Is there such a thing as too many IP addresses?
We've started a small debate in the office, and I've hit the point where I no longer have the technical knowledge to continue.
Is there such a thing as having too many IP addresses? I'm not suggesting we use the entire private 10.* Class A, but I don't see why we couldn't if we wanted too.
I honestly think "subnet fragmentation" is an outdated way of thinking, but I'm want to continue the technical discussion.
Currently, our primary subnet mask is configured to use 4 class B's, which is way overkill in terms of the sheer number of available IP addresses, for our small business.
But the question is, what problems (if any) does having a wide private IP space create?
Compliance to various standards will become impossible, securing networks becomes harder, a virus will spread easier, quality of service becomes harder, MAC/CAM tables become full.
There are still all sorts of problems with just lumping everything in one bucket.
Also don't forget as the speed on LANs increases so do the uses. Especially when it comes to the data center. Many places run with 50+% utilization on their trunks. I've seen some that run higher than 65% constantly on 10gig trunks. Tell those people to add unnecessary traffic.
Using large subnets for no reason other than "you can" is fine when you're a tiny place that really has no need for more than 2 VLANs. Once you leave the small business world you'll find things increase in complexity quite a bit.
The other obvious reason would be to stop your CAM tables from filling which can be outage causing depending on the implementation in the firmware for how things are handled with the switches table fills.
The only problem is possible conflicts when connecting to partner's networks or during mergers/acquisitions. Some of those issues can be mitigated by using source and destination NAT on edge devices. Additionally, just because you use 10.1.0.0/24 does not mean you won't run into the exact same problems.
Not really - as long as you limit the amount of actual devices to something the network will handle... but then again, why have such a huge amount of possible nodes in that network if you won't use them all?
Segmenting networks are good for many a things including providing a logical structure and overview, tightening security by splitting roles and/or locations into different networks and so fourth.
One thing people don't usually think of is splitting off printers and other highly vulnerable and unprotected network devices into their own network - with access only to say a specific print server. And then there's all the usual ones depending on your organisations information security demands.
Security comes with layers, network segmentation is one of many to help make stuff less vulnerable to security issues (=access, integrity and availability).
The problem I see with that many IP's is not limiting the broadcast domain. On the other hand with 1Gb switches, i can't really say that matters a ton anymore, unless you are trying to dig though switch and firewall logs.
Other than potential conflicts with partner networks connected through VPN, no problems.
What I usually recommend is to use /24 chunks anyway, regardless of the range you're splitting them off of. So, let's say, you assign 10.27.1/24 to the office, 10.27.2/24 to the DB subnet at the datacenter, 10.27.3/24 to the apps subnet at the datacenter, 10.27.100/24 for the VPN clients, and so on.