SBA Mid BN IPv4AddressingGuide

7/31/2019 SBA Mid BN IPv4AddressingGuide

1/22

This guide is part of an older series of Cisco Smart Business Architecture.

To access the latest Cisco SBA guides, go tohttp://www.cisco.com/go/sba

Cisco strives to update and enhance SBA guides on a regular basis. As we

develop a new series of SBA guides, we test them together, as a complete

system. To ensure the mutual compatibility of designs in Cisco SBA guides,

you should use guides that belong to the same series.

Newer Cisco SBA Guides Available
http://www.cisco.com/go/sbahttp://www.cisco.com/go/sba


2/22

IP Addressing Guide

Revision: H1CY11


3/22

The Purpose of This Guide

The Purpose of This Guide

This guide introduces you to the basics of IP addressing and prepares you

to create an IP addressing plan for your network.

This guide is a concise reference on IP addressing best practices, including:

ThebasicconceptsofIPaddressing

TheIPaddressingplanusedintheCiscoSmartBusinessArchitecture

(SBA)Foundationlabnetwork

ThestepsyoushouldfollowtocreateyourownIPAddressingPlan

HowtomaintainyourIPspaceasyournetworkevolves

Who Should Read This Guide

This guide is intended for the reader with any or all of the following: Anorganizationwithupto2500connectedemployees

Upto75remotesiteswithapproximately25employeeseach

ITworkerswithaCCNAcertificationorequivalentexperience

Thereadermayrequireanyofthefollowing:

AgeneralunderstandingofIPaddressingandsubnetting

GeneralIPaddressingguidancewhileredesigninganexistingnetwork

Guidanceonhowtoaddnewservicestoanexistingnetwork

Assistanceplanningfortheacquisitionofacompanythathasadifferent

IP address space

AplanforexpansionafterrunningoutofIPaddressspace AnIPaddressmigrationpathforgrowth

AnIPaddressingplanthatcanbeusedinmidsizenetworksasatem-

plateforcustomerdeployments

Before reading this guide

FoundationDesignOverview

FoundationDeploymentGuide

FoundationConfigurationFilesGuide

You are Here


4/22

Table of Contents

ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERS

DISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOF

DEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA -

TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCH

DAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICAL

OROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARY

DEPENDINGONFACTORSNOTTESTEDBYCISCO.

AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposes

only.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)

2010CiscoSystems,Inc.Allrightsreserved.

Table of Contents

Introduction 1

Guiding Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

IP Addressing Overview 2

IP Addressing Basics 3

IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Private IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

VariableLengthSubnetMasks(VLSMs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

VoiceOverlaySubnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Summarization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6IPMulticast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Managing IP Addresses 8

IPAddressingintheSmartBusinessArchitecture. . . . . . . . . . . . . . . . . . . . . . 8

Appendix A: Subnet Design Worksheet for SBA 16

Appendix B: SBA for Midsize Organizations Document System 17


5/22

1Introduction

SBAOverview

The CiscoSmartBusinessArchitecture(SBA)isacomprehensivedesign

fornetworkswithupto2500users.Thisout-of-the-boxdesignissimple,

fast,affordable,scalable,andflexible.Therearethreeoptionsbasedonyour

scalingneeds:upto600users,1000users,andupto2500users.

TheCiscoSBAforMidsizeOrganizationsincorporatesLAN,WAN,wireless,

security,WANoptimization,andunifiedcommunicationtechnologiestested

togetherasasolution.Thissolution-levelapproachsimplifiesthesystem

integrationnormallyassociatedwithmultipletechnologies,allowingyou

toselectthemodulesthatsolveyourorganizationsproblemsratherthan

worrying about the technical details.

WehavedesignedtheCiscoSmartBusinessArchitecturetobeeasyto

configure,deploy,andmanage.Thisarchitecture:

Providesasolidnetworkfoundation

Makesdeploymentfastandeasy

Acceleratesabilitytoeasilydeployadditionalservices

Avoidstheneedforre-engineeringofthecorenetwork

BydeployingtheCiscoSmartBusinessArchitecture,yourorganizationcangain:

Astandardizeddesign,testedandsupportedbyCisco.

Optimizedarchitecturesformidsizeorganizationswithupto2500users.

WANwithupto75remotesiteswithaheadquarterssite,regionalsite,

andapproximately25usersperremotesite.

Flexiblearchitecturetohelpensureeasymigrationastheorganizationgrows.

Seamlesssupportforquickdeploymentofwiredandwirelessnetwork

access for data, voice, teleworker, and wireless guest.

Securityandhighavailabilityforcorporateinformationresources,

servers, and Internet-facing applications.

ImprovedWANperformanceandcostreductionthroughtheuseofWAN

optimization.

SimplifieddeploymentandoperationbyITworkerswithCCNA certifica-

tionorequivalentexperience.

Ciscoenterprise-classreliabilityinproductsdesignedformidsizeorganizations.

Guiding Principles

Wedividedthedeploymentprocessintomodulesaccordingtothefollowing

principles:

Ease of use:AtoprequirementofCiscoSBAwastodevelopadesign

thatcouldbedeployedwiththeminimalamountofconfigurationand

day-twomanagement.

