1 背景

办公内部开始采用的是 H3C 的出口路由器,内部地址网段为 192.168.124.0/24。
随着业务的开展,内部服务器接近 100 个云主机,办公 PC 以及手机终端等也有 100 个左右。因此,原有的 IP 地址段不能够满足需求。

2 分析

为了进行地址扩容,大体有如下几种方案。

  • 增加掩码。比如将192.168.124.0/24扩展为192.168.124.0/23,或者 192.168.124.0/16。这样的好处是简单,粗暴,但是造成的困难是,需要将固定了 IP 地址的设备也进行掩码的更改。服务器众多,容易出错。
  • 增加地址段。将网关从出口路由器下降到核心交换机,并在增加子地址 192.168.125.0/24。如此一来,原有地址可以继续使用,涉及服务器、打印机等,其他设备走新的网段。但是,这种方案,需要注意,dhcp 需要进行分开部署。

3 部署

3.1 192.168.124.0/24 dnsmasq dhcp 配置

resolv-file=/etc/dnsmasq/resolv-file
addn-hosts=/etc/dnsmasq/addn-hosts
cache-size=100000
log-queries
log-facility=/var/log/dnsmasq.log
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig,.sh
dns-forward-max=5096
rebind-domain-ok=
filter-AAAA
address=/jnybggfw.cn/192.168.124.198
address=/shandong.chinatax.gov.cn/192.168.124.198
address=/rencheng.gov.cn/192.168.124.198
address=/shuiyou.com.cn/192.168.124.198
#address=/zhipin.com/192.168.124.198
#address=/bosszhipin.com/192.168.124.198

# 新增 DHCP 配置
dhcp-range=192.168.125.50,192.168.125.200,255.255.255.0,12h
dhcp-option=option:router,192.168.125.1
dhcp-option=option:dns-server,192.168.125.198

# To deny DHCP for a specific MAC address, use: dhcp-host=XX:XX:XX:XX:XX:XX,ignore
dhcp-host=30:66:d0:dc:ff:b8,ignore # 
dhcp-host=00:80:91:B5:AC:CD,ignore # 
dhcp-host=00:80:91:f2:6d:a3,ignore # 
dhcp-host=54:ef:33:77:80:77,ignore # 
dhcp-host=9c:d3:6d:a1:45:c0,ignore # 
dhcp-host=2C:D2:6B:D9:DA:10,ignore # 
dhcp-host=4c:10:d5:8f:04:f3,ignore # 
dhcp-host=B0:44:14:EE:C8:80,ignore # 
dhcp-host=EC:3A:52:30:D8:74,ignore # 
dhcp-host=04:F9:F8:5D:9E:7A,ignore # 
dhcp-host=D4:DA:21:1C:14:C2,ignore # 
dhcp-host=04:95:E6:7F:3E:F1,ignore # 
dhcp-host=00:F7:6F:D5:7C:4F,ignore # 
dhcp-host=B0:7B:25:25:F5:5B,ignore # 
dhcp-host=1C:B7:2C:37:35:B8,ignore # 
dhcp-host=94:65:9C:5B:B2:65,ignore # 
dhcp-host=74:86:e2:22:35:6f,ignore # 
dhcp-host=d4:da:21:34:f4:15,ignore # 
dhcp-host=4c:10:d5:8f:04:f3,ignore # 
dhcp-host=B0:44:14:EE:C8:80,ignore # 
dhcp-host=B0:44:14:EE:C6:50,ignore # 
dhcp-host=90:E7:10:DE:F6:80,ignore #

3.2 192.168.125.0/24 dnsmasq dhcp 配置

port=53
listen-address=0.0.0.0
interface=ens18
resolv-file=/etc/dnsmasq/resolv-file
addn-hosts=/etc/dnsmasq/addn-hosts
cache-size=100000
log-queries
log-facility=/var/log/dnsmasq.log
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig,.sh
dns-forward-max=5096
rebind-domain-ok=
#filter-AAAA
address=/jnybggfw.cn/192.168.124.198
address=/shandong.chinatax.gov.cn/192.168.124.198

# 新增 DHCP 配置
dhcp-range=192.168.124.10,192.168.124.200,255.255.255.0,24h
dhcp-option=option:router,192.168.124.1
dhcp-option=option:dns-server,192.168.124.198

# Ignore all hosts except those tagged as 'known'
dhcp-ignore=tag:!known
dhcp-host=30:66:d0:dc:ff:b8,192.168.124.34,set:known # 
dhcp-host=00:80:91:f2:6d:a3,192.168.124.36,set:known # 
dhcp-host=54:ef:33:77:80:77,192.168.124.27,set:known # 
dhcp-host=00:80:91:b5:ac:cd,192.168.124.38,set:known # 
dhcp-host=2C:D2:6B:D9:DA:10,192.168.124.30,set:known # 
dhcp-host=9c:d3:6d:a1:45:c0,192.168.124.41,set:known # 
dhcp-host=EC:3A:52:30:D8:74,192.168.124.252,set:known # 
dhcp-host=04:F9:F8:5D:9E:7A,192.168.124.130,set:known # 
dhcp-host=D4:DA:21:1C:14:C2,192.168.124.234,set:known # 
dhcp-host=04:95:E6:7F:3E:F1,192.168.124.251,set:known # 
dhcp-host=00:F7:6F:D5:7C:4F,192.168.124.141,set:known # 
dhcp-host=B0:7B:25:25:F5:5B,192.168.124.129,set:known # 
dhcp-host=1C:B7:2C:37:35:B8,192.168.124.102,set:known # 
dhcp-host=94:65:9C:5B:B2:65,192.168.124.93,set:known # 
dhcp-host=74:86:e2:22:35:6f,192.168.124.114,set:known # 
dhcp-host=d4:da:21:34:f4:15,192.168.124.7,set:known # 
dhcp-host=4c:10:d5:8f:04:f3,192.168.124.110,set:known # 
dhcp-host=B0:44:14:EE:C8:80,192.168.124.37,set:known # 
dhcp-host=B0:44:14:EE:C6:50,192.168.124.50,set:known # 
dhcp-host=90:E7:10:DE:F6:80,192.168.124.209,set:known #

4 总结

从网络结构看,地址不够直接扩容是,对于已经在运行的网络,实施网络割接则面临着向后兼容的困难。需要灵活运行网络技术。

最后修改:2025 年 05 月 06 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