IP Addressing for a Small Business That Might Grow

The keystone of a well-designed network that can grow is a future-proofed IP addressing scheme.

Central to this are the two main tenets of Consistency and Hierarchy. These are vital to making your network coherent and orderly and assists in all manner of troubleshooting and planning issues.

It might be fine for your home network or small business to use a Class C (192.168.1.0) private addressing scheme for right now, and maybe for a while.

In the real world, this tends to be something that doesn’t get changed until it absolutely has to – at which point your network’s already grown to hundreds of devices. That’s large enough that changing the addressing scheme will always be a massive pain in the neck, taking hours upon hours of work and getting in everyone else’s way.

I’ve been a part of IP Addressing scheme changes in the past. It sucks. It takes forever, it’s tedious as hell for the poor saps who have to do it, and expensive for whoever foots the bill. And there is always bound to be things that go wrong and things you miss.

It’s always better to do things right the first time! So why not start with a scheme that can take you all the way from your small suburban office to an underground global headquarters where you torture British spies while patting a white fluffy cat.

Start it off right and you never have to make significant changes to it again.

What Makes an IP Addressing Scheme Scalable?

 

Let’s jump right in:

Your scheme should be consistent across your organisation

Hypothetically, you could have a whole different addressing scheme from office to office. In fact, small variations are probably necessary.

But if every new office has its own custom configuration, that’s a brilliant recipe to waste your IT team’s time – and you’ll have to do it all over again every time someone new comes in.

And it will all need to be documented – that documentation will need to be managed and maintained – it’s a headache.

For an IP addressing scheme that can grow painlessly, a technician who learns how things work in one part of the organisation should be able to apply that knowledge anywhere else.

Enough DHCP for everyone

The most common way to run low on IP addresses is through the introduction of wireless devices into the network as your employee count grows. When each new staff member has a phone, tablet and computer, this can quickly get out of control.

The dawning of the Internet of Things boom will only add to this pressure.

You can patch this with new VLANs with separate IP addressing schemes. This is a good fall-back option if you need it. But it can add inconsistencies to the scheme: that means there’s more to document and then more documentation to manage, and most of us are busy with a million other things already.

Enough Static IPs for your equipment

One thing that is hard to know is the amount of static IPs your network will need as it grows.

If you get this wrong it can eat into your DHCP scope and cause big problems.

This is often when a company needs to rethink their entire IP addressing scheme or resort to inconsistencies in design.

 

OK, now let’s get down to brass tacks:

Network Type 1 – One Size Fits Most

We call this the “one size fits most” because it should do for the average business, no matter how large it grows. This will help you expand up to 254 different offices, each of which can have thousands of employees.

That’s enough for most of us. But if you might need more than 254 office locations, check out our addressing scheme for franchise businesses.

 

WAN IP Topology:

We suggest using a Class A (10.0.0.0) IP addressing scheme even if you only have 10 clients and 1 server at the moment.

Some technicians may call this overkill.

But If I’ve learned nothing from 80s action movies, bringing a bazooka to a gunfight means you always win.

This will allow you to subnet further down the track to allow for new offices with their own subnets, VLANs, and collision domains. Bigger is better.

The first available octet will be used to denote your primary or headquarters “Site Address”. 10.0.0.0/16 should be your first “Site Address”. You should divide your networks by site location by incrementing the value in the second octet per network.

If the network becomes a multi-site enterprise network, this provision will allow for 254 total site locations whilst still giving an ordered and hierarchical structure to the IP addressing scheme. Your WAN topology should therefore look like this:

Site Location Network Address Usable Host Range Broadcast Address:
Primary Site 10.0.0.0/16 10.0.0.1 – 10.0.255.254 10.0.255.255
Secondary Site 10.1.0.0/16 10.1.0.1 – 10.1.255.254 10.1.255.255
Tertiary Site 10.2.0.0/16 10.2.0.1 – 10.2.255.254 10.2.255.255

 

LAN IP Topology:

The “Site Address” is then further subnetted into a 10.X.X.0/22 address to create smaller address spaces to be used in small offices while allowing for massive future growth.

Network/Host breakdown:

  • Subnetting the IP scheme this way allows for each site to contain a maximum of 1022 usable IP addresses per network

When configuring the IP addressing scheme for a small office, you should allow for the possible future implementation of multiple subnets, VLANs etc.

We will choose the secondary site address space as an example for the sake of clarity.

