Samba, workgroups and multiple networks

I have about 50 computers on a single network private network
(192.168.1.0/24).

There are about 12 Windows (98/2000/XP) computers running Photoshop and
other proprietary software (digital imaging/scanning/printing), 8 Macs
(OS-X) running Photoshop, and about 30 Linux (mostly Redhat 9.0 with
some SUSE and Fedora) running samba/gimp/other digital imaging software,
on the network. All of the computers are connected via a bank of
100Mbps switches

My main problem is bandwidth. When multiple computers move large files
around (20-80 megabytes per file), the network slows to a crawl. To
reduce traffic on the network, I plan on splitting the network into at
least three networks, digital capture, digital processing and digital
output, so that traffic between departments can be minimized. By doing
that, I believe that I can increase overall bandwidth by a factor of
three (minus the bandwidth loss when files are transferred between
departments).

The three networks will run through a common router (Mikrotic software).
Past experience with Linux only computers worked great. All computers
on multiple networks could access a postgresql database transparently
through the router.

However, I have little experience with Windows workgroups. The way that
I hope to do things is to continue to use a single workgroup for all
computers. Can a Windows workgroup span multiple networks? If not,
what are your recomendations?

Richards wrote:
> I have about 50 computers on a single network private network
> (192.168.1.0/24).
>
> There are about 12 Windows (98/2000/XP) computers running Photoshop and
> other proprietary software (digital imaging/scanning/printing), 8 Macs
> (OS-X) running Photoshop, and about 30 Linux (mostly Redhat 9.0 with
> some SUSE and Fedora) running samba/gimp/other digital imaging software,
> on the network. All of the computers are connected via a bank of
> 100Mbps switches
>
> My main problem is bandwidth. When multiple computers move large files
> around (20-80 megabytes per file), the network slows to a crawl. To
> reduce traffic on the network, I plan on splitting the network into at
> least three networks, digital capture, digital processing and digital
> output, so that traffic between departments can be minimized. By doing
> that, I believe that I can increase overall bandwidth by a factor of
> three (minus the bandwidth loss when files are transferred between
> departments).
>
> The three networks will run through a common router (Mikrotic software).
> Past experience with Linux only computers worked great. All computers
> on multiple networks could access a postgresql database transparently
> through the router.
>
> However, I have little experience with Windows workgroups. The way that
> I hope to do things is to continue to use a single workgroup for all
> computers. Can a Windows workgroup span multiple networks? If not,
> what are your recomendations?
>

Depends on what you mean by "network." Are you planning to introduce
more nodes? You should determine WHERE the bottleneck is before you
offer up a remedy. A few well placed switches can eliminate many problems.

No windows Workgroups generally do not cross routers. They only work
within a single node. You can however have multiple paths to the PDC
from seperate nodes.

--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

Sorry, got my terms mixed up. Where I say node below, I mean segment.


>
> Depends on what you mean by "network." Are you planning to introduce
> more nodes? You should determine WHERE the bottleneck is before you
> offer up a remedy. A few well placed switches can eliminate many problems.
>
> No windows Workgroups generally do not cross routers. They only work
> within a single node. You can however have multiple paths to the PDC
> from seperate nodes.
>


--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

CL (dnoyeB) Gilbert wrote:
> Sorry, got my terms mixed up. Where I say node below, I mean segment.
>
>
>>
>> Depends on what you mean by "network." Are you planning to introduce
>> more nodes? You should determine WHERE the bottleneck is before you
>> offer up a remedy. A few well placed switches can eliminate many
>> problems.
>>
>> No windows Workgroups generally do not cross routers. They only work
>> within a single node. You can however have multiple paths to the PDC
>> from seperate nodes.
>>
>
>

Thanks for the reply.

Yes, I really do mean separate networks, i.e.
network 1 = 192.168.1.0/24
network 2 = 192.168.2.0/24
network 3 = 192.168.3.0/24
etc.

With the size of files that are being transferred, it's not unusual for
a transfer to take 10 or 20 times longer if several computers are
transferring at once than it would take if only one or two computers
were transferring files at one time, thus the desire to break up the
system into as many separate networks as needed.

I would like to have 2-4 computers and a samba file server on each
separate network, and to loosely connect the networks together through a
router. That philosophy works great with a PostgreSQL server that
serves a number of Linux computers residing on separate networks, but
connected through a router. BUT, will it work with samba servers and
Windows workgroups?

