Network Addresses: Calculating Requirements
Intended for use with Cassatt Active Response V5.0.
When you install the Cassatt Active Response software, the installation
program configures the control node to act as a DHCP server.
In this way Cassatt Active Response manages IP allocation to items
under its control. So, when planning for a Cassatt Active Response implementation,
you need to determine the IP address pool for servers, network
devices, and applications participating in the Cassatt Active Response
environment. To this end, I'm going to show you how to:
- Calculate IPs required for the main network
under Cassatt Active Response control, the Cassatt Active Response
network.
- Calculate IPs required for additional networks
that may be required by your site networking policy.
- Reserve IPs that need to be reserved (because some
devices require static IP addresses).
- Determine a range of contiguous IPs in the Cassatt Active Response network
that Cassatt Active Response can use to dynamically assign to items under
its control. (You need to have this IP range in hand before
you install Cassatt Active Response.)
top
What
you should know
In some ways, determining an IP range for a network in Cassatt Active Response is
similar to any network planning exercise. For example, traditionally,
you would determine your required IP address pool by adding
the number of servers you expect to reside on the network,
the number of miscellaneous devices, and
then pad as you see fit. Voila, you have your IP
range and, after a bit of binary math, a netmask for
your network. However, Cassatt Active Response adds a few variables to the
mix. To calculate IP address ranges for Cassatt Active Response, I'm going
to walk you through the following two-step formula:
- Calculate IPs required by the Cassatt Active Response network, which
contains the shared resource pool
- Calculate IPs for additional networks
Before I go into the details of each calculation,
I need to mention briefly the network strategies available
to you and their relative pros and cons.
top
Network strategies
Cassatt Active Response allows you quite a bit of flexibility in designing your networks.
You can determine the IP address pool based
on either
one large Cassatt Active Response network, or determine multiple IP pools
for multiple networks. The following table outlines
the relative advantages/disadvantages of each approach:
Network strategy |
Advantages |
Disadvantages |
One large Cassatt Active Response network that includes both the shared resource
pool and all application tiers |
Simple network architecture. |
Your initial IP calculation is critical.
If you run out of IPs, you'll have to add new networks
and possibly reconfigure Cassatt Active Response application tier/network
relationships. |
One Cassatt Active Response network that includes
the shared resource pool and one or more networks
to host applications or other functions |
Creating one or more networks
distinct from the Cassatt Active Response network provides the most
networking flexibility. You can add new networks for
the purposes of grouping applications (in Cassatt Active Response terms,
application tiers), isolating applications for security
reasons, or any other reason necessary to support your
application environment. |
Complex network architecture. |
For more information on the range of networking configurations supported
in Cassatt Active Response, see Understanding Cassatt Active Response Network Manager.
top
Best practice
I believe the best practice is for you to create
a Cassatt Active Response network for basic server inventorying and
resource pooling and then add networks
for the applications you want to run under Cassatt Active Response.
This means you have to keep multiple network maps
in your head (or preferably, documented in your
site operations manual), but this model gives you
the greatest flexibility. Either way—one network
or multiple networks—you can use the two-step
process I'll show you in this article to calculate
the minimum required number of IP addresses. |
IPs for the Cassatt Active Response network
At a minimum, Cassatt Active Response requires a network that includes
a pool of servers that can be allocated to applications
running in the Cassatt Active Response environment. The Cassatt Active Response network must
have enough IP addresses to account for:
- The Cassatt Active Response control
node(s)—you can have one or two.
- Any other device connected to the network, including
a gateway, which is required for the Cassatt Active Response network.
- Each physical server that will participate in the Cassatt Active Response environment.
The only thing that's not immediately obvious is that, when
using two control nodes, you need to factor in an extra
IP (actually, a virtual IP) that is used to support one control
node failing over to the other. That's not so unusual,
is it?