Cost-effective: Anothercriticalrequirementasweselectedproducts

wastomeetthebudgetguidelinesformidsizeorganizations.

Flexibility and scalability: Astheorganizationgrows,sotoomustits

infrastructure.Productsselectedmusthavetheabilitytogroworbe

repurposed within the architecture.

Reuse: Westrived,whenpossible,toreusethesameproductsthroughout

thevariousmodulestominimizethenumberofproductsrequiredforspares.

UserServices

Network

Services

NetworkFoundation

Voice,

Video,Web Meetings

Security,

WAN Optimization,Guest Access

Routing, Switching,Wireless, and Internet

TheCiscoSmartBusinessArchitecturecanbebrokendownintothefollow-ingthreeprimary,modularyetinterdependentcomponentsforthemidsize

organization.

Network Foundation: A network that supports the architecture

Network Services: Featuresthatoperateinthebackgroundtoimprove

andenabletheuserexperiencewithoutdirectuserawareness

User Services: Applications with which a user interacts directly


6/22

2IPAddressingOverview

IPAddressingOverview

An IP address uniquely identifies a device on an IP network.

Allocating,recycling,anddocumentingIPaddressesandsubnetsinanet-work can get confusing very quickly if you have not laid out an IP addressing

plan. A sound plan will help you prepare the network foundation to support

additionalservicessuchasunifiedcommunications,wirelessaccess,and

enhanced network security.

IPaddressingisaNetworkFoundationservice,whichmakesitcoretothe

network design. It provides the base for all other network and user services.

Withoutthefoundation,itwouldnotbepossibletointeractwithnetworkand

userservices,frompickingupthephoneusingthephoneservicetoreading

emailusingtheemailservice.

ByfollowingrecommendedIPaddressmanagementstandards,youcan

avoid:

Overlappingorduplicatesubnets

Unsummarizedroutesinthenetwork

DuplicateIPaddressdeviceassignments

WastedIPaddressspace

Unnecessarycomplexity


7/223IPAddressingBasics

IPAddressingBasics

IPversion4(IPv4)addresses,whichuniquelyidentifyadeviceonanIP

network,are32bitsinlengthandaretypicallycommunicatedinaformat

knownasdotteddecimal.

The32binarybitsare:

Dividedintoanetworkportionandhostportion

Brokenintofouroctets(1octet=8bits).Eachoctetcanbeconvertedto

binary.

ConsiderthisIPaddress,whichispresentedindotteddecimal:1010161.

The address breaks down into the following octets:

10

10

16

1

Thevalueineachoctetrangesfrom0to255decimal,or00000000

11111111binar y.Inbina ry,thea ddress10.10.16.1isrepresented as:0000101

0000010100001000000000001.

IP Address Classes

IP addresses are split up into several different categories, including Class A,

B,C,D(Multicast),andE(Reserved).

Addressclassesaredefined,inpart,basedonthenumberofbitsthatmake

upthenetworkportionoftheaddress,andinturn,onhowmanyareleftfor

the definition of individual host addresses.

InClassAaddresses,thefirstoctetisthenetworkportion.

InClassB,thefirsttwooctetsarethenetworkportion.

InClassC,thefirst3octetsarethenetworkportion.

Figure1showshowthenetworkandhostIDsaredifferentforeachclassof

IP addresses.

ClassAhas3octetsforthehostportionoftheaddress.Deployedasis,a

Class A address represents a very inefficient use of address space, since

availableLayer2technologiescannoteasilysupportthismanyhostsona

singlesubnet.Subnettingusesthisaddressspaceefficiently.

Tech Tip

IPversion6(IPv6)isthenextgenerationofIPaddressing.IPv6

quadruplesthenumberofnetworkaddressbitsfrom32bits(inIPv4)

to128bits,whichprovidesenoughgloballyuniqueIPaddressesfor

everynetworkeddeviceontheplanet.IPv6isanimportantprotocol

forthefutureofIPnetworking.Moreinformationcanbefoundat

www.cisco.com/go/ipv6.

Figure1.Classful Addresses

24 bits (Node ID) 1.0.0.0 127.255.255.255Cl as s A 0

Net ID

1 20 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 00 1 2 3

1 2 3 4 5 6 7

16 bits (Node ID) 128.0.0.0 191.255.255.255Class B 1 0

1 0

1 1 0

1 1 1 0

Net ID

1 20 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 00 1 2 3

1 2 3 4 5 6 7

8 bits (Node ID)21 Bits 192.0.0.0 223.255.255.255Cl as s C 1

Net ID

1 20 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 00 1 2 3

1 2 3 4 5 6 7

Multicast Group ID (28 Bits) 224.0.0.0 239.255.255.255Cl as s D 1

Multicast

1 20 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 00 1 2 3

1 2 3 4 5 6 7

Reserved for Future Use (27 Bits) 240.0.0.0 254.255.255.255Class E 0

Experimental

1 20 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 00 1 2 3

1 2 3 4 5 6 7
http://www.cisco.com/go/ipv6http://www.cisco.com/go/ipv6http://www.cisco.com/go/ipv6



Private IP Addressing

TheInternetAssignedNumbersAuthority(IANA)hasreservedanumberof

IPv4 network ranges as private. These network addresses are routed in the

publicInternetasdefinedinRFC1918.

