IP scheme advise for a new large network

I know from what I read that ospf area 0 should not have discontiguous networks. That is the issue with use 10 network and changing the 2 octet but they are using /24 mask everywhere. just want to make sure I am not going against the design principal.

My site code suggesting for area 0 is to keep the network the same through out using 10.X.Y. H  , X remains for the site and Y changes with different floors.

if we have 2nd site, the X changes ofcourse but that site will be in different area.  

let me know

OSPF will have no issue with using a /24 here and a /24 there. It's fine.

From what you've explained, you're going to use maybe 10.1.0.0/16 at site 1, 10.2.0.0/16 at site 2, 10.3.0.0/16 at site 3, etc. then at site 1 use 10.1.0.0/24 for ground floor, 10.1.1.0/24 for first floor. 10.1.2.0/24 for second floor, etc. That's quite common.

Hi Craig,

This is common as you mentioned for different sites, but this client want to use this concept for one building only. instead of sites they want to do it per floor, the issue is this building will be area 0 and have one core switch.

 

I don't see the need for OSPF at all if it's one site with one core switch. All routing will be contained within the core by the sound of it, so no need for a routing protocol.

That is correct but just thinking ahead if they introduce other sites I was hoping to keep the ospf enabled. 

ok from the notes here I understand that using 10.0.0.0/8 as a major network is fine, I also know that since our IP scheme is based on the physical separation of the floors and departments within the floors incrementing the subnets in this order 10.1.1.H/24 for the 1st floor, The 1st floor has different departments and that subnet will be assigned as 10.1.2.H/24 - lets say finance deparment  and 10.2.1.1/24  is going to be for the 2nd floor and since these interfaces are in area 0 there will not be an issue if we use classfull address per subnet. I just wanted a clarification , I know when it comes to VPN tunnels I have to create a major network group as the ip scheme is designed for 16 million IPs but we need only 1 million IPs.
Thanks,

Really, don't worry about OSPF areas. In fact, don't worry about OSPF at all. You don't need it, yet. The only thing you need to bear in mind is that all areas should connect to area 0 directly. There is a concept of virtual links in OSPF (sometimes called a sham link) but don't go down that road.

When the time comes, one site will run OSPF area 0 and others that connect to that site will run OSPF area x, y, z, whatever. The fact that you have split a 10.0.0.0/8 network into smaller subnets is not an issue for OSPF whatsoever. It's when you want to start summarising the subnets that you may have issues, but again, not a problem for OSPF itself - it's more how you summarise the networks nicely.

When it comes to the VPN, again, don't worry. Just advertise networks to the firewall using OSPF. Add the networks you want to enable through the VPN tunnel at the firewall (by setting ACL or encryption domain depending on terminology) and it's all good.

Alright Craig, thank you again for the advise you provided.