Now let's look at some of the IP address requirements
for additional networks you might want Cassatt Active Response to supervise.
top
IPs for additional networks
It's common in IT to dedicate networks to applications
or other functions. In Cassatt Active Response terms, this means creating
networks (and determining the necessary IP pools for them)
for application tiers. An application tier is a logical construct
in the Cassatt Active Response environment defined to represent an application
and its physical and virtual resources. For example,
you might have a database tier, a web server tier, or any
other application-specific tier. The idea is that, based
on how you define the tier, Cassatt Active Response allocates
computing resources (and IPs, as necessary) to meet your
service level requirements. You give each
application tier a max
nodes value in Cassatt Active Response. Cassatt Active Response then reserves
an equal number of application image instances, each of which
gets an IP address. (I'll explain more about image instances
later, as it is important to your calculation.)
About applications on multiple
networks
Cassatt Active Response supports a range of network configurations.
For example, many applications can run on one network,
or one application can participate in multiple
networks. In the latter case, each network
the application runs on has a distinct
IP pool. Cassatt Active Response then allocates IPs to servers
running those applications from each respective network
IP pool.
For the application on both Network A and B, Cassatt Active Response
allocates an IP address from both the Network A range
and the Network B range.
About primary networks
In a single-network configuration, all servers boot
from the Cassatt Active Response network. In a multiple network configuration,
where applications may run on more than one network,
a primary network is used to boot
servers, serve the application image instances, monitor
tier and server states, and other automation-related
communications. To determine the IP pool for additional
networks, you'll need to consider whether or not
each network is the primary network for the application,
which I'll discuss in our examples. |
In terms of determining the IP addresses necessary for
these additional networks, the calculation is a little different
from the calculation for the main Cassatt Active Response network. In
general, these networks require an IP for each virtual server,
application image instance, and miscellaneous device on
the network. (Actually, it's a little more complicated
than that. The nature of running some applications mandates
that extra IPs are available, but I don't
want to bog you down with those details yet.)
top
Determining IP address pools
Okay, now that you are either 1) suitably enlightened
about networks and IP addressing in the Cassatt Active Response environment
or 2) bored with the background info and ready to get down
to business, I'll walk you through the formulas to determine
your IP address pool or pools.
Step 1: Determine IP addresses and netmask for the
Cassatt Active Response network
First, calculate the number of IPs you need for the Cassatt Active Response network.
This is relatively straightforward. In general, though, consider
these guidelines:
|
Number of IP addresses |
Recommended for Cassatt Active Response |
254 |
Supported for Cassatt Active Response |
≤ 4094 |
Now,
specifically, to calculate the number of IPs required, use
this formula:
(number physical servers) +
(number of other IPs required on the
network) +
(padding) |
Where:
(number physical servers)
This is the total number of physical servers you expect to run in the Cassatt Active Response
environment. Cassatt Active Response allocates IP addresses to them for the purposes of inventorying
them and placing them in the free pool. (Include the number of
blade servers in a blade enclosure.) You'll want to pad this number
for anticipated growth. Also include the number of control nodes in this total.
You can have either 1 or 2 control nodes.
(number of other IPs required on the network)
Include gateway IPs, firewalls,
load balancers, sniffers, and virtual IPs (VIPs).
Remember that if you use two control nodes, you must have
a VIP. Also, if you use redundant gateways, add a VIP. The
Cassatt Active Response network requires a gateway, so the minimum value
for this variable is 1.
(padding)
Padding should minimally be set to 10 for the Cassatt Active Response network.
This formula gives you a total number of IP addresses needed for the
Cassatt Active Response network.
top
Example—calculating the Cassatt Active Response
network IP pool
Assume a simple configuration that includes the following:
- 26 physical servers (including 2 control nodes)
- 2 routers serving as redundant gateways
Given this configuration, I'd calculate a minimum IP pool like this:
Component |
IPs required |
Physical servers |
26 |
Other IPs (2 gateway IPs, 1 VIP for
redundant gateways, and 1 VIP for dual control nodes) |
4 |
Padding (minimum padding for Cassatt Active Response) |
10 |
Total |
40 |
Of course, pad the total as you see fit to anticipate an increase in
physical servers.
