Go Back   AnandTech Forums > Hardware and Technology > Networking

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals
· Free Stuff
· Contests and Sweepstakes
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 02-13-2013, 08:13 AM   #1
dpodblood
Diamond Member
 
dpodblood's Avatar
 
Join Date: May 2010
Location: Halifax, Canada
Posts: 3,963
Default Rule of thumb when setting up a new subnet

Hey Guys,

I soon need to re-work out network configuration here for a couple of reasons:

1) With every user using up to 3 IP addresses with their computers, phones, and VM's we are running out of usable addresses (currently a /24)

2) I need to separate our servers and end users into separate subnets/VLANS's.

I was just wondering what is a general rule of thumb is when it comes to accounting for growth when picking a subnet mask? Obviously this is highly dependent on the growth of your company but, when sizing a subnet now much room would you typically leave? Double, triple, quadruple your current needs?

Currently we have just under 50 users and some users can use 3-4 IP's each depending on how many devices they have and if they're using wireless/wired connections at the same time.
dpodblood is offline   Reply With Quote
Old 02-13-2013, 08:55 AM   #2
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,313
Default

I first count the total number of devices and start there. I also gap the ranges so it is easier to "supernet" if needed.

IE I might give wired of 100 people 192.168.0.0/24 then give wireless 192.168.2.0/24 or 192.168.4.0/24 depending on my expected growth.

192.168.1.0/24 [192.168.2.0/24, 192.168.3.0/24] can be pulled in to 192.168.0.0/23 or 192.168.0.0/22 with minimal fuss.

I also give it a hard long thought about ever going to /22 because that is a fairly large layer2 and might have other issues. I try to look for logical breaks based on say, the building.

Floor one could be 10.10.10.0/24 and floor two could be 10.10.20.0/24 etc. I do the same thing with the wireless subnets if it makes sense. However with wireless you often have to support floating from AP to AP so it is best if possible to keep the IP scheme the same there. Wireless being simplex and collision will generally limit the total load on the segment anyway.

The big "pain" is the first step. IE flat network (IE 1 address range) to 2. Once you have the gear to split the IP ranges, adding more ranges is fairly easy.

Last edited by imagoon; 02-13-2013 at 08:59 AM.
imagoon is online now   Reply With Quote
Old 02-13-2013, 09:53 AM   #3
Lithium381
Lifer
 
Lithium381's Avatar
 
Join Date: May 2001
Location: Bay Area, CA
Posts: 12,462
Default

Yep, as imagoon said, leave space between them so you can grow them later if needed. Or, if you're a small company expecting growth, just allocate it now. There are just shy of 20 million addresses available in the private range for you to play with. Just make sure you don't hand the out addresses without a PLAN. I've seen what happens when a company just willy nilly adds subnets here and there. It becomes a pain to manage and is not efficient for routing, etc....
__________________
"This action has caused a division of the people into classes: Those the government deems valuable enough to protect with modern firearms, and those whose lives have been deemed as having less value, and whom the government has decided do not deserve the right to protect themselves with the same firearms." Olympic Arms > NY
"I saw a movie once where only the police and military had guns; it was called Schindler's List"
Lithium381 is offline   Reply With Quote
Old 02-13-2013, 11:52 AM   #4
mammador
Golden Member
 
Join Date: Dec 2010
Posts: 1,795
Default

I agree with what has been said. You also need, especially in IPv4, to account for scalability. That said, it's probably best to use the class A addressing block for private subnets. There is about 10 million available addresses in that block alone, so this is enough even for the largest of organisations.

As a rule of thumb, try and project how many more users you will have. If it's only 50, then a /24 may suffice. it's probably best you separate all uses into one VLAN. So one VLAN for servers, one for wireless, one for wired desktops/laptops, etc. Also VLANs if your firm ever wants to install network cameras, IP door locks, etc.
__________________
Man is the measure of all things, the key is to find one's own measure.

thumbs up for all people like her
mammador is offline   Reply With Quote
Old 02-14-2013, 06:26 AM   #5
her209
No Lifer
 
her209's Avatar
 
Join Date: Oct 2000
Location: ::1
Posts: 55,632
Default

IP phones should really be on their own VLAN.
her209 is offline   Reply With Quote
Old 02-14-2013, 07:44 AM   #6
dpodblood
Diamond Member
 
dpodblood's Avatar
 
Join Date: May 2010
Location: Halifax, Canada
Posts: 3,963
Default

Thanks for all of your input so far.
dpodblood is offline   Reply With Quote
Old 02-14-2013, 07:45 AM   #7
dpodblood
Diamond Member
 
dpodblood's Avatar
 
Join Date: May 2010
Location: Halifax, Canada
Posts: 3,963
Default

Quote:
Originally Posted by her209 View Post
IP phones should really be on their own VLAN.
IP phones are on their own subnet currently. I was referring to cellular phones connected to Wi-Fi.
dpodblood is offline   Reply With Quote
Old 02-15-2013, 12:30 PM   #8
yinan
Golden Member
 
Join Date: Jan 2007
Posts: 1,500
Default

Wi-Fi should be on its own untrusted subnet as well.
__________________
CALLING AN ILLEGAL ALIEN AN "UNDOCUMENTED IMMIGRANT" IS LIKE CALLING A DRUG DEALER AN "UNLICENSED PHARMACIST"!
yinan is offline   Reply With Quote
Old 02-15-2013, 03:03 PM   #9
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,313
Default

Quote:
Originally Posted by yinan View Post
Wi-Fi should be on its own untrusted subnet as well.
Not necessarily. "Guest Wifi" should be untrusted. There are plenty of valid business uses for wireless otherwise and it can be in the trusted segment. It should have its own subnet however.
imagoon is online now   Reply With Quote
Reply

Tags
dhcp, scope, subnet, vlan

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:03 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.