>
> Thanks for the reply.
>
> Yes, I really do mean separate networks, i.e.
> network 1 = 192.168.1.0/24
> network 2 = 192.168.2.0/24
> network 3 = 192.168.3.0/24
> etc.

what does the /24 mean here?

>
> With the size of files that are being transferred, it's not unusual for
> a transfer to take 10 or 20 times longer if several computers are
> transferring at once than it would take if only one or two computers
> were transferring files at one time, thus the desire to break up the
> system into as many separate networks as needed.
>

yes, but my point is that you dont need seperate networks. A network is
a logical thing. you are having a physical problem. Thus you need to
change the physics. You need more segments, or "segmentation".

> I would like to have 2-4 computers and a samba file server on each
> separate network, and to loosely connect the networks together through a
> router. That philosophy works great with a PostgreSQL server that
> serves a number of Linux computers residing on separate networks, but
> connected through a router. BUT, will it work with samba servers and
> Windows workgroups?
>
>

where you have routers, you can easily have switches, with much less
hassle (plus switches are faster and transparent). Only reason to have
seperate networks would be for security or priviledge limitation.

Just as my prior post, where you intend to have seperate *networks* you
can easily (and preferrably) have seperate *segments*.

--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

In article <(E-Mail Removed)>, "CL (dnoyeB) Gilbert" <(E-Mail Removed)> wrote:
>>
>> Thanks for the reply.
>>
>> Yes, I really do mean separate networks, i.e.
>> network 1 = 192.168.1.0/24
>> network 2 = 192.168.2.0/24
>> network 3 = 192.168.3.0/24
>> etc.
>
>what does the /24 mean here?

That the first 24 bits are set to 1 in the networks mask

192.168.1.0/24 => netmask 255.255.255.0
192.168.1.0/25 => netmask 255.255.255.128
192.168.1.0/26 => netmask 255.255.255.192

and so one.

Jørn Dahl-Stamnes, EDB Teamco AS
e-mail: Jorn.Dahl-(E-Mail Removed) (remove nospam first)
web: http://spiderman.novit.no/dahls/

Richards <(E-Mail Removed)> writes:

[...]

>Yes, I really do mean separate networks, i.e.
>network 1 = 192.168.1.0/24
>network 2 = 192.168.2.0/24
>network 3 = 192.168.3.0/24
>etc.

Keep in mind that Windows filesharing via SMB is solely based on
broadcasts; broadcasts, however, should _never_ be allowed to cross
a router boundary, as this will rapdily exhaust your bandwidth.

>With the size of files that are being transferred, it's not unusual for
>a transfer to take 10 or 20 times longer if several computers are
>transferring at once than it would take if only one or two computers
>were transferring files at one time, thus the desire to break up the
>system into as many separate networks as needed.

>I would like to have 2-4 computers and a samba file server on each
>separate network, and to loosely connect the networks together through a
>router. That philosophy works great with a PostgreSQL server that
>serves a number of Linux computers residing on separate networks, but
>connected through a router. BUT, will it work with samba servers and
>Windows workgroups?

Depending on what the various Win* machines are supposed to "see"
on the other segments, you will have to properly setup the SAMBA
servers as WINS servers, and possibly have to create a lot of
ipchains rules as well, to keep off the many, many existing filesharing
and messenger tools that will bring every network to its knees. I don't
know what your present policies are, yet I would strongly suggest
filtering out the most well-used ports for stuff like Kazaa, Emule
etc.

Now as far as the workgroups are concerned, the most easy way to go
would be denying private filesharing completely, and instead using the
SAMBA servers on the various segments as a file depository for all
users.

Michael

--
Michael Buchenrieder * (E-Mail Removed) * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.

Michael Buchenrieder wrote:
> Richards <(E-Mail Removed)> writes:
>
> [...]
>
>
>>Yes, I really do mean separate networks, i.e.
>>network 1 = 192.168.1.0/24
>>network 2 = 192.168.2.0/24
>>network 3 = 192.168.3.0/24
>>etc.
>
>
> Keep in mind that Windows filesharing via SMB is solely based on
> broadcasts; broadcasts, however, should _never_ be allowed to cross
> a router boundary, as this will rapdily exhaust your bandwidth.
>
>
>>With the size of files that are being transferred, it's not unusual for
>>a transfer to take 10 or 20 times longer if several computers are
>>transferring at once than it would take if only one or two computers
>>were transferring files at one time, thus the desire to break up the
>>system into as many separate networks as needed.
>
>
>>I would like to have 2-4 computers and a samba file server on each
>>separate network, and to loosely connect the networks together through a
>>router. That philosophy works great with a PostgreSQL server that
>>serves a number of Linux computers residing on separate networks, but
>>connected through a router. BUT, will it work with samba servers and
>>Windows workgroups?
>
>
> Depending on what the various Win* machines are supposed to "see"
> on the other segments, you will have to properly setup the SAMBA
> servers as WINS servers, and possibly have to create a lot of
> ipchains rules as well, to keep off the many, many existing filesharing
> and messenger tools that will bring every network to its knees. I don't
> know what your present policies are, yet I would strongly suggest
> filtering out the most well-used ports for stuff like Kazaa, Emule
> etc.
>
> Now as far as the workgroups are concerned, the most easy way to go
> would be denying private filesharing completely, and instead using the
> SAMBA servers on the various segments as a file depository for all
> users.
>
> Michael
>