That's it for the Cassatt Active Response network. Note that you cannot easily
increase the IP range for the Cassatt Active Response network after
Cassatt Active Response is up and running, so think through this calculation
thoroughly. If you intend to have one large
network, complete the second part of of this calculation
to make sure your IP range accounts for power controllers on
the network.
top
Step 2: Determine IP addresses for other networks
Next, determine IP addresses required by additional networks.
(Remember, I said that the same calculations will work for
single or multiple networks, so if you prefer one king-sized
Cassatt Active Response network, follow along. You need to do step 2 to determine
additional IPs for the Cassatt Active Response network. I'm just biasing
the discussion for multiple networks.)
With the advent of virtualization—a server
may need an IP for each VM—calculating network size becomes
more complex. But more and more
it's the calculation that IT network architects have to make.
Similarly, in Cassatt Active Response, you also need to account for application
image instances you'll be running in the Cassatt Active Response environment.
Both virtual servers and application image instances require
IP addresses.
About application image instances
Cassatt Active Response stores application images in its image matrix
and serves instances of those images across
the network to application nodes. Each application
image instance requires an IP address. For more information
on the Cassatt Active Response image matrix, see Cassatt Active Response Basic Concepts: Premium Edition, Data Center Edition. |
Special network multipathing (as in IPMP), clustering
software, or VMs on a primary network also require extra
IPs. I'll point out the details below, but let's start with the
general formula:
(number of power
controllers) +
(number of application image instances)
+
(number of virtual servers) +
(number of other IPs required on the network) +
(padding) |
Where:
(number power
controllers)
This is the number of power controllers on the physical servers
you expect to run in this network. Cassatt Active Response
assigns IP addresses to these and uses them to power cycle
servers. Many sites and some hardware vendors recommend
that these controllers be on their own network for security
reasons. If you want a network dedicated to power
controllers, just total the number of power controllers and
you're done with the calculation for this network. In a dual-control
node configuration, be sure to include those power controllers
in the total.
I'm going to refer generically to a server's remote management
controller as a power controller because Cassatt Active Response
accesses remote management utilities primarily to perform
power on/off operations.
(number application image instances)
Cassatt Active Response dynamically provisions bare-metal
servers with application image instances from its image matrix.
Each image instance
requires an IP address. This value is the maximum number
of application instances you expect to run on this network.
(This equates to the maximum number of servers required
to support each application that will run on the network.)
For example, if you expect the maximum number of Apache
application instances to be 8, then enter 8. However, to
the total number of application instances, apply these
factors, as necessary:
If the image
consists of... |
Then, to calculate
the necessary number of IPs, multiply the number of application
instances by... |
Solaris operating system and uses
IP multipathing (IPMP)... |
3 |
Oracle 10g RAC... |
2 (to account for required VIPs) |
Your application may have its own special IP requirements, so consider
those as necessary.
(number of virtual machines [VMs])
This is the total number of VMs you expect to run on this network. However, only
add this number to your total if this network is the primary
network for the virtual machine manager (VMM) application tier (I'll show
you what I mean in the ESX Server example below).
If this is not the primary network for the VMM
base tier, skip this input into the calculation.
(You need to know whether each network is the primary network
for a VMM base tier because this is the
network that provides IPs to the VMs generated by the application.)
(number of other IPs required on the network)
This is the number of other devices that require an IP address: for example,
gateway IPs, routers, firewalls, load balancers, sniffers, virtual IPs, etc.
(padding)
As before, padding should minimally
be set to 10.
If you intend to add more application networks, repeat step 2 for each
network. And if you want to configure just one network (which
would host the shared resource pool and all application
tiers), just add the totals from step 2 to the total from
step 1. That gives you the minimum number of IPs for one
large network. In the end, you're probably going to need
a serious spreadsheet to plan, define, and calculate IPs
for these networks. I've included one you can use at the
end of this article.
top
Example—calculating additional
network IP pools for VMware ESX Server
One of Cassatt Active Response's features is its ability to manage both physical and
virtual servers in a platform- and vendor-neutral way. Because
I need to consider VMs in the IP calculation,
let's look at an example that accounts for a major server consolidation
effort utilizing VMware ESX Server. (See the ESX
Server 3.0 blueprint for instructions on preparing the VMware ESX Server 3.0
software to run in the Cassatt Active Response environment.)
