Curious for a little feedback on how others do this.
A site I'm looking at has multiple buildings connected by fiber and each is on their own subnet.
192.168.0.0 - Building 1 - VLAN10
192.168.1.0 - Building 2 - VLAN20
192.168.2.0 - Building 3 - VLAN30
etc
(for the record I understand the undesired implications of being on a 192.168 subnet)
Each building is running its own small datacenter with DHCP servers and domain controllers.
My big issue is I think its very confusing to have servers at
192.168.0.1 - building 1
192.168.0.5 - building 1
192.168.1.11 - building 2
192.168.2.5 - building 3
etc.
Obviously I could say put all networking gear at 192.168.0.0 subnet and all servers at 192.168.1.0, DHCP at 192.168.3.0, but this would create crossover vlans.
For example I would probably still want a DHCP server in VLAN20 with all the computers in that building, and likewise a DHCP server in VLAN10 with those computers in that building.
By tradition VLANs are kept 1 to 1 with their subnet.
How do others manage this?
Do you just know like 192.168.0.1-.50 is reserved for server gear?
I came from a 10.1.0.0/21 network so we had enough addresses to keep everything separated and didn't vlan it at all.
Best Answer
This is a very difficult question to answer on a scenario-basis because there are many factors to consider with little information provided. However, in a general sense, here is my insight.
Firstly, I agree with the comments against the question that no private address group is any more or less desirable than another based on susceptibility to being similar to a home users. From my experience, no matter how much you try and avoid conflicts with VPN users, if it doesn't occur for user 'A', eventually there will be some user 'B' for which it does.
One critical thing that you haven't mentioned in the question, is the volume of devices, and the expected growth over the lifetime of the infrastructure. I will keep points general, due to the open scope and ambiguity.
If you are determined to split your network into subnets per building, firstly identify the number of buildings that are needed, and then consider the probability that this will be sufficient for a longer term (5-10 years). Try to arrive at a quantity of networks that is not excessive but realistic. I would typically be liberal and allow marginal overhead. Use this to define the narrowest range practical for higher level subnets.
For example, if you have 3 buildings, but anticipated this could grow to 5 over 10 years, pick a base two multiple which is sensible for this, and split the first usable octet with this prefix. Eg. of 172.16.x.x with up to 8 networks:
This will maximise your address scope, and allow for further subnetting. It also simplifies defining routes if all subnets within any .19 scope are via the same node for the majority of the remaining network. Note that this balance should work two ways. Lets say for example that you have a small number of buildings in addition to your primary buildings, like remote offices, which don't need many addresses, but simply need to be connected - you could allocate these a single building 'parent' subnet, and divide it up to service them. Your goal is ultimately to keep the largest address space where it is likely to be needed most.
From here you may find that you split your network further, into application specific allotments. You might do something like the following:
Building 1 (from above).
We could take this further and have:
I feel the important thing to take away, is to find a solution that works for your scenario. You will probably want to:
I hope this helps or gives you some ideas :)