Jump to content
RESET Forums (homeservershow.com)

Home Network IP Address Scheme Best Practice


schoondoggy

Recommended Posts

Good discussion.  We are all being subnetted from our ISP and I can see new construction in very large neighborhoods being allocated IPV6 addresses but you're still only getting one address, be it 4 or 6 which resolve back to the same address.  We will never run out of v6 addresses, something about there are more v6 addresses than stars in the sky, so as long as it works, it doesn't really matter to me on the exterior, but for simplification I would only ever use v4 on the inside.

Link to post
Share on other sites
  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

  • nrf

    10

  • itGeeks

    9

  • jmwills

    9

  • ShadowPeo

    6

Top Posters In This Topic

Popular Posts

Mine is varied but have used it for 20 years so not changing now 1 router 2 printer 3 main pc After that odds are static pc and evens are device like NAS,ilo,rac, vhost 51-60 ip cam 21-30 networ

I use a mixture - servers and infrastructure get fixed IPs. Since some routers require reserved IPs to fall within its dhcp range and some outside I don't mess with it. I have frequently changed route

I usually group IP Addressing by functionality.  I even go to the extreme of keeping domains within a range.

Posted Images

GotNoTime

you're still only getting one address, be it 4 or 6 which resolve back to the same address.

No. You don't get a single IPv6 address. You usually get a /64 IPv6 prefix assigned for your LAN devices. It is specifically a /64 at a minimum because it allows you to generate a static IPv6 address based on the MAC address of your interfaces. If you wish to statically assign addresses using manual configuration then you've got 2^64 address available to use.
Link to post
Share on other sites

My ISP provides 6RD (wish they had dual stack, was a pain to set up the tunnel) so I have both IPv6 and IPv4 running inside my network.  I suspect that running IPv4-only on one side of a router and IPv6-only on the other side wouldn't work well at all, since then every client would need to know how to tunnel one protocol into the other.  Long term I hope that IPv4 goes offline entirely and networks become IPv6-only, but given how long it's taking to get dual-stack setups from some ISP's, I don't know that I see that happening anytime remotely soon.

 

After some digging, it looks like the ISPs are expected by ARIN and RIPE to provide a /48 to most home and business subscribers when using IPv6 (found the RIPE guidelines here: http://meetings.ripe.net/ripe-49/presentations/ripe49-ipv6-guidelines.pdf). Inthat case, there should be no reason for the router to perform NAT, instead it can just assign IP's within the provided prefix.  Just because these are publicly routable IP's doesn't mean that they are accessible, I only allow traffic through to the specific addresses that are supposed to be accessible and have the router blocking any other traffic that tries to enter the network.  It does mean that there have to be specific rules for this, but those should be easy for even a consumer-level router to include.  I use pfSense for my router, so I had to actually add the rules but it was easy to do.

 

At work we don't have IPv6 active on the internal network, so maybe it still is something that's more for people to play with for now.  I would be hard pressed to believe that there aren't parts of the internal network that do run IPv6 (dual stack at least if not only) as a test environment so that when things do start to switch they know how to deploy it correctly.  So far it's not active on the client computer network (I'm not in the IT department, work in product design).

Link to post
Share on other sites
  • 1 month later...

Shadowpeo:  One good thing to do with a guest network like that is to set a traffic rule on your firewall (if you have one advanced enough) to limit bandwidth on the guest wireless.  That way, even if guests connect to your network (or find your SSID), they can't chew your bandwidth up attempting HD Youtube or Netflix streams.

 

I would love to, but compared to the rest of the gear in the network, the firewall is a little old and decrepit.

Link to post
Share on other sites
  • 1 year later...
itGeeks

An old thread but a topic of my own interest, I am building out my daughters network and wanted to share my updated IP scheme.

 

My IP addressing scheme using a private /24 mask:
 
10-19 - Smart Switches
20-29 - Access Points
30-39 - Servers and VM host
40-49 - RACK/iLO/IPMI/KVM/UPS Management Card
50-59 - Printers
60-79 - Phones/Tablets
80-99 - Computer/Laptops
100-109 - Digital Picture Frames
110-119 - Smart TV's
120-129 - Fixed Media Streamers. Example Roku, NVIDIA Shield, Fire Stick.
130-139 - Blu-ray/DVD Players
140-149 - Gaming Consoles
150-169 - IP Cameras (This will be put on a VLAN at some point)
170-189 - Reserved for the unknown
190-229 - Reserved for Home Automation Stuff.
 
230-254 - DHCP range for guests and newly added devices not yet added with static IP 
 
Service providers (CPE) Cable boxes (STB) and router are on its own network, I like to keep it separate on its own Subnet to keep from prying eyes. I hang my router off a DMZ on the service providers router, (This may soon change as I want to make my router first inline and hang the service providers router off a DMZ) Further testing is needed to make sure the TV service does not brake.
 
Schoon tag your it, You ask the question now would you mind telling us what you do?
Link to post
Share on other sites

Thanks for sharing this. Incidentally I have no convention to my LAN. Not ideal. Just a range of 192.168.0.10-192.168.0.100. With random consecutive devices in between.

 

Is there any way to create a reservation in Windows DHCP for a specific LAN IP? Without having to right click on a lease and create a reservation (with that device's currently assigned IP address)?

 

 

Sent from my iPhone using Tapatalk

Link to post
Share on other sites
schoondoggy

Still a work in progress. Home address range 192.168.1.1-255 Lab address range 192.168.2.1-255

Home:

1-20 Networking/Firewall

30-43 PC/Laptop

49-68 Home Automation

100-149 DHCP range

180-185 Printers/Scanners

190-225 Audio/Video/Media/Gaming

235-254 Servers/VM's

Link to post
Share on other sites

Wondering whether I should just be using the DHCP server built into my router instead of Windows DHCP server? What do others here do?

 

Instead I create a reservation on Windows DHCP, mirror that IP definition in Sophos UTM, then add to a Sophos UTM https exception list. More steps than I probably need?

 

 

Sent from my iPhone using Tapatalk

Link to post
Share on other sites

Good point. When I move away from Sophos UTM, I'll revert back to router DHCP only. Possibly DNS also.

 

 

Sent from my iPhone using Tapatalk

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...