For the base tier primary network, I need to account for:
- The the maximum number
of ESX Server application image instances
- A second IP address for each of the ESX Server application image instances (this IP address is required by ESX Server for its own use)
- The number
of VMs configured in each instance
- A gateway/firewall
Here is how I visualize the network:
Notice when you get to the calculation table below that this illustration
shows 12 virtual servers (3 application image instances,
each configured with 4 VMs). I'll need IP addresses for all 12.
Because this network will also be assigned to the IIS guest application,
I also need to add the IIS application image instances that
will run in the VMs. For this example, let's assume I want
to run IIS in the VMs. Let's
suppose I want the maximum number of IIS image instances
to be 6. I'll need to add 6 more IPs for this network:
So, this is how my IP calculation unfolds:
Component |
IPs required |
Power controllers |
0 |
Other IPs (1 gateway/firewall) |
1 |
Application image instances (3 ESX Server images, x 2,
plus 6 IIS images) |
12 |
Virtual servers (multiply 3 ESX Server image instances
by the 4 VMs defined in each image) |
12 |
Padding |
10 |
Total |
35 |
top
Example—calculating additional
network IP pools for Oracle 10g RAC
For the sake of this example, assume we're configuring Cassatt Active Response to run
Oracle 10g RAC. Now Oracle 10g is a complex application,
and I know from reading the Oracle
10G blueprint that in a Cassatt Active Response implementation it requires 2 networks:
- A primary network from which Cassatt Active Response serves application
image instances
- A network for the Oracle 10g application cluster
My configuration is going to look something like this:
So I need to calculate IPs for both networks. Let's start with the primary
network.
Oracle 10g primary network
Cassatt Active Response uses the primary network to boot hardware, serve
application images, and monitor the application tier. For
this calculation, I'll factor in the following:
- 3 application image instances
- VIP addresses, one per image instance, as required by Oracle 10g
RAC
- 1 gateway/firewall
Here's how my IP calculation looks:
Component |
IPs required |
Power controllers |
0 |
Application image instances |
3 |
Virtual servers |
0 |
Other IPs (1 gateway/firewall IP and additional
VIPs for Oracle 10g clustering) |
4 |
Padding |
10 |
Total |
17 |
Now let's look at the requirements for the Oracle 10g cluster network.
Oracle 10g cluster network
The dedicated network, where a physical NIC is allocated for use only
with that network, allows for communications within the Oracle 10g application
cluster. It's going to include:
- 3 application image instances
- 1 gateway/firewall
The cluster network IP calculation looks like this:
Component |
IPs required |
Power controllers |
0 |
Application image instances |
3 |
Virtual servers |
0 |
Other IPs (1 gateway/firewall) |
1 |
Padding (minimum padding for Cassatt Active Response) |
10 |
Total |
14 |
So, for Oracle 10g, I have two networks, each with its own IP address
range:
|
Oracle 10g primary network
IPs |
Oracle 10g cluster network
IPs |
|
17 |
14 |
Reserving static IPs and determining IP
dynamic range for the Cassatt Active Response network
After you've calculated the IP address pool for the main Cassatt Active Response
network, you need to divide it into:
- One or more sets of IP addresses that are reserved for devices that
require static IPs
- A range of
contiguous IP addresses that Cassatt Active Response dynamically
allocates to devices
You must reserve static IPs for the Cassatt Active Response network prior
to installing Cassatt Active Response. The Cassatt Active Response installation program prompts
for this information. Cassatt Active Response then uses it to
determine which IPs it can dynamically assign. If Cassatt Active Response
were to dynamically allocate an IP address that you have
otherwise statically assigned, you would end up with undesirable
system behavior. I'd recommend you separate
these now as part of your network architecture to avoid that
possible problem.