Thesenetworkranges,knownasRFC1918addresses,arereservedfor

organizationsthatwanttobuildaninternalnetworkinfrastructurebasedon

TCP/IPbuteitherdonothaveordonotwanttousepublicIPspace.

RFC1918spaceincludesthefollowingthreeblocksofIPaddressspace:

10.0.0.010.255.255.255(10.0.0.0/8),whichallowsthegreatestflexibility

withtheequivalentof255ClassBaddressspacestobeusedasneeded.

172.16.0.0 172.31.255.25 5(172.16.0.0/12),which allowsfor 16ClassB

address spaces.

192.168.0.0192.168.255.255(192.168.0.0/16),whichallowsforone

ClassBaddressspace.

Byuniversallyrecognizingtheserangesasprivateandnon-routableinthe

Internet,multipleorganizationscanusetheserangesinternallywithout

causingaconflictwithpublicInternetaddresses.Ifanorganizationattempts

toroutethesenetworksexternally,thetrafficisfilteredanddroppedbythe

InternetServiceProvider.

SinceRFC1918spaceiscompletelyprivate,itallowsanincredibleamount

offlexibilitywhendesigninganetwork.

Tech Tip

Toallowtrafficfromhoststhatareusingprivateaddressestoaccess

Internethostsusingapublicaddress,NetworkAddressTranslation(NAT)isrequired.NATallowsinternalhoststobetranslatedtoapublic

address for Internet access. Public address space is difficult to get and

canbeexpensivesothesmallpoolofpublicaddressesthatanISP

allocatesmustbeusedsparingly.(PleaseseeNATintheCiscoSBA

DeploymentGuide.).

Subnetting

Subnettingallowsyoutocreatemultiplelogicalnetworksthatexistwithina

singleClassA,B,orCnetwork.Ifyoudonotsubnet,youcanonlyuseone

networkfromyourClassA,B,orCnetwork,whichissimplyunrealistic.

Eachdatalinkonanetworkmusthaveauniquenetworkaddress,withevery

hostonthatlinkbeingamemberofthesamenetwork.Ifyoubreakamajor

network(ClassA,B,orC)intosmallersubnetworks,youcancreateanetwork

ofinterconnectedsubnetworks.Eachdatalinkonthisnetworkwouldthenhaveauniquenetwork/subnetworkID.

Tosubnetanetwork,extendthemaskusingsomeofthebitsfromthehost

IDportionoftheaddresstocreateasubnetworkID.Forexample:Given

anetworkof192.168.5.0/24,whichhasamaskof255.255.255.0,youcan

createsubnetsinthismanner:

192.168.5.0 - 11000000.10101000.00000101.00000000

255.255.255.224 - 11111111.11111111.11111111.11100000

------------------------------------------[sub]------

Theaddressontheleftisindotteddecimalnotation,andthebinaryrepre-

sentationisontheright.WhenplanningIPsubnetting,sometimesitiseasiertovisualizethedifferentportionsofthenetworkaddresswhenlookingatthe

binaryformat.Thesubnetmaskisalsorepresentedindotteddecimaland

binary.Anyaddressbitsthathavecorrespondingmaskbitssetto1repre-

sentthenetworkID.Anyaddressbitsthathavecorrespondingmaskbitsset

to0representthehostID.

Byextendingthemasktobe255.255.255.224,youvetakenthreebits(indi-

catedbysub)fromtheoriginalhostportionoftheaddressandusedthemto

makesubnets.Withthesethreebits,youcancreateeightsubnets.Withthe

remainingfivehostIDbits,eachsubnetcanhaveupto32hostaddresses.

Asinglesubnetcanbesplitupintoeight32-hostsubnets.Eight32-host

subnets,however,maynotbeflexibleenough.Forexample:192.168.5.0 255.255.255.224 address range 0 to 31

192.168.5.32 255.255.255.224 address range 32 to 63

192.168.5.224 255.255.255.224 address range 224 to 255



Tech Tip

Therearetwowaystodenotesubnetmasks:

Sinceyouareusingthreebitsmorethantheoriginallyspecified

255.255.255.0mask,themaskisnow255.255.255.224.

Themaskcanalsobedenotedas/27asthereare27bitsthatareset

inthemask.Themaskisdenotedwiththenotationprefix/length.For

example:192.168.5.32/27denotesthenetwork192.168.5.32witha

maskof255.255.255.224.

Whenappropriate,theprefix/lengthnotationisusedtodenotethemask

throughouttherestofthisdocument.

