IP Addressing across 3 sites

[sidewinder]

We have 3 different sites, all seperate and connected by a leased line with a firewall device at each site creating a VPN.

Currently only 2 of them are joined, one has a 172.16.0.0/16 network and the other has a 192.168.0.0/24.

I'm redoing the network in all sites, and I was just wondering if I was better off keeping it as is, or to go maybe with a purely /24 range (be it 172 or 192) as there are not more than 254 hosts at any of the sites.

The advantage I can see with using seperate ranges is that it would be very easy to see which site a device was at, but it just seems tidier if they are all on one range.

[CyberNerd]

I'd be inclined to keep them on separate ranges, as you would a VLAN. Clearly get rid of the /16 subnet - it's way too large. How a bout a 25bit mask on each and 126 hosts per subnet for expansion?

[jamesreedersmith]

192.168.1.X/24
192.168.2.X/24
192.168.3.X/24

Then at all sites the router would be 1(192.168.Y.1), network devices 2-49 (192.168.Y.2-49) and a dhcp range of 51-254 (192.168.Y.51-254)

Easy peasy lemon squeezy

[sidewinder]

James that sounds pretty sensible actually..not sure why I didn't just think of that?

Cybernerd - Agreed, /16 is far too large. /25 might be pushing it though as we have around 100 devices at one site and it doesn't give much breathing space

[jamesreedersmith]

James that sounds pretty sensible actually..not sure why I didn't just think of that?

Cybernerd - Agreed, /16 is far too large. /25 might be pushing it though as we have around 100 devices at one site and it doesn't give much breathing space

@sidewinder - no problem - ip schema design is one of my specialisms so the scheme suggested will work with VPN's etc if needed.

[MatthewL]

192.168.1.X/24
192.168.2.X/24
192.168.3.X/24

Then at all sites the router would be 1(192.168.Y.1), network devices 2-49 (192.168.Y.2-49) and a dhcp range of 51-254 (192.168.Y.51-254)

Easy peasy lemon squeezy

We do the same except with 172.16.x.x and 172.17.x.x one for each side and then about 60 sites each. Firewall on 254 and statics on .201 or above.

Works very well.

[nephilim]

I am inclined to agree with how James has it set up.

One of the places I have an interview for has a federation set up, and as such they have everything managed centrally, but each site has its own router

(192.168.1.x/24 - 192.168.5.x/24) Site A
(192.168.6.x/24 - 192.168.10.x/24) Site B
(192.168.11.x/24 - 192.168.15.x/24) Site C
(192.168.16.x/24 - 192.168.20.x/24) Site D

works well for them as they have ~800 devices per site and allows room for expansion

The most sensible way to go in my opinion

[m25man]

@jamesreedersmith 's post is directly from the land of IP common sense and is the correct way to go however if you use 192.168.1.x/24 192.168.10.x/24 192.168.20.x/24 etc you will have enough addresses in reserve for each LAN by just changing the subnet mask later if needs be.
This way you can expand/change the range at any site without having to change the rest.

Remember that if your part of a larger group of schools your LEA or Federation will have planned this for you ready for intersite routing purposes and any internal address changes need to be sanctioned by your LEA to avoid routing issues on your Grid.

[GrumbleDook]

Not in general response to the OP (as that has been answered) I am generally tempted to say to secondary schools to go for a /21 range so that they have 2048 address. /22 is generally fine (as described above) but it wasn't tool long ago that people wondered why you would ever need 1024 IP addresses ... and we are now getting into 800+ ...

[gaz350]

Initially our new network was a /20 but as we started slicing up the subneta for our vlans it was amazing how quick we ran out of space(allowing for potential growth in anyone subnet) in the end needing a little bit more and now setup for a /19.

Add in personal devices into the mix and the number of ip's you need grow very quickly!!

[SYNACK]

Not in general response to the OP (as that has been answered) I am generally tempted to say to secondary schools to go for a /21 range so that they have 2048 address. /22 is generally fine (as described above) but it wasn't tool long ago that people wondered why you would ever need 1024 IP addresses ... and we are now getting into 800+ ...

More than a thousand hosts in a single broadcast domin is going to waste 5-10% of your internal bandwidth easy thanks to the shear number of devices involved, As a supernet its fine but you should really be dividing up that kind of number internally.

[GrumbleDook]

More than a thousand hosts in a single broadcast domin is going to waste 5-10% of your internal bandwidth easy thanks to the shear number of devices involved, As a supernet its fine but you should really be dividing up that kind of number internally.

VLANs go without saying ... that is one of the criteria schools have to pass before we authorise them getting an additional /22 to go with their existing range.

[SYNACK]

VLANs go without saying ... that is one of the criteria schools have to pass before we authorise them getting an additional /22 to go with their existing range.

You'd think so but I have had to have that conversation with someone in a large WAN provider related to schools here. I thought I had better pipe up incase others have the same horrifying experience.

[RabbieBurns]

You'd think so but I have had to have that conversation with someone in a large WAN provider related to schools here. I thought I had better pipe up incase others have the same horrifying experience.

we have a single flat /16 with about 2500 devices, which is "fine because we have a 10gb network" and its "easier to manage" </sigh>

[SYNACK]

we have a single flat /16 with about 2500 devices, which is "fine because we have a 10gb network" and its "easier to manage" </sigh>

:-S - Wimper, the Borg would assimilate someone for that and would be justified in the name of efficient use of resources. Besides it does not matter how big the backbone is as all of the stations are being sent every broadcast so it comes down to the speed of the slowest link as that link will still be reciving all of the broadcast packets.

The horror... etc