top
Reserving static IPs
Cassatt Active Response requires that a few devices have static IPs:
- Control nodes and their VIP
- Gateways and their VIP
- BladeCenter integrated switch modules
Typically, it's common networking practice to reserve static IPs from
the start or the end of the IP range:
top
Determining the dynamic IP range
After you have identified the reserved IPs you need from the start and
end of your total network space, you are left with a
range of contiguous IP addresses. These are the ones Cassatt Active Response
dynamically (the D in DHCP) allocates. One
important thing to remember about this range of contiguous
IPs: during the Cassatt Active Response installation, you need to specify
the first available IP and the last available IP in that
range.
At installation time, the first and last available IP values indicate
the range of IPs available for dynamic allocation. Note
that after Cassatt Active Response is up and running, you can extend this
range by reserving IPs (from anywhere in the IP range) in
the Cassatt Active Response Controller user interface. And when you create
additional networks, you also use the Controller
to reserve IPs.
Separating the IP range into static and dynamic groups
isn't conceptually that difficult, but let's look at an example
to make it more concrete. This time, I'm going to complicate
things by significantly increasing the size of our example
network.
top
Example—determining static IPs and range of dynamic IPs
Let's assume I am calculating an IP range for my Cassatt Active Response network. In
this example, I'm going to put a large server farm under
Cassatt Active Response control. (I intend to add separate networks for various
applications, so this exercise focuses on the Cassatt Active Response network.
However, I'll include the power controllers on the Cassatt Active Response
network for this example.) Here's how I see my network taking
shape:
Device |
IPs required |
Physical servers (includes 2 control nodes) |
402 |
Other IPs (2 gateways with 1 VIP, 1 VIP for the 2 control
nodes) |
4 |
Power controllers (includes 2 control nodes) |
402 |
SubTotal |
808 |
Padding |
214 |
Total |
1022 |
For padding, I'm rounding up to a 1024 boundary, but for practicality,
I've subtracted 2 from that range to account for 1 broadcast
and 1 network address, which cannot be assigned to devices.
Assume that, as network administrator, I determine the network
address is 10.10.80/22.
Now, Cassatt Active Response requires that I set aside a few IPs for devices that need
static IP addresses. To that list, I'm going to reserve a few extra for
miscellaneous devices and future use, so I'm going to reserve 12 IPs
from the beginning of the IP range and 12 from the end of the IP range.
My list of reserved IPs looks like this:
Reserved IPs |
Use |
10.10.80.0 |
Cassatt Active Response network address (CIDR prefix /22) |
10.10.80.1 |
1st gateway |
10.10.80.2 |
2nd gateway |
10.10.80.3 |
gateway VIP |
10.10.80.4 |
1st control node power controller |
10.10.80.5 |
2nd control node power controller |
10.10.80.6 |
1st control node |
10.10.80.7 |
2nd control node |
10.10.80.8 |
control node VIP |
10.10.80.9 |
IBM BladeCenter integrated network switch |
10.10.80.10–10.10.80.12 |
reserved for future use (from beginning of IP range) |
10.10.83.242–10.10.83.254 |
reserved for future use (from end of IP range) |
10.10.83.255 |
broadcast address |
10.10.80.13 |
first available IP |
10.10.83.241 |
last available IP |
After I separate the reserved IPs from the beginning and end of the
total IP range, I'm left with a range of 10.10.80.13–10.10.83.241
that Cassatt Active Response can use to dynamically assign to resources under
its control. These, then, are my first available and last
available IPs, which I'll need to provide when I install
Cassatt Active Response on the control nodes.
top
Netmask lookup table
You are going to need a netmask for each network. If you really love
your binary math, you can determine a network mask for each network based
on its respective pool of IPs. You'll need the netmask for the Cassatt Active Response
network when you install Cassatt Active Response, and for additional networks when you
configure application tiers in the Cassatt Active Response Controller user interface.
However, I'll provide a little cheat sheet for you.