Variable Length Subnet Masks (VLSMs)

VariableLengthSubnetMasks(VLSMs)allowyoutousedifferentmasksforeachsubnet,andtherebyuseaddressspaceefficiently.Withprivate

addressspace,itisrarelynecessarytoshrinkbelowa/24subnetmaskas

spaceisplentiful.UseVLSMto:

Createalargersubnetofmorethan255hostaddresses

CreateverysmallsubnetsforWANlinks

Configureloopbackaddresses

VLSM Example

Giventhe192.168.5.0/24networkandrequirementsbelow,developa

subnettingschemewiththeuseofVLSM:

netAmustsupport330hosts

netBmustsupport6hostsforapoint-to-pointWANlinksupportingHot

StandbyRouterProtocol(HSRP)

netCmustsupport2hostsforaT1circuittoaremotesite

netDmustsupportasingleaddressforarouterloopback

Thefirststepistodeterminewhatmaskallowstherequirednumberof

hosts.

netArequiresa/23(255.255.254.0)masktosupport510hosts

netBrequiresa/29(255.255.255.248)masktosupport6hosts

netCrequiresa/30(255.255.255.252)masktosupport2hosts

netDrequiresa/32(255.255.255.255)masktosupport1address

*This is a special configuration reserved for loopback addresses.

Theeasiestwaytoassignthesubnetsistoassignthelargestfirst.For

example:Youcanassignthesubnetsinthismanner:

netA192.168.5.0/23addressrange5.0to6.255

netB192.168.7.0/29addressrange0to7

netC192.168.7.8/30 addressrange8to11

netD192.168.7.12/32addres sof12

Reader Tip

ForspecificinformationonIPaddressingandvariablelengthsubnet

masks,pleasereferenceIPAddressingandSubnettingforNewUsers,

DocumentID:13788,www.cisco.com/en/US/tech/tk365/technolo -

gies_tech_note09186a00800a67f5.shtml .

Voice Overlay Subnets

Whenaddinganewservicesuchasunifiedcommunicationsorqualityof

service,itissometimeshelpfultooverlayadifferentprivateIPaddressrangeonanexistingIPaddressingscheme.Forexample:

Allvoicecouldbeonitsownsubnetrangefromthe10.0.0.0/8or

172.16.0.0/16blocks.

Asimplemaskcoveringall172.16.0.0/16or10.0.0.0/8addressescould

be used to classify voice traffic across all sites.

Suchanapproachcanhelpsolvescalabilityissueswithanaddressingplan

thatwasnotdesignedtoaccommodateenoughsubnetsandhostsforeach

site to support a new service.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml


10/22

6IPAddressingBasics

Forexample:Twoexistingbrancheshavewiredandwirelessdataaccess

andwouldliketoaddvoice.Theyhavereservedalloftheir192.168subnet

space.Thevoicesubnetisoverlaidina10.X.X.Xaddressrangehighlighted

inredinFigure2.

Figure2.VoiceOverlaySubnets

192.168.64.0/24 Data Subnet

192.168.65.0/24 Wireless Subnet

Two Routes Advertised as

192.168.64.0/21

10.1.0.0/21 (Voice)

Remote Site 1

Headquarters

10.1.1.0/24 Voice Subnet

192.168.72.0/24 Data Subnet

192.168.73.0/24 Wireless SubnetRemote Site 2

10.1.8.0/24 Voice SubnetTwo Routes Advertised as

192.168.72.0/21

10.1.8.0/21 (Voice)

Summarization

SummarizingIPaddressesensuresthattherearenoentriesforchildroutes,

whichareroutesthatarecreatedforanycombinationoftheindividualIP

addressescontainedwithinasummaryaddressintheroutingtable.This

summarizationreducesthesizeoftheroutingtableandallowstherouterto

handlemoreroutes.

Inasmallnetwork,summarizationisoftennotnecessaryatfirst.However,asthe

networkstartstoexpand,itneedstoscale.Summarizationprovidestheability

toscaleIPaddressspacefromasingle-siteheadquarterstoanadditional

remotesitelocationandthenincludehundredsofremotesites.

Anexampleofsummarizationfromthenetworkheadquartersouttothe

remotesitelocationsisshowninFigure3.NormalIProutingadvertisement

wouldhavesentoutsevenroutesintheroutingtable.Withsummarization,

allsevenroutesaresummarizedbacktotheheadquartersasasingleroute.

Figure3.IPSummarizationatHeadquarters

HQ Access 1

HQ Access 2

Server Room

Single Route Advertised as

10.10.0.0/19

10.10.32.0/24 Core Routing

Subnet

10.10.0.0/24 Data Subnet10.10.2.0/24 Voice Subnet

10.10.16.0/24 Wireless Data Subnet

10.10.20.0/24 Wireless Voice Subnet

10.10.48.0/24 Data Subnet


Summarizationcanbeusedinallplaceswheretheaddressingiscontigu-

ousorspecifictoalocation.IfexistingIPaddressingdoesnotallowfor

summarization,documentitandleaveitbewhileyoudeployfutureIPspace

thatcanbesummarized.

Tech Tip

Besuretoturnoffauto-summarizationintheEnhancedInterior

GatewayRoutingProtocol(EIGRP)iftherearenoncontiguousIP

spaces.

IP Multicast

IPMulticastisabandwidthconservationtechnologythatreducestrafficand

serverloadsbyallowingasinglestreamofinformationonthenetworktobe

received by thousands of users.

Applicationsthattakeadvantageofmulticasttechnologiesinclude:

Videoconferencing

Corporatecommunications

Musiconhold


11/22

7IPAddressingBasics

Distancelearning

Distributionofsoftware,stockquotes,andnews

IANAhasreservedtherangeof239.0.0.0/8asAdministrativelyScoped

addressesforuseinprivatemulticastdomains.Theseaddressesaresimilar

innaturetothereservedIPunicastranges(suchas10.0.0.0/8)defined

inRFC1918andwillnotbeassignedbytheIANAtoanyothergroupor

protocol.

AcorporatemulticastIPaddressingplan,justlikeaunicastaddressingplan,needs to be provisioned for the entire network.

Reader Tip

FormoreinformationonIPMulticast,pleasevisit

www.cisco.com/go/multicast.
http://www.cisco.com/go/multicasthttp://www.cisco.com/go/multicast


12/22

8ManagingIPAddresses

ManagingIPAddresses

Withproperplanning,theIPnetworkcanbemoreorganized,easiertoset

up, and easier to troubleshoot than user and network services.

BeforeexplaininghowtocreateyourownIPaddressingplan,wewillrelate

the technical concepts already described to an actual network design, using

theCiscoSBAdesignasthenetworkexample.

IP Addressing in the Smart Business Architecture

CiscoSBAuses10.0.0.0astheexampleaddressrange,youcanapply

thesesameprinciplestotheotherranges.YourIPspacerequirements

willdeterminetherangeorrangesyouimplement.Thesesameprinciples

applytoapublicaddressrange,butmostmidsizeorganizationswilllikely

deployprivateaddressesinternallyandusepublicaddressesfromaservice

provider when connecting to a public network such as the Internet.

TheCiscoSBAIPaddressingrangesareassignedfromthe10.0.0.0/8range

ofprivateaddressestocoverthefollowingmainsectionsofthenetwork:

Headquarters

WA N

RemoteSites

ServerRoom

D MZ

RegionalSite

Security

Voice

The chosen address space is allocated in contiguous IP address blocks to

eachoftheseareastopromoteIPsummarization.

Headquartersisassignedaddressesinthe10.10.0.0/19block,allowing

for32/24subnets.

Theregionalsiteisassignedaseparateblock.

Branchesareassignedan8subnetblockoutof10.11.0.0/21.

FortheNetworkFoundation:

DataSubnetsarerequiredforwiredandwirelessusers.

Wirelessaccessmayrequireadditionalsubnetsforguestaccess,

quarantine of nonsecure devices, etc.

Subnetsforend-useraccessarecommonlyspecifiedas/23or/24,

andallowfor253hostsor509hosts,respectivelywithasinglerouteraddress being used.

VoiceSubnetsareseparatefromdatanetworkstosimplifyconfigura-

tion of quality of service, and to avoid having IP phones contributing to

the lack of space on already congested data subnets.

Onesubnetforwireddataandonesubnetforwirelessallowsforflex-

ibility.Subnetscanbe/24or/23,andallowfor253hostsor509hosts,

respectively with a single address reserved for the default gateway.


13/22


Table1presentsanexampleofIPaddressassignmentandsummarization.

Followingthetable,youcanfindadiagramoftheCiscoSBAarchitecture

withsampleIPsubnetassignmentandsummarization.Summarizationcan

beextrapolatedtoeachremotesiteandacrossacampusasrequired.To

addanotherremotesite,simplyassignanotherblockofeightaddresses.For

example:Branchtwowouldbeassigned10.11.8.0/21.

Table 1. CiscoSBAAssignedIPAddresses

Location VLAN Subnet Department

Summary

Address

Headquarters 10.10.0.0/19

10 0 10 .10 .0 .0 /24 H QW ire d Da ta

1 02 1 0.1 0. 2. 0/ 24 H Q Wi re d Vo ic e

10 4 10 .10 .4 .0 /24 H Q Wi re d Da ta

1 06 10 .1 0. 6. 0/ 24 H Q Wi re d Vo ic e

116 10.10.16.0/24 HQWirelessData

12 0 1 0.1 0.2 0 .0 /2 4 HQ W ir el es s Voic e

124-31 10.10.24.0/21 InternetEdge13 2- 39 10 .1 0.3 2.0/21 HQ W AN

148-63 10.10.48.0/24 HQServerFarm

RemoteSite1 10.11.0.0/21

N A 10 .11. 0. 0/ 24 Loopbacks

N A 10 .11 .1. 0/ 24 N et wo rk S er vi ce s

10 2 10 .11 .2 .0 /24 W ir el es s Da ta

10 3 10 .11 .3 . 0/ 24 W ir el es s Vo ic e

10 4 10 .11. 4. 0/ 24 W ire dD at a

N A 1 0.11 .5 .0 /2 4 Reserved

10 6 10 .11. 6. 0/ 24 W ire dVo ic e

N A 1 0.11 .7. 0/ 24 Reserved

TheCiscoSBAdesignasseenintheSBAforMidsizeOrganizations

BorderlessNetworksFoundationDesignGuideisshowninFigure4withthe

additionofIPaddressassignmentsandroutesummarization.


