OT-hijacked. . .Re: [K12OSN] Solving the bandwidth bottleneck

Wed May 11 12:19:56 UTC 2005

More info. . .

Les Mikesell wrote:

>On Tue, 2005-05-10 at 23:10, Doug Simpson wrote:
>
>  
>
>>So, how then do you get the ability to put public and private IP 
>>addresses on the same physical wire?
>>    
>>
>
>Usually that is something you want to avoid.  You can overlay
>different subnet ranges on the same wire - it's ugly but it works.
>What people are saying is a bad idea is to connect 2 nics from
>the same machine onto that network. 
>  
>
But unless you want to run two completely different networks (physical 
plant wiring) all over the campus, to 5 buildings and 150 rooms . . .

>  
>
>>For example, a Printer in the office has a JetDirect in it and is 
>>available on a public IP address, and connected to a small switch.  
>>Another port on that switch is connected to a workstation that gets it's 
>>IP address via DHCP (a private number). 
>>    
>>
>
>If you really want a public address on the printer, let something
>route your private addresses there.
>
It has a public IP because our state-wide comouter network, used for 
student data dna administration, printe through local printers, and 
therefore, requires publicly available IP number (we have many of such 
units.)

>
>  
>
>>From what I gather, it would be required to run individual cables for 
>>each IP range to every connection so that the public and private would 
>>always be separate.
>>    
>>
>
>Usually you let the k12ltsp box act as a NAT router for the private
>range on it's 'inside' NIC - and a server for the printers.
>
It does this, but both ranges are on the same set of wires.  I will have 
to go examine and make sure that both NICs are on different switches, 
but they are on the same physical network, even if they are on separate 
switches.

>
>  
>
>>Let's say the workstation mentioned above is set up to dual-boot, and 
>>get's it's IP when booted as a LTSP terminal from the DHCP on the 
>>private range NIC.
>>
>>But, this same workstation, when run in Winders, requires a public IP 
>>address.  Then what do you do? Change the cable  each time you want to 
>>use the other OS?  Unhandy! Especially for users!
>>    
>>
>
>Why does it need a public address?  Unless it is acting as a server (in
>which case you would probably leave it on all the time instead of dual
>booting...) it should get along fine with a private address NATed
>through the k12ltsp server.  Or, if you have enough public addresses
>to split into subnets, the 2nd k12ltsp NIC could be a public branch
>and you could turn off NAT.
>  
>
The state-wide network requests that computers that access it for 
administration and student data have public IP numbers for 
troubleshooting efficiency. I do have some that are on private IPs and 
they work fine, too though.

>  
>
>>So far, having two NICs on the same switch hasn't seemed to adversely 
>>affect it . . .
>>    
>>
>
>Aside from normally wanting the firewalling from the public/private
>split, the main problem most people would have with your scheme is
>that you are leaking private DHCP addresses onto all of the connected
>networks.  If you have static-assigned all of the public addresses
>it won't matter, but it wouldn't work most places.
>
>  
>
All of the public IP addresses are assigned, and nearly all of the 
private numbers are DHCP.  There are a few, like lab servers and private 
printers that have private numbers assigned.

This has been working seemingly flawlessly for 4 years, with over 700 
computers connected. . .  It may be wrong, but I don't have much trouble 
with it. . .

It is nice because it don't matter what kind of device I am connecting, 
a public printer, private workstation, private server, private printer, 
LTSP terminal, public workstation, whatever, I can connect it and it 
just works, all on the same wire. . .

Doug