• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 16921
  • Last Modified: or/24?

I am trying to figure out what the best and most manageable ip address scheme for our company network. I am shooting for simplicity! Currently, we have a flat network of 15 servers, 4 switches/routers and about 80 workstations. Our enduser growth grows on average 10 a year so it's minimal.

Now, if I use the RFC 1918 standard of that will yield me 254 useable ip addresses without subnetting. If I use or I would have over 65k useable ip addresses. Can someone help me to understand why I would pick one scheme over another? I mean if everything is private and non-routable then why would I bother subnetting when I can just give myself 65k right off the bat?

additional info:

Now what I have heard from most people is to use the scheme since 254 addresses, which at the moment, is more then enough to supply our network. However, I am implementing two DHCP servers for fault tolerance and will excersize the 50/50 rule. So my scope would be for dhcp server 1 and for dhcp server 2. It would seem that I will be short changing myself of fault-tolerant dhcp addresses in the next few years!

2 Solutions
Lee W, MVPTechnology and Business Process AdvisorCommented:
one word:  BROADCASTS.

Broadcasts could flood the network and slow things down if you subnet to a class B network (

In my experience you want to keep the nodes per subnet to 150-200.  254 max.
Have the best of both worlds.

Use an RFC1918 range like - and use the class B (/16, subnet mask.  This way you'll have plenty of addresses to use with DHCP, you can use the third octet for organizing your nodes (10.1.1.x for servers, 10.1.2.x for printers, 10.1.3.x for networking gear, 10.1.4-10.x for workstations, etc.

You can also split the network when it gets too large (broadcasts _do_ become a problem) and start using 10.2.y.x for the new network. Or when you're ready to do lots of VLANs (maybe if you get IP phones or something else) you have 253 other networks to choose from.

Go big.

>Use an RFC1918 range *is* an RFC1918 range.  How is your any better than

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Thanks. Maybe I should have put it a different way like...

"Use a _different_ RFC1918 range like"

Again, the benefit to using instead of is that you can still grow into subnets/VLANS from by simply incrementing the second octet. up to are available, and you can summarize the whole internal network with a simple

If you use and you need a new VLAN or subnet, you would have to use a discontinuous one like 172.x.0.0 or 10.x.x.x and have to allow both subnets when you had to refer to internal networks.

Does that make it more clear?
At the risk of being flamed ... (grin) .... you don't HAVE to stick to classful networks ...

You could use - which in effect is "suppernetting" two 24 bit networks together.  So, if your equpment can handle it, you could have a range of for a little over 500 addresses.  We do this all the time - we have several floors.  Each floor is,, etc.

Whatever you do, you should design your network with an eye towards the future.  What if you get another office across town and you need to route to it?  If you're using as your network - you might have a problem.  (And you don't have to worry about broadcasts until you actually start using all that space - so if you have a network with 65000 addresses in it, but you're only using 10, the unused addresses aren't going to be causing a broadcast problem - it will just be a management problem when and if you need to subnet in the future).

So, what you could do is think about what you might do in the future - so if you use my suggestion, then in the future you could summarize your whole network by using and you could have 4 subnets inside that -,,, - 4 subnets.  Or you could subnet them further with /24 to give you more and keep going ...

So, as long as you give some thought to how you do it now - it gives you more flexibility later.

Hope this helps.
For a person with a firm grasp of subnet masks and what addresses constitute a subnet, supernetting is a fine idea.

For the masses out there who barely understand what an octet is, classful is easier.

(No reflection on anyone in this thread, of course!)

Whenever you deal with an outside vendor you may use to bring in an application, VPN to other customers/vendors, any other contact with others with respect to your network, you will have to _explain_ to them how supernetting works. This gets old fast.

With the scheme, you only would use the subnets (10.0.x.x, 10.1.x.x, 10.2.x.x) as you needed them. Plenty of room for the office across town (10.100.x.x) or the office in Singapore (10.209.x.x).

Anyway, i'm done justifying. You could use one of the many ideas in any of our collective posts and be ok. And hopefully, we've all given you some insight as to what to do next.

Any other problems/questions/ideas about how it would affect you?

You can use any of the RFC 1918 ranges with any compatible mask IF all of your equipment, protocols, and software *use* masks.  If any of these -- either because it is just old, or because it was built by someone with incomplete understanding -- attempts to use the old Class A/B/C system to INFER the subnet mask, then it will break.

So if you really want a Class B private network ( mask), you'd be most prudent to use one of the RFC 1918 ranges in (that is, 172.16-31.x.x).
SANG501Author Commented:

Thank you guys for a very informative post. As a LAN administrator for 4 years, only the last 6 months did I have the priviledge with working on switches, routers, and IP topology for our network. Subnetting is still a concept that I need to firmly grasp and takes me a long, long time to decipher and make sense of it but I do have the basic knowledge of it and how it works.

"Again, the benefit to using instead of is that you can still grow into subnets/VLANS from by simply incrementing the second octet. up to are available, and you can summarize the whole internal network with a simple"  

Let me see if I understand this right. the reason why you cannot increment the second octet of is because RFC1918 says that 192.168.X.X is the private range thus you cannot do 192.169.x.x etc. Unlike the, the classful rfc range, you can change any of the last three octets for your entire network.

Yep - you understand correctly. But you can use /16 masks in the range. I would not recommend you using
for the same reason - nowhere to grow it.

PennGwyn has a good point, but you have to be using _very_ old equipment that requires classful addressing. Most everything in the last 5 years can support classless.

You have to pick your battles.

If you want the greatest compatibility with older equipment, use 192.168.x.0/24, 172.16-32.0.0/16, or 10.x.x.x/8, the classful addresses.

If you want ease of subnetting, use a subnet mask on /8, /16, or /24, because most people can understand these boundaries. The /23 and /22's work, but will cause many others to scratch their heads.

If you want to minimize the amount of address space you are using, the /23 subnet mask gives you 500+ addresses in each subnet, plenty for dual DHCP ranges, but doesn't take up all the way to /16 and gives you room to use the 172 or 192.168 ranges.

Lots of expandibility would point you to the 10.x.0.0/16 subnets, at the cost of using a big piece of the 10 network internally.

All these are good solutions, but they each have their caveats. Thus you can keep your job, because it takes a knowledgeable net admin like yourself to choose between them.

Good Luck.

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now