Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Disadvantages of 10.0.0.0/8 in home environment?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Disadvantages of 10.0.0.0/8 in home environment? (Read 4941 times)
openphil
Newbie
Posts: 5
Karma: 1
Disadvantages of 10.0.0.0/8 in home environment?
«
on:
November 15, 2019, 09:33:49 am »
Hi there.
I am using
10.0.0.0/8 for my LAN,
172.16.0.0/12 for IoT
and 192.168.0.0/16 for my Guest Network..
I know this is total overkill (e.g. I never had more than 1 guest so far)
but are there real disadvantages, is it a "bad idea"?
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Disadvantages of 10.0.0.0/8 in home environment?
«
Reply #1 on:
November 15, 2019, 09:51:22 am »
...if you need the next network (kids, banking, home office, you name it...) you are running out of IP's. Simply bad practice.
Start with something like a /24 or /26 per interface
https://www.iplocation.net/subnet-mask
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
openphil
Newbie
Posts: 5
Karma: 1
Re: Disadvantages of 10.0.0.0/8 in home environment?
«
Reply #2 on:
November 15, 2019, 10:13:12 am »
Indeed, good point.
As far as I know, I am limited to one Interface(VLAN) per SSID (I have Unify APs) - so I have a physical max of Interfaces. If there is a way to have multiple VLANs per SSID (based on Mac-Address?) than I could split further by vendor of IoT or Rank of Familiy
..
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Disadvantages of 10.0.0.0/8 in home environment?
«
Reply #3 on:
November 15, 2019, 12:17:58 pm »
I generally use 10.x.0.0/16 for each location, subdivide /24 for different purposes (test network, servers, special/temporary assignment, dmz) except DHCP ranges which get a number of successive reserved /24 -- had multiple companies running out of /24 space in their lifetime due to company growth due to early admin policies and arbitrary size restrictions.
Cheers,
Franco
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Disadvantages of 10.0.0.0/8 in home environment?
«
Reply #4 on:
November 15, 2019, 06:18:38 pm »
I would also mention another problem. The network may overlap with VPN networks due to the size.
Logged
siga75
Full Member
Posts: 185
Karma: 11
Re: Disadvantages of 10.0.0.0/8 in home environment?
«
Reply #5 on:
November 16, 2019, 02:46:45 pm »
best practice is to keep broadcast domains small, if possible. Not really an issue if in reality you have a small number of hosts.
I like to use weird small subnets, like 172.19.33.32/28, 172.19.33.48/28 and so on.
Small is maybe better from a security point of view, on a 10.0.0.0/8 a simple broadcast ping could reveal all your hosts, with "weird" subnets one have to guess the used addresses, not a big issue of course, I just like it more
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
Redundanz
Newbie
Posts: 6
Karma: 1
Re: Disadvantages of 10.0.0.0/8 in home environment?
«
Reply #6 on:
November 20, 2019, 11:28:12 pm »
you can use VLANs within the same subnet of course, if your individual infrastructural situation allows it.
as far as i understand, from your post summary, this is about your private home network.
i am not encouraging this. but i personally use different subnets at home that are in the public address space.
which doesn't matter at all (generally speaking) in your "bubble" at home. certainly not advisable in a business/company environment where it could cause ip leaks and other fun stuff for several reasons.
so if the moment comes when you need a further separate network and VLAN shouldn't work (for whatever reason) then you just go open up 9.0.0.0 or 11.0.0.0 etc...
lastly... maybe the most obvious thing...you can just change the subnet mask the moment you REALLY need it?
i mean we're not talking about migrating thousands of devices and servers with tons of established static routes etc... right? this is about your private home?
all in all i can say that there's way too much brain-power being put into all of this... with many arguments thrown around merely for "philosophical" reasons. in the end you either have provisioned correctly or you simply need to make more changes than you may have planned for. it's not witchcraft.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Disadvantages of 10.0.0.0/8 in home environment?