New Network Location

I am currently in the mist of planning out a new network design for a building move, however I was not 100% on best practices.

We currently have roughly 200+ servers, and roughly 600 users in our current location. We want to plan a building with 8% user growth per year, over the next 10 years. We are also going to be adding a VoIP system into this new location, which we currently do not have.

Taking a looking at my estimations, that would be roughly 1900 (500 server + 700 user + 700 VoIP) IP's, which I would like to grow into.

We currently have a 10.0.0.0/16 network, which seems like severe over-kill. I was considering looking at a 172.16.0.0/32 or /16, however after reading some of the posts here, it looks like I should be trying to keep around 100-200 hosts in each subnet? In my head I was thinking of breaking up the subnets by Geographical Location, but maybe I should be looking into breaking it up into departments?

As stated above, I was hoping someone could give me some insight/direction on best practices, as I feel like I am barking up the wrong tree with my /32.

~Thanks!
ltoebbeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

theSAPPHIRECommented:
Actually, I setup a Subnet per department... it has made working with large installations a lot simplier..

I still use the 10 series for IP... they are just simplier too...

I like to use, 10.10.100.0 for the ADMIN, so they can access "everyones" group.
Then like, 10.10.90.0 for the printers or other ip devices, 10.10.80 for Sales, 10.10.70.0 for the shipping, 10.10.60.0 for the fulfilment department, etc..etc..etc..

If I need to sub, an IP Range, I do, like for sales, 10.10.85.0 for sales, 10.10.84.0 for instate, 10.10.83.0 for out of state, 10.10.82.0 for international sales

This way, when I get reports from the server farm, and i get any errors to review, just seeing the IP address takes me to the right server, and department, a lot quicker..

Just my thoughts.

-sapphire


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
schapsCommented:
In my school, I use all /16 networks for my vlans, with the 2nd octet corresponding to the VLAN # to keep things straight (172.20.x.x is VLAN 20, etc.) and and thereby determine which group (i.e. school admin, student devices, etc.) the device belongs. Within each subnet, I then use the 3rd and 4th octets to correspond to asset type of asset # (i.e. 172.20.1.x are printers, 172.20.10.10-172.20.10.50 being laptops with asset numbers 1010 to 1050). The DHCP server has reservations for all those devices. The small amount of time invested to set up the reservations is more than offset in the months and years of being able to tell at a glance at an IP address exactly which device is doing what, and when troubleshooting a serious problem, every second counts.

That being said, I would not have more than about 500 hosts per subnet, which is generally accepted as the maximum you want in a broadcast domain. Fewer than is usually better. It's not 'overkill' or a waste to use /16's, and it makes things easier to manage using 255.255.0.0 subnet masks for everything. The number of *possible* hosts/IPs doesn't affect anything, it's only the actual # of hosts you have in a broadcast domain.

I'm not clear to me if you have multiple "geographical locations" connected with WAN links or you were just referring to multiple offices and/or buildings in the same complex. If your location is all local and connected with gigabit/10GB links, it really doesn't matter much whether you organize your network by department or by physical location. If you have two or more physically distant locations connected with slower WAN links, then it's better to divide up subnets by physical location to minimize the number of broadcasts going over the WAN links.
0
ltoebbeAuthor Commented:
We have 2 other geographical locations, 1 in the same state about 60 miles away, the other a few states away. They are currently connected though standard Site-To-Site VPN tunnels. They are planned to move over to MPLS connections. They are already broken up into different subnets. I was considering scoping them down even further if it is a best practice.

It I am understanding you correctly, if I wanted to start scoping down the subnet, I can stick with the 10.8.0.0 that we have, however use a /23 subnet (at the largest) to keep the hosts down to a reasonable level? While its not as bad as I originally thought to have the /16, its not the end of the world, however I really wouldn't want to put more then 500 hosts on the subnet?

Does that sound about right?
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Hello,

/24=256-2=254 hosts
/23=512-2=510 hosts
/22=1024-2=1022 hosts

It's not a matter which IP you are using like started with 10 or 172.The issue is you need how many hosts and how many networks you want to create.Because 10.0.0/22 & 172.16.0.0/22 indicates same number of hosts and networks.

So, people use to consider :

Security,Reliability,Scalability,disaster and recovery,backup and future upgradable.

However, it's not a good idea to use a single network for large numbers of computers+Servers+Devices.

At first, you need to classify your important servers and separate those inside a different subnet.Then use router+Firewall
Secondly, you need keep some servers into different geo-location for disaster and backup.So all backup+additional servers  (Like Secondary DNS) you need to keep into different geo-location and different subnet.It's recommended that you should have more than SPF (Single point of failure).
Thirdly, you can create subnet based on different departments.Some cases you may use /23, some cases /24 it's not a matter which CIDR you are using ..because router will route data among those subnets.You need to remember that smaller network has less broadcast.So, better try to create subnet for different different departments.CIDR depends on the users number of each department.

You also can use VLAN into your switchport to increase your security and separate into different subnets.
Lastly, resource is limited.So, you must need to think which resources are available to you and design should be cost effective.Based on your resource availability go ahead..


0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Hello,

/24=256-2=254 hosts
/23=512-2=510 hosts
/22=1024-2=1022 hosts

It's not a matter which IP you are using like started with 10 or 172.The issue is you need how many hosts and how many networks you want to create.Because 10.0.0/22 & 172.16.0.0/22 indicates same number of hosts and networks.

So, people use to consider :

Security,Reliability,Scalability,disaster and recovery,backup and future upgradable.

However, it's not a good idea to use a single network for large numbers of computers+Servers+Devices.

At first, you need to classify your important servers and separate those inside a different subnet.Then use router+Firewall
Secondly, you need keep some servers into different geo-location for disaster and backup.So all backup+additional servers  (Like Secondary DNS) you need to keep into different geo-location and different subnet.It's recommended that you should have more than SPF (Single point of failure).
Thirdly, you can create subnet based on different departments.Some cases you may use /23, some cases /24 it's not a matter which CIDR you are using ..because router will route data among those subnets.You need to remember that smaller network has less broadcast.So, better try to create subnet for different different departments.CIDR depends on the users number of each department.

You also can use VLAN into your switchport to increase your security and separate into different subnets.
Lastly, resource is limited.So, you must need to think which resources are available to you and design should be cost effective.Based on your resource availability go ahead..


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.