?
Solved

192.168.0.0/16 or/24?

Posted on 2005-03-08
9
Medium Priority
?
16,268 Views
Last Modified: 2011-08-18

I am trying to figure out what the best and most manageable ip address scheme for our company network. I am shooting for simplicity! Currently, we have a flat network of 15 servers, 4 switches/routers and about 80 workstations. Our enduser growth grows on average 10 a year so it's minimal.

Now, if I use the RFC 1918 standard of 192.168.0.0 255.255.255.0 that will yield me 254 useable ip addresses without subnetting. If I use 192.168.0.0/16 or 255.255.0.0 I would have over 65k useable ip addresses. Can someone help me to understand why I would pick one scheme over another? I mean if everything is private and non-routable then why would I bother subnetting when I can just give myself 65k right off the bat?

additional info:

Now what I have heard from most people is to use the 192.168.0.0/24 scheme since 254 addresses, which at the moment, is more then enough to supply our network. However, I am implementing two DHCP servers for fault tolerance and will excersize the 50/50 rule. So my scope would be 192.168.0.51-152 for dhcp server 1 and 192.168.0.153-254 for dhcp server 2. It would seem that I will be short changing myself of fault-tolerant dhcp addresses in the next few years!

0
Comment
Question by:SANG501
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 13488902
one word:  BROADCASTS.

Broadcasts could flood the network and slow things down if you subnet to a class B network (255.255.0.0).

In my experience you want to keep the nodes per subnet to 150-200.  254 max.
0
 
LVL 7

Expert Comment

by:minmei
ID: 13489413
Have the best of both worlds.

Use an RFC1918 range like 10.0.0.0 - and use the class B (/16, 255.255.0.0) subnet mask.  This way you'll have plenty of addresses to use with DHCP, you can use the third octet for organizing your nodes (10.1.1.x for servers, 10.1.2.x for printers, 10.1.3.x for networking gear, 10.1.4-10.x for workstations, etc.

You can also split the network when it gets too large (broadcasts _do_ become a problem) and start using 10.2.y.x for the new network. Or when you're ready to do lots of VLANs (maybe if you get IP phones or something else) you have 253 other networks to choose from.

Go big.

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 13493545
>Use an RFC1918 range

192.168.0.0/16 *is* an RFC1918 range.  How is your 10.0.0.0/16 any better than 192.168.0.0/16?

Cheers,
-Jon
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Accepted Solution

by:
minmei earned 1600 total points
ID: 13494943
Jon,

Thanks. Maybe I should have put it a different way like...

"Use a _different_ RFC1918 range like 10.0.0.0"

Again, the benefit to using 10.0.0.0/16 instead of 192.168.0.0/16 is that you can still grow into subnets/VLANS from 10.0.0.0/16 by simply incrementing the second octet. 10.1.0.0/16 up to 10.255.0.0/16 are available, and you can summarize the whole internal network with a simple 10.0.0.0/8.

If you use 192.168.0.0/16 and you need a new VLAN or subnet, you would have to use a discontinuous one like 172.x.0.0 or 10.x.x.x and have to allow both subnets when you had to refer to internal networks.

Does that make it more clear?
0
 
LVL 27

Assisted Solution

by:pseudocyber
pseudocyber earned 400 total points
ID: 13495134
At the risk of being flamed ... (grin) .... you don't HAVE to stick to classful networks ...

10.0.0.0/8
172.16.0.0/16
192.168.0.0/24

You could use 192.168.0.0/23 - which in effect is "suppernetting" two 24 bit networks together.  So, if your equpment can handle it, you could have a range of 192.168.0.1-192.168.1.254 for a little over 500 addresses.  We do this all the time - we have several floors.  Each floor is 172.16.60.0/23, 172.16.62.0/23, etc.

Whatever you do, you should design your network with an eye towards the future.  What if you get another office across town and you need to route to it?  If you're using 10.0.0.0/8 as your network - you might have a problem.  (And you don't have to worry about broadcasts until you actually start using all that space - so if you have a network with 65000 addresses in it, but you're only using 10, the unused addresses aren't going to be causing a broadcast problem - it will just be a management problem when and if you need to subnet in the future).

