[tclug-list] Internal IP Address Guidelines

[Justin Krejci]

I always like to use first usable in the subnet as the default gateway. When
you have non /24 networks it sometimes is not as easy to remember the last
usable as some people like to use for the gateway.

If you're using something like HSRP, VRRP, or similar I like to have the
virtual IP still be the first and then the second, third, etc be the
physical routers.

 

I like DHCP to start somewhere easy to remember (depends on network size)
but I try to make it a 10's number (10, 20, 30,etc) and go not quite to the
end of the subnet. Then I leave a handful of IPs open at the end of the
subnet as reserved for cold spare equipment that will already have addresses
assigned in the reserved range so you can just whack them into place and
they are network-ready without having to console into them (server,
switches, firewalls, etc) then change them to their proper final address.
Then you also have a little breathing room at the front side of the subnet
as well for any static assignments you may need.

 

I like having categorized equipment on their own private networks. Servers
on network A, workstations on B, voip phones on C, misc junk like printers
and light utility things on D, etc. If your switches support private
isolated vlans or even just private vlan edge ports this is fantastic for
workstations and phones in particular.

 

When interconnecting remote networks outside of your control via a VPN
tunnel, having segregation makes it very nice (especially in case of address
overlap) so you only have to NAT the things that need to cross the VPNs
instead of all of your entire network.

 

When possible multi-homing servers, routers, firewalls, etc is very nice to
make an OOB management network as well. Then you don't have remote access
(ssh, rdp, etc) open on the production facing networks which is great for
security. You can then setup a private remote access VPN login that gives
various users only access to various hosts as necessary. This OOB management
network is another fantastic place for private/isolated vlans as well.

 

This is likely going way beyond the scope of your request but you didn't
have to read the whole email if you didn't want to.

 

  _____  

From: tclug-list-bounces at mn-linux.org
[mailto:tclug-list-bounces at mn-linux.org] On Behalf Of Thomas Rieff
Sent: Wednesday, December 02, 2009 1:06 PM
To: TCLUG
Subject: [tclug-list] Internal IP Address Guidelines

 

Are there any basic guidelines for assigning ip address to various devices
on the internal network???

That is ranges for different devices within the 255 numbers and/or as
follows.

.1 Gateway

.?-.? switch

.?- .? servers

printers 

dhcp. Etc.

Working on updating my internal network so would like to reorganize things
in a proper manner.

Hope you can help.

Tom 

 

Thomas Rieff

GreenCare

1717 3rd Avenue

Mankato, MN 56001

(507) 344-8314 Office

(507) 344-8316 Fax

(507) 381-0660 Cell

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20091202/a2f5fa07/attachment-0001.htm