Customer site is out of IP addresses, they want to go from /24 to /12 netmask... Bad idea?

networking subnet ip-address network-design

Solution 1:

  • As stated in other answers, having too many hosts in the broadcast domain can really start to make broadcasts a mess.

    They'll need a lot of expansion in the subnet before it becomes a potential problem.

  • Future growth planning becomes a mess.

    Adding extra sites with their own IP space gets difficult when you've already laid a needlessly huge footprint down in the available space.

  • Internal network security boundaries become impossible.

    Assigning different subnets to different groups of users and splitting up low security servers/high security servers/restricted management interfaces of servers/storage/network devices goes out the window.

    Any ol' user's laptop that picked up a virus at home can ARP poison the network and take the servers down or man-in-the-middle them. You have no way to keep a compromised device away from sensitive network locations, like out-of-band management interfaces of servers. A typo in an innocent reconfig of network settings can potentially IP conflict with any other device on the network.

If they're not planning on growing in any way that would ever require more subnets, and not planning on ever adding any complexity or security to their network, then it's fine, since it's effectively identical to their current network configuration -- but if they're asking for this, they're obviously planning on expanding.

Needless at best, and seriously bad idea at worst.

Solution 2:

No, there is nothing wrong with using a larger mask, if the number of hosts inside stays the same.

The only problem is that doing this causes network admins to get lazy, and not-do proper subnetting, resulting in a large number of hosts being in the same broadcast domain. For example, each ARP request is a broadcast, and all the machines (in the same broadcast domain) have to process it (even though usually one one responds). Same goes for other protocols using broadcast.

Other issue could be address space, since 10/8 has space for only 16 /12 networks, and if they continue with their /12 requests, they can only fit 15 more.

Some security software, which does port/pingscans, to discover live hosts will take up alot more time then it does now (if they have it).

Otherwise, it doesn't matter. If you have only two hosts, the performance will be the same with a /30 or a /8 - the size of the network does not cause any performance issues.

Solution 3:

The arguments against it I can see are you then have a larger broadcast domain, and they would not have as many additional subnets available from 10.X.X.X.

To counter the broadcasts argument, if they are only planning for future growth, the impact to the current network should be negligible. You could also limit your DHCP servers to only distribute a small portion of the full subnet to control things until more IPs were truly needed.

I would personally still argue against doing so, as it unnecessary. Identify the number of needed host addresses, and project for future growth rather than just throw a huge subnet out there.

Related

Finding Time for Important but not Urgent tasks [closed]
FreeBSD: How to know real file size on zfs with compression on?
Do wifi packets go directly node to node?
Cent OS: How do I turn off or reduce memory overcommitment, and is it safe to do it?
Kill a process and force it to return 0 in Linux?
Send echo message to graylog2 via GELF TCP 12201 port
How can I properly sign a package I modified and recompiled?
"Error Applying Security - Access is denied" while changing file permissions on windows server 2008
nginx: [emerg] "stream" directive is not allowed here
Use iptables to forward ipv6 to ipv4?
How to make iptables rules expire?
what is Centos 5's apache user/group [closed]