Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: openphil on November 15, 2019, 09:33:49 AM

Title: Disadvantages of 10.0.0.0/8 in home environment?
Post by: openphil on November 15, 2019, 09:33:49 AM
Hi there.
I am using
10.0.0.0/8 for my LAN,
172.16.0.0/12 for IoT
and 192.168.0.0/16 for my Guest Network..

I know this is total overkill (e.g. I never had more than 1 guest so far)
but are there real disadvantages, is it a "bad idea"?
Title: Re: Disadvantages of 10.0.0.0/8 in home environment?
Post by: chemlud on November 15, 2019, 09:51:22 AM
...if you need the next network (kids, banking, home office, you name it...) you are running out of IP's. Simply bad practice.

Start with something like a /24 or /26 per interface

https://www.iplocation.net/subnet-mask
Title: Re: Disadvantages of 10.0.0.0/8 in home environment?
Post by: openphil on November 15, 2019, 10:13:12 AM
Indeed, good point.

As far as I know, I am limited to one Interface(VLAN) per SSID (I have Unify APs) - so I have a physical max of Interfaces. If there is a way to have multiple VLANs per SSID (based on Mac-Address?) than I could split further by vendor of IoT or Rank of Familiy :D ..
Title: Re: Disadvantages of 10.0.0.0/8 in home environment?
Post by: franco on November 15, 2019, 12:17:58 PM
I generally use 10.x.0.0/16 for each location, subdivide /24 for different purposes (test network, servers, special/temporary assignment, dmz) except DHCP ranges which get a number of successive reserved /24 -- had multiple companies running out of /24 space in their lifetime due to company growth due to early admin policies and arbitrary size restrictions. ;)


Cheers,
Franco
Title: Re: Disadvantages of 10.0.0.0/8 in home environment?
Post by: fabian on November 15, 2019, 06:18:38 PM
I would also mention another problem. The network may overlap with VPN networks due to the size.
Title: Re: Disadvantages of 10.0.0.0/8 in home environment?
Post by: siga75 on November 16, 2019, 02:46:45 PM
best practice is to keep broadcast domains small, if possible. Not really an issue if in reality you have a small number of hosts.
I like to use weird small subnets, like 172.19.33.32/28, 172.19.33.48/28 and so on.
Small is maybe better from a security point of view, on a 10.0.0.0/8 a simple broadcast ping could reveal all your hosts, with "weird" subnets one have to guess the used addresses, not a big issue of course, I just like it more
Title: Re: Disadvantages of 10.0.0.0/8 in home environment?
Post by: Redundanz on November 20, 2019, 11:28:12 PM
you can use VLANs within the same subnet of course, if your individual infrastructural situation allows it.

as far as i understand, from your post summary, this is about your private home network.

i am not encouraging this. but i personally use different subnets at home that are in the public address space.
which doesn't matter at all (generally speaking) in your "bubble" at home. certainly not advisable in a business/company environment where it could cause ip leaks and other fun stuff for several reasons.
so if the moment comes when you need a further separate network and VLAN shouldn't work (for whatever reason) then you just go open up 9.0.0.0 or 11.0.0.0 etc...

lastly... maybe the most obvious thing...you can just change the subnet mask the moment you REALLY need it?
i mean we're not talking about migrating thousands of devices and servers with tons of established static routes etc... right? this is about your private home?

all in all i can say that there's way too much brain-power being put into all of this... with many arguments thrown around merely for "philosophical" reasons. in the end you either have provisioned correctly or you simply need to make more changes than you may have planned for. it's not witchcraft.
Text only | Text with Images