IP Addressing Scheme

IPv4

RFC1918 reserves three sets of IPv4 address space for “private internets”:

  • 10.0.0.0 – 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

Of these, the 10.0.0.0 range is often used by large organisations for their internal network and the 192.168.0.0 range is often used by domestic and small-business installations (and devices like mobile broadband adaptors), whereas the 172.16.0.0 range seems neglected by comparison – which makes it a good one to choose, to reduce the risk of address-space contention.

That leaves the question of how to slice up the 172.16.0.0/12 address space. Some considerations:

  • I’ve always felt a /24 network, accommodating up to 254 hosts, is a bit ‘small’ so it’s best to use larger subnets; might as well standardise on a /22 which can accommodate up to 1023 hosts
    • Might there be a risk of needing more hosts per subnet? Seems unlikely, given the use of multiple VLANs / subnets, but probably wise to make provision for each /22 to change to a /21 (2047 hosts) instead (but initially operate it as a /22; effectively means leaving another /22 unused, next to it)
  • There will be multiple ‘buildings’ or ‘sites’ which need to share the address space
    • At least two (the House and the Outbuildings); maybe treat ‘remote (VPN) users’ as a third ‘building’? So provision for at least four ‘sites’
  • There will be multiple VLANs / subnets at each ‘site’ so need to leave provision for enough of those
    • 64 VLANs should be enough, though allowing for 128 wouldn’t hurt

That leads to a couple of options:

  • 4 ‘sites’, each with 128 x /21 VLANs (or 256 /22 VLANs)
  • 8 ‘sites’, each with 64 x /21 VLANs (or 128 /22 VLANs)

I settled on the second of those:

  • 172.16.0.0/15 (i.e. 172.16.0.0 – 172.17.255.255) reserved for networks in the House
    • 172.16.0.0/21 (i.e. 172.16.0.0 – 172.16.7.255) reserved for future use
    • 172.16.8.0/21 (i.e. 172.16.8.0 – 172.16.15.255) reserved for VLAN 8 – initially provisioned as a /22
    • 172.16.16.0/21 (i.e. 172.16.16.0 – 172.16.23.255) reserved for VLAN 16 – initially provisioned as a /22
    • 172.17.248.0/21 (i.e. 172.17.248.0 – 172.17.255.255) reserved for VLAN 504 – initially provisioned as a /22
  • 172.18.0.0/15 (i.e. 172.18.0.0 – 172.19.255.255) reserved for networks in the Outbuildings
    • 172.18.0.0/21 (i.e. 172.18.0.0 – 172.18.7.255) reserved for future use
    • 172.18.8.0/21 (i.e. 172.18.8.0 – 172.18.15.255) reserved for VLAN 8 – provisioned as a /22
  • 172.20.0.0/14 (i.e. 172.20.0.0 – 172.23.255.255) reserved for future use
  • 172.30.0.0/15 (i.e. 172.30.0.0 – 172.31.255.255) reserved for ‘remote’ networks
    • 172.31.248.0/21 (i.e. 172.31.248.0 – 172.31.255.255) reserved for WireGuard VPN users

CC BY-SA 4.0 IP Addressing Scheme by Marsh Flatts Farm Self Build Diary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.