In the life of a system administrator, always will come a moment when an IP subnet needs to be defined. Be it your small home LAN or the endless company WAN where madness lurks in the depths of unknown routes, IP addresses will always need to be choosen, divided and assigned to some device, deserving it or not. And, while in the "real world" of the public Internet you'll have to just obey your ISP's orders, you're free to choose your path and your ultimate destiny when it comes to your own private network.
As everyone knows (or should know), the mighty RFC 1918 states that private network IP addresses can only fall in three great blocks:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
Which is your favorite one?
How big do you usually choose to make a subnet, regardless of course of how many devices you really need to connect to it?
Do you think it should be kept to a minimum, or should it be as great and glorious as possible?
Do you believe in the law and order of "round" subnets (/8,/16,/24), or do you prefer the anarchy and crawling chaos of "unround" ones?
Do you follow the Sacred School of Our Gateway Should Be .1, the Unholy Temple of No It Should Be .254, or the blasphemous teachings of the Order Of It Shall End With Whatever We Want It To End With?
Do you feel in your heart that Servers should have "low" addresses and Clients should use "high" ones? Or will only Fate define how the Server and the Client are to be called?
Do you always use (or try to use) the same ending numbers in all the subnets you manage, so that you may find your gateway and your DNS in the hour of your great need?
Do you believe in DHCP or in Static Addressing? And do you have faith in their hybrid child, DHCP With Reservations, even for not-client machines like network printers or, may all the Gods forgive you, Servers?
"Take this and divide it; this is my 2^32 address space,
which shall be endlessly fragmented for all your addressing needs,
until IPv6 may finally come."
I worship at the alter of 00001010/11111111. The gods would be angry if you didn't not yearn for the largest of the networks. It allows for the most flexibility, and least conflicts with the pleb's networks.
I find that a nice /24 is the perfect size for most networks, you have room to stretch out, let you servers have some breathing room, you need to remember that they have personal space issues like we all do.
The only time I spend the brain cells that have been granted to me by the gods of networking and servers to subnet much farther is for those pieces of equipment that think they are better than everyone else - routers, switches, firewalls I'm looking at YOU! Those I try to confine to a /25 or smaller, otherwise their hubris would start to spread to the servers, and you just can't let servers get out of line. Bad, bad things happen if you let that go on, files start disappearing, services crash, not good I tell ya, no good at all! To keep the networking gear in line though, we let the routers/firewalls use the first usable addresses in a subnet (could be .1 ... could be .33 - depends on your netmask) that normally keeps them in line.
There is no good reason to have a DHCP server on a production network - server build yes, production NO. Client networks, always have DHCP, reservations where you need them (or are required by your auditor!)
... translated yes use the same host addresses where you can ... everything will be easier.
Besides all the wise suggestions given here, one that I found useful: for sake of comfort, avoid having the same network as your office or other LANs you might have to connect to (remotely).
This hint greatly improved my VPN life: for example having the same subnet might be annoying when
192.168.0.1
might be your home router and remote server you're trying to fix. Then you'd have to add a manual route through the VPN interface, etc.For everything else there's Mastercard.
My current favorite addressing solution for a multi-site setup.
10.DATACENTER.RACK.RACKU+100
Each rack get's a /24, which I terminate on a pair of core switch/routers.
It's pretty heavily detail oriented, but I can infer a lot just by looking at an IP address.
With a pair of core routers, I have two floating default routes .1 and .2. (HSRP/VRRP) Actual interface IPs are .3 and .4.
Odd Us default route to .1 Even Us default route to .2
I put a DHCP range at 200-240 for doing PXE boots of testing before the offical IP is assigned.
10.x.x.x; anarchy and crawling chaos (/22 is actually a damn useful subnet, not too big and not too small, so keep the same irrespective of the size, second octet defines a primary location, third defines a sub-location); gateway is always 1, servers start at 11 (with primary DNS being 11), then clients (starting at 10.x.1.x/10.x.5.x/etc using a /22 subnet), finally printers and other devices (starting at 10.x.3.x, 10.x.7.x, etc); servers with the same roles in each subnet have the same address where possible; DHCP for client PCs, static for everything else, reservations used for certain "special" clients where there are legacy apps and legacy security models that rely on a specific IP address.
That's about it. :)
The subnet size is of course to be choosen based on the size of the network, with enough room for future expansion, because re-addressing is always a big pain. That said, my favorite subnets are those beggining with 192.168. and 10.: I really can't stand 172. ones, and of course this doesn't have any rational reason: it's purely an aesthetic concern.
I prefer "round" subnets, because with them it's a lot easier to remember subnet masks, networks and broadcast addresses, and to know which subnet an address belongs to.
I tend to choose 192.168.X class-C subnets for small networks where 254 addresses will surely be enough; I'm usually quite conservative here, and go with the simplest of them: 192.168.0 and 192.168.1; I also like 192.168.42.0/24 a lot, for obvious reasons.
For larger networks, I usually follow the same principle: using 10. addresses you can have 256 subnets of 65534 hosts, or 65536 subnets of 254 hosts: more than enough for any network, without the need for fancy /13, /28 or /27 subnets. There can of course always be exceptions, but this is my general rule.
I strongly believe in order when it comes to network and systems management, because computer systems tend to be chaotic in their essence (as in chaos theory): the smallest error can have unpredictable results. In network addressing, I try to always use the same ending addresses for the same roles; this is my typical breakdown of a class-C network:
.1 is the default gateway.
.11 and .12 (and maybe .13, .14 and so on) are domain controllers, DNS and WINS (if in use) servers.
.25 is the mail server.
.80 is the web server or the proxy server (if there is one).
I usually use "low" addresses for servers and "high" ones for clients; the former are always static ones, while the latter are assigned using DHCP. I'm a great fan of DHCP and dynamic DNS for clients, but I'd never use it for servers and other "fixed" systems, like network printers and scanners.
If the network is larger and more segmented, I like to put servers on one subnet and clients elsewhere; client (and even server) subnets can of course be more than one, if the network is big enough to require VLANs.
I like 10. It's nice and short, and offers a massive amount of room for expansion.
After 10 I usually work in /16's, but I plan them by /8's (which are usually a nice size for a business unit). Working in 8's is nice because (unless your company is massive) you can just assign a business unit 10.1.0.0 and you won't have to worry about them running out of space any time soon. Obviously, if you have more than 255 business units, ymmv.
I usually use 1 for the gateway, just because it makes it easy to remember. Either way, as long as you use the same number on every subnet, it doesn't matter. Other than the gateway, I don't reserve specific ips for specific types of servers.
Usually I dump all the servers on their own ghetto subnets, so I can keep an eye on them, and make sure they don't mix with crappy desktops. If I have to have them mixing, then, yea, I reserve the first 50 or so addresses for servers/anything that needs a static ip. Again it's just a matter of less typing. Desktop users seldom care what their IP is, and you don't often need to type it in.
I like DHCP (we have tons of laptops), but you need to couple that with registered MAC addresses, or any shmuck off the street can come in and plug in and that's a no no. MAC's aren't secure, but they're at least as good as statics, as far as security is concerned. I don't use "registered" DHCP; I'm not a windows DHCP person. If I'm going to have statics and dynamics on the same subnet, I just set the DHCP range to be 51-255 or similar, and put the statics in 1-50.