I've been the IT manager at a medium-sized hospital for about 3 years now. I inherited the network in the state it's in and have made small improvements. I'm running into issues with having enough room for devices in various subnets and the network getting larger and progressively messier. I'd like to re-organize, but this is a bigger project than I've dealt with before.
Here's what I've got:
- Hospital environment. Shutting down the entire network at once for any extended period is a non-starter.
- One site.
- Aruba/HPE switches.
- Primary internal routing is shared by two HP 5406zl switches using RIPv2 and VRRP.
- I want to transition to a new Aruba 3810M stack.
- Router/firewall is a Fortigate 201F handling traffic outbound to the internet and several VPNs.
- Main internal network is a /16 (again, I inherited it) with several /23s and /24s. For example: 172.16.0.0/16, 172.17.1.0/24, 172.17.5.0/24, 172.18.0.0/23, etc.
I want to take most of the /16 and turn it into discrete /23s and /24s. Most of our /16 is separated out functionally. 172.16.5.1-254 is servers, 172.16.10.1-254 is imaging devices, 172.16.8.1-254 is printers, etc. These are all using the same gateway, however, say 172.16.0.1. A ton of these devices are using static IPs, so if I change anything there's going to be a huge amount of virtual legwork changing manual IP configurations.
I'd like to do something like take my printers from that huge /16 to a smaller subnet. I'm looking at migrating them from the /16 to a separate /23 or /24. So I'd create a subnet like 172.20.8.0/24 with a GW of 172.16.8.1, which would be a VIP on the new 3810M stack. I'll never be able to completely get rid of that /16 most likely because there are a metric ton of devices on static configurations that would require hours of work re-configuring VPNs, routes, etc. for each individual device. It's just not feasible.
I am hoping that I can take some of the subnets that are on the higher end of the /16 like 172.16.254.x and move them one by one to new subnets. The bulk of usage on that /16 is on the lower range like 172.16.8.xx. I've got about three ranges up higher at .50, .100, and .254 that if I can move, would allow me to shrink that /16 down to a /18 or /19 maybe. I could then go through those static configs on remaining devices, update the subnet masks, and eventually reclaim some of that original address space without leaving everything on one enormous subnet. Say I change it from the /16 to /18, as long as no devices exist on 172.16.64.x and up, it shouldn't matter if the clients have the wrong subnet mask until I get to where I can change it, right?
What I'm really not sure about is if I need to transition from RIPv2 to OSPF, or even how to do it, honestly. Both my Fortigate and my current HPE L3 switches are using RIPv2. I'm not sure how to handle transitioning from one protocol to another smoothly. If I enable OSPF on the new Aruba stack for the subnets I'm creating, the new stack will be able to talk to the old devices. Once I've got as much moved to new subnets as possible, I can transfer the VIP for the /16 gateway from the old switches to the new stack, decommission the old switches, and switch my Fortigate from RIP to OSPF. Does that sound reasonable?
Sorry, this is a lot. Any advice?
No comments:
Post a Comment