Thank you. Your post is making things a little more clear. Basically,
I have one samba server in each department. Each department has its own
private network. Each samba server will have 200+ gigabytes of data that
needs to be worked on in that particular department. Typically, it
takes longer to copy a file from a server to a workstation (20-200
megabyte files) than it does to perform the service required on the
image (color/density correction, sizing, retouching, etc.) Therefore,
fast file transfers are of primary importance.

ALL of the Windows machines have to be able to see all of the samba
servers in all of the departments, even though any particular Windows
machine will work 95% of the time with only the samba server in its own
department. Image files, in groups of 20-50, are transfered between
departments (color/density correction, sizing, retouching, printing,
post-processing) as the work is completed in any particular department.
Even though each department has its own samba server, any user in any
department must have the ability to transfer any file to/from his
department's samba server, thus the need to have a workgroup span
various networks.

It should be obvious at this point that I know absolutely nothing about
workgroups. For instance, I have no idea whether one computer can
belong to several workgroups at the same time, or whether the rule is:
one computer - one workgroup.

All networks are private with a firewall and masquerading installed
between the private networks and the public network.

I'll start studying the smb.conf file to see how to set up WINS servers.

CL (dnoyeB) Gilbert wrote:

>> network 3 = 192.168.3.0/24
>
> what does the /24 mean here?
>
Class C network with 256 nodes.
Network address x.x.x.0
Broadcast address x.x.x.255
Subnet mask 255.255.255.0

(The Class C networks could easily have been broken down into smaller
subnets, but I need to use less than a dozen networks of the possible
256 Class C networks available in the 192.168.x.0 set of networks. Using
an entire Class C network makes assigning addresses consistant on each
network - samba server 192.168.x.1, gateway 192.168.x.254, workstations
192.168.x.10-20, etc.)
>
> yes, but my point is that you dont need seperate networks. A network is
> a logical thing. you are having a physical problem. Thus you need to
> change the physics. You need more segments, or "segmentation".
>

/snip/

>
> where you have routers, you can easily have switches, with much less
> hassle (plus switches are faster and transparent). Only reason to have
> seperate networks would be for security or priviledge limitation.
>
> Just as my prior post, where you intend to have seperate *networks* you
> can easily (and preferrably) have seperate *segments*.
>

Maybe I've done something wrong, but I've already tried using a Netgear
FS116 or JFS524 switch (not a hub) in each department. Each switch was
connected only to the computers in its own department, with the uplink
going to a master switch that connected all of the departments. In
theory, all traffic within a department should have been limited to the
department switch. Traffic between departments should have only been
seen by the two departments involved in the transfer. BUT, something
doesn't work properly. Unfortunately, I don't have the sophisticated
electronic equipment available to monitor the traffic, so I don't know
why things don't work as expected.

Michael Buchenrieder wrote:
> Richards <(E-Mail Removed)> writes:
>
> [...]
>
>
>>Yes, I really do mean separate networks, i.e.
>>network 1 = 192.168.1.0/24
>>network 2 = 192.168.2.0/24
>>network 3 = 192.168.3.0/24
>>etc.
>
>
> Keep in mind that Windows filesharing via SMB is solely based on
> broadcasts; broadcasts, however, should _never_ be allowed to cross
> a router boundary, as this will rapdily exhaust your bandwidth.
>

for name resolution when the computer is not in the master browser
perhaps, but not for the actual file transfer. Broadcasts will
certainly cross switches, but again, I have not see my file transfer
broadcast on the switch.


Definitely something fishy going on, and I would not venture to solve it
until you understand what it is.

1 thing you do want is faster connection on the servers. They should
have gigabit connections if your nodes have 100Mb ones. Or at least
they should have several network cards each.


--
Respectfully,


CL Gilbert

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D

For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html