Command disabled: backlink
 
Table of Contents

General notes

United Networks had choosen for goals of addressing private pool 172.16.0.0/12 because this pool rarely used by system administrators at their work places or at their homes. This made to facilitate connection new site to United Networks - it's more probable that new sites will not have intersections with existent United Networks addresses and correspondingly they can be more easily adopted into existing infrastructure of the United Networks.

For example some system administrator change work. So he comes to new one and see that his new firm uses 192.168.x.x addresses in its networks. The temptation is high to install OpenVPN software on work machine and use Untinted Networks resources at work. If United Networks would use 192.168.x.x how administrator's machine understands where some 192.168.10.1 address can be found? At work? Or somewhere in United Networks? Why not 10.0.0.0/8? ISP or simply large companies with lot of subnets use this range for own uses.

Or on the other hand when new Administrator or even simple user is adopted to United Networks. He does already have some addresses, doesn't he? If these addresses intersect with United networks it could be a problem for routing - a Blackholes can arise because all routers due to dynamic routing protocols such as OSPF will get anounces for these addresses from two sources: one is existent somewhere in United Networks addresses and the second source is newly connected site's addresses. If United Networks addresses differ from Site's ones, Site can be immediately aggregated into UN and then its addressing plan can be safely changed.

Addressing

All networks in UN are allocated from the following pool:

Some comments:

  • Minimal allocation block is ”/24”.
  • Region is encoded numerically using the second octet in IP-address:
Region All networks in region
Moscow region, Moscow 172.16.0.0/16
Novosibirsk region, Novosibisrk 172.17.0.0/16
Khakassia region, Abakan 172.18.0.0/16

The ”/16” may be considered as “Regional Pools”.

  • Site can accept one of two pools: 172.rr.xx.0/20 (for Enhanced Sites) or 172.rr.xx.0/23 (for Typical Sites), where rr - Region's Octet (16 - Moscow, 17 - Novosibirsk and so on) and xx - base (first) address of the pool (172.16.32.0/20 for example. Here 172.16.32.0 is the “base” or so-called “first” address from network pool 172.16.32.0/24 … 172.16.47.0/24 - total 16 subnets).

     The first pool consists of 16 subnets and it is intended for enhanced sites which is under control of System Administrator who is IT-professional - for experimental purposes. It is duty of this System Administrator to connect this subnets and restrict access from/to them and aggregate OSPF route for its further spreading in the Core.

     The second pool is allocated to typical site for usual non-advanced users with remote support from other sites. Two subnets are distributed in a such way: first subnet is for all Site's network hardware and users' PCs, the second one is not obligatory, it is only needed to control ADSL-modem when ADSL connection to Local ISP is present. For Typical sites without ADSL connection (e. g. direct Ethernet connection to Local ISP) 2 networks are allocated anyway to keep general trend and to simplify (minimize) schemes.

  • Because Enhanced and Typical Pools are both assigned from Regional Pool the latter is divided onto two halves: 172.rr.0.0 up to 172.rr.127.0 is for large blocks of subnets (16 subnets blocks) e. g. for Enhanced Sites, and 172.rr.128.0 up to 172.rr.254.0 is for Typical Sites (2 subnets blocks).
  • The very first block 172.rr.0.0/20 must be allocated to the Regional Major Site.
  • There must be relation in that how VPN Pool 172.31.0.0/16 is allocated to endpoints and subnets-to-sites allocation.

     The first address that is 172.31.0.1 is assigned to Central Site (srvgate.gogolya.pushkino);

     Endpoints of VPN tunnels get address in a form: 172.31.rr.xx. That is:

  • Typical connection of notebooks and mobile users without any subordinate network takes address directly from VPN pool 172.31.0.0/24 - please, pay attantion to prefix length ”/24” - it means address is from first 256 addresses of 172.31.0.0/16 and does not mean real mask. Because other sites has non-zero “rr” octet, so there is no intersections. Octet “rr” becomes the third one in VPN address, see above.
  • Currently allocated networks:
Site name Networks allocated VPN endpoint address
2nd-district.abakan 172.18.0.0/23 172.31.18.0
2nd-zachatyevskiy.msk - 172.31.0.2
altufevo.msk 172.16.32.0/20 172.31.16.32
gogolya.pushkino 172.16.0.0/20 172.31.0.1
sokol.msk 172.16.16.0/20 172.31.16.16
eltsovskaya.nsk 172.17.0.0/23 172.31.17.0
zelenka.pushkino 172.16.130.0/23 172.31.16.130
addressing_plan.txt · Last modified: 2016/01/31 11:14 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki