Best way to plan ip scheme for flexibility and growth?

[cpals]

The schema that I have today was already setup before I started and I added a few sites extra onto it as we've grown. It's just getting out of hand right now and I don't know where to turn or go... two of our sites are /24, but they're talking about adding cameras, wifi scanners, etc to it and we don't have nearly enough IPs at those sites.

Here's a glimpse at our current setup:

172.24.0.0 /16 - Our Network Range

172.24.1.0/24 - 172.24.20.0/24 (Sites)

But then we have these random subnets, which make it hard for growth and flexibility:

172.24.100.0/24 - VPN connections

172.24.105.0/24 - 172.24.120.0/24 Used for misc applications

172.24.200.0/24 - 172.24.203.0/24 - Used for my main site IDFs

172.24.241.0/30 - WAN connectivity

172.24.253.0/28 - Management VLAN

As you can see we're spread all over... my main concern is two or three of our larger sites are going to be needing around 512-1024 IPs and right now none of the schemes I choose will make sense so I guess it will be just random choosing.

Do I have a chance here?

Thanks.

 

[mcmilljb]

Do you have the authority to do some renumbering?

If you need more than 254 hosts, start doing /23 subnets for 510 hosts (you can do /22 for 1022 but I doubt you need that many on a single subnet). You want to have some gaps in there, so you can combine subnets or create others. For example:

Lets say I have these subnets:
172.24.0.0/24
172.24.4.0/24
172.24.8.0/23

If your 172.24.0.0/24 needs to grow, I can make it 172.24.0.0/23. Now I have 172.24.0.0-172.24.1.255. I just doubled its size without bothering any of the other subnets. I could even go all the to 172.24.0.0/22 before I have to worry about bothering 172.24.4.0/24

Lets say I need another subnet and 172.24.8.0/23 just hasn't been using any where close to half of its allocated hosts. I can steal a subnet from it and now have subnets 172.24.8.0/24 and 172.24.9.0/24. Both with 254 hosts available.

This isn't the prettiest example, but it's simple enough to show how you can spread out your private ip addresses so you don't have to worry renumbering unless you grow well beyond what you planned.

 

[cpals]

I do have the authority, but to change over 20 sites with static printer IPs, cameras, etc... ugh, nightmare. But I get what you're saying... that's the proper way to do it. Would it be wrong or 'stupid' to change the scheme all together? Say start at 172.25.0.0/16 and slowly move sites over, etc?

Thanks.

 

[mcmilljb]

Originally posted by: cpals
I do have the authority, but to change over 20 sites with static printer IPs, cameras, etc... ugh, nightmare. But I get what you're saying... that's the proper way to do it. Would it be wrong or 'stupid' to change the scheme all together? Say start at 172.25.0.0/16 and slowly move sites over, etc?

Thanks.

Ouch, that's a lot of administrative overhead. Maybe come up with an upgrade path and try to slowly implement it as time and resources become available? I definitely wouldn't start ripping up any current scheme without any clear plans. I would see about using DHCP and DNS with some of those static ip addresses if possible. It might help make your life easier in the end.

 

[Genx87]

Define what each network requires. If you run out of /24 subnets make them smaller. Often when you dont need a lot of IPs but want segregation people will assign a 24 bit network for simplicity when they dont need 254 usable ip's. If you require more than 254 then use a superscope 23,22, or 21 subnet.

What exactly do you mean by "site"?

 

[spidey07]

Originally posted by: cpals
I do have the authority, but to change over 20 sites with static printer IPs, cameras, etc... ugh, nightmare. But I get what you're saying... that's the proper way to do it. Would it be wrong or 'stupid' to change the scheme all together? Say start at 172.25.0.0/16 and slowly move sites over, etc?

Thanks.

Also, going forward this is why you never use static IPs. Use reservations with DHCP so if you do need to renumber or change things it isn't a massive headache.

-edit-
I see this was already covered and what DNS/DHCP are made for.