So, what you could do is think about what you might do in the future - so if you use my suggestion, then in the future you could summarize your whole network by using 192.168.0.0/21 and you could have 4 subnets inside that - 192.168.0.0/23, 192.168.2.0/23, 192.168.4.0/23, 192.168.6.0/23 - 4 subnets.  Or you could subnet them further with /24 to give you more and keep going ...

So, as long as you give some thought to how you do it now - it gives you more flexibility later.

Hope this helps.
0
 
LVL 7

Expert Comment

by:minmei
ID: 13495392
For a person with a firm grasp of subnet masks and what addresses constitute a subnet, supernetting is a fine idea.

For the masses out there who barely understand what an octet is, classful is easier.

(No reflection on anyone in this thread, of course!)

Whenever you deal with an outside vendor you may use to bring in an application, VPN to other customers/vendors, any other contact with others with respect to your network, you will have to _explain_ to them how supernetting works. This gets old fast.

With the 10.0.0.0 scheme, you only would use the subnets (10.0.x.x, 10.1.x.x, 10.2.x.x) as you needed them. Plenty of room for the office across town (10.100.x.x) or the office in Singapore (10.209.x.x).

Anyway, i'm done justifying. You could use one of the many ideas in any of our collective posts and be ok. And hopefully, we've all given you some insight as to what to do next.

Any other problems/questions/ideas about how it would affect you?

HTH
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 13498790
You can use any of the RFC 1918 ranges with any compatible mask IF all of your equipment, protocols, and software *use* masks.  If any of these -- either because it is just old, or because it was built by someone with incomplete understanding -- attempts to use the old Class A/B/C system to INFER the subnet mask, then it will break.

So if you really want a Class B private network (255.255.0.0 mask), you'd be most prudent to use one of the RFC 1918 ranges in 172.16.0.0/12 (that is, 172.16-31.x.x).
0
 
LVL 1

Author Comment

by:SANG501
ID: 13499040

Thank you guys for a very informative post. As a LAN administrator for 4 years, only the last 6 months did I have the priviledge with working on switches, routers, and IP topology for our network. Subnetting is still a concept that I need to firmly grasp and takes me a long, long time to decipher and make sense of it but I do have the basic knowledge of it and how it works.

Minmei:
"Again, the benefit to using 10.0.0.0/16 instead of 192.168.0.0/16 is that you can still grow into subnets/VLANS from 10.0.0.0/16 by simply incrementing the second octet. 10.1.0.0/16 up to 10.255.0.0/16 are available, and you can summarize the whole internal network with a simple 10.0.0.0/8."  

Let me see if I understand this right. the reason why you cannot increment the second octet of 192.168.0.0/16 is because RFC1918 says that 192.168.X.X is the private range thus you cannot do 192.169.x.x etc. Unlike the 10.0.0.0/8, the classful rfc range, you can change any of the last three octets for your entire network.

0
 
LVL 7

Expert Comment

by:minmei
ID: 13499345
Yep - you understand correctly. But you can use /16 masks in the 10.0.0.0 range. I would not recommend you using 10.0.0.0/8
for the same reason - nowhere to grow it.

PennGwyn has a good point, but you have to be using _very_ old equipment that requires classful addressing. Most everything in the last 5 years can support classless.

You have to pick your battles.

If you want the greatest compatibility with older equipment, use 192.168.x.0/24, 172.16-32.0.0/16, or 10.x.x.x/8, the classful addresses.

If you want ease of subnetting, use a subnet mask on /8, /16, or /24, because most people can understand these boundaries. The /23 and /22's work, but will cause many others to scratch their heads.

If you want to minimize the amount of address space you are using, the /23 subnet mask gives you 500+ addresses in each subnet, plenty for dual DHCP ranges, but doesn't take up all the way to /16 and gives you room to use the 172 or 192.168 ranges.

Lots of expandibility would point you to the 10.x.0.0/16 subnets, at the cost of using a big piece of the 10 network internally.

All these are good solutions, but they each have their caveats. Thus you can keep your job, because it takes a knowledgeable net admin like yourself to choose between them.

Good Luck.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question