Friday, September 16, 2011

SOP Friday: IP Address Allocations

This is definitely more of a technical than a business discussion. But as with most things technical, you can save money and be more efficient if you handle it right.

Most of us inherit whatever IP scheme existed before we showed up. And we pretty much let it go on that way. But as you administer more and more clients, there's a lot of efficiency to be coaxed out of consistency between clients.

In my Network Documentation Workbook I have several forms related to the network, and one in particular on IP Address Allocation. Here's some of the Standard Operating Procedure behind that form.

- Overview -

This is one of those “What happens if you get hit by a bus?” forms. If there’s only one person who knows the range of addresses allocated for printers, administration can get expensive.

Of course there are two pieces to the IP Address (subnet): The address space and the subnet mask. While firewall vendors and router manufacturers love to push us into the 192.168.1.x address space, there are plenty of other options available. For the official low-down on the private addresses you can use, see these docs: The Official, Dry Description of Private IP Addresses or the Microsoft Technet Description of Private IP Addresses.

Given all the options and equipment available today, I recommend a Class C for the client office. In fact, a full Class C (254 addresses). This means your internal network subnet mask is always Remember that you have the following IP address spaces (subnets) available to you:

192.168.0.x - 192.168.255.x

172.16.0.x - 172.31.255.x

10.0.0.x - 10.255.255.x

The main thing you need to care about with regard to the address space is that no client should have the same address space as your company. The reason for this is very simple: You might need to set up a VPN to the client at some point. And if you both have the same subnet (e.g., 192.168.0.x), then your router won't actually route traffic over the VPN because it will think you're on the same subnet (and, therefore, there's no reason to route).

This might be a remote possibility - excuse the pun - but it's worth keeping in mind just in case. And it's pretty easy to do. If you have a 10 or 172 address space, your chances of running into an identical address space are very slim. For example, 10.012.123.x.

After you decide on the IP address space, you need to have a scheme for the last three digits. We use IP allocations something like this (refers to the last quartet of the IP address):

1-20 Network Equipment
26-50 Servers
76-100 Printers and other connected devices
101-200 DHCP for Desktops
201-250 Telephones
Another network/subnet for RAS (personal preference)

Hey, am I trying to pull something? There are gaps here. I like to leave some wiggle room. If I’ve learned one thing about technology, it’s that I can’t tell the future. While it seems unlikely that a whole class of devices needing IP addresses will suddenly appear, I have to humbly admit that most networks didn’t use TCP/IP at all fifteen years ago. And we didn't even have a range for telephones until just a couple years ago.

- Implementation Notes -

You can easily create this form for your binder. Simply use one column for the range and one column for the description. The actual implementation might take some time.

On new, fresh networks, you can simply set your ranges and execute.

On older, existing networks, you'll need to phase in execution. It can be disruptive to move printer addresses around, especially if printers are installed with direct printing on each desktop. Servers are also a bit tricky, but less so. Moving their IP address might cause some problems with the NetBIOS name cache. Clearing the cache or simply rebooting machines can take care of this.

But for maximum success, you'll just need to be patient and assign new printers and servers to their new IP ranges. Eventually, the old machines will go away. Having said that, a network migration is a great opportunity to implement the new address scheme as you'll have lots of other changes going on, you'll already be scheduled to hit every desktop to make sure everything works, and you might be moving DHCP and DNS services around anyway.

So, whether old or new, you'll gradually move each type of device into the appropriate ranges.

DHCP is its own category, of course. Simply redefine the scope to the new "approved" range. As machines reboot or DHCP leases expire, the new range will simply take care of itself.

- Benefits -

The biggest benefit of documenting how you use (and will use) IP addresses is that you never have to worry that you'll use an already-assigned IP. This is important for your team, but it's also important when working with other vendors. The most common "other vendor" you'll deal with on this is the dude who installs the big scanner/printer/fax machines.

They tend to run ipconfig/all to find the range and then just randomly assign a number from that range. Sometimes they even assign the wrong subnet mask or (I'm not kidding), serve up DHCP. All of these actions can break the network. Everything breaks except the new printer. So who does the client call? YOU.

It is much better if
1) The client lets you know when the printer dude is coming,
2) YOU assign the IP address and tell him what it is.

. . .

And that's a perfect example of why this policy is good to have. You simply open the Network Documentation Binder, look at the IP Allocation page, and assign the next available printer address. Zero hassles. Zero guesswork.

This kind of policy requires that everyone on the team

1) Be aware of the policy

2) Practice the policy

3) Correct one another's errors

4) Support one another with reminders

Your Comments Welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Cash Flow: Dealing with Late Payments


Now Available:
Introduction to Zero Downtime Migrations
Seminar on MP3 Download


  1. Great topic!

    One rule of thumb I picked up along the way - often you can use the street address of the business to generate the 2nd and 3rd octets of a 10.x.x.x address.

    For example, if someone's address is 8394 S. Main Street, their IP range would be 10.83.94.x

  2. Great idea, ZDW!

    Too often our brains can't come up with "random" numbers, so we do 10.11.12.x or something like that.

    This is a good trick.

  3. It's 10.0.0.x, not 10.10.10.x for the start of the 10.x.x.x block.

    Also, put a reservation in DHCP for everything along with a description, even if you configure a static address on the device (e.g. for availability reasons). That way you have a single database with a complete, consistent view of the address space. There's also something to be said for reservations for workstations too, as this makes network forensics an easier process. Dynamic address assignment then ends up being used for ad-hoc and temporary connections only.

  4. OMG Chris. I can't believe I did that. Corrected.

    Also, the DHCP reservations are good. For the most part, I would use these on larger networks where there are lots of hands in the pie.

    As for the static vs. dynamic desktops, one of the DHCP attributes is that devices request renewal of their existing IP when the lease is half over. So most of them keep the same IP forever.


Feedback Welcome

Please note, however, that spam will be deleted, as will abusive posts.

Disagreements welcome!