the subnet numbers for these subnets?
through the three steps above, the subnet planning has been completed. The next task is to calculate some specific parameters. This is mainly used to help network administrators do the following configuration, as well as the convenience of future work. Specifically, after network planning, the network administrator needs to analyze the number of subnets per segment, the broadcast address of each subnet, and the legal IP address of each subnet.
first, we need to compute the subnet number of each subnet. Here's another formula, the 256-Subnet mask = increment value. Take the author of this enterprise as an example. Because the 2-bit subnet mask is used, the binary representation is 11000000. If converted to decimal, that is 192. So, the calculated increment is 64. Then, from 0来, every 64, that is, the subnet number of each subnet. In this example, the subnet numbers for the four network segments are 192.168.0.0, 192.168.0.64, 192.168.0.128, 192.168.0.192, respectively. According to the relevant rules, these four IP addresses have special uses and cannot be used to allocate to network clients.