-
Stephen Robinson
- 18 Jun, 2022
Dual Stack Network Design
Having decided I wanted to understand IPv6 in the ‘real world’ the design of my lab network seemed like a good place to begin. As most of …
Read ArticleRFC1918 defines the following 3 blocks for private internets / networks leaving the choice up to the network administrator of which is most appropriate.
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
With this in mind I decided to work with the 10/8 prefix as whilst the other two private ranges 172.16/12 and 192.168/16 would provide more than enough IP addresses for my needs, choosing the larger block allows for easier expansion in the future and trying new platforms in the future.
Organisation Breakdown
Starting at the ‘organisation’ level I decided to break the 10/8 prefix down into 4 areas, with 2 of these reserved for future expansion. Each of these areas covers a specific deployment location of services, the initial 2 areas being ‘Premises’ and ‘Cloud’.
Premises covers locations that have physical infrastructure managed by myself whilst Cloud covers locations that are entirely hosted by 3rd parties, be these the big cloud players (AWS, GCP, Azure) or any of the smaller providers.
| Organisation
10.0.0.0/8 | Reserved
10.0.0.0/10 | |
| Reserved
10.64.0.0/10 | ||
| Premises
10.128.0.0/10 | Local
10.128.0.0/12 | |
| Colocation
10.144.0.0/12 | ||
| Inter-Site
10.160.0.0/12 | ||
| Reserved
10.176.0.0/12 | ||
| Cloud
10.192.0.0/10 | AWS
10.192.0.0/12 | |
| GCP
10.208.0.0/12 | ||
| Azure
10.224.0.0/12 | ||
| Other
10.240.0.0/12 | ||
Premises Breakdown
Taking one of these locations we can start to break it down further, allocating blocks for different purposes within a location. In the local location we allocate 4 different sites that will host services. At the current time, for my use, only one of these, Home, will be used to host services and the rest reserved for future use.
Local
| Local
10.128.0.0/12 | Home
10.128.0.0/14 | Border Network
10.128.0.0/16 |
| DC Network
10.129.0.0/16 | ||
| User Network
10.130.0.0/16 | ||
| Reserved
10.131.0.0/16 | ||
| Reserved
10.132.0.0/14 | ||
| Reserved
10.136.0.0/14 | ||
| Reserved
10.140.0.0/14 | ||
Home Network
Breaking down the site allocation block further we end up with four sub allocations: Border, DC, User and a spare allocation reserved for future use.
| Home
10.128.0.0/14 | Border Network
10.128.0.0/16 |
| DC Network
10.129.0.0/16 | |
| User Network
10.130.0.0/16 | |
| Reserved
10.131.0.0/16 |
You might be thinking to yourself, and with good reason, why are you allocating really huge blocks for these purposes, a /14 block has 256k addresses contained within it and a /16 block has 64k, you can’t possibly need all of them. And you would be right with this thinking, part of the reason for large blocks is it allows me to expand and try new things by taking a subset of this large range and not break any existing functionality or have to worry about existing address usage and overlap.
So what are each of these groupings for and how do they break down.
Note: Reserved blocks are there for future expansion.
Border Network
The Border Network is used by services that are needed across all networks and provides inbound and outbound gateways for the entire network, once again the subnet sizes are overkill, especially for this area.
For a given network a suitable subnet and parent would be chosen i.e. for the DNS Services they would be in the Internal Services subnet of 10.128.0.0/19 and a subnet of 10.128.10.0/28 might be choosen within this to contain the DNS Servers.
| Border Network
10.128.0.0/16 | Services
10.128.0.0/18 | Internal
10.128.0.0/19 | |
| External
10.128.32.0/19 | |||
| Gateways
10.128.64.0/18 | Inbound
10.128.64.0/19 | ||
| Outbound
10.128.96.0/19 | |||
| Reserved
10.128.128.0/18 | |||
| Reserved
10.128.192.0/18 | |||
DC Network
The DC (Data Centre) Network is for use by all my services, routers, switches and ancillary devices that make up my homelab network and allows usage of individual subnets for specific purposes vaguely along the lines of the following breakdown.
| DC Network
10.129.0.0/16 | Core Network
10.129.0.0/17 | Management
10.129.0.0/19 |
| Non Routed Management
10.129.32.0/19 | ||
| Management Apps
10.129.64.0/19 | ||
| Reserved
10.129.96.0/19 | ||
| App Networks
10.129.128.0/17 | Internal Apps
10.129.128.0/19 | |
| Reserved
10.129.160.0/19 | ||
| Public Apps
10.129.192.0/19 | ||
| Reserved
10.129.224.0/29 | ||
User Network
The User Network contains all end user devices and Wi-Fi connectivitity including my IoT devices which are segmented off from the rest of my network devices for security.
| User Network
10.130.0.0/16 | Users
10.130.0.0/17 | Home
10.130.0.0/19 | LAN
10.130.0.0/20 | |
| Wi-Fi
10.130.16.0/20 | ||||
| Work
10.130.32.0/19 | LAN
10.130.32.0/20 | |||
| Wi-Fi
10.130.48.0/20 | ||||
| Restricted
10.130.64.0/19 | LAN
10.130.64.0/20 | |||
| Reserved
10.130.80.0/20 | ||||
| Guest
10.130.96.0/19 | LAN
10.130.96.0/20 | |||
| Wi-Fi
10.130.112.0/20 | ||||
| Devices
10.130.128.0/17 | IoT
10.130.128.0/18 | Wired
10.130.128.0/19 | ||
| Wireless
10.130.160.0/19 | ||||
| Reserved
10.130.192.0/18 | ||||
As you can see from this post keeping track of the IP blocks and how they are allocated quickly becomes a problem, even using a spreadsheet can become unruly quite quickly especially when we start looking at IPv6 and the enormous numbers of addresses contained within a given range.
With this in mind a range of tools exist to help with IP Address Management (IPAM) a great open source to this is NetBox from DigitalOcean which can help manage IP addresses alongside documenting the rest of the infrastructure in your organisation. Keep following for my upcoming posts on deploying, configuring and using NetBox to help document my HomeLab.
