cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1206
Views
12
Helpful
7
Replies

IP address design

asoka
Level 1
Level 1

This network still at a design stage, My customer need to design a network for many as 100-200 subnets. But he is not satified with 10.0.0.0 address space available, his method is to dedicate one octate as a whole to identify the function. for example 10.4.0.0, 10.5.0.0 etc are the stores, and 3rd octate reserve for functions withing the stores.

When he goes like that, he ran out of address space, and now he want to use 11.0.0.0, 12.0.0.0 etc for his expansion.

How could I present a argument in a suttle manner to persuade them to comply with RFC1918, is there any guideline document I could use to build a address space for them

Any help would be appreciated.

Like that,

1 Accepted Solution

Accepted Solutions

hobbe
Level 7
Level 7

Here are my 2 cents on the subject.

To do address spacing like the customer is doing right now is truly not a good idea.

For one thing it is very easy to hide hacking equipment in a big address space.

Try searching a 10.5.x.y space for a rouge unit, with a portscanner or simply just by trying to ping it.

It will take you a while. Now do that 250 more times or so. get the point ?

Design a network with what you need and be generous with addresses and make shure that the ones you think will grow have potential to atleast double in size.

fx 192.168.1.0 /24 might need to grow to 192.168.1.0 /23 or even /22.

plan ahead for things like that.

but build the network with 192.168.1.0/24 if you only need 150 addresses today, just leave space enough to grow so that you do not need to change addresses on the equipment, only subnetmask.

if he does not want to use rfc 1918 addresses for some reason then let him know that any address he is using that is not an RFC 1918 address will simply not be reachable from the offices that uses those non rfc1918 addresses.

it is a routing thing. (unless he realy wants to make things complicated for himself with double nat and so on).

One big problem was this problem that people used other companies internet addresses and got them selves into trouble.

if he does not listen and understands this then think twice of taking the job.

That said there are some good reasons why one would like to use Proper internet addresses but make shure they are registred to you if you actually do that.

HTH

View solution in original post

7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

Well you could ask his customer if he ever wants his internal 10 net to communicate with the Internet? If so, he'll have an address conflict, unless he does double NAT (oh joy).

If your routing supports VLSM, how about the possibility of using more 8 bits for stores and moving it where it makes sense, perhaps such as reserving the least 10 bits for store address space and the next 10 bits for each store?

As an alternative, show him IPv6 address space. ;)

The subtle way of saying it is:

YOU CANT USE IT.

The most subtle way is for you to go to the subnet calculator, come up with a solution for him, and show him how you can work a solution even without using the space.

I would suggest using as much as the existing space as possible so that he can see the implementation will still be relatively painless.

Give him the solution that he doesnt yet know exists.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ranjit,

RFC 1918 already provides enough reasons why private ip addresses should be used.

or you can show a sh ip bgp 12.0.0.0 taken on a public route server to show they are used in the internet

use

www.traceroute.org

to find out suitable public route server

this is taken from an european looking glass

show ip bgp 12.0.0.0

BGP routing table entry for 12.0.0.0/9, version 106420384

Bestpath Modifiers: deterministic-med

Paths: (4 available, best #1)

Advertised to update-groups:

5 7

7018

Hope to help

Giuseppe

Hi, Thanks for quick post, there argument is, this is not going to conenct with internet, may be for now.

Do you guys have access to any good document "how to design scalable addressing space" kind of a document.

Thanks

Since they are using 10.4.x ... thats a lot of unused space, correct? I have a hard time believing they are using that entire space for 1 store.

Perhaps, see what the stores are using on average. 400 addresses?

Then go store by store and start to split up the existing IPs and size them accordingly.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

ronyahmed
Level 1
Level 1

By looking at your question .. I am already seeing 254 stores and 254 3rd octets for the functions.

a 10.x.x.x is enough for any business thats needs a large block of addresses.

the 12.x.x.x is owned by at&t and 11.0.0.0 is owned by the Department of defense. I dont think you wanna mess with these IPs unless you never envision connections to the internet.

Few years ago I worked for a bank that were using 15.0.0.0 .. and Natted a smaller block to the internet. then it got acquired by HP and all of a sudden they had a problem because 15.0.0.0 is owned by HP. they could not talk in between because of the duplicates and guess who had to change all of their address ??

Its never a good idea to use someone's IP address. Its just bad planning. check ARIN for the reserved blocks if your boss has any questions.

hobbe
Level 7
Level 7

Here are my 2 cents on the subject.

To do address spacing like the customer is doing right now is truly not a good idea.

For one thing it is very easy to hide hacking equipment in a big address space.

Try searching a 10.5.x.y space for a rouge unit, with a portscanner or simply just by trying to ping it.

It will take you a while. Now do that 250 more times or so. get the point ?

Design a network with what you need and be generous with addresses and make shure that the ones you think will grow have potential to atleast double in size.

fx 192.168.1.0 /24 might need to grow to 192.168.1.0 /23 or even /22.

plan ahead for things like that.

but build the network with 192.168.1.0/24 if you only need 150 addresses today, just leave space enough to grow so that you do not need to change addresses on the equipment, only subnetmask.

if he does not want to use rfc 1918 addresses for some reason then let him know that any address he is using that is not an RFC 1918 address will simply not be reachable from the offices that uses those non rfc1918 addresses.

it is a routing thing. (unless he realy wants to make things complicated for himself with double nat and so on).

One big problem was this problem that people used other companies internet addresses and got them selves into trouble.

if he does not listen and understands this then think twice of taking the job.

That said there are some good reasons why one would like to use Proper internet addresses but make shure they are registred to you if you actually do that.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: