IP Addressing Scenario

The scenario is I am an IT Administrator for a newly founded company and have been tasked with designing an IP addressing scheme and a plan for allocation and management of IP addresses. The company will currently have a single, physical location with approximately 145 hosts (computers, printers, etc.). IT plans should accommodate 50% growth in the next 2 years. A simple design you can consider is 1 floor with a single data closet serving 150 users. You need a core network, networks for your firewall, DMZ, remote VPN clients, switch MGMT network, server network, voice network, wireless network, and networks for other services you have not yet identified, like security, cameras, fire, door, and video. You should have multiple domain servers and DHCP servers. While you can get away with using high-end switches for DHCP, a couple of windows servers will do the trick and give more insight when you are troubleshooting. Most systems can get along with DHCP, so that is fine, (some older systems still need host files) but there are support benefits to statically assigned addresses.

In any case, you will want reserved space in these networks for your network devices, with the exception of VLANs, redundant or clustered systems. For design, you could use the 10.1.0.0 address space using /21 (10.1.0.1 – 10.1.7.254) and for your subnet masking on the devices will naturally be 255.255.255. Reserve the first and last 20 or so addresses in each DHCP scope for statically assigned addresses and network devices/gateway addresses. Some examples would be, 10.1.0.0/24 for servers-all static, 10.1.1.0/24 for PC’s printers usable for DHCP 10.1.1.21 – 10.1.1.230, 10.1.2.0/24 for wireless usable for DHCP 10.1.2.21-10.1.2.230, 10.1.3.0/24 for VoIP usable for DHCP 10.1.3.21 – 10.1.3.230 and 10.1.4.0 – 10.1.7.254 for future use. While you can cut back each network to a /25 giving 126 hosts per network, you may find yourself changing this sooner than expected. If you can imagine wanting multiple networks for servers in the future for security reasons, this makes sense.

You may not want to lump your security camera video servers in the same network as your email server. You may want a dedicated development network. You may have remote users that don’t need access to all servers. Things like that will influence your final design. Another recommendation would be to leave 10.1.0.0/21 for network usage. Then make 10.1.8.0/21 for your access. This can be carved up as above, 10.1.8.0/24 for PCs, 10.1.9.0/24 for VoIP, and so on. You can also go with smaller chunks if you are planning multiple data closets. 10.1.8.0 /22 would give 10.1.8.0 – 10.1.11.254 with a/24 network for PC’s VoIP, other than floor 2 10.1.12.0/22 10.1.12.0 – 10.1.14.254. In any case, your design needs to be flexible enough to handle massive change without needing a complete overhaul. If you have 50 PC’s per network now and you allow for 254 and you have separate networks already in place for VoIP, wireless and 4 other networks that can be carved into smaller networks as needed, you will have enough to go around without redesigning anything for a long time.