10.1.0.0/16

From this address space we will use Variable-Length Subnet Masking (VLSM) to carve out smaller networks of 1022 host addresses per network. This will allow for expansion later whilst limiting the size of the collision domains on the network.

Subnet breakdown:

Subnet Network address  Usable Addresses Broadcast Address Net Mask
Subnet 1 10.1.0.0/22 10.1.0.1 – 10.1.3.254 10.1.3.255 255.255.252.0
Subnet 2 10.1.4.0/22 10.1.4.1 – 10.1.7.254 10.1.7.255 255.255.252.0
Subnet 3 10.1.8.0/22 10.1.8.1 – 10.1.11.254 10.1.11.255 255.255.252.0
Subnet 4 10.1.12.0/22 10.1.12.1 – 10.1.15.254 10.1.15.255 255.255.252.0

Etc.

 

Initial/Small business configuration:

The subnets should be used in order. When setting up a small office LAN, stick to Subnet 1. Initially, in a small office scenario the IP addresses should be used as follows:

10.1.0.1/22 – 10.1.1.255/22 – Network Device IP addresses (router, firewalls, switches, WAPs, etc)

10.1.2.0/22 – 10.1.2.99/22 – Server IP addresses

10.1.2.100/22 – 10.1.2.150/22 – Printer IP addresses

10.1.2.151/22 – 10.1.2.201/22 – Special reserved IPs*

10.1.2.202/22 – 10.1.3.254/22 – DHCP Scope

* extra printers, security systems &network peripherals

The 1st subnet allows for:

  • 512 network device IPs
  • 100 server IPs
  • 50 Printer IPs
  • 50 Special reserved IPs
  • 308 DHCP Clients

These numbers are not set in stone, you may increase or decrease them as your site’s needs dictate, so long as you attempt to retain the consistency of the addressing scheme between sites.

 

Specific IP Reservations

In order to retain consistency between site locations the following IP reservations should be implemented on each network.

For this example, we will use the tertiary site location address space 10.2.0.0/16.

 

Network IP Addresses

Device IP Address
Router 10.2.0.1/22
Core Switch* 10.2.0.2/22
Wireless Controller 10.2.0.3/22
Firewall 10.2.0.4/22
Reserved 1 10.2.0.5-19/22
Edge Switch(es)* 10.2.0.20-49/22
Access Switch(es)* 10.2.0.50-100/22
Reserved 2 10.2.0.101-255/22
WAPs 10.2.1.0-254/22

*Refer to the section on Switch types below

Reserved 1 – This is for specialised networking gear that may be site specific

Reserved 2 – For additional access switches

A large portion of the addresses at the end of the group has been assigned for WAPs to provide necessary wireless access to dense Wi-Fi networks. These addresses may also be used for other network related hardware.

 

Switch types

Core Switch High speed and bandwidth switches found on the network backbone
Edge Switch Connecting multiple subnets within the LAN
Access Switch Directly connecting host computers to the LAN

 

In a basic small business LAN these roles may be shared by a single switch. These distinctions are included for future growth of the complexity of the network.

 

Plans for growth:

Unless you have a specific use case, such as a data centre or large chain of franchised outlets that need to have direct connections to each other via VPN or WAN, the provisioned static IP addresses in the above scheme should be ample for any single office location. There is also plenty of room for DHCP client expansion into the other subnets within the 10.1.X.0/22 address space.

When the usable addresses are low on Subnet 1 (10.1.0.0/22), ensure that the router you are using is capable of using routing protocols that support VLSM such as RIPv2 or OSPF (this is commonly supported but always better to check!), then set DHCP to use IP addresses from Subnet 2 (10.1.4.0/22). Each subnet provides an extra 1022 available hosts for DHCP use and can be further subnetted as necessary to reduce collision domains and increase security.

Remember: Routing between subnets must be configured on the router or core switch as well as DHCP relay (or IP helper settings) in order for other subnets to receive IP addresses automatically.

It is VITAL to BACKUP all servers and switch/router configs before attempting this. And extensive testing of communications and DHCP address distribution is required.

 

Network Type 2 – Franchise Style Business

Our “one size fits most” will let you network up to 254 office locations, each with thousands of employees.

But what if you’re business is very different? Say, you’re out to be the next Kwik-E-Mart. You don’t need to handle thousands of staff at every location – but you might grow to have a lot more than 254 of them.

In the real world, this is only important if you need to have end-to-end secure communication across all sites. A typical Kwik-E-Mart probably just needs to connect to the internet. But, if you need dedicated WAN connections or VPNs for centralised communications, well, it’s your lucky day because we’ve got you covered.

