Hi,

You did’t give enough details about your current setup - are you using DHCP and/or NATting your address space? Also, some more information about your plans would be helpfull e.g, do you plan to use real or private IPs, and as tmehta noted, do you want them static or dynamic?

Anyway, whether you want them NATted or not, static or dynamic, I’d advice to use DHCP, if you have more than 2 hosts ;o). This will save you a lot of foot-work in the future.

Also I’d like to accentuate on p.4 of tmehta - alias-based naming convention is great for DNS menagment.

BR

Petko

Is this IP cleanup elective and you can look at options? IPv4 is getting pretty old and IPv6 adoption is beginning to take hold. If you are looking to future-proof your operation, you might look at migrating to IPv6.

Depending on number of hosts, I agree that DHCP is probably the best idea. It is pretty straight forward to do, and any of your OS (MS, Mac, Linux…) providers will probably have lots of info on how to do it.

IF you have customers that are on a fixed IP (not under your control), the NAT (network address translation) is probably a good choice. This could be done on router or firewall between you and them. This is also well documented by the likes of Cisco and Check Point. The only tricky thing is coordinating NAT with the VPN (depending on products and your network design)

Tmehta and Petkoa are both bang on.

Following up on the DHCP portion, which is the ‘only way to go’ for your workstations; you might want to allocate a specific static address range for servers (10.0.0.2~>10.0.0.9) a specific static address range for printers (10.0.0.10~>10.0.0.20), and then a specific static address range for firewalls or other routing devices (10.0.0.250~>10.0.0.254). This will still allow 10.0.0.21~>10.0.0.249 for a couple of hundred workstations! Of course you would want to make sure you reserved those address ranges in your DHCP scope so they wouldn’t be handed out.

Just use the ipconfig /all utility or a good network topology pack to get a listing of each device’s ip and MAC address as you will need that info for the reserved pool.

You’re doing the right thing in planning proactively. I am too often in a re-active mode……

Regards,

n0bytes

IPv6 is a great suggestion, but you need to have compatible hardware and possibly applications. Most OS will support. I would probably suggest going with the other suggestions and working IPv6 into the future. You can get some IPv6 Security features in IPv4 by utilizing IPSec. You can do this, but it also will cause some changes. Read up and prepare for a while before attempting.

DHCP for workstations & static for the “plumbing” (servers, printers, routers, etc) sounds like a solid approach.
Something you didn’t mention was if you use the Notes client or using a browser to get to your Domino servers. The Notes client has a habit of caching the IP address, even if you have always set things up to use the host name to connect. I would guess there is a cleaner way around it, but under User Preferences and Ports, you can Trace a connection and it will tell you how it is determining how to get to the server and should eventually drop down to asking DNS for the address, establish the connection and cache the new address. If you used IP addresses instead of hostnames on connection documents in their personal address book, you probably have a desk-to-desk vist in your future, unless you have a programmer that can write a “mail button” that would change the connection document (and possibly location document) to use host name instead. It’s not terribly difficult but depending on the number of workstations, it may be easier to take the low-tech approach.
Good luck

Changing IP’s is very simple, administering a network is real challange.
Goode luck.
GS

There are many things to consider before you plan to change the IP address scheme

1- Do you have a public IP address space ? or private IP address space 10.0.0.0 , 192.168.0.0 , 172.16.0.0 - 172.31.0.0 ?

2- If you are moving from private to private IP address space. The change over is mainly internal and may not affect the external routing that much. Majority of the services inside the network would be affected.

For the public address space (which is routable on the internet) you have many things to do specially on the Border routers.

It would be helpful, if you are specific.

Dharminder Dargan

Hi WikusIT,

Just a little addition to what the others have already said.

If you’re planning to add more remote locations (esp if not all will be under your control), I suggest you do *not* pick one of the “typical” ranges of internal addresses like 192.168.0.x or 192.168.1.x or 192.168.2.x, etc which everybody uses (Class C should suffice; I imagine you don’t have 1000’s of hosts to require Class A). As you have now pretty much complete freedom, pick something like 192.168.78.x (or 176.16.x.x - 172.31.x.x) which not too many people out there use. That’ll make it much less probable that the remote subnet of the site you try to VPN into will clash with yours.

Good luck!

Ah ha! Once again, most of the good answers are already taken. That will teach me to go on vacation!! However, there’s something to be said for drifting down the Colorado river on a raft, where the only electronic thing in sight is the boatman’s wristwatch.

Seriously though, before embarking on a project like this, there are a number of relatively non-technical questions that should be asked and answered:

1) Why do you need to do this?

2) What parties are involved?

3) Do you need or could benefit from their buy-in?

4) If the answer to 2) is more than just you, and the answer to 3) is Yes, then you need to bring the relevant parties into the planning process. This might make the project itself more difficult, but the political price of acting in a vacuum will be MUCH cheaper.

5) How much autonomy do you really have?

6) Who/what are you going to affect if you do this?

7) Where are you in the “food chain”, and do you have (or can get) the authority to act independently?

Do your plans allow for changes, reorganizations, growth, acquisition, etc.?

9) If things go badly wrong, do you have a back-out plan, to put things quickly back the way they were?

On a technical note, whatever scheme you pick may well be “overlaid” onto the existing network to make the change less visible to the end-users. And THAT will make YOU look much better in their eyes. Remember that most end-users view us network/server folks with a jaundiced eye to begin with. They rarely notice when things are working smoothly, but they sure do when things go wrong!

Bob

Just a few things:
- Carefully investigate whether anywhere IP addresses instead of DNS names are used for accessing the machines to be renumbered. The message to use DNS names rather than IP addresses should be communicated to all users.
- DHCP was already mentioned by others. What I didn’t see was the advice to assign addresses by DHCP for *any* device possible, i.e., also for devices that need fixed IP addresses, like servers and printers, wherever possible. This will make your job much easier in future.
- Take care of DNS. Before you make the change, make sure you reduce the time-to-live for caching enties.
- Yet another issue with DNS: by nature, DNS servers are addressed by IP address. Make sure anyone using the DNS server is aware of the new IP address of it.
- Take care of possible firewall rules or Access Control Lists that are based on IP addresses.
- Take care of applications that do not respect DNS expiration terms. An example I once was confronted with is SAP printing: initially, DNS resolving is done and the IP addresses are kept forever - the only way to refresh (according to SAP experts I consulted) is to restart the task.

Another issue is for you to document all these changes, and how you configure the settings. Also like mentioned before the rules. I suppose you’re using bandwidth since you mentioned VPN. Becareful on the IP address range.
And you did not mention what IP address range you were using or the one you plan on using?
I trust your network diagram is up-to-date.
Also be mindful of office or device (PC’s,Printers and others) that might change locations. And as written above group certain device in a specific range (th heavy loads on a certain subnet).You are going to have to discuss with the other guys on that other VPN (especially access rights and trusts)

Regards

Newton