Hey All,
With the move to to a more xen based infrastructure. its a good time to evaluate our ip allocation we have a /24 for our use. id like to propose that we allocate the ips as follows
1-35 for Network appliances/devices nas, san, switches, kvms, etc. 36 - 169 for services i.e. xen guests and physical hosts when needed for example ppc builders 164-169 for existing boxes admin interfaces these would most likely be needed for a short term period 170-199 for admin interfaces drac, ALOM, etc 200 is a nat pool ip id like to have it moved to 250 201 - 219 for test systems 220-249 for physical xen hosts 250-254 for gateways to external networks
What do you all think?
On Sun, 29 Oct 2006 21:01:43 -0600, Dennis Gilmore wrote:
1-35 for Network appliances/devices nas, san, switches, kvms, etc. 36 - 169 for services i.e. xen guests and physical hosts when needed for example ppc builders 164-169 for existing boxes admin interfaces these would most likely be needed for a short term period 170-199 for admin interfaces drac, ALOM, etc 200 is a nat pool ip id like to have it moved to 250 201 - 219 for test systems 220-249 for physical xen hosts 250-254 for gateways to external networks
Wouldn't it be more secure to have the interfaces you put in 1-35 and 170-199 in a separate, unrouted network (10.x.x.x) that can only be accessed from a couple admin machines having dual ethernet ports ?
That would also leave more room in the /24 net...
It's a bit more trouble to manage two networks, but not that much.
C
On 10/30/06, Christian Iseli Christian.Iseli@licr.org wrote:
On Sun, 29 Oct 2006 21:01:43 -0600, Dennis Gilmore wrote:
1-35 for Network appliances/devices nas, san, switches, kvms, etc. 36 - 169 for services i.e. xen guests and physical hosts when needed for example ppc builders 164-169 for existing boxes admin interfaces these would most likely be needed for a short term period 170-199 for admin interfaces drac, ALOM, etc 200 is a nat pool ip id like to have it moved to 250 201 - 219 for test systems 220-249 for physical xen hosts 250-254 for gateways to external networks
Wouldn't it be more secure to have the interfaces you put in 1-35 and 170-199 in a separate, unrouted network (10.x.x.x) that can only be accessed from a couple admin machines having dual ethernet ports ?
That would also leave more room in the /24 net...
It's a bit more trouble to manage two networks, but not that much.
I think that was part of the idea that we could do this later on if we wanted. For now I don't think we need such an architectural change.
-MIke
infrastructure@lists.fedoraproject.org