Scalable IP Address Pool

[feisty.fawn]

I am to provide an IP addressing scheme for a project, a scalable one which supports future network growth. Right now, we have a main site and 2 remote sites (same area location as main). Both remote sites are connected via microwave to the main site.
The company does have plan on building 2 more temporary camps about 20-25 kms apart to main site, both to be connected to main via microwave (this is still in planning stage).

I was thinking of using Class B, 172.16.16.0/16 for the entire network. What would you recommend on how I do the subnetting (or VLSM) for the following categories:

a. Management VLAN
b. Servers - Less than 15 physical servers, for now.
c. IP-CCTV - can use /24 but it needs to grow as per requirements
d. IPTV - can use /24 for now but it needs to grow as per requirements
e. Access Controls - can use /24 but it needs to grow as per site expansion
f. Wireless (Indoor/Outdoor WiFi) - can use /24
g. IP-Telephony - This needs to be scalable, I was thinking of using /20?
h. Wireless Microwave Backhauls - Around 16 IP's (4 IP's per link, 2 serves as redundancy for the second link)
i. Another subnet for storage(s) - or I can just include this to (b)?

Can someone help me out on this, suggest me on how I create a scalable IP pool from what I've written above.

TIA.

 

[Liger88]

Well, a Class B might be a little excessive for the needs, but it really doesn't matter. Are the above per site or total? It would be easier to just determine what common things all sites need an IP range of and how many (minimum) and then go from there. I'd double or triple what you need for each site initially as well or give them all the same block of IP's (i.e. each site gets 4,096 /19) and then further subnet things out. Once you know the minimum of IP's needed for each site we could go from there.

 

[feisty.fawn]

Values above will be for Total but I need to have the ability to increase the subnets as per later requirements. Main site will be handling all IP related issues (DHCP's, IP-Telephony (switch-ports), etc..).

Can you give me a sample on how you do same block IP's solution.

Thank you.

 

[Liger88]

Values above will be for Total but I need to have the ability to increase the subnets as per later requirements. Main site will be handling all IP related issues (DHCP's, IP-Telephony (switch-ports), etc..).

Can you give me a sample on how you do same block IP's solution.

Thank you.

Ok sounds good, a little easier to manage at least from a theoretical point of view.

This is what I got so far.

100% Growth Network

Network ID: 172.16.0.0 /19 (4,096 IP's)

Network 1: VLAN Management - 172.16.0.0 /24 (Not sure how much is needed)

Network 2: Servers - 172.16.1.0 /24 (allows for future growth, virtualization, segregated networks from one another *security*, testing, etc.)

Network 3: IP-CCTV - 172.16.2.0 -172.16.3.255 /23 (512 should be more than is necessary for surveillance)

Network 4: Access Controls - 172.16.4.0 - 172.16.5.255 /23 (512 IP's total, not quite sure whats needed)

Network 5: WiFi - 172.16.6.0 /24 (you can change the lease time in the router so it shouldn't need more than that)

Network 6: VOIP - 172.16.7.0 - 172.16.14.255 /20 (might be excessive for just VOIP, although it does chew through IP's like crazy it really depends on the purpose and workers it's needed for)

Network 7: WAN Links - 172.16.15.0 /26 (allows for future sites/growth)

Network 8: Mass Storage - 712.16.15.64 /26 (allows for massive storage to later be added)

Of course not much left to expand after that, VOIP is using a ton of IP's in the range I'm using so if you realized you didn't need 2,048 IP's for phones, faxes, etc. then you could have a pretty solid network accounting for double growth.

Now the reason why I went with a /19 was to allow you to have massive room to expand should things get large or the infrastructure changes. You can consolidate Site A, Site B, Site C, and Site D to have their own 4,096 IP /19 network if things grow unexpectedly. Also allows you to merge two /19's for more IP's with 8 total networks available instead of 16 like it is now possible to do depending on how many sites are needed or whether IP's are more important. Eventually down the road you could separate things by department, floor, site, building, etc.

For a basic concept I'd say that could be a starting point, for me at least with what I know . Hope that helped..

 

[feisty.fawn]

Thanks Liger88. This is concise and sure will help me a lot on building from scratch an IP addressing pool for our network.

 

[feisty.fawn]

From the list of subnets you created above, can you include the IPTV system which will have /24 notation to complete the proposed system. Decrease the amount of IP's from the VoIP to accommodate the IPTV insertion. Thanks.

