Quck/easy IPv4 subnet setup question



  • Looking for general consensus on best practices for setting up a single device/host on a subnet. What subnet should I use and why?

    Long story short, I set up a VLAN and plugged in an "el-cheap-o" brand xyz wireless router so that the kids/family could do their thing and not muck up my stuff. Keeps them isolated, allows me to monitor, etc. Should I just give it a /24 and not think twice about it or should I use something else? I don't know enough about subnets to know if a /32 or /31 or /30 would in any way be better than a full /24??? Their router is their own thing set to the default routing tables with a few parental controls enabled.

    Current Setup:

    WAN1 - 5x Static IP's from ISP1
    WAN2 - DHCP from ISP2
    LAN - /24
    OPT1 - /24 (wifi)
    OPT2 - /?? (VLAN to kids/family wireless router)
    OPT3 - /24 (VLAN to ESXi Cluster1)
    OPT4 - /24 (VLAN to ESXi Cluster2)

    Thanks for any feedback!


  • LAYER 8 Netgate

    I would do a couple things:

    First, /24s are fine and everyone expects them.

    I would pick something at random like 172.24.0.0 then split that into /24s.

    172.24.0.0/24
    172.24.8.0/24
    172.24.16.0/24
    172.24.24.0/24
    172.24.32.0/24

    That way you can increase any of the subnets if you want later.  You can cover everything with 172.24.0.0/16 if you want.

    If you're going to renumber, just get off 192.168.0.0/24, 192.168.1.0/24, and 10.anything/anything.  Your likelihood of having a collision over a VPN with the above 172.24.0.0 networks is pretty slim.

    No need to go nuts.  Main thing is to get off the common networks to avoid future collisions.



  • @Derelict:

    I would do a couple things:

    First, /24s are fine and everyone expects them.

    I would pick something at random like 172.24.0.0 then split that into /24s.

    172.24.0.0/24
    172.24.8.0/24
    172.24.16.0/24
    172.24.24.0/24
    172.24.32.0/24

    That way you can increase any of the subnets if you want later.  You can cover everything with 172.24.0.0/16 if you want.

    If you're going to renumber, just get off 192.168.0.0/24, 192.168.1.0/24, and 10.anything/anything.  Your likelihood of having a collision over a VPN with the above 172.24.0.0 networks is pretty slim.

    No need to go nuts.  Main thing is to get off the common networks to avoid future collisions.

    I lied. I forgot an interface/VLAN. It's actually this:

    Current Setup:

    WAN1 - 5x Static IP's from ISP1
    WAN2 - DHCP from ISP2
    LAN - 10.x.x.x/24
    OPT1 - 10.x.x.x/24 (wifi)
    OPT2 - 10.x.x.x/?? (VLAN to kids/family wireless router)
    OPT3 - 10.x.x.x/24 (VLAN to ESXi Cluster1)
    OPT4 - 10.x.x.x/24 (VLAN to ESXi Cluster2)
    OPT5 - 10.x.x.x/24 (VLAN to ESXi VMkernels)

    I see your point with the 10-dot Class C's… but it is what it is at this point and I/we have used these numbers for years so they correspond to things and would be a PITA to change. The only thing that will EVER be attached to that VLAN is that one wireless router. VLAN's are easy enough to create and/or modify anyway. Unless anyone has reason not to I'll just give the thing a full Class-C and be done with it.

    Thanks.


Log in to reply