Best IP Addressing Scheme

tterenzetti · ‎05-25-2004

I am in the process of constructing a site-to-site VPN. We have 1 central location, and 7 branch offices. We are utilizing PIX firewalls.

My question pertains to the IP addressing scheme which would make the most sense; an addressing scheme which would allow for future growth - including VOIP/telephony - and which would most closely follow standard conventions.

At our central location, we have approximately 25 users, plus network printers and servers. At our two largest branch offices, we have approximately the same. The remaining branch offices are rather small,

with only 3-5 users.

Over the long run, we may do away with the VPN and implement a bona-fide private wide-area network, constructed and hosted by a telcom vendor.

A VOIP/Telephony solution would be implemented when

and if this comes to fruition. At the present time, lack of funding makes this impossible.

During the course of implementing the "here-and-now" VPN/data-only solution, I would like to implement an IP addressing scheme which makes the most sense, and which would allow for a smooth transition to the above-mentioned private WAN - including the VOIP-telephony-solution.

I'm debating between a :

192.168.1.x Central Office

192.168.2.x Branch Office #1

192.168.3.x Branch Office #2

192.168.4.x Branch Office #3 , etc.

addressing scheme ......

versus an

10.x.1.x Central

10.x.2.x Branch 1

10.x.3.x Branch 2

10.x.4.x Branch 3 , etc.

scheme, or even an

172.x.x.x

type scheme.

Which scheme would make the most sense.

And what about the subnet masks (255.255.255.0 versus 255.255.0.0 ).

Thank-you for your input.

Terry J. Terenzetti

terry@adirondackcomputer.com

tterenzetti@wnylc.com

n2-goes · ‎05-25-2004

Hello Terry,

You can use 192.168.0.0 for your corporation. Usually the central site grow faster than branch offices.

Think binary to divide your address space. You can divide in 4 the 192.168.0.0. Keep 1/4 for the central site and use the rest for the branch offices.

Give more addresses that you need for each site. That way, you will not have the re-address in a few years.

I always subdivide by a factor of 2.

HTH,

Nadine.

pswarovsky · ‎05-26-2004

Hello Terry,

please read rfc 1219 before you assign your addresses.

If you need not more than 254 addresses in each subnet all ranges are ok, for private addresses please use 172.16.x.x. in case of classB networks.

Subnet-mask 255.255.255.0 is the easiest one in your case.

Count host-addresses from the right and net-addresses from the left.

--------------------------------------

| subnet field | host field |

|-----------+-------------+------------|

| | | |

| 1's & 0's | 0's | 1's & 0's |

/\

||

Both hosts and subnets can

grow here

in your case use:

right 5 bits for hosts

binary 00000000 to 00011111

dec. 1-31

left 3 or 4 bits for networks

binary 00000000 11110000

dec. 16,32,48,64,80,96,112,128,144,160, ...

you reach a maximum of flexibility, room for growing and possibility for super-netting.

For instance:

192.168.64.0 255.255.555.0 for central location

192.168.144.0 255.255.555.0 for 1. branch office

192.168.160.0 255.255.555.0 for 2. branch office

192.168.176.0 255.255.555.0 for 3. branch office

192.168.192.0 255.255.555.0 for 4. branch office

192.168.208.0 255.255.555.0 for 5. branch office

192.168.224.0 255.255.555.0 for 6. branch office

192.168.240.0 255.255.555.0 for 7. branch office

kind regards Peter