14/22


Figure4.CiscoSBADesignwithAssignedIPAddressesandSummarization

Remote Site Router with

Application Acceleration

Wireless

Access

Point

10.11.4.0/24 Data SubnetRemote Site Switch



Single Route Advertised as

10.11.0.0/21

Single Route Advertised

as 10.10.0.0/19

Remote SiteWireless

Access Point

PSTN

WAN

Internet

Firewall

Campus Router

Application

Acceleration

Wireless

LAN Controller

Client

Access

Switch

Server Room

Switch

Servers

Client Access

Switch Stack

Server Room

Stack

UC

Managment

Host



10.10.16.0/24 Wireless Data Subnet

10.10.48.0/24 Server Subnet


Core

SwitchStack

Hardware

and

Software VPN

Server Room

Headquarters

Access


15/22


Process

Creating an Addressing Plan

1. DefineAddressingStandards

2. Plan Range

3. AllocateIPSpace

4. DocumentPlan

ItisimportanttoapproachtheIPaddressingplanwiththeentirenetworkin

mind,notjustthefoundation.ProperplanningofIPaddressspaceacross

eachofthelayersiscriticaltoensuringtheirinteractionisseamlessand

integrated.Withineachsubnetrange,theplanshouldaccountfor:

Subnetsizes

Subnetassignment

Staticaddressassignmentsfornetworkdevices

Dynamicaddressassignments

Well-plannedanddocumentedIPaddressspacecanyieldmanysaved

hoursoftroubleshootingtime.

Procedure 1 Define Addressing Standards

Usingconsistentstandardsacrossthedifferentlocationssimplifiesoverall

maintenanceandtroubleshootingofthenetwork.

Step 1: CreatestandardsforIPaddressassignmentswithineachsubnet

range.Somestandardsyoumayconsiderapplyinginclude:

Foreaseofidentification,VLANscanbecreatedtomatchthethirdoctet

oftheIPsubnetplus100.Forexample:x.x.71.x.isassignedVLAN171.

Thisresultsinaself-documentingdesign.

Routers,gatewaysandhotstandbyrouterprotocol(HSRP)virtual

addresses within a subnet are assigned the first available addresses

within the range.

Printersandotherfixedaddressassignments.

Dynamicaddressrangesfordynamichostcontrolprotocol(DHCP).For

example:Allusersubnetsmaybe/24subnetswith253availableaddress

assignmentsforendhosts.

Routersmaybeassignedthe.2and.3addresses,andtheHSRPaddress

assigned the .1 address.

Printersmaybeassignedthe.5through.9addresses.

DHCPmayrangefrom.10through.250addresses.

Step 2: Defineaconsistent,structurednamingconventionandDNSfor

devices. This helps:

Createaconsistentaccesspointtoroutersforallnetworkmanagement

informationrelatedtoadevice.

ReducetheopportunityforduplicateIPaddresses.

Createsimpleidentificationofadeviceshowinglocation,devicetype,

and purpose.

Improveinventorymanagementbyprovidingasimplermethodto

identify network devices.

Step 3:IdentifyDHCPrangesandaddthemtoDNS,includingthelocation

oftheusers.ThisrangemaybeaportionoftheIPaddressoraphysical

location.Anexamplemightbedhcp-bldg-c21-10todhcp-bldg-c21-254,

which identifies IP addresses in building C, second floor, wiring closet

1. Alternatively, the precise subnet or variation thereof can be used for

identification.

Step 4: Documentallstandardsthatyoudevelopandreferencethemonall

networkengineeringplandocumentstohelpensureconsistentdeployment.


16/22


Procedure 2 Plan Range

Thereisnoincorrectprivatesubnettoallocate,butsomechoicesprovide

moreflexibilitythanothers.

Step 1: Determinewhichaddressspacetousebyevaluatingalloftheuser

andserverrequirements.Considerthefollowingexamples:

The192.168.0.0rangeisusedbymanycompaniesandnetworkequip-mentvendors.Thisaddressrangehasalowernumberofhostaddresses

available,whichmaybecomeanissueasanorganizationgrowsorwhen

amergeroccurswithanothercompanyusingthesamerange.

Ifyouhavetheluxuryofstartingfromscratch,considerthe10.0.0.0

rangetoallowforthemostflexibility.The10.0.0.0rangeallowsformany

morehostsinthesamerange,whichprovidesmoreflexibilitywhensub-

netting.Forexample:Eachbranchorbuildingneedstohaveaconsistent

hostrangeandthe10.0.0.0networkprovidesthisflexibility.

Inmanycases,organizationsmayhavemultipledifferentaddressRFC

1918spacesintheirnetwork.Tosimplifyconfigurationandtroubleshoot-

ing,itiseasiertoworkwithonerangefromRFC1918spaceandusesummarization.UsingmultipleIPrangesfromdifferentaddressspacesis

notaproblemiftheaddressingplaniswelldocumented.

Whateveraddressspaceisselectedorinherited,theremaybeanadvan-

tagetostartsomewhereotherthanthebeginningoftherangewhen

choosingnetworknumbering.Incaseofamergerwithanothercompany

thatisusingIPaddressingfrom10.0.0.0or192.168.0.0,itisadvisablenot

to start at the beginning of the range, to decrease the chance of address

conflicts.

