Rule of thumb when setting up a new subnet

Discussion in 'Networking' started by dpodblood, Feb 13, 2013.

  1. dpodblood

    dpodblood Diamond Member

    Joined:
    May 20, 2010
    Messages:
    4,020
    Likes Received:
    1
    Hey Guys,

    I soon need to re-work out network configuration here for a couple of reasons:

    1) With every user using up to 3 IP addresses with their computers, phones, and VM's we are running out of usable addresses (currently a /24)

    2) I need to separate our servers and end users into separate subnets/VLANS's.

    I was just wondering what is a general rule of thumb is when it comes to accounting for growth when picking a subnet mask? Obviously this is highly dependent on the growth of your company but, when sizing a subnet now much room would you typically leave? Double, triple, quadruple your current needs?

    Currently we have just under 50 users and some users can use 3-4 IP's each depending on how many devices they have and if they're using wireless/wired connections at the same time.
     
  2. Loading...

    Similar Threads - Rule thumb setting Forum Date
    Which is theoretically more secure? (VPN vs. Firewall rules) Networking Sep 15, 2015
    FCC introducing rules to probihit wifi router open source firmware upgrade Networking Sep 2, 2015
    strange access list rules Networking Jul 12, 2010
    US court rules against FCC in net neutrality case Networking Apr 6, 2010
    ?Network security and thumb drives Networking Dec 9, 2003

  3. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    I first count the total number of devices and start there. I also gap the ranges so it is easier to "supernet" if needed.

    IE I might give wired of 100 people 192.168.0.0/24 then give wireless 192.168.2.0/24 or 192.168.4.0/24 depending on my expected growth.

    192.168.1.0/24 [192.168.2.0/24, 192.168.3.0/24] can be pulled in to 192.168.0.0/23 or 192.168.0.0/22 with minimal fuss.

    I also give it a hard long thought about ever going to /22 because that is a fairly large layer2 and might have other issues. I try to look for logical breaks based on say, the building.

    Floor one could be 10.10.10.0/24 and floor two could be 10.10.20.0/24 etc. I do the same thing with the wireless subnets if it makes sense. However with wireless you often have to support floating from AP to AP so it is best if possible to keep the IP scheme the same there. Wireless being simplex and collision will generally limit the total load on the segment anyway.

    The big "pain" is the first step. IE flat network (IE 1 address range) to 2. Once you have the gear to split the IP ranges, adding more ranges is fairly easy.
     
    #2 imagoon, Feb 13, 2013
    Last edited: Feb 13, 2013
  4. Lithium381

    Lithium381 Lifer

    Joined:
    May 12, 2001
    Messages:
    12,465
    Likes Received:
    2
    Yep, as imagoon said, leave space between them so you can grow them later if needed. Or, if you're a small company expecting growth, just allocate it now. There are just shy of 20 million addresses available in the private range for you to play with. Just make sure you don't hand the out addresses without a PLAN. I've seen what happens when a company just willy nilly adds subnets here and there. It becomes a pain to manage and is not efficient for routing, etc....
     
  5. mammador

    mammador Platinum Member

    Joined:
    Dec 9, 2010
    Messages:
    2,128
    Likes Received:
    0
    I agree with what has been said. You also need, especially in IPv4, to account for scalability. That said, it's probably best to use the class A addressing block for private subnets. There is about 10 million available addresses in that block alone, so this is enough even for the largest of organisations.

    As a rule of thumb, try and project how many more users you will have. If it's only 50, then a /24 may suffice. it's probably best you separate all uses into one VLAN. So one VLAN for servers, one for wireless, one for wired desktops/laptops, etc. Also VLANs if your firm ever wants to install network cameras, IP door locks, etc.
     
  6. her209

    her209 No Lifer

    Joined:
    Oct 11, 2000
    Messages:
    56,361
    Likes Received:
    4
    IP phones should really be on their own VLAN.
     
  7. dpodblood

    dpodblood Diamond Member

    Joined:
    May 20, 2010
    Messages:
    4,020
    Likes Received:
    1
    Thanks for all of your input so far.
     
  8. dpodblood

    dpodblood Diamond Member

    Joined:
    May 20, 2010
    Messages:
    4,020
    Likes Received:
    1
    IP phones are on their own subnet currently. I was referring to cellular phones connected to Wi-Fi.
     
  9. yinan

    yinan Golden Member

    Joined:
    Jan 12, 2007
    Messages:
    1,801
    Likes Received:
    0
    Wi-Fi should be on its own untrusted subnet as well.
     
  10. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    Not necessarily. "Guest Wifi" should be untrusted. There are plenty of valid business uses for wireless otherwise and it can be in the trusted segment. It should have its own subnet however.