Sysadmin Mega Thread

I would assume 192.168.X is the most used due to COTS home stuff uses it. Then I would assume 10.X stuff as it has the most flex. Then 172 for weird people

4 Likes

I feel attacked

3 Likes

you weird people too?

Uh duh

Hey Im in that group too it is what it is

Yeah but I want to see something as granular as 172.17.6.0/24 vs 10.133.211.0/24.

prob wouldnt see any data like that and if i had to put money on it I would put money on the 172 one being more common.

Could Poll it, but not going to be granular enough for you

1 Like

You trying to plan out customer nets? I would do 10.Customer Number.Break up stuff here.host

2 Likes

I’d say, given how large and cumbersome some big corporations networks can be, that you will find 10. subnets to be more frequently encountered, but the usage is similar in big corporations for both 172. and 10. If you are dealing with smaller businesses, you will usually see them use 10. subnets, because they are easier to remember, unless they straight out use 192. subnets. TBH, in my small company I used to work for, we used 192., mostly in the low-range. We only had 1 conflict with someone’s home network in the VPN, but I solved it by changing that dude’s home network IP to something else.

I would say 192. in the very high range, over 192.168.170 aren’t as frequently encountered. And if you go over 210, you are very unlikely to have a subnet conflict, because most home users were in the low 192, with most businesses using 10. and very few using 172.

At least that’s just my experience from working with some big ISPs and banks in Europe. Used to work for 1 large and one medium sized company and both used 192. in the low <50 range. Which I found odd, but seems to be common as well.

1 Like

That is currently what I do but I am considering losing the customer number and just assigning /24 subnets at random across all 3 classes. If I ever want to take on art galleries, restaurants, coffee shops, etc. I’d be burning too many IPs since each location would probably use at most 4 subnets (staff, guest, security, management).

How many customers are you at now?

For exabit stuff do 172 /24s, less traditional office type places

10s = office style business
172 = Cafe style

1 Like

Like a handful, lol. BUT, I am planning to publish my Ansible collections to galaxy so I am thinking of best practices/scalability beyond my immediate or even plausible needs.

right now your doing what /24s still right like the
10.001.001.X/24 for Business 1 (not sure how many you have with more subnets

You could always change it to count by like 5 in the 3rd octet soo
10.1.0-4 /24 (Company A)
10.1.5-9 /24 (Company B)
10.1.10-14/24 Company C)
10.1.15-19.24 (Company D)

gives you 5 subnets next to each other for the customer to grow into before you have to chunk more?

Could do 10s as well to add a ton more

2 Likes

I already have random selection with collision detection written out for 2nd and 3rd octets individually so won’t be too difficult to change to random /24 assignments for everything. That said, I am thinking of having a boolean switch that will select 10.location.subnet.host vs random.private.subnet.host because there is value in having the 2nd octet dedicated to a specific LAN for human readability purposes.

1 Like

If you have lots of tiny customers that don’t need to talk to each-other you could always use the cookie-cutter approach. Deploy the same subnets to each customer, assign a unique WAN IP, and hide it all behind NAT.

1 Like

They don’t need to talk to each other but I need to talk to all of them (centralized services, logging, etc).

1 Like

:face_vomiting:

I know it’s probably cheaper for them to do it this way and you have to worry about less stuff (like backing up individual zabbix, centreon, nagios, prometheus, grafana etc. instances, as opposed to just one, not to mention checking individual instances for alerts), but I would still do it in a way that, if I die tomorrow, many other people can inherit the monitoring and other stuff locally to their respective infrastructures. Centralizing is only useful if you are a company that is selling a service. Which could be the case for you, I don’t know your situation, but I feel like it’s a liability to have everything gathered to a central point in your infrastructure.

I remembered I used to have macvtap interface, as opposed to a bridge bridging the vlan interface, which allowed communications. Now I need to figure out why bridging vlans doesn’t work, I did the same in a proxmox VM and this worked flawlessly. But the conversion from /etc/network/interfaces to just ip commands is not as straight forward. Likely a PEBKAC.

All of my clients are <12 employee small businesses. It just doesn’t make sense to deploy separate stacks for each one. They wouldn’t pay for it anyway. It’s mainly for my benefit tbh.

4 Likes

Depending on what you use, you may be able to get around by using NAT and something like rinetd or iptables and just map a client to the redirected port, although way uglier and if using SNMP, lol, GL.