Procedure 3 Allocate IP Space

Step 1: CarefullydefinethesizeoftheIPspacewithpublicaddressesasit

isavailableonlyinafiniteamount.Besuretotakeintoaccountthat:

Privateaddressesarenotconstrained

Foreaseofuse,a/24maskshouldbeusedasaminimumforuser

subnets. Enddevicesalwaysgrowinnumber,sothereisnoreasontosetalow

limitonthenumberofprivateaddresses,sincetheyarereadilyavailable.

WANconnectionshavemuchsmallerrequirementsforIPaddresses.In

general, a point-to-point network connection between two sites has two

IPaddressesinuse.IfHSRPisusedwithredundantroutesoneachside,

thenumberofaddressesincreasestosix,threeforeachsideofthelink.

/30subnetallowsfortwousableIPaddresses

/29subnetallowsforsixusableIPaddresses

Step 2: Reserveasubnetforphysicalsecurity.Theserequirementscan

beassimpleasasubnettocontroldooraccesstoabuildingorsomething

morecomplexlikevideosurveillancefortheentirebuilding.Evenifphysical

securityisnotrequiredattheinitialsetup,youshouldstillcompletethis

step.

Step 3: Reserve a subnet for facilities. This subnet addresses physical plant

requirementssuchasremotepowercontrol,airconditioning,andfacilities

monitoring,whichcannowbemonitoredwithnewtechnologyontheIP

network.

Step 4: Allocatepublicaddressesforallproductionnetworksinthedemili-

tarizedzone(DMZ),whichisthenetworkornetworkssituatedbetweenanISPedgerouterandcorporatefirewalls.AnalternativeistouseNAT.

Step 5: AllocateasubnetforRemoteAccess,whichisgenerallysetupasa

virtualprivatenetwork(VPN).

Step 6: AllocateasubnetforNetworkManagementtoprovideaccesstonet-

workdevicessuchasEthernetswitches,firewalls,routers,etc.Thissubnet

willallowforeasymanagementwithaseparatelogicalnetwork.CiscoSBA

usesVLAN1formanagementofnetworkdevices.


17/22


Tech Tip

Wherepractical,aseparatephysicalnetworkcanalsobeusedfor

management.

Step 7: Createaloopbackaddresstomakeiteasiertomanageasingleaddressforarouterwithmultipleinterfaces.

Loopbacks:

Arealwaysup.

Arereachableevenifasingleinterfacegoesdownwhentherouterhas

multipleinterfaces.

Canprovideasinglesourceaddressforvoiceapplications,network

management,routing,etc.

Givecontinuity,forexample,toavoicegatewayinarouter.Ifthevoice

gatewayisconfiguredfortheWANinterfaceanditgoesdown,thevoicegatewayalsogoesdown.Loopbackspreventtheseproblemsasthey

stay up as long as the router stays up and is reachable over an interface.

NeedtobeadvertisedbytheIProutingprotocol.

Loopbackinterfacescanbeassignedanaddressof/24oruptoasingle/32

(besuretosummarizeifusing/32loopbacks).Configureloopbackinter-

facesasthesourceIPaddressfortraps,SecureShell(SSH),andSimple

NetworkManagementProtocol(SNMP).

Procedure 4 Document Plan

Step1:DocumenttheentireIPaddressspaceinaspreadsheetshowing

site-allocation,usage,andavailablesubnetsforeachsubnetsizewithin

theblock,alongwithsummaryaddressesforeachparticularblockof

addresses.

AnexampleofasimpleIPaddressingworksheetisavailableintheAppendix

of this guide.

Process

MaintainingandGrowingNetworkSpace

1. ResolveOverlappingAddressRanges

2. IncreasetheNumberofIPAddresses

3. MergewithAnotherCompany

OncetheIPaddressingplanisinplace,youarereadytoresolvesituations

astheycomeup.Thefollowingproceduresexplainhowtohandlesomeof

thespecialsituationsyoumayencounter.

Procedure 1 Resolve Overlapping Address Ranges

Iftwoaddressrangesoverlap,twoscenariosmaybeinplace.

Thefirstpossiblescenarioisthattherangesarethesamebutthesubnets

used within these ranges are unique to each site and there is no overlap asseeninFigure5.Thisscenarioisnotoptimal,butthenetworksshouldstillbe

abletocommunicate.Inthisscenario,completethefollowingsteps:

Step 1: Removesummarizationfrombothsidesifitcontainsanyofthe

overlapping IP space.

Note:Thisstepisenoughtoallowthenetworkstocommunicatewhilestep2

isbeingcompleted.

Step 2:Renumbertheoverlappingspace.

Step 3:Reinstatethesummarization.

Figure5.OverlappingIPAddressSpace,NonConflicting

Branch Headquarters

Remote Site Using 192.168.0.0/19

192.168.20.0/24 Data Subnet


Headquarters Using 192.168.0.0/19

Data Subnets

192.168.1.0/24

192.168.15.0/24


18/22


Thesecondpossiblescenarioisthatthespacesconflict,meaningthey

usethesamesubnetsasseeninFigure6.Thisisarealproblem.Unlikethe

simplesolutionofthepreviousexample,thisoneismorecomplex,butitcan

beovercome.

