Month: November 2015

Planning internal IP subnets (v4)

Here are some techniques and general considerations I use when designing IP addressing plans:

Don’t make subnets too large or too small

The general recommendation for subnets containing end hosts (workstations, IP phones, printers etc.) is around 500, but in my opinion it’s better to keep it limited to 254. /24 subnets are much more handy to operate as you have your network and host part divided on octets boundary, something like 10.72.31.x, where x is the host part of the address. /23 and larger subnets make you do some math each time you want to know which network does particular host belong to. Nothing bad will happen when the amount of workstations exceed the /24 limit, you will just need to assign another subnet. And if you plan well from the start the new subnets will easily fit the designed addressing scheme (below I have some thoughts on this topic).

Subnets that you use for wireless hosts may be treated differently, as it is common to have Broadcast and Multicast disabled in wireless networks and you may assign the subnet based on the amount of hosts you estimate to have in particular SSID. But even here there are options such as VLAN Select that allow you to map various let’s say /24 subnets to one SSID and maintain wireless clients within the same IP-address assignment scheme.

Also, unless you have a need to fit into certain range (for example when you are planning a branch and already have assigned certain network that you have to split into subnets), don’t be greedy. There is plenty of addresses in RFC1918 space, so just choose some of the private IP ranges and divide it into /24 subnets.

Point-to-point links

Of course there is no need to waste /24 subnets on Layer-3 point-to-point interconnections. I recommend to choose one or more /24 ranges that you dedicate to p2p-links addressing and split it into /31 networks.

Using 31-bit prefixes allows you to divide a class C network into 128 pairs of addresses, one for each end of the link, without wasting any on subnet and broadcast addresses, which is what happens when you use 30-bit ones. The only limitation I know is that this subnets don’t support directed broadcasts. Also you have to check that your network equipment supports the feature. One common example is Cisco ASA which doesn’t support it at least for now, but on any IOS/IOS-XE/IOS-XR routing device it is that simple:

interface GigabitEthernet1/36 
 description -= Link to SW1 Gi0/0/1 =-
 ip address 10.24.4.26 255.255.255.254
 
interface GigabitEthernet0/0/1
 description -= Link to RTR1 Gi1/36 =-
 ip address 10.24.4.27 255.255.255.254

Here is an RFC Document on this feature.

Plan for growth

Your network may grow and the amount of hosts in some subnets may exceed these subnets limits. I use two techniques to plan for growth:

1) Skipping 2x subnets when assigning them, like this:

Workstations: 10.25.0.0/24
IP Phones: 10.25.16.0/24
Printers: 10.25.32.0/24

So that when in the future you will need to assign another subnet for workstations it will be 10.25.1.0/24, 10.25.16.0/24 for IP Phones and so on. The scheme will stay like this:

Workstations: 10.25.0.0/24
Workstations: 10.25.1.0/24
Workstations: 10.25.2.0/24
IP Phones: 10.25.16.0/24
IP Phones: 10.25.17.0/24
IP Phones: 10.25.18.0/24
Printers: 10.25.32.0/24
Printers: 10.25.33.0/24
Printers: 10.25.34.0/24

By doing this you keep subnets of the same host types together and if you need to match for example all the IP Phones with an ACL line it will be 10.25.16.0 0.0.15.255. Same can be easily be done for Workstations and Printers.

The only problem I see here is that you have to estimate the maximum number of subnets you are going to have for each of the host types and skip corresponding amount of subnets before assigning subnets of different type. In the example above the 17th Workstations subnet will already be crossing the IP Phones range, so you only have space for 16 Workstations subnets.

