cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1558
Views
3
Helpful
3
Replies

IPv4 private addressing tradeoff: small footprint vs even VLSM length?

dtbullock
Level 1
Level 1

Is minimising one's use of the private address space to avoid unnecesary potential overlap worth the hassle of having un-even VLSM lengths?

I am designing my first non-trivial IPv4 addressing scheme in the 10.0.0.0/8 range.  Just two small branch offices, but on the access-layer, I'm putting servers, printers, desktops and phones onto separate VLANs.  (In fact, when doing L3 at the access-layer, you can quickly end up with multiple VLANs).

Now, few of these VLANs are so big that they'll need a /24 all to themselves.  In fact, a /27 for phones and printers will be fine.  I'll give a /24 to desktops because 255.255.255.0 is the only mask which semi-technical users understand.  Maybe a /25 for servers, which gives a bit of room for further subnetting and putting VMs onto their own VLANs. 

I'll summarise each site over DMVPN as a /21 subnet.  Neat.

But at each site the routing tables look messy, with the router sporting addresses like 10.9.13.129/27 and there isn't any real pattern between the L3 address and the VLAN number.

Why don't I just dole out /24's to each VLAN,  After all, I'm hardly going to minimise conflict with private IP addresses chosen by prospective partners by using /20's instead of /21's for each site (right?), and even if they do, NAT can handle all these situations elegantly (right?).

What about you, would you minimise your footprint in the address space and deal with 'unevenness' in subnet sizes?  Or would you be easier on your eyes now and simply bite the bullet if you had to NAT one day?

thanks!

David.

Message was edited by: David Bullock - tries to get the crux of the question closer to the top of text.

1 Accepted Solution

Accepted Solutions

HI David,

i did configure nearly a whole ISP with the style you are proposing. The VLSM feature is extremely useful IF you need it

That ISP is working with /25 even where less than 40 users are present and i do not care about those 80 ip addresses of waste when i can have contiguos subnets and having a fantastic summarization in the core network!!!

go with all /24 !!!

Alessio

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Well you could always use IPv6 out of the gate....

Given IPv4 and RFC1918 space, I'd use summarizable /24s across the board. Pick a second octet outside the 0.-.10 range and you've probably eliminated 90% of potential future conflicts across extranets. In any case, I'd probably still preferNATting to your public IP space, assuming you have enough SWIP'd or PI space to work with.

Hope this helps.

HI David,

i did configure nearly a whole ISP with the style you are proposing. The VLSM feature is extremely useful IF you need it

That ISP is working with /25 even where less than 40 users are present and i do not care about those 80 ip addresses of waste when i can have contiguos subnets and having a fantastic summarization in the core network!!!

go with all /24 !!!

Alessio

dtbullock
Level 1
Level 1

I chose Alessio's as the 'correct' answer, since it mentioned route summarisation.  But both answers were correct in the sense that they were quite reasonable.

In the end, I decided to go wtih my varying-length VLSM approach, to keep the address-sprawl at each site confined to a /21 subnet.  I don't find the varying-length VLSM to be much of an nuisance in practice.  I miss out on being able to make the 3rd octet 'line up' with the VLAN, but I feel that's a pretty delicate affair anyhow.  Some person just has to give VLAN100 as a 'best practice' for the Voice VLAN, for example, and you either start working with a /17 at each site (minimally), or abandon your numbering scheme.  You'd really have to go with a /16 for each site to ensure you can number 254 VLANs in this fashion.  And that means for each site that you chose, there's a 1-in-256 chance you'll pick the same second octet as someone else.  With my scheme, there is a 1 in 8192 chance that I'll pick the same address range, so I've decreased the likelyhood of a conflict by a factor of 32.

At the end of the day though, so long as route summarisation works, all other considerations seem to be a matter of taste.

Review Cisco Networking for a $25 gift card