Page 1 of 2

Adding more blocks of IP Addresses to 881W getting harder

Posted: Thu Apr 11, 2013 11:44 pm
by Mikerowaved
I called the GSC earlier today to have one of my building's IP Address ranges expanded and promptly found out their policy is no longer "ask and ye shall receive". It appears someone there got out a slide rule and figured out the 10.x.x.x address range they've been slicing and serving large portions of upon request, really does has finite limits, and if they continue on their current course, they may run out. I was informed their new policy is to first check the firewall's "Usage Statistics" (found at tm.lds.org, for those authorized) and compare the Peak Usage stat to the existing DHCP Pool. If they aren't close, don't bother asking.

Doesn't matter that we have 2 large wards in that building, PLUS a YSA ward that recently moved in, I couldn't get the additional 128 addresses that I asked for (and our other 2 buildings had received earlier in the year). 64 was the best I could get for now, until the stats proved I needed more.

Yes, I know the usage stats can be artificially pushed higher, so let's not go there. I throw this out so STS's are aware of the apparent rule change regarding expanding meetinghouse IP Address ranges.

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 6:52 am
by johnshaw
My own personal comment on this is that we could free up a larger amount of addressing if the Rerved Static range could be bitten into. The initial 10 addresses for static is pretty sound for access points and clerk computers/network printers.... But the only building in my stake that has needed a 2nd User zone of IP's was provisioned with 58 static IP's that are totally not being used.

STATIC: 10.x.x.2 - .59

Replicate that around the world and that is a lot of unused addressing.

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 12:06 pm
by russellhltn
I haven't done the math, but personally, I'm thinking someone will figure out that having a unique IP address church-wide for BYOD isn't going to fly.

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 12:45 pm
by spencerto
I agree with John Shaw concerning the static ranges for secondary User Zones. A couple of things have changed since the original roll-out of 881W's. In the beginning, firewalls were being rolled out with subnet sizes of 64 addresses, leaving about 52 available for dynamic addressing (10 for static) 1 for the gateway, and 1 for broadcast. In many areas of the world, this size subnet is more than adequate, however in other parts of the world, this was well short of demand.

New activations were adjusted partway through the project to ship with 128 addresses with some reserved for static addresses, rather than the original 64. This has alleviated the need for most buildings to ask for additional addresses.

We also changed the way secondary zones receive addresses. Originally there was a scaling factor that was used to set a pre-determined amount of static addresses that would be reserved with each additional User zone. Like John has expressed, it is clear that meetinghouses don't require such large amounts of static addresses (different from other types of buildings, like storehouses, seminaries, institutes, temples, etc.) Now, when an additional zone is added, only one address is reserved (for the gateway) and one for the broadcast leaving the remainder for dynamic addresses. This should provide a much more efficient use of the ip address space for meetinghouses.

Two things to note:

1) The address ranges for secondary+ User zones may not reflect accurately in Technology Manager because of the new strategy for adding user zones. Currently, Technology Manager is still showing zones under the original roll-out strategy. You may have more dynamic addresses available than what Technology Manger is showing on the network tab.

For a more accurate count of total available DHCP addresses, check the Usage Statistics tab. Eventually, as most meetinghouses get enrolled in the "phone home" project to deliver Usage Statistics data, we will be able to change Technology Manager to reflect actual addresses ranges as reported by the firewall, rather than on a set of rules that have changed over time.

2) Firewalls that have received additional User Zones prior to the change have not had their excess static ranges recovered. Currently, there isn't a plan to recover those static ranges and return them to the DHCP pool. This could certainly change going forward, but isn't in the current plan yet. We will likely be looking to establish a plan/policy to provide to the GSC on how to handle the desire to recover static ranges for secondary zones and how to return those to the dynamic pool.

Incidently, the 1041 wireless AP's use dynamic addresses, not static, so when viewing your dhcp in-use number keep in mind that some are being used by the AP's.

We sincerely appreciate all that you do in service of your Stakes and Districts. We are working dilligently to provide more tools to help you better perform your responsibilities and ask for your patience as we work to deliver and improve those tools.

Thank You,
Tony

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 1:37 pm
by johnshaw
Tony,

The way these Firewalls/WAP's were implemented was a very well designed plan, I'd say that right from the start... having had to do a similar project with the same piece of equipment at my daytime job I can attest to what goes into the work, so well done.

