Solved

subnets practice

Posted on 2013-12-12
9
220 Views
Last Modified: 2014-04-08
Hello experts,

I'd like to know what is the trend out there for the enterprise as far as subnets is concerned. I have the following questions:
- What is a typical number of subnets for the enterprise?
- What is a typical number of hosts per vlan for servers, virtual servers, users, wireless, printers, or something else?
- What a typical number of subnet in a data center environment?

Thank you
0
Comment
Question by:leblanc
  • 5
  • 4
9 Comments
 
LVL 12

Accepted Solution

by:
piattnd earned 500 total points
ID: 39714218
Greetings Pitachip!

The answer to your question is pretty broad.  For clients, the most common I've seen is class C subnets for the hosts.  This allows you a relatively small broadcast domain while still a decent number of clients.  I administered a site with about 1,500 clients and we had about 14 class C subnets we could use, but a class B address space (172.16.0.0).  We kept our site based subnets within the same range so you could create your routing rules using a VLSM class B route entry and you wouldn't have to enter all the subnets individually.

We rarely used a VLSM class C subnet, except for IP phones and the admin IPs for the switches.

Our data center was structured the same way, a VLSM Class B address for routing purposes and individual class C subnets at the actual data center.

I hope that helps answer your question!  There's no "one size fits all", but the largest of enterprises would use a similar structure as what we used, but use a base class A address space, but probably break that down into class C subnet ranges and VLSM class B addresses for routing (depending on the network layout).
0
 
LVL 1

Author Comment

by:leblanc
ID: 39714385
So in your case, you have a VLSM class B to a class C. You use 14 if those class C to accomodate your  1,500 clients. That gives you 3556 IP addresses.
For your data center you also use VLSM class B,

Like you said there's no "one size fits all". But I'd like to get an idea of a typical number of subnets and vlans. I can then use that as my baseline a go from there. For example, from my understanding, Cisco recommends no more than 500 devices within a VLAN. I am just wondering what it is for virtual servers or physical servers and do we keep those server in the same VLANs.

Thx
0
 
LVL 12

Assisted Solution

by:piattnd
piattnd earned 500 total points
ID: 39714409
That's correct, because you don't want too large of a broadcast domain.

Keep in mind that we were a medium/medium large global company with lots of room to grow in our class B address, so we could afford wasting some of that address space by using full class C subnets and VLSM class B for routing purposes.  Some larger companies may not have that luxury and may be short on IPs.  :)

As far as our virtuals, we kept those on the same VLAN as our servers (again, we had the addres space there).  It caused no issues and we had no reason to segregate them off on their own VLAN.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39714586
"medium/medium large global company". How do you subnet between locations globally? Do you assign a block of /14 or something else to each of the location?
"VLSM class B for routing purposes". Can you tell elaborate on this?

Thanks
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 12

Assisted Solution

by:piattnd
piattnd earned 500 total points
ID: 39714637
Well, the entire global network was 172.16.0.0 255.255.0.0, but the US might have the slice of 172.16.8.0 - 172.16.15.255, while Europe may have the next slice, 172.16.16.0 - 172.16.23.255.

From a routing perspective, the US route table would have to know how to get data to Europe.  You have 8 total subnets over there, so you either have 8 routing entries for the class C subnets, or a single VLSM class B route entry.  The VLSM route entry would be 172.16.16.0 255.255.248.0.  The router will know that with that subnet mask, any IP address falling between 172.16.16.0 and 172.16.23.255 would be reachable via that route to Europe.  This results in a smaller routing table.

The route table in Europe would then have the routes for each of the class C subnets within that slice (so 172.16.16.0, 172.16.17.0, so on).

This would only be true if all IPs in that range fell within Europe.  If you perhaps took subnet 172.16.20.0 and used that elsewhere in the world, this example route would cause data to potentially be misrouted, and you'd need to use a smaller subnet mask in your route configuration.
0
 
LVL 12

Assisted Solution

by:piattnd
piattnd earned 500 total points
ID: 39714672
I also want to add that the example I'm giving is my best attempt to take a very very complicated routing setup and make it a little more understandable.  We have a lot of redundancy built in, so our routing tables (in reality) are relatively large and complex.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39715709
Thanks for sharing. So by using 172.16.0.0/16, you have 65534 Ip addresses to play with including network and broadcast. You assign a block of /21 to both the US and Europe. you then summarize based on /21 CIDR block.

The organization that I am working with has 12 sites, including the headquarter and 2 medium size facilities. Like most of the small organization, they just pick 192.168.0.0/24 each time they need a subnet to assign to a VLAN. So they run out of subnets.
I plan to just give them the 10.0.0.0/14 CIDR block. They will have 64 subnets with 262,142 hosts/subnet. For 3 of the large facilities, each will have a /14 block. The rest of the remote facilities will have a /14 block.
Now I am thinking. May be there are too many IP addresses. But they are a fast growing organization. So they do not have to worry about running out of IP addresses.

I'd like to get your thoughts on my plan.

Thanks
0
 
LVL 12

Assisted Solution

by:piattnd
piattnd earned 500 total points
ID: 39717402
In my opinion, that's way too large of a block.  Even giving them a single /16 block gives them a ton of hosts available for that geographical area.  How big are your sites?  Are you talking 10s of thousands of hosts already?  It seems a bit overkill.

Break each physical site down to /24 blocks.  One site may need 1, one may need 10.  At the regional level, try to keep the sites within the same block range so you can use route summarization IF you have the need to.  If you're talking about 20 subnets, route summarization really is not going to be a make or break.  The power of routing equipment has come a long ways from 15 years ago, so they're able to handle the larger routing tables.  Of course I'm not saying to not have a plan, but don't go too overboard :)

I hope that helps a little bit.  It's hard to give advice on such a potentially complicated scenario without knowing a ton of information about your environment.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39743020
Thanks for the inputs. This is very helpful.

You are correct about the large size. I decided to assign a /21 block for each of 20 locations. I know that there are 2046 IP addresses per location.

I start with 10.0.0.0/21 then finish at 10.20.0.0/21. I have up to 255 subnets to play with and I don't think I will have 255 facilities in the next 10 years. Also, for summarization, I can just advertise 10.0.0.0/16, 10.1.0.0/16, and so on for each location.

I am planning to subnet each assigned block down to /24 and /30.


Thanks
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now