Rule of thumb when setting up a new subnet

[dpodblood]

Hey Guys,

I soon need to re-work out network configuration here for a couple of reasons:

1) With every user using up to 3 IP addresses with their computers, phones, and VM's we are running out of usable addresses (currently a /24)

2) I need to separate our servers and end users into separate subnets/VLANS's.

I was just wondering what is a general rule of thumb is when it comes to accounting for growth when picking a subnet mask? Obviously this is highly dependent on the growth of your company but, when sizing a subnet now much room would you typically leave? Double, triple, quadruple your current needs?

Currently we have just under 50 users and some users can use 3-4 IP's each depending on how many devices they have and if they're using wireless/wired connections at the same time.

 

[imagoon]

I first count the total number of devices and start there. I also gap the ranges so it is easier to "supernet" if needed.

IE I might give wired of 100 people 192.168.0.0/24 then give wireless 192.168.2.0/24 or 192.168.4.0/24 depending on my expected growth.

192.168.1.0/24 [192.168.2.0/24, 192.168.3.0/24] can be pulled in to 192.168.0.0/23 or 192.168.0.0/22 with minimal fuss.

I also give it a hard long thought about ever going to /22 because that is a fairly large layer2 and might have other issues. I try to look for logical breaks based on say, the building.

Floor one could be 10.10.10.0/24 and floor two could be 10.10.20.0/24 etc. I do the same thing with the wireless subnets if it makes sense. However with wireless you often have to support floating from AP to AP so it is best if possible to keep the IP scheme the same there. Wireless being simplex and collision will generally limit the total load on the segment anyway.

The big "pain" is the first step. IE flat network (IE 1 address range) to 2. Once you have the gear to split the IP ranges, adding more ranges is fairly easy.

 

[Lithium381]

Yep, as imagoon said, leave space between them so you can grow them later if needed. Or, if you're a small company expecting growth, just allocate it now. There are just shy of 20 million addresses available in the private range for you to play with. Just make sure you don't hand the out addresses without a PLAN. I've seen what happens when a company just willy nilly adds subnets here and there. It becomes a pain to manage and is not efficient for routing, etc....

 

[mammador]

I agree with what has been said. You also need, especially in IPv4, to account for scalability. That said, it's probably best to use the class A addressing block for private subnets. There is about 10 million available addresses in that block alone, so this is enough even for the largest of organisations.

As a rule of thumb, try and project how many more users you will have. If it's only 50, then a /24 may suffice. it's probably best you separate all uses into one VLAN. So one VLAN for servers, one for wireless, one for wired desktops/laptops, etc. Also VLANs if your firm ever wants to install network cameras, IP door locks, etc.

 

[her209]

IP phones should really be on their own VLAN.

 

[dpodblood]

Thanks for all of your input so far.

 

[dpodblood]

IP phones should really be on their own VLAN.

IP phones are on their own subnet currently. I was referring to cellular phones connected to Wi-Fi.

 

[yinan]

Wi-Fi should be on its own untrusted subnet as well.

 

[imagoon]

Wi-Fi should be on its own untrusted subnet as well.

Not necessarily. "Guest Wifi" should be untrusted. There are plenty of valid business uses for wireless otherwise and it can be in the trusted segment. It should have its own subnet however.