 

[drebo]

You can always NAT the cameras/scanners at the access point to conserve address space.

 

[cpals]

Originally posted by: Genx87
Define what each network requires. If you run out of /24 subnets make them smaller. Often when you dont need a lot of IPs but want segregation people will assign a 24 bit network for simplicity when they dont need 254 usable ip's. If you require more than 254 then use a superscope 23,22, or 21 subnet.

What exactly do you mean by "site"?

By sites I mean a physical location. Each location currently has a /24 that went up from 172.24.1.0 through 172.24.20.0

 

[cpals]

Originally posted by: drebo
You can always NAT the cameras/scanners at the access point to conserve address space.

Will NATing work with multicasting?

 

[cpals]

Originally posted by: spidey07

Originally posted by: cpals
I do have the authority, but to change over 20 sites with static printer IPs, cameras, etc... ugh, nightmare. But I get what you're saying... that's the proper way to do it. Would it be wrong or 'stupid' to change the scheme all together? Say start at 172.25.0.0/16 and slowly move sites over, etc?

Thanks.

Also, going forward this is why you never use static IPs. Use reservations with DHCP so if you do need to renumber or change things it isn't a massive headache.

-edit-
I see this was already covered and what DNS/DHCP are made for.

Heh, NOW I know. But yeah, 90% of this was before me and I just continued the mess because I didn't know any better. I didn't even know you 'could' setup printers other than static.

 

[drebo]

Originally posted by: cpals

Originally posted by: drebo
You can always NAT the cameras/scanners at the access point to conserve address space.

Will NATing work with multicasting?

According to Cisco, yes: http://www.cisco.com/en/US/tec...09186a008009474d.shtml

 

[dphantom]

Originally posted by: cpals

Originally posted by: Genx87
Define what each network requires. If you run out of /24 subnets make them smaller. Often when you dont need a lot of IPs but want segregation people will assign a 24 bit network for simplicity when they dont need 254 usable ip's. If you require more than 254 then use a superscope 23,22, or 21 subnet.

What exactly do you mean by "site"?

By sites I mean a physical location. Each location currently has a /24 that went up from 172.24.1.0 through 172.24.20.0

Don't feel bad, I'm in the same boat. I inherited a network a year ago with 22 servers on 12 different subnets. Don't ask why.

So I am slowly going thru servers, printers, switches etc bringing some sense to the network. My predeccessor used 172.16.0.0/16 along with 192.168.x.x and 10.x.x.x none of which made any sense from a design standpoint.

 

[Sauro]

Why not just use the 192.168.0.0/16 or 10.0.0.0/8 subnets?

 

[drebo]

Originally posted by: Sauro
Why not just use the 192.168.0.0/16 or 10.0.0.0/8 subnets?

That's not the point. The point is that he's got pre-existing subnets which are running out of address space and were not allocated in a manner which will allow them to grow.

If the original network administrator had designed the network by leaving space between the subnets, he could just grow the subnet by one bit to double his available IPs. However, because the subnets are all stacked on top of each other, this is not something he can do.

He needs to either move the site to a subnet that has more room to grow or figure out how to conserve address space (such as by NATing the hand scanners and cameras). I don't know the details about the potential for growth in other areas of the subnet (such as adding more computers), so it may end up that NAT is a bandaid fix. Moving to a new subnet would probably be the most permanant fix, but is very time consuming.

 

[Sauro]

I didn't realize he was attempting to add on to the existing space - I thought he was looking for available space for a new group of equipment. I feel you on the woes of static. Just about the entire campus where I work is about switched over, but I'll be damned if we don't get a couple people a week calling with problems stemming from accessing the network via static.

 

[cpals]

Originally posted by: Sauro
Why not just use the 192.168.0.0/16 or 10.0.0.0/8 subnets?

We can't do that because we're a local govt agency and connect to other agencies who use those IP subnets. The whole 10.0.0.0/8 is already taken by the county.