• ramble81@lemm.ee
    link
    fedilink
    arrow-up
    36
    ·
    4 months ago

    So I guess I must be a leet haxor because of all the businesses I configured for the 172.x space because 192.168.x space was too small and 10.x space was way the hell too big.

      • ramble81@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        4 months ago

        I know what subnetting is for. That’s why I know which RFC range to use. I’m talking based on the number of devices and needed groupings, 172 is a good sweet spot where 198.x would be a bit tight and 10.x is complete overkill.

        • Farid@startrek.website
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          Could you please explain, how 172.x is different “size” than 10.x? Don’t both of those have 255255255 spaces?

          • ramble81@lemm.ee
            link
            fedilink
            arrow-up
            9
            ·
            edit-2
            4 months ago

            Yeah. Here’s a breakdown of the allocations and their sizes:

            • 192.168.0.0/16 - 65,536 addresses
            • 172.16.0.0/12 - 1,048,576 addresses
            • 10.0.0.0/8 - 16,777,216 addresses

            Most home applications only need a single /24 (256 addresses) so they are perfectly fine with 192.168.0.0/24, but as you get larger businesses, you don’t use every single address but instead break it out by function so it’s easier to know what is what and to provide growth in each area.

            • Farid@startrek.website
              link
              fedilink
              arrow-up
              7
              ·
              4 months ago

              But tbh, I still don’t see why you can’t just use 10.x but only as many subnets as you need.

              I know jack shit about networking, but I’ve set up OpenWrt routers a couple of times, and set my home network to 10.99. because that was suggested by a ZeroTier tutorial and I thought that’s cool.

              • ramble81@lemm.ee
                link
                fedilink
                arrow-up
                6
                ·
                4 months ago

                You’re technically correct, you can use any of them. It’s honestly just a matter of preference.

    • adamth0@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      4 months ago

      For bigger networks, I always went with 10.0.0.0/8 for endpoints, 172.16.0.0/12 for servers and other back-end services, leaving 192.168.0.0/16 for smaller networks like OOB IPMI (eg HP iLO, Dell iDrac) services, cluster heartbeat connections, and certain DMZ segments.

      • ramble81@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        4 months ago

        That’s doable too. A lot of people don’t realize you can route all of those together. It’s even more fun as technically you can route private addresses across public links if you own both ends of the link. Used to see that done at a large ISP to route their internal network and it’d pop new networking admins minds.

        ETA: I would use 192.x IPs for unrouted subnets like heartbeats or iSCSI.

        • Natanael@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          Common to see big businesses with multiple locations using P2P VPN binding together all sites like one big LAN. Perhaps not ideal from a security standpoint to have the client network so flat, but eh 🤷

          Usually a handful of extra important servers are behind an extra layer of firewall rules and/or on a different VLAN with limits on what devices can connect to them.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        My current work acquired a company with a very poorly provisioned IT department. Their networks all happen to be in the low 192.168.0.0/16 so users VPNing in often end up with wonky IP conflicts. I’ve heard warnings about similar when selecting subnet ranges, so I just stick with low 192.168.0.0/16 ranges for home networks from which I might potentially VPN into a network I don’t control, and I use 172.16.0.0/12 or 10.0.0.0/8 at work as needed and as aligns with our wider topology.

        I will also add that I encountered some fun challenges at a small bank I worked at where they clearly under-planned their network and carried a bunch of wonky configs as vestigial networking adaptations as they grew. They did do a cool thing where they made each branch its own /24 subnet so you could tell at a glance exactly what branch someone was connecting from, plus branches could theoretically limp along with an ISP outage, but they didn’t the extra steps of setting up edge servers so the end result was a full branch outage during an ISP outage