It does seem like there is some cleanup/efficiency that could be implemented now that we have some usage statistics. For example, I've noticed in my meetinghouse where I have added a 2nd User Zone that in the usage statistics, I'm not using nearly the number of addresses that I have had added... I'm only barely reaching into the 2nd User Zone. Is there a way for us to work with the GSC to reduce that 2nd User Scope, as we review the Usage Statistics? Or is this a project that the church will be doing... finding all those additionally 256 addresses 2nd User zones that are only using 32 addresses and reducing them to 64 ranges?

Is there a standard out there where we can add 32, 64, 128, 192, 256 addresses? Should we as STS request numbers, will the GSC increment based on an initial order and usage statistics? We did have a post today that indicated that the GSC will be working on it... how are we going to say that a meetinghouse will get 32 more rather than 64 or 128, etc...?

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 2:47 pm
by spencerto
John,

Great questions. First let me say, I am not the product manager and don't won't to mis-represent our intentions. I am a developer on the Technology Manager project and am trying to add some clarification of our current situtation. As far as announcing future intentions, that would best be left to the product manager as I am not necessarily kept abreast of prioritization of future features.

That said, there isn't an urgency at this stage to begin recovering excess addresses from building who are underutilizing the capacity. There is no desperation on the horizon to do so as we should have plenty of addresses so long as we manage them judiciously moving forward. At some future point, it would certainly be possible to recover extra addresses if necessary, but that would be accompanied with planning and coordination before any actions were taken. In general, we are in good shape as it stands.

As far as policy for how to proceed when adding extra addresses, it is still a work in progress. The usage statistics have only been available for a few weeks now. As we examine the data we will try to formulate some best practices. We need to strike a balance between adding addresses efficiently without over-fragmenting the address space with numerous tiny addresses ranges.

In general I can say that the desire is to ensure that every unit has sufficient for their needs. I don't forsee a reason to deny any units that require more addresses. At this stage, the GSC along with our teams are working to understand the best way to proceed to accomodate everyone's needs.

The usage statistics data is a wonderful blessing. For example, we have the ability to monitor (on behalf of the units) when their firewalls are nearing ip address capacity and pro-actively grant more addresses for you, rather than requiring the STS to contact the GSC after a problem has already occurred. Setting those triggers are also a work in progress.

Here is a graph of the usage statics for the Kearny 1st, 3rd and YSA ward building.
Usage Stats Kearny Missouri
Usage Stats Kearny Missouri
UsageStatisticsTrimbleMissouri.png (51.92 KiB) Viewed 1966 times
If you looked only at the peak usage data for DHCP addresses, you might think more IPs are needed. The benefit of looking at the graph and usage over time helps to understand the need more clearly. That isn't to say that this location doesn't need more IPs, but as of right now, they may be ok. Working with the STS and having usage statistic data, we should be able to deliver the support you need to have a consistent and desirable experience in your buildings.

Again, the goal is to wisely manage the finite resources that we have while also delivering a consistently reliable experience to all the participating units.

Thanks for your wonderful service!
Tony

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 3:15 pm
by russellhltn
spencerto wrote:If you looked only at the peak usage data for DHCP addresses, you might think more IPs are needed.
Well, since you showed it. :D

The graph may be deceptive. March 31 seems to have taken about 80% of capacity of the IPs. April 7th was General Conference. No idea what was going on on March 24th, but given the low usage, I'm suspecting Stake Conference.

I'd probably need to see more "normal" Sundays before saying that they don't need more IPs.

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 3:24 pm
by spencerto
Exactly. The inverse could be true as well, such as a major event that drew in an unusual number of devices (YSA regional dance?). Which is why looking at the data over time is of value and can help the STS determine along with the GSC if the shortage is an abberration or a real indicator of need.

Which will probably lead to the next question being....can we get a graph? I believe that would be a good feature to add to the usage statistics page. Thoughts?

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 3:40 pm
by Biggles
I'd vote for that!

Re: Adding more blocks of IP Addresses to 881W getting harde

Posted: Fri Apr 12, 2013 7:23 pm
by harddrive
It would also be great to get a current DHCP usage as well, with possible device type.