We've started a small debate in the office, and I've hit the point where I no longer have the technical knowledge to continue.
Is there such a thing as having too many IP addresses? I'm not suggesting we use the entire private 10.* Class A, but I don't see why we couldn't if we wanted too.
I honestly think "subnet fragmentation" is an outdated way of thinking, but I'm want to continue the technical discussion.
Currently, our primary subnet mask is configured to use 4 class B's, which is way overkill in terms of the sheer number of available IP addresses, for our small business.
But the question is, what problems (if any) does having a wide private IP space create?
The only problem is possible conflicts when connecting to partner's networks or during mergers/acquisitions. Some of those issues can be mitigated by using source and destination NAT on edge devices. Additionally, just because you use 10.1.0.0/24 does not mean you won't run into the exact same problems.
Compliance to various standards will become impossible, securing networks becomes harder, a virus will spread easier, quality of service becomes harder, MAC/CAM tables become full.
There are still all sorts of problems with just lumping everything in one bucket.
Also don't forget as the speed on LANs increases so do the uses. Especially when it comes to the data center. Many places run with 50+% utilization on their trunks. I've seen some that run higher than 65% constantly on 10gig trunks. Tell those people to add unnecessary traffic.
Using large subnets for no reason other than "you can" is fine when you're a tiny place that really has no need for more than 2 VLANs. Once you leave the small business world you'll find things increase in complexity quite a bit.
The other obvious reason would be to stop your CAM tables from filling which can be outage causing depending on the implementation in the firmware for how things are handled with the switches table fills.
Not really - as long as you limit the amount of actual devices to something the network will handle... but then again, why have such a huge amount of possible nodes in that network if you won't use them all?
Segmenting networks are good for many a things including providing a logical structure and overview, tightening security by splitting roles and/or locations into different networks and so fourth.
One thing people don't usually think of is splitting off printers and other highly vulnerable and unprotected network devices into their own network - with access only to say a specific print server. And then there's all the usual ones depending on your organisations information security demands.
Security comes with layers, network segmentation is one of many to help make stuff less vulnerable to security issues (=access, integrity and availability).
The problem I see with that many IP's is not limiting the broadcast domain. On the other hand with 1Gb switches, i can't really say that matters a ton anymore, unless you are trying to dig though switch and firewall logs.
Other than potential conflicts with partner networks connected through VPN, no problems.
What I usually recommend is to use /24 chunks anyway, regardless of the range you're splitting them off of. So, let's say, you assign 10.27.1/24 to the office, 10.27.2/24 to the DB subnet at the datacenter, 10.27.3/24 to the apps subnet at the datacenter, 10.27.100/24 for the VPN clients, and so on.
Depending on the size of your subnet broadcasts might be a problem, although depending on the speed of your network they might not.
One disadvantage however is that you're limiting your future expansion capability. You may only need one subnet now, but who's to say you won't need more in the future? You might expand, you might want to set up separate subnets for some parts of your network, and so forth.
I'd also drop the "class" thinking and use CIDR for your subnets. Classes don't really exist anymore outside of university courses and history books, and CIDR just gives you so much more flexibility.
A good rule of thumb with these things is to take what you think you need and double it, so if you have 50 hosts (and don't forget to include servers, printers, switches, etc here) a 25 bit netmask (giving you 128 hosts, less 2 for network and broadcast) will cover what you need and give you some headroom.
Well, The Switch connected to your Uber-IP server does have a limited Number of entries available in the ARP table. As well you would see a lot of gratuitous ARP on your Broadcast Domin.
None that I can think of other than being slightly more difficult to setup (and possibly administer). And then there is the issue of waning amounts of IP addresses (until IPV6).
One network I inherited was full of /16s.. ie 10.1.x.x, 10.2.x.x..
It was nice for grouping ip ranges and you could look at an IP and know exactly what it was.. Oh the 10.4.20.Xs are all databases, etc... BUT...
Eventually we had to clean it up, and finding all the random one off IPs was a chore.
It's a lot easier to do a nmap ping scan of a /24 than a /16.
In the redesign, we settled on /22s. (1024 ips)
I think a general rule of allocate for what you need today with a healthy overhead to grow in to is a good practice.
I would start with the max number of devices that would ever be on a network, and double or triple it, and then see if I had enough networks. By using the TEN net it shouldn't be hard to find a balance. For example, say that 100 devices was the max. If you picked /22 as your mask you would have 16,384 networks that could have 1022 devices: