Best practice for assigning private IP ranges?

Solution 1:

Most systems I've seen attempt to map the IP ranges to a hierarchy of geography and/or system components.

One employer tended to use:

10.building.floor.device (with non-user resource VLANs using 10.x.100.x to 10.x.120.x)

and

10.major_system.tier_or_subsystem.component

Solution 2:

One thing I would suggest is to use randomly selected private ranges from the 10.0.0.0/8 block for all of your private addresses. This avoids lots of problems, particularly when setting up VPNs between home/partner networks and your corporate network. Most home routers (and many corporate setups) use 192.168.0.0/24 or 10.0.0.0/24, so you'll spend hours sorting out various connecticity issues when you try to establish connectivity between two private networks.

If, however, you chose a random range like 10.145.0.0/16, and then subnet from there, it is far less likely that you will "collide" with a business partner or home network's private IP range.

Solution 3:

RFC1918 details the 3 IP blocks that are reserved for private address space. The 2 common ones are:

  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  • 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Less common is:

  • 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

If you're setting up a separate network for storage, it would probably make sense to choose an IP range similar but slightly different to what you are using for regular networking. Consistency is good, but using different IP ranges allows you to be connected to both networks simultaneously, for example if you need to look something up while doing management with your laptop?