Completethefollowingstepstoresolvethesituation:

Step 1: UseNATfromtheconflictingsiteinanewnonconflictingIPaddress

spaceasatemporaryworkaround.

Step 2:Renumbertheconflictingspace.

Step 3: Oncethehostsarerenumberedintothenewaddressspace,turn

NAToff.

Figure6.OverlappingIPAddressSpace,Conflicting

Branch Headquarters

Remote Site Using 192.168.0.0/19

192.168.1.0/24 Data Subnet


Headquarters Using 192.168.0.0/19

Data Subnets


192.168.15.0/24 Data Subnet

NAT from Source Subnets to Two Temporary Subnets in the

Existing Headquarters IP Address Space That Are Not in Use:

192.168.30.0/24 and 192.168.31.0/24

Procedure 2 Increase the Number of IP Addresses

Asanorganizationgrows,sodoesitsneedforIPaddresses.Ifyourplan

includesprovisionsforexpansion,growthisnotaproblem.

IfthehostsareallDHCPandthenextavailablesubnethasbeenreserved,

completethefollowingsteps:

Step 1: AdatasubnetmayhavehadanadequateamountofIPaddresseswhenitwasfirstdeployed,butasthecompanygrowsitbecomesapparent

thatthe/24assignedneedsmoreroom.Oneapproachistoexpandthe

subnetbychangingthemasktoa/23todoubletheIPaddressesavailable.

Therouterinterfaceconfigurationwillgetreconfiguredforthenewmaskand

routing verified.

Tech Tip

ThischangeofmaskcanonlybedoneifthenetworkIPplanningtook

thisfutureexpansionintoaccountwhenthenetworkwasdesigned.Ifit

wasplanned,thehostsareallDHCP,andthenextavailablesubnethas

been reserved..

Step 2: Withtherouterconfigurationcomplete,addressthehosts.With

thehostsconfiguredforDHCP,theyreceivetheirIPaddressesandsubnet

masksfromtheDHCPserver.

Step 3: ChangethemaskandaddtheadditionalrangetotheDHCPserver.

NotethattheDHCPmaskneedstobechangedontheDHCPserverandnot

on every host.

Step 4: OncethemaskhaspropagatedwhenDHCPrenewstotheexistinghosts,

theywillhavevisibilitytotheexpandedrangeinDHCP.Atthispoint,expandthe

DHCPrangetothelargersetofIPaddressessotheycanbeassigned.

Tech Tip

IfthehostsarenotconfiguredforDHCP,eachhostwillhavetobe

visited or it will not be aware of hosts and gateways on the subnet.


19/22


Procedure 3 Merge with Another Company

ConsidertheexampledepictedinFigure7.Assumeanewlocationwas

acquiredbyabusinessthatalreadyhasanetworkwith172.16.20.0and

172.16.42.0addressspaceinuse.Youwouldneedtoeitherrenumberthe

addressspacetofitwithintheactive192.168.0.0spacecurrentlydeployed

attheheadquarters,orsimplysummarizetheaddressspaceattheborder

totheremotesiteas172.16.0.0/16.

Figure7.MergingwithDifferentIPSpace

Branch Headquarters

172.16.20.0/24 Data Subnet


Headquarters Using 192.168.0.0 Address

Space Summarizes and Advertises

a Single Route Out to th e Remote Site.

192.168.0.0/16

Remote Site Using 172.16.0.0 Address

Space Advertises a Single Router to the

Headquarters Site

172.16.0.0/16

Reader Tip

FormoreinformationonIPaddressing,pleaseseethefollowing

resources:

RoutingandSwitchingBestPractices:HowCiscoITDeploysIP

AddressingintheEnterprise,www.cisco.com/web/about/ciscoi-

tatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_

Best_Practices.pdf

ConfigurationManagement:BestPracticesWhitePaperwww.

cisco.com/en/US/tech/tk869/tk769/technologies_white_

paper09186a008014f924.shtml

GeneralDesignConsiderationsforSecureNetworks,inNetwork

Security Architectures, a Cisco Press book.
http://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdfhttp://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdfhttp://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdfhttp://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdfhttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f924.shtmlhttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f924.shtmlhttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f924.shtmlhttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f924.shtmlhttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f924.shtmlhttp://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f924.shtmlhttp://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdfhttp://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdfhttp://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_IP_Addressing_Best_Practices.pdf


20/22

16AppendixA

AppendixA:SubnetDesignWorksheetforSBA

Location VLAN Subnet Department Summary Address


21/22

17AppendixB

AppendixB:SBAforMidsizeOrganizationsDocumentSystem

You are Here


22/22

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third part y trademarks mentioned are the property of their re spective owners. The use of

the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Americas Headquarters

Cisco Systems, Inc.

San Jose, CA

Asia Pacific Headquarters

Cisco Systems (USA) Pte. Ltd.

Singapore

Europe Headquarters

Cisco Systems International BV

Amsterdam, The Netherlands

C07-629862-0112/10

Documents

SBA Mid BN IPv4AddressingGuide