Netmask Cheat Sheet
Total IPs |
Netmask |
CIDR prefix length |
≤62 |
255.255.255.192 |
/26 |
≥62 – ≤126 |
255.255.255.128 |
/25 |
≥126 – ≤254 |
255.255.255.0 |
/24 |
≥254 – ≤510 |
255.255.254.0 |
/23 |
≥510 – ≤1022 |
255.255.252.0 |
/22 |
≥1022 – ≤2046 |
255.255.248.0 |
/21 |
≥2046 – ≤4094 |
255.255.240.0 |
/20 |
Once you've calculated the number of IPs you need and determined a netmask
for each network, you can get your network addresses from your admin.
top
Network address planning sheet
We've largely worked through a big planning exercise in this article.
After you've done the work of determining various network
IP pools, netmasks, static IP assignments, et al., it's
a good idea to capture that information. Click this link
for a handy little planning sheet that can be used during
the various steps of a Cassatt Active Response implementation:
Network address planning sheet
As your site
personnel go through the various Cassatt Active Response setup and configuration
phases, they'll thank you for
completing this planning sheet (and you'll probably
be happier with the results, too).
top
Summary
Remember that determining
one or more IP address pools requires you to:
- Calculate IPs required by the Cassatt Active Response network, which
contains the Cassatt Active Response shared resource pool. Divide the
Cassatt Active Response network into a contiguous range of IPs for dynamic
allocation and a set of reserved IPs for static allocation.
- Calculate IPs for additional networks
Even if you only want one large network, you can follow these two steps
and then add the results together to calculate a minimum
IP address pool.
I've covered a lot of ground in this article, so I'll summarize some
of the key points about network addressing in Cassatt Active Response in
this table.
Question |
Answer |
What are the IP address requirements
for Cassatt Active Response? |
- You must have at least one network (the Cassatt Active Response
network) that is used for inventorying hardware and
creating a shared resource pool that
can be allocated in the Cassatt Active Response environment.
- For the Cassatt Active Response network, you need a contiguous range
of IP addresses that Cassatt Active Response can use in assigning
DHCP leases to items under its control.
- The Cassatt Active Response network requires
static IP addresses for control nodes, gateways,
and any BladeCenter switch modules. It is good network
practice to reserve these from outside the contiguous
DHCP range. (On devices that use static IP addresses,
verify that those addresses are outside the range dynamically
allocated by Cassatt Active Response.)
- You can have as many additional networks as you need.
|
If I don't know how many IP addresses I need now, can I estimate now and add new ones later? |
The advantages of segregating
the Cassatt Active Response network by running applications on other
networks are:
- It simplifies the calculation
for the Cassatt Active Response network.
- It's easy to add networks for applications without
complicating the operation of the Cassatt Active Response network.
Even
so, I'd recommend always estimating higher rather
than lower to anticipate growth in the Cassatt Active Response network.
Remember, it needs at least one
IP for every physical server
that could run in the Cassatt Active Response environment (and potentially
one IP for every power controller). After you install
Cassatt Active Response, the only way to modify the size of the Cassatt Active Response
network is to reinstall—ouch! |
Can Cassatt Active Response share a network? |
Yes. By default, the Cassatt Active Response installation program assumes control over the entire
network; the range of control is determined by the IP address you specify for the
first control node and the netmask you provide.
However, you can limit Cassatt Active Response control to a specific range within a network.
For the Cassatt Active Response network, you do this by entering the "First available
address on this subnet" and "Last
available address on this subnet" when you install Cassatt Active Response. The "first
available" and "last
available" define the DHCP range dedicated to Cassatt Active Response automatic assignment.
For other networks, you can use the Controller user interface to specify static
addresses that Cassatt Active Response should not dynamically allocate.
|
What is the control node virtual IP address and how is it used? |
The virtual IP address (VIP) is a common
IP address used when you have two control nodes that
always resolves to the active control node. (If you
are using only 1 control node, a VIP address is unnecessary.) |
top
Was this article useful? Tell us what you think.
Email infocentral@cassatt.com.
|
