You must be a pretty small org. 192.168.X in anything more than a small office is silly IMHO.
10.0.0.0 is what you need to be in. I think the ip blocks by OS is silly, personally. The smart way is subnet by application for your datacenter with everything hanging off a firewall interface. We reserve 10.X.X.1-9 for network devices here. 1-3 are the HSRP IPs and VIP. 4-9 are any other auxiliary devices. Workstation subnets, I usually reserve 10.X.X.240-254 for statics. How do you have any sort of firewall between anything if your servers are on the same subnet as the workstations and the printers? Pick a class B for now, let's say 10.128.0.0/16. Use that as the supernet for your whole building. Now, let's start making subnets for your stuff. 10.128.1.0/24 is vlan1 for all your switches and routers. You might want a management VLAN for your firewalls, or you could hang them off the 10.128.0.0/24 if you wanted. I'd go for the former myself. Save .1 and .2 for later, you might want or need to expand that management vlan space. This is a /22 supernet here with three class Cs within it. We'll need some server subnets too. It sounds to me like a class C is more than enough for you, but, lets look at our applications. Do you have Exchange? Does it get hit enough to warrant a dedicated site with DCs in it? You'll want a subnet there. We could do a couple things here - split a class C with your servers, that's the most conservative use of IP addresses. I don't think you need to worry though. Lets hack off another /22 and make three server subnets out of it. One for exchange, one for all your other stuff, and one for a DMZ type thing. Put your webserver in there, whatever else doesn't need free access to the other subnets. Do you have iLo/RILOE or DRAC cards? Gonna want to whack off a class C for those. If you think you're going to have >244 of those at soempoint, we'll take a /23 block or a /22. You don't want to have to try and redo or have multiple subnets for those things down the road. Ok, now we've got servers and network devices covered. Workstations. Do you have multiple floors? You might want to put a vlan for each floor. Even halves of floors if you have multiple wiring closets for example. How many people sit on each floor? Is a class C enough considering all the laptops, desktops, printers, etc? Might want a /23 instead. Add all these subnets together and then you know how big of a client supernet you need. One last thing wants its own vlan. Your wireless. One might argue its easier to whack off a whole 'nother B for wireless. You can just add up a whole bunch of Class Cs or half Class Cs depending on coverage area and client count, and then you know how big a supernet you need here. Make sense? It does to me, but then again I just wrote this and I didn't get home from work until an hour ago. For reference, the network guys at my office tell me that we use the whole 10.129.0.0/16 subnet for a 20 floor office building with a half floor datacenter. Every floor I think (not sure) has a /22 for clients. All the Wifi hangs off its own B. Out of that 129.X, I understand we have roughly 30 Cs left and a handful of Bs out of the whole A for the entire operation. My gut feeling is that you're not going to be worrying about running out of space in the 10.0.0.0/8. :) Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Wednesday, August 17, 2005 6:29 PM To: [email protected] Subject: [ActiveDir] IP Schema Just wondering what IP schema people on this list like to use... we just outgrew our class C and spent a few hours on Saturday supernetting. We're now using a 13 bit subnet mask (255.255.255.248) and debating the best and most efficient way to organize our IP addressing schema. Previously, we were using (for example) 192.168.10.1-30 were static for network devices (routers, firewalls, switches, etc), 31-50 were for Linux servers, 51-80 were for Windows servers, 81-99 were for other static IP's, 100-200 were DHCP and 201-254 were for printers. The debate now that we have supernetted is: do we keep that schema across each subnet (eg - 192.168.9.100-200, 192.168.10.100-200, 192.168.11.100-200, etc are all for DHCP) or do we organize by stating that everything on the 192.168.9.x and 192.168.10.x subnets are DHCP, while all static devices are on (for example) the 192.168.8.x subnet? Hopefully I explained myself well ehough. Our network admin wants to do it one way while our CIO wants it done the other way. I know there are benefits to both methods, but wanted to get some opinions from members on this list regarding your methods, and benefits/drawbacks. Thanks! List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