 

[feisty.fawn]

I just did it like this, giving IPTV enough room for growth for future expansion.

Subnet Name
VoIP: 172.16.0.0/20
Access Control: 172.16.16.0/23
IP-CCTV: 172.16.18.0/23
IP-TV: 172.16.20.0/23
Servers: 172.16.22.0/24
VLAN Mngt.: 172.16.23.0/24
WiFi: 172.16.24.0/24
Storage: 172.16.25.0/26
Backhaul Links: 172.16.25.64/26

 

[Liger88]

Thanks Liger88. This is concise and sure will help me a lot on building from scratch an IP addressing pool for our network.

If you want to use the scheme I was using above. Not sure how precise they want it since the modified version of yours kinda bleeds into another subnet if you still wanted to go within the original /19 network.

VOIP - 172.16.7.0 - 172.16.10.255 /21 (1,024 IP's for Voice)
IPTV - 172.16.11.0 - 172.16.14.255 /21 (1,024 IP's for IPTV)

That really should be way more than enough, even for future growth.

 

[feisty.fawn]

I'll stick to this: 172.16.0.0/19 with the following subnets, giving VoIP an IP reserve:

VoIP - 172.16.0.0/21 (2046 IP's)
VoIP Reserved - 172.16.8.0/21 (2046 IP's)
Access Control - 172.16.16.0/23 (510 IP's)
IP-CCTV - 172.16.18.0/23 (510 IP's)
IP-TV - 172.16.20.0/23 (510 IP's)
Servers - 172.16.22.0/24 (254 IP's)
VLAN Management - 172.16.23.0/24 (254 IP's)
WiFi - 172.16.24.0/24 (254 IP's)
Backhaul Links - 172.16.25.0/26 (62 IP's)
Storage - 172.16.25.64/26 (62 IP's)

So now we're done with the IP addressing. Can you recommend a good VLAN numbering plan for this?

Thank you.

 

[Nicklebon]

Am I the only person here who thinks this a horrible idea? Each site should have its own IP block that instantly ties an IP in question to a site. It also makes routing and bandwidth management between sites easy.The IP scheme standard is a good idea but treating a multi site environment as a single LAN not so much. You need a site identifier.

to give you an idea just how must trouble this can save you down the road. I've got a customer right now that has gone down the path you planning on taking and they have over 13K OSPF routes. Trust me when I tell you 13K routes are a problem but at this point the cost to fix it is simply too high.

 

[feisty.fawn]

Hi Nickelbon: Actually, this setup is for buildings located within a certain small area. We have a main office and two 'remote' offices connected with fiber optic and a redundant microwave connection to the main building, each around ~1.5kms distance. The main building has our CUCM and voice gateway servicing both remotes sites for the IP-Telephony. This setup is the purpose of my IP addressing above.

It's not a big site for now but there's there's a possibility that we will be connecting 2 more temporary offices, around 25 kms apart to our main office. Each remote office will be having their own CUCM and voice gateway so probably, we'll be making a different IP block for this to segment each network from the other.

Now, back to the VLAN numbering plan: Can you recommend me a scheme on doing this?

Thanks.

 

[djflow195]

I'll stick to this: 172.16.0.0/19 with the following subnets, giving VoIP an IP reserve:

VoIP - 172.16.0.0/21 (2046 IP's)
VoIP Reserved - 172.16.8.0/21 (2046 IP's)
Access Control - 172.16.16.0/23 (510 IP's)
IP-CCTV - 172.16.18.0/23 (510 IP's)
IP-TV - 172.16.20.0/23 (510 IP's)
Servers - 172.16.22.0/24 (254 IP's)
VLAN Management - 172.16.23.0/24 (254 IP's)
WiFi - 172.16.24.0/24 (254 IP's)
Backhaul Links - 172.16.25.0/26 (62 IP's)
Storage - 172.16.25.64/26 (62 IP's)

So now we're done with the IP addressing. Can you recommend a good VLAN numbering plan for this?

Thank you.

Do you really want broadcast segments that big?

Give each location a subnet and then subnet that down to your individual VLAN segments. Make them big enough for growth and give yourself space in-between segments for growth.

IE:

10.0.0.0/8 overall. Each location gets a /16. Each VLAN gets a /24. Go smaller per VLAN if possible. Leave space so you can supernet if needed, but going beyond 510 hosts per broadcast domain gets dicey.

