We help IT Professionals succeed at work.

Best Practices for Subnet

gbauer17 asked
Medium Priority
Last Modified: 2008-02-01

I am on the verge of redesinging our network infrastructure, but I am not sure what the best practices are for this. The reason I am doing this is because we are starting to run out of IP Addresses, we currently use - .254. I want to be able to create multiple different subnets for our organization because it is a fast growing company, is the past 2 years we have grown 286%. I was originally going to use - with a Subnet Mask of The only problem I have with this is that I cannot implement that idea over time because a will not ping a address. Is there any other IP Subnets that you can think of that I can implement over time as well as being a good standard for growing. Is there any documents that anyone can point me to to get best practices. Thanks
Watch Question

you could have a subnet mask of effectively making a much bigger subnet

this wil give you a ton more ip adresses, -

if you want different subnets and you still want conectivity between them you will need to place routers between the subnets.
Distinguished Expert 2019

How did you configure the router that deals with the subnets?
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

I used to work with a network of 1000+ nodes and a "licensed" Class B address space (meaning we had 65,000 public IPs - and no, we weren't an ISP).  We discussed this a couple of times and it became clear that using a CLASS B mask was a REALLY BAD IDEA.  When doing that, broadcast traffic can get overwhelming and is, quite simply, not advisable.  What I would recommend is getting a REAL router or some switches capable of VLANing and setting up a series of CLASS C address spaces.  Divide up your organization based on some logical items - departments, geography, floors, something you don't have TOO many of but where each unit will be AT MOST 100 systems.  Then use Class C masks and addresses ( is a class C mask).  You will now need to know something about routing, but with this scheme you should have PLENTY of growth room while not causing inefficiencies in your network due to high broadcast loads.

What we did was assign a subnet (CLASS C Networks) to each building (we had about 20) and in one case, each floor of a building.  We also segregated the IT dept from another dept. in the same building and finally, we had MOST of the servers (50+, excluding clusters) on their own subnet.

There are a number of things to take into consideration.  Firstly I would try to estimate what are the maximum number of hosts that you will require in a single subnet.  If this is likely to be more than 200 than you will need to look at using subnet masks other than  The second estimate you should take is the number of physical subnets you require, you will require at least one subnet for each LAN site.  There might be reasons where you would allocate more than one subnet to a site .e.g., a subnet for a factory LAN and a subnet for an Office LAN.

Once you have this information you can choose the most appropriate of the private IP address ranges.  10.x.x.x, 192.168.x.x or 172.(16 to 31).x.x.  These subnets provide different levels of scalability.

I would try to maintain standards over each subnet .i.e., only use two different subnet mask sizes one for large sites one for small sites.  Standardise on IP addresses for the default gateway on each site.  Standardise on ranges on IP addresses that servers, printers and PCs can use.  This will aid management of the network as it grows.
You want to take the last 2 comments into consideration and factor in your expected growth, then add another 20-25% for each subnet

 Class B                   Effective  Effective
         # bits        Mask         Subnets     Hosts  
           2           2     16382
           3           6      8190
           4          14      4094
           5          30      2046
           6          62      1022
           7         126       510
           8         254       254
           9       510       126
           10      1022        62
           11      2046        30
           12      4094        14
           13      8190         6
           14     16382         2

Leew's comments on broadcast domains are important for performance, and the reason WHY you dont want to use one subnetmask for the entire network. Saineolai's comments about grouping computers and servers that access each other into one subnet are also very important in order to minimize your local traffic to a specific subnet.
I always try to install switches that can do layer 3 switching and 802.1q vlan tagging...  It provides much more flexibility as you grow.  I try to keep subnets less than 100 hosts, not always possible, but the less broadcasts you have the better the machines and network perform...  Also, while redesigning, get away from the 192.168 series IP addresses.  If you ever had someone bring in a linksys router or sometihng and had a rogue dhcp server, it becomes much easier to identify the problem.  You seldome see them use the 172.16, and almost never see them use the 10. scheme.  If you use 10. IP's it leaves much more flexibility.  Something else that would help us help you is if you gave us a brief view of the physical layout of your network that you are planning.

Best of luck,

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Listed below is what I have in our Network as well as what I want to do


1 Exchange Server
4 IIS Servers that host internal Web Applications
4 SQL Servers
1 Fax Server
2 Active Directory Servers

3Com 4924 that handles Layer 3 Switching

I want to cut down on our broadcast domains as well as plan for the future. I was thinking of doing all Computers on 1 Subnet, then all Servers on 1 Subnet, all Switches, Routers etc. on 1 Subnet and then our VOIP 3 Com V3000 on its own subnet. I do not know if I am trying to break them up too much. Thanks
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

I'm not sure about the switches, but I *THINK* they may need an IP in each subnet.  I would definitely put the phones on their own subnet - in fact, I'd probably put the phones on their own switches.  Then the servers could have their own subnet (though you don't have THAT many servers).  Again, I'd probably break up the subnets by departments/floors/buildings.  Group those that work most closely together.  
Generally the more breakup the better...  If the switches are breaking up the broadcast domains, they will need an IP on each subnet the switch is connected to...  You won't techincally need a subnet just for the switches, unless you you use 802.1q vlan trunking.  Then you might use it and possibly setup some of the QoS tagging too for your switch vlan so you can still administer it if you ever had a broadcast storm.



It will KILL you!  DEATH!  BLEEdING!!!  CRYING and GNASHING OF TEETH!  FIRING!!!!  Ouch!!!

if you have HP switches get to the config term mode and type this command:  no lacp all.  It WILL save your life and career.

LACP doesn't seem to cause problems on Cisco eqiupment so far.

All that said your plan sounds great!

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.