Posted this last night but it was shut down because I edited a word and somehow all the HTML got into the text. Also added a TLDR at the suggestion of the mod.
TLDR: Would there be any negative ramifications of static IP addressing a bunch of devices just under the 169.254.0.1 - 169.254.255.254 self addressing IP range, but leaving the subnet open to include those devices? For instance static the devices in the range of 169.253.254.0 - 169.253.255.254 with a subnet mask of 255.252.0.0, or even better (I just learned about this through some googling so forgive me if I'm misunderstanding it's use) a wildcard mask of 0.3.255.255.
Greetings good people of /r/networking!
This is going to be a long one, so thanks in advance for anyone willing to read the whole thing and give me some advice, it is much appreciated.
I am the self-proclaimed audio networking systems admin of a medium sized A/V company. We have around 120 devices which operate using Dante, which is an audio over IP protocol. I have no formal training in networking, but have been educating myself over the past few years as it's very clear that the technology is here to stay. I'm about to do some network restructuring and wanted to ask the advice of people who are better educated than me so that I can make this process as efficient as possible. If at any point it's clear that I'm not understanding something correctly please feel free to correct me since, like I said, I'm self taught.
The first thing to understand is that as of now all of these devices operate on a closed network, as in not connected to the internet or to any existing infrastructure. This is a traveling system that gets set up and broken down all the time, and does not typically need to interface with anything outside the network. All devices are hard wired and static IP addressed, except for a few control iPads and computers which get DHCP from a wireless router. The reason for the restructuring is that the manner in which I have set the static IP addresses and subnets sometimes causes issues when simultaneously connected via CAT5 to our audio network and to the internet over wifi, and that I would like to add the ability to add internet to this network because wifi can be spotty in some of the areas where we work and our technicians sometimes require internet access.
In my infinite wisdom as someone who had no idea how IP addresses and subnets worked, I came up with a terrible IP addressing scheme of 10.Dept(Audio,Video,Lighting).Type of Device (Console,Stagebox,Microphones,etc).Device Number. Seemed like a great way to keep things organized (there are currently no lighting or video devices on the network, I was just planning for future expansion). So now I have roughly 120 audio devices with IP addresses from 10.1.0.1 - 10.2.6.6 (some devices require that the Dante address and control address be in a different subnet). Almost all of the subnet masks are 255.255.0.0, except for the control computers which need to talk to both Dante and control addresses so their subnet masks are 255.0.0.0 (I know, I know).
Everything works great, the hard wired (or DHCP’d) control computers can access all of the device’s controls from their respective applications on a single machine and all is right and harmonious in the world. This is until you have a hard wired computer that you’d like to connect to the internet via wifi, and you get dealt a 10.anything IP address. When that happens it can (not always but sometimes) send the whole network haywire. I’ve done quite a bit of reading about this, and the best of my understanding is that because the control computer’s subnet mask is 255.0.0.0, it thinks that any address beginning with 10. is a local address, and it gets confused about which NIC to send data through (I’m a little cloudy on if that’s exactly what’s happening, but I think that’s the gist of it...yeah?). I’m assuming if this happens now then the whole thing would become a real mess if I were to plug an internet line into the internet port on wireless router and let it into the whole system.
So I’m pretty sure the best thing to do is drastically reduce the size of my subnet so that I can tighten the masks up and greatly reduce the chances of getting a DHCP wifi address that falls inside it. Most of the places we work are big hotels and convention centers with many devices necessitating the 10. range of private IP addresses. If I moved into the 192. range I could almost entirely eliminate the possibility of this ever happening. But here's a monkey wrench...
We often need to rent supplemental pieces of Dante gear which are not static IP addressed and left in the mode that they will self-assign an IP address or, if available, take DHCP. I was going to just set our wireless routers to distribute DHCP addresses at the end of wherever our IP addresses stop. Those rental pieces will happily accept the DHCP and everything will work just fine. But then I got to thinking, our techs all carry our own wireless routers in our tech kits. What if someone forgets theirs or some careless lighting guy knocks it down and breaks it. No DHCP. We use Cisco SG series switches which can be configured to be DHCP servers, but we have so many interchangeable pieces that we could not come up with a way to ensure that there would always be only one DHCP server in whatever system is made out of said pieces. Since not everyone is as savvy with these things we try to make everything as "plug it in and go" as possible, so we don’t want to have people getting into switches and enabling/disabling DHCP on show sites, hence we came up with the “everyone carries their own wireless router” policy, which has worked well.
What I’m wondering is, what if I made all of the static IP addresses fall right under the 169.254.xxx.xxx range of IP addresses and opened up the subnet so that all of those self assigning IP addresses fall inside of it? For instance if I started our static IP addresses in the range of 169.253.254.0 -169.253.255.254 with a subnet of 255.252.0.0? And set the DHCP server to give out addresses between 169.253.255.200 - 169.253.255.254. I read somewhere that the rest of the 169 addresses were old government addresses that are not in use anymore, not that it matters if we’re just running on a closed network, but if we do get the internet going on here will any of that cause me problems?
I’ve been racking my brain over this stuff for weeks now, so if anyone has any insight into whether some or any of this will work the way I want it to please share. Or if this is a common type thing people you guys deal with in a completely different way please point me in the right direction. I feel like I’m on the right track, I’m just trying to avoid having to completely restructure everything again a year down the road.
Thanks again to anyone who’s read all of that and is willing to lend your expertise.
No comments:
Post a Comment