And make sure you put some kind of layer 3 device at each location to handle VLAN routing. Where I work the network is setup VLANs per device class and (up to) 54Mbit WiFi or (up to) 2Mbit DSL to the central location which is where the VLAN routing is located. Which means when I go to print (PC on one vlan, Printer on the other) the packets have to traverse the WAN 4 times physical per 1 round trip, ie: something that should take a few milliseconds ends up in the hundreds or thousands of milliseconds range. It is the case where a location that is on a T1 line (1.544Mbits) and consequently has a router prints faster than a site with a 54Mbit WiFi WAN link that does not have a local layer 3 device.

 

[feisty.fawn]

Do you really want broadcast segments that big?

Give each location a subnet and then subnet that down to your individual VLAN segments. Make them big enough for growth and give yourself space in-between segments for growth.

IE:

10.0.0.0/8 overall. Each location gets a /16. Each VLAN gets a /24. Go smaller per VLAN if possible. Leave space so you can supernet if needed, but going beyond 510 hosts per broadcast domain gets dicey.

And make sure you put some kind of layer 3 device at each location to handle VLAN routing. Where I work the network is setup VLANs per device class and (up to) 54Mbit WiFi or (up to) 2Mbit DSL to the central location which is where the VLAN routing is located. Which means when I go to print (PC on one vlan, Printer on the other) the packets have to traverse the WAN 4 times physical per 1 round trip, ie: something that should take a few milliseconds ends up in the hundreds or thousands of milliseconds range. It is the case where a location that is on a T1 line (1.544Mbits) and consequently has a router prints faster than a site with a 54Mbit WiFi WAN link that does not have a local layer 3 device.

Like what I've mentioned above, this is for a single site (main & 2 offices connected via microwave) setup for now. But I'm interested in using a different subnet per site as there's a proposed plan of building 2 temporary offices (25 kms apart) to be connected to main site.
Can you send me an IP address scheme using your proposed 10.0.0.0/8 block to supply IP pool with VLAN segmentation for:

VoIP
VoIP Reserved
Access Control
IP-CCTV
IP-TV
Servers
VLAN Management
WiFi
Backhaul Links
Storage

Many thanks.

 

[/usr/home]

Like what I've mentioned above, this is for a single site (main & 2 offices connected via microwave) setup for now. But I'm interested in using a different subnet per site as there's a proposed plan of building 2 temporary offices (25 kms apart) to be connected to main site.
Can you send me an IP address scheme using your proposed 10.0.0.0/8 block to supply IP pool with VLAN segmentation for:

VoIP
VoIP Reserved
Access Control
IP-CCTV
IP-TV
Servers
VLAN Management
WiFi
Backhaul Links
Storage

Many thanks.

Not to be an ass or anything, but why should we do your job for you? Sounds like you are under qualified for this. It'd be different if you have us a plan for review, but you're asking us to do the work for you.

 

[feisty.fawn]

Sorry if this sounds like I'm having you do the job for me. I will not be using 10.0.0.0/8 block as it would be 'big' for our network instead I will be sticking with the original 172.16.0.0/19 and have my highest allocated size to 510 so as to maintain my broadcast segmentation.
In case of future expansion, the need to connect 2 more temporary offices - I can have them on 172.17.0.0/19 and 172.18.0.0/19 blocks. I'm sure they'll be installing a CUCM and voice gateway on each location so we'll just be routing each site IP to maintain the IP-Telephony function.
Anyways, here's my final IP pool for the main office:

IPCCTV 172.16.0.0/23 (509 hosts) on VLAN 11
IPTV 172.16.2.0/23 (509 hosts) on VLAN 12
VoIP 172.16.4.0/23 (509 hosts) on VLAN 13
VoIP Reserve 172.16.6.0/23 (509 hosts) on VLAN 14
Access Control 172.16.8.0/24 (254 hosts) on VLAN 15
VLAN Management 172.16.9.0/24 (253 hosts) on VLAN 1
WiFi 172.16.10.0/24 (253 hosts) on VLAN 16
Servers 172.16.11.0/26 (61 hosts) on VLAN 17
Backhaul Links 172.16.11.64/27 (29 hosts) on VLAN 18
Storage 172.16.11.96/27 (29 hosts) on VLAN 19

Doing this would give a more manageable IP addresses for the Main office and at the same time limit a huge broadcast as much as possible.

Thoughts and comments is very much appreciated.

Thank you.