IT Employment

General discussion


Subnet Mask

By nethelp ·
I'm in a hospital and have a private network that is and only have about 500 nodes. Is this causing too much broadcast and degrading performance? I know vlans would help separate buildings or departments for security, but I really haven't had the need for that yet. Any knowledge or pitfalls would be greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by razz2 In reply to Subnet Mask

I would suggest seperate subnets for LAN preformance, but the direct answer would be it depends, and probly you are fine. Lots of varibles here though.

Seperating the LAN will require distribution of some some network resources that you may now have in only one place.

Whats the network infrstructure? Future growth requirements etc. Do you have multiple AD Servers, DNS , DHCP etc? If so then you may be fine. Still, what is the client OS base? Is your network using internal DNS? Are you using DHCP and if so what is the node type? What types are services or resources are being used? Based on the OS, the types of applications used, and the node type etc., the workstations my be checking your DNS or WINS server and getting access to resources without a broadcast. A lot will also of course depend on those services being configured properly.

As you suggest, subnets or vlans could be used to seperate traffic by dept. or building based on the need. It COULD improve preformance and should be implemented BEFORE you need it, not after.

Pitfalls if you change? Make sure that key services are available in all subnets or vlans, and across routers. AD, DHCP, DNS and the like that is.

Collapse -

by nethelp In reply to Variables

I am still running NT (1 PDC and 1 BDC), but plan on upgrading to AD before 2005. The PDC and BDC run WINS and the PDC is my DHCP server, node type is hybrid. I have a NT member server running and forward requests to my ISP.

Most clients are 2000 and XP. But I do have some 98 still out there, but are in the process of phasing them out.

My servers and routers are 10.1.1.x
My printer are 10.1.5.x
My DHCP range is

I have my gateway cisco router and managed HP switches throughout the campus with a gigabit fiber backbone.

Are you saying just subnet one building, VLAN it back to my computer room and have a separate DHCP & DNS for it?

So based on this what would the recommendation be?

Collapse -

Vlans and DHCP /DNS

by JO_BEE In reply to

You can make multiple VLan's base on either departments or buildings (much clearer). Be careful to add helper address for you DHCP server / PXE server /RIS - on the Layer3 switches.
The helper allow the udp broadcast packets to go across routers.

Collapse -

Why do not upgradre right now?

by mauri_1848 In reply to

If you are planning to migrate to AD, this is a good moment to do it.

If you install AD on both server (PDC and BDC) you can creat two separate nets (installing diferents DHCP &DNS), and you can install the NAT service to have access between the two nets.

Probably, you'll need one extra server for replication.

Anyway, subnet your network is the best solution for you, besides to migrate all you 9x PCs to 2000 or XP to avoid WINS and to save traffic.

Collapse -

Upgrade Now

by razz2 In reply to

First off I agree with the others that you should upgrade
now. There are other thoughts too.


The seperation of the LAN could be done by subnets
per DEPT. or Building. (In a campus it is usually the
same anyway) Your future AD design could follow that
as well with OU's. You mentioned you do have a router
infrastructure so however you seperate is fine. Use
custom ip subnets would work. You however only
mentioned one DHCP server. That is not good. You
should have redundency here. In fact woth 500 clients I
am suprised that the server going down has not caused
issues. DHCP is based on a broadcast for the initial
request by the way. WINS is fine to run but are you
running DNS internaly? An upgrade now would put
DNS in place. It would support dynamic updates. The
clients or DHCP could register ip's in DNS. Any locating
of a resource such as a domain controller or
workstation etc. would be faster as it would all be DNS.
You would not need seperate DNS domains, but you
should have multiple DNS servers.

The idea of subnets would be to limit broadcast traffic. it
would not cross routers. So, if a WIN(* machine in
DEPT A broadcast an election packet for browse
master, the other subnets would not have to be
bothered with it. Odd example but the first I though of.

Now, If you really want to go nuts each dept could be a
subdomain. So, the domain may be HOSPITAL.LOCAL
and then you have PEDS.HOSPITAL.LOCAL,
ORTHO.HOSPITAL.LOCAL ect. This would require
carfull planning is most likely way overboard for your
needs but it is an option. Decide based on future
growth. One giant domain does not grow as well and
clear as the more granular design.


OK, now before someone else says it...The main factor
in the upgrade part here is going to you. If you are the
whole IT dept. then the design must also take in to
account the lack of bodies for troubleshooting issues.
Be redundent and design it to easily recovered. Good
backups, Anti-virus etc. Plan the AD, DNS layout on
paper or in VISIO first and really be sure about it. The
decide on upgrading existing servers or new servers. If
an upgrade then study the difference between upgrade
and fresh install to know any possible pitfalls. Install a
test server with the latest SP and make sure there are
no issues with your software etc. Plan the DNS
namespace. DO NOT use .dom if the LAN is not public.
Use .local or .int or the like.

Wow I am still typing...sorry about that.

Hope it helps ya.


Related Discussions

Related Forums