Here are some techniques and general considerations I use when designing IP addressing plans:
Don’t make subnets too large or too small
The general recommendation for subnets containing end hosts (workstations, IP phones, printers etc.) is around 500, but in my opinion it’s better to keep it limited to 254. /24 subnets are much more handy to operate as you have your network and host part divided on octets boundary, something like 10.72.31.x, where x is the host part of the address. /23 and larger subnets make you do some math each time you want to know which network does particular host belong to. Nothing bad will happen when the amount of workstations exceed the /24 limit, you will just need to assign another subnet. And if you plan well from the start the new subnets will easily fit the designed addressing scheme (below I have some thoughts on this topic).
Subnets that you use for wireless hosts may be treated differently, as it is common to have Broadcast and Multicast disabled in wireless networks and you may assign the subnet based on the amount of hosts you estimate to have in particular SSID. But even here there are options such as VLAN Select that allow you to map various let’s say /24 subnets to one SSID and maintain wireless clients within the same IP-address assignment scheme.
Also, unless you have a need to fit into certain range (for example when you are planning a branch and already have assigned certain network that you have to split into subnets), don’t be greedy. There is plenty of addresses in RFC1918 space, so just choose some of the private IP ranges and divide it into /24 subnets.
Of course there is no need to waste /24 subnets on Layer-3 point-to-point interconnections. I recommend to choose one or more /24 ranges that you dedicate to p2p-links addressing and split it into /31 networks.
Using 31-bit prefixes allows you to divide a class C network into 128 pairs of addresses, one for each end of the link, without wasting any on subnet and broadcast addresses, which is what happens when you use 30-bit ones. The only limitation I know is that this subnets don’t support directed broadcasts. Also you have to check that your network equipment supports the feature. One common example is Cisco ASA which doesn’t support it at least for now, but on any IOS/IOS-XE/IOS-XR routing device it is that simple:
interface GigabitEthernet1/36 description -= Link to SW1 Gi0/0/1 =- ip address 10.24.4.26 255.255.255.254 interface GigabitEthernet0/0/1 description -= Link to RTR1 Gi1/36 =- ip address 10.24.4.27 255.255.255.254
Here is an RFC Document on this feature.
Plan for growth
Your network may grow and the amount of hosts in some subnets may exceed these subnets limits. I use two techniques to plan for growth:
1) Skipping 2x subnets when assigning them, like this:
So that when in the future you will need to assign another subnet for workstations it will be 10.25.1.0/24, 10.25.16.0/24 for IP Phones and so on. The scheme will stay like this:
By doing this you keep subnets of the same host types together and if you need to match for example all the IP Phones with an ACL line it will be 10.25.16.0 0.0.15.255. Same can be easily be done for Workstations and Printers.
The only problem I see here is that you have to estimate the maximum number of subnets you are going to have for each of the host types and skip corresponding amount of subnets before assigning subnets of different type. In the example above the 17th Workstations subnet will already be crossing the IP Phones range, so you only have space for 16 Workstations subnets.
2) Keep assigning new subnets for the same type of hosts within 2x interval:
The binary math looks like this:
|3rd octet values||0000 0000 (0)|| 0000 0001 (1)
||0000 0010 (2)
|0001 0000 (16)
||0001 0001 (17)
||0001 0010 (18)
|0010 0000 (32)
||0010 0001 (33)
||0010 0010 (34)
The right four digits indicate the subnet type and the value stays the same for each subnet containing the same type of hosts. The left four digits (marked with bold) indicate subnet number within particular type. Here you can increase the left part even after it crosses the octet boundary, so you have a lot of space to assign future subnets of each hosts type. But here you have to estimate well the number of subnet types you’ll want to assign. The example above allows you to create only 16 types of subnets.
Writing a universal ACL line here will be a bit more complicated. For example all current and future IP Phones subnets will fall into: 10.25.1.0 0.0.240.255, but that’s only if you won’t cross the octet boundary assigning subnets.
Assign VLAN numbers matching 3rd IP subnet octet
Or vice-versa. Or just make them correspond to each other in some way that is easy to understand. A very handy technique, that eliminates a lot of confusion. Which VLAN does the printer with an IP 10.25.34.17 belong to? An easy answer is:
|Subnet type||IP Address/Mask||VLAN|
Here VLAN number is always 1000+3rd octet number. We couldn’t afford an exact match here, because there is no VLAN 0 and using VLAN 1 is not recommended.
If you have any other tricks or techniques you use when you plan IP-addressing schemes, feel free to share them!