Running out of IP addresses

We are running out of IP addresses on our expanding network. The current range is 192.168.1.0/24. Considerations:

We use an ISA server as a proxy for all web traffic, this is our current default gateway

Our current backbone is 4 x L2 dell switches connected by LAGs to effectively create 168 port backbone

We have remote site2site vpns connecting into our network from 192.168.102.0,192.168.103.0 etc. They will need access to all the internal networks

2 possible solutions:

  1. Change the mask from 255.255.255.0 to 255.255.252.0, which gives us the range of 192.168.0.1 to 192.168.3.254. The downside is we need to change the mask in a lot of places (static ip hosts, dhcp server etc)

  2. Put a layer3 switch in before the L2 switches, and split it into vlans. This would be a simpler fix. We would change the default gateway to the layer 3 switch, and have the ISA as the gateway for the switch. Would we use the L3 switch as the default gateway for clients then, or could we leave it as the ISA?

What's the best method of gaining some extra IP addresses? Anything to look out for or be wary of?


Solution 1:

Well, I run a backbone and distribute a lot of /24 to different locations. I would NOT change netwok masks - not worth it. Put decent cheap routers in there. Gives you more flexibility.

Solution 2:

We recently went through the same problem. We decided to change the subnet mask, and while it's a bit of a PITA, good documentation made it easy to track down every last device where it's IP is configured manually. Changed DHCP to match and everything was updated within a week.

Solution 3:

Why not jump to 10.x.x.x? For example 10.3.0.10. In the format 10.a.b.x have each site have its own 'a' value, then each group at that site could have a 'b' value. Each device would get an 'x' value. That's is our structure and we have close to 5K

Solution 4:

The other answers here all provide good solutions.

I agree that you should consider avoiding 192.168.x.0, especially 0 or 1 for the third octet. Consider the other reserved/private ranges. Using a different subnet is sound; 255.255.252 is fine.

I would manage this change via DHCP, but in the weeks before you make the change, decrease the lease length. By default on many DHCP providers, the lease is 7 days. A couple of weeks before you make the cutover, shorten the lease to no more than a day (even 4 or 8 hours.) Be aware that your DHCP server will see increased load.

Static devices are going to be a problem. Take a good audit of what devices are configured manually well in advance, and consider scripting the change for the servers that you can do this to. Other devices (printers, etc.) seldom provide you with a good way to remotely change the IP, unfortunately.

Above all, I recommend a meticulous plan of steps that you are going to take when it's "go-time". Not having to think about "what's next" is a huge time-saver.