And even if you don’t need these things, with this scheme you can enjoy a standard and easily documented, consistent configuration across your business.

 

WAN IP Topology:

Again we suggest using the Class A 10.0.0.0 address space, however, you will be using a subnet mask 255.255.255.0 (10.0.0.0/24). In this style of network, we will be reserving most of the Address space for different individual networks.

With this addressing scheme, even if you run a chain of over 60,000 coffee stores you will still have an individual IP address space per site (up 65,536 networks can be provisioned using this strategy with 254 client IP addresses per site.

You might be able to tell that we have subnetted the Class A address down to the size of a Class C. This is to allow us the greatest number of available network addresses while retaining consistency and hierarchy in the design.

This time we will be using the middle two octets for our site locations. Each individual site should be given a network address from the 10.0.0.X/24 address space that is incremented by 1 each time starting at the farthest right octet.

Site Location Network Address Usable Host Range Broadcast Address:
Primary Site 10.0.0.0/24 10.0.0.1 – 10.0.0.254 10.0.0.255
Secondary Site 10.0.1.0/24 10.0.1.1 – 10.0.1.254 10.0.1.255
Tertiary Site 10.0.2.0/24 10.0.2.1 – 10.0.2.254 10.0.2.255
Site no. 255 10.0.255.0/24 10.0.255.1 – 10.0.255.254 10.0.255.255
Site no. 256 10.1.0.0/24 10.1.0.1 – 10.1.0.254 10.1.0.255
Site no. 257 10.1.1.0/24 10.1.1.1 – 10.1.1.254 10.1.1.255

 

LAN IP Topology:

Each individual site should be further split into 2 subnets.

The first subnet should be given to the devices owned by the store (Router, switch, server, POS system, Security, etc) the remainder should be given to the DHCP scope for Wi-Fi/Ethernet access to your client’s/staff devices should you choose to offer a Wi-Fi service to them. This will provide security for your important transaction services.

Each LAN will use the subnet mask 255.255.255.128, allowing for 126 usable host addresses per network.

Subnet breakdown:

Site 1 Subnet Network  Usable Addresses Broadcast Address Net Mask
Subnet 1 10.0.0.0/25 10.0.0.1 – 10.0.0.126  10.0.0.127 255.255.255.128
Subnet 2 10.0.0.128/22 10.0.0.129 – 10.0.0.254 10.0.0.255 255.255.255.128
Site 2
Subnet 1 10.0.1.0/25 10.0.1.1 – 10.0.1.126  10.0.1.127 255.255.255.128
Subnet 2 10.0.1.128/22 10.0.1.129 – 10.0.1.254 10.0.1.255 255.255.255.128

 

Specific IP Reservations

In order to retain consistency between site locations the following IP reservations should be implemented on each network.

 

Network IP Addresses

Subnet 1
Device IP Address
Router interface1 10.0.0.1/25
Switch 10.0.0.2/25
Firewall 10.0.0.3/25
POS terminal(s) 10.0.0.4-10/25
Security System 10.0.0.11/25
Reserved 10.0.0.12-59/25
Servers 10.0.0.60-79/25
DHCP 10.0.0.80-254/25

 

Subnet 2
Device IP Address
Router Interface 2 10.0.0.129/25
WAPs 10.0.0.130-135/25
DHCP 10.0.0.135-254/25

 

As this setup assumes that there will be a segment of your network that is available for public access it is important to have either a guest wireless network on your router or to configure separate VLANs, configure routing, and DHCP relay for Subnet 1 and 2 in order to secure your business network from the publically accessible network. The specifics of how this is done will depend on the hardware provider that you select.

 

Hire DXM to Do This For You

If you’re in the Melbourne metropolitan area and would like to hire us to do it for you, please get in touch via our network design and administration services page.

4 thoughts on “IP Addressing for a Small Business That Might Grow

    1. Hi Andrew,

      Cheers for the input!

      I was actually considering that, but IPV6 has been in the “Coming Soon!” stage for over a decade now, and really all it’s doing in most real-world scenarios is sitting idly in the background still. Everyone on the ground is still working with IPv4.

      I might do a future revision for those trail-blazers that want to implement IPV6, however!

  1. Nice article. Your last subnet 1 chart has a typo. The DHCP pool is claimed to be 80-254 but should be 10.0.0.80-128 if using a /25 netmask.

Leave a Reply

Your email address will not be published. Required fields are marked *