2) Keep assigning new subnets for the same type of hosts within 2x interval:

Workstations: 10.25.0.0/24
IP Phones: 10.25.1.0/24
Printers: 10.25.2.0/24
Workstations: 10.25.16.0/24
IP Phones: 10.25.17.0/24
Printers: 10.25.18.0/24
Workstations 10.25.32.0/24
IP Phones: 10.25.33.0/24
Printers: 10.25.34.0/24

The binary math looks like this:

Workstations IP Phones: Printers:
3rd octet values 0000 0000 (0) 0000 0001 (1)
 0000 0010 (2)
0001 0000 (16)
 0001 0001 (17)
 0001 0010 (18)
0010 0000 (32)
 0010 0001 (33)
 0010 0010 (34)

The right four digits indicate the subnet type and the value stays the same for each subnet containing the same type of hosts. The left four digits (marked with bold) indicate subnet number within particular type. Here you can increase the left part even after it crosses the octet boundary, so you have a lot of space to assign future subnets of each hosts type. But here you have to estimate well the number of subnet types you’ll want to assign. The example above allows you to create only 16 types of subnets.

Writing a universal ACL line here will be a bit more complicated. For example all current and future IP Phones subnets will fall into: 10.25.1.0 0.0.240.255, but that’s only if you won’t cross the octet boundary assigning subnets.

Assign VLAN numbers matching 3rd IP subnet octet

Or vice-versa. Or just make them correspond to each other in some way that is easy to understand. A very handy technique, that eliminates a lot of confusion. Which VLAN does the printer with an IP 10.25.34.17 belong to? An easy answer is:

Subnet type IP Address/Mask VLAN
Workstations: 10.25.0.0/24 1000
Workstations: 10.25.1.0/24 1001
Workstations: 10.25.2.0/24 1002
IP Phones: 10.25.16.0/24 1016
IP Phones: 10.25.17.0/24 1017
IP Phones: 10.25.18.0/24 1018
Printers: 10.25.32.0/24 1032
Printers: 10.25.33.0/24 1033
Printers: 10.25.34.0/24 1034

Here VLAN number is always 1000+3rd octet number. We couldn’t afford an exact match here, because there is no VLAN 0 and using VLAN 1 is not recommended.

 

If you have any other tricks or techniques you use when you plan IP-addressing schemes, feel free to share them!

Which channel to place your AP on?

Choosing the lesser evil

Let’s say you are setting up a Wi-Fi access point. You launch some simple analyzer tool to check which channel to configure your AP for and see something like this:

int1

Given the fact that there is no way to avoid any interference, which channel would you choose?

There is a temptation to put your new AP on channel 3 as it looks like it has the lowest Received Signal Strength from foreign APs.On the other hand we have a recommendation to use channels 1, 6 and 11 of the 2.4GHz ISM band for the majority of countries. So maybe we just use channel 1 and hope that our signal will be heard well?

Two types of Wi-Fi interference

If we set our AP to channel 3 the signal spectrum will partially overlap with the AP configured for channel 1. This is called Adjacent Channel Interference:

Adjacent channel interference. The mess between channels 4 and 13 is omitted for simplicity

If we set it to channel 1 then what we will have is called Co-Channel Interference. The whole spectrum of both signals will overlap:

Co-Channel Interference
Co-Channel Interference

Wi-Fi is often called polite protocol. In practice, this means that APs and clients do their best to avoid collisions during data transmission. In short if someone is already using the channel wireless device backs off and tries to transmit its data later. All this works when one wireless device “hears” other devices data (i.e. is able to see the actual Layer-2 frames).

What happens in case of adjacent channel interference is that you have disruption on part of the channel spectrum. The signal from an AP operating on an overlapping channel is perceived as noise. The collision avoidance mechanism don’t work, both APs keep sending data whenever they want, but large part of the data comes corrupt to its destination. AP tries to change data rate and coding scheme to adapt to noisy environment and then resend the data good part of which will probably come corrupt causing the whole cycle to get repeated. More than that, the interfering AP will certainly have periods of more and less intense conversations to its clients. So your AP will try to switch to lower and higher datarates during these periods which will make the situation even worse.

Of course we all would like to operate in an interference free environment where all the channel spectrum is ours, but nowadays it is virtually impossible. So if you have to choose between co-channel and ajdacent-channel interferer, choose the first one. In the presented case channel 1 looks like the best option.

Also keep in mind that there are some other factors that will affect the performance, sometimes even more. For example, how intensely the other AP and its clients utilize the channel, the presence of non-Wi-Fi interference sources and so on.