Best practice for assigning private IP ranges?

Solution 1:

Most systems I've seen attempt to map the IP ranges to a hierarchy of geography and/or system components.

One employer tended to use:

10.building.floor.device (with non-user resource VLANs using 10.x.100.x to 10.x.120.x)

and

10.major_system.tier_or_subsystem.component

Solution 2:

One thing I would suggest is to use randomly selected private ranges from the 10.0.0.0/8 block for all of your private addresses. This avoids lots of problems, particularly when setting up VPNs between home/partner networks and your corporate network. Most home routers (and many corporate setups) use 192.168.0.0/24 or 10.0.0.0/24, so you'll spend hours sorting out various connecticity issues when you try to establish connectivity between two private networks.

If, however, you chose a random range like 10.145.0.0/16, and then subnet from there, it is far less likely that you will "collide" with a business partner or home network's private IP range.


Solution 3:

RFC1918 details the 3 IP blocks that are reserved for private address space. The 2 common ones are:

  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  • 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Less common is:

  • 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

If you're setting up a separate network for storage, it would probably make sense to choose an IP range similar but slightly different to what you are using for regular networking. Consistency is good, but using different IP ranges allows you to be connected to both networks simultaneously, for example if you need to look something up while doing management with your laptop?


Solution 4:

There is about as much consensus on IP addressing as on server names (see this site ad naseum) it just comes down to personal preference - typically of the first guy to set it all up!

No there is no proper way of doing it - simply pick one of the the 3 RFC1918 ranges (cheers @Nic Waller), split it into subnets (traditionally /24s but /23s are becoming more popular). Assign one of the subnets for public access and one for private - job done. Really the hard part is setting up the VLANs and ACLs.

Personally I prefer using the 10.x.x.x range as I can type it quicker than the other two, but really it makes no difference unless you need the larger size (192.168.x.x gives you 256 subnets of 254 IP addresses whereas 10.x.x.x gives you 65,536).

I would not suggest mixing the ranges for instance having 192.168.x.x for private and 10.x.x.x for public, technically it shouldn't matter but it would be very confusing.