Best Practices for Subnet

Posted on 2006-03-31
Last Modified: 2008-02-01

I am on the verge of redesinging our network infrastructure, but I am not sure what the best practices are for this. The reason I am doing this is because we are starting to run out of IP Addresses, we currently use - .254. I want to be able to create multiple different subnets for our organization because it is a fast growing company, is the past 2 years we have grown 286%. I was originally going to use - with a Subnet Mask of The only problem I have with this is that I cannot implement that idea over time because a will not ping a address. Is there any other IP Subnets that you can think of that I can implement over time as well as being a good standard for growing. Is there any documents that anyone can point me to to get best practices. Thanks
Question by:gbauer17
    LVL 4

    Expert Comment

    you could have a subnet mask of effectively making a much bigger subnet

    this wil give you a ton more ip adresses, -

    if you want different subnets and you still want conectivity between them you will need to place routers between the subnets.
    LVL 18

    Expert Comment

    How did you configure the router that deals with the subnets?
    LVL 95

    Expert Comment

    by:Lee W, MVP
    I used to work with a network of 1000+ nodes and a "licensed" Class B address space (meaning we had 65,000 public IPs - and no, we weren't an ISP).  We discussed this a couple of times and it became clear that using a CLASS B mask was a REALLY BAD IDEA.  When doing that, broadcast traffic can get overwhelming and is, quite simply, not advisable.  What I would recommend is getting a REAL router or some switches capable of VLANing and setting up a series of CLASS C address spaces.  Divide up your organization based on some logical items - departments, geography, floors, something you don't have TOO many of but where each unit will be AT MOST 100 systems.  Then use Class C masks and addresses ( is a class C mask).  You will now need to know something about routing, but with this scheme you should have PLENTY of growth room while not causing inefficiencies in your network due to high broadcast loads.

    What we did was assign a subnet (CLASS C Networks) to each building (we had about 20) and in one case, each floor of a building.  We also segregated the IT dept from another dept. in the same building and finally, we had MOST of the servers (50+, excluding clusters) on their own subnet.
    LVL 8

    Expert Comment


    There are a number of things to take into consideration.  Firstly I would try to estimate what are the maximum number of hosts that you will require in a single subnet.  If this is likely to be more than 200 than you will need to look at using subnet masks other than  The second estimate you should take is the number of physical subnets you require, you will require at least one subnet for each LAN site.  There might be reasons where you would allocate more than one subnet to a site .e.g., a subnet for a factory LAN and a subnet for an Office LAN.

    Once you have this information you can choose the most appropriate of the private IP address ranges.  10.x.x.x, 192.168.x.x or 172.(16 to 31).x.x.  These subnets provide different levels of scalability.

    I would try to maintain standards over each subnet .i.e., only use two different subnet mask sizes one for large sites one for small sites.  Standardise on IP addresses for the default gateway on each site.  Standardise on ranges on IP addresses that servers, printers and PCs can use.  This will aid management of the network as it grows.
    LVL 12

    Expert Comment

    You want to take the last 2 comments into consideration and factor in your expected growth, then add another 20-25% for each subnet

     Class B                   Effective  Effective
             # bits        Mask         Subnets     Hosts  
               2           2     16382
               3           6      8190
               4          14      4094
               5          30      2046
               6          62      1022
               7         126       510
               8         254       254
               9       510       126
               10      1022        62
               11      2046        30
               12      4094        14
               13      8190         6
               14     16382         2

    Leew's comments on broadcast domains are important for performance, and the reason WHY you dont want to use one subnetmask for the entire network. Saineolai's comments about grouping computers and servers that access each other into one subnet are also very important in order to minimize your local traffic to a specific subnet.
    LVL 4

    Accepted Solution

    I always try to install switches that can do layer 3 switching and 802.1q vlan tagging...  It provides much more flexibility as you grow.  I try to keep subnets less than 100 hosts, not always possible, but the less broadcasts you have the better the machines and network perform...  Also, while redesigning, get away from the 192.168 series IP addresses.  If you ever had someone bring in a linksys router or sometihng and had a rogue dhcp server, it becomes much easier to identify the problem.  You seldome see them use the 172.16, and almost never see them use the 10. scheme.  If you use 10. IP's it leaves much more flexibility.  Something else that would help us help you is if you gave us a brief view of the physical layout of your network that you are planning.

    Best of luck,

    Author Comment

    Listed below is what I have in our Network as well as what I want to do


    1 Exchange Server
    4 IIS Servers that host internal Web Applications
    4 SQL Servers
    1 Fax Server
    2 Active Directory Servers

    3Com 4924 that handles Layer 3 Switching

    I want to cut down on our broadcast domains as well as plan for the future. I was thinking of doing all Computers on 1 Subnet, then all Servers on 1 Subnet, all Switches, Routers etc. on 1 Subnet and then our VOIP 3 Com V3000 on its own subnet. I do not know if I am trying to break them up too much. Thanks
    LVL 95

    Expert Comment

    by:Lee W, MVP
    I'm not sure about the switches, but I *THINK* they may need an IP in each subnet.  I would definitely put the phones on their own subnet - in fact, I'd probably put the phones on their own switches.  Then the servers could have their own subnet (though you don't have THAT many servers).  Again, I'd probably break up the subnets by departments/floors/buildings.  Group those that work most closely together.  
    LVL 4

    Expert Comment

    Generally the more breakup the better...  If the switches are breaking up the broadcast domains, they will need an IP on each subnet the switch is connected to...  You won't techincally need a subnet just for the switches, unless you you use 802.1q vlan trunking.  Then you might use it and possibly setup some of the QoS tagging too for your switch vlan so you can still administer it if you ever had a broadcast storm.



    It will KILL you!  DEATH!  BLEEdING!!!  CRYING and GNASHING OF TEETH!  FIRING!!!!  Ouch!!!

    if you have HP switches get to the config term mode and type this command:  no lacp all.  It WILL save your life and career.

    LACP doesn't seem to cause problems on Cisco eqiupment so far.

    All that said your plan sounds great!


    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Overview This article describes how to silently install Adobe Reader on multiple workstations, customize the installation options (accept EULA, remove desktop shortcut etc) using the Adobe Customization Wizard and install Adobe Reader font packs an…
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now