IP address design

Answered Question
Oct 20th, 2009
User Badges:

This network still at a design stage, My customer need to design a network for many as 100-200 subnets. But he is not satified with 10.0.0.0 address space available, his method is to dedicate one octate as a whole to identify the function. for example 10.4.0.0, 10.5.0.0 etc are the stores, and 3rd octate reserve for functions withing the stores.


When he goes like that, he ran out of address space, and now he want to use 11.0.0.0, 12.0.0.0 etc for his expansion.


How could I present a argument in a suttle manner to persuade them to comply with RFC1918, is there any guideline document I could use to build a address space for them


Any help would be appreciated.


Like that,

Correct Answer by hobbe about 7 years 8 months ago

Here are my 2 cents on the subject.

To do address spacing like the customer is doing right now is truly not a good idea.


For one thing it is very easy to hide hacking equipment in a big address space.

Try searching a 10.5.x.y space for a rouge unit, with a portscanner or simply just by trying to ping it.

It will take you a while. Now do that 250 more times or so. get the point ?


Design a network with what you need and be generous with addresses and make shure that the ones you think will grow have potential to atleast double in size.

fx 192.168.1.0 /24 might need to grow to 192.168.1.0 /23 or even /22.

plan ahead for things like that.

but build the network with 192.168.1.0/24 if you only need 150 addresses today, just leave space enough to grow so that you do not need to change addresses on the equipment, only subnetmask.


if he does not want to use rfc 1918 addresses for some reason then let him know that any address he is using that is not an RFC 1918 address will simply not be reachable from the offices that uses those non rfc1918 addresses.

it is a routing thing. (unless he realy wants to make things complicated for himself with double nat and so on).


One big problem was this problem that people used other companies internet addresses and got them selves into trouble.


if he does not listen and understands this then think twice of taking the job.


That said there are some good reasons why one would like to use Proper internet addresses but make shure they are registred to you if you actually do that.


HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.2 (5 ratings)
Loading.
Joseph W. Doherty Tue, 10/20/2009 - 03:36
User Badges:
  • Super Bronze, 10000 points or more

Well you could ask his customer if he ever wants his internal 10 net to communicate with the Internet? If so, he'll have an address conflict, unless he does double NAT (oh joy).


If your routing supports VLSM, how about the possibility of using more 8 bits for stores and moving it where it makes sense, perhaps such as reserving the least 10 bits for store address space and the next 10 bits for each store?


As an alternative, show him IPv6 address space. ;)

jfraasch Thu, 11/05/2009 - 12:11
User Badges:

The subtle way of saying it is:


YOU CANT USE IT.


The most subtle way is for you to go to the subnet calculator, come up with a solution for him, and show him how you can work a solution even without using the space.


I would suggest using as much as the existing space as possible so that he can see the implementation will still be relatively painless.


Give him the solution that he doesnt yet know exists.

Giuseppe Larosa Tue, 10/20/2009 - 03:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ranjit,

RFC 1918 already provides enough reasons why private ip addresses should be used.


or you can show a sh ip bgp 12.0.0.0 taken on a public route server to show they are used in the internet


use

www.traceroute.org

to find out suitable public route server


this is taken from an european looking glass


show ip bgp 12.0.0.0

BGP routing table entry for 12.0.0.0/9, version 106420384

Bestpath Modifiers: deterministic-med

Paths: (4 available, best #1)

Advertised to update-groups:

5 7

7018


Hope to help

Giuseppe


asoka@people.net.au Tue, 10/20/2009 - 03:52
User Badges:

Hi, Thanks for quick post, there argument is, this is not going to conenct with internet, may be for now.


Do you guys have access to any good document "how to design scalable addressing space" kind of a document.


Thanks

George Stefanick Wed, 10/21/2009 - 18:59
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Since they are using 10.4.x ... thats a lot of unused space, correct? I have a hard time believing they are using that entire space for 1 store.


Perhaps, see what the stores are using on average. 400 addresses?


Then go store by store and start to split up the existing IPs and size them accordingly.





ronyahmed Thu, 10/22/2009 - 10:45
User Badges:

By looking at your question .. I am already seeing 254 stores and 254 3rd octets for the functions.


a 10.x.x.x is enough for any business thats needs a large block of addresses.


the 12.x.x.x is owned by at&t and 11.0.0.0 is owned by the Department of defense. I dont think you wanna mess with these IPs unless you never envision connections to the internet.


Few years ago I worked for a bank that were using 15.0.0.0 .. and Natted a smaller block to the internet. then it got acquired by HP and all of a sudden they had a problem because 15.0.0.0 is owned by HP. they could not talk in between because of the duplicates and guess who had to change all of their address ??


Its never a good idea to use someone's IP address. Its just bad planning. check ARIN for the reserved blocks if your boss has any questions.

Correct Answer
hobbe Thu, 11/12/2009 - 09:42
User Badges:
  • Gold, 750 points or more

Here are my 2 cents on the subject.

To do address spacing like the customer is doing right now is truly not a good idea.


For one thing it is very easy to hide hacking equipment in a big address space.

Try searching a 10.5.x.y space for a rouge unit, with a portscanner or simply just by trying to ping it.

It will take you a while. Now do that 250 more times or so. get the point ?


Design a network with what you need and be generous with addresses and make shure that the ones you think will grow have potential to atleast double in size.

fx 192.168.1.0 /24 might need to grow to 192.168.1.0 /23 or even /22.

plan ahead for things like that.

but build the network with 192.168.1.0/24 if you only need 150 addresses today, just leave space enough to grow so that you do not need to change addresses on the equipment, only subnetmask.


if he does not want to use rfc 1918 addresses for some reason then let him know that any address he is using that is not an RFC 1918 address will simply not be reachable from the offices that uses those non rfc1918 addresses.

it is a routing thing. (unless he realy wants to make things complicated for himself with double nat and so on).


One big problem was this problem that people used other companies internet addresses and got them selves into trouble.


if he does not listen and understands this then think twice of taking the job.


That said there are some good reasons why one would like to use Proper internet addresses but make shure they are registred to you if you actually do that.


HTH

Actions

This Discussion