Step 11 — Real-World Network Design
Now let's apply everything you've learned to design complete network addressing schemes like you would in a real IT environment.
Network Design Principles
1. Plan for Growth
Don't allocate exactly what you need today. Leave room for 50-100% growth. Renumbering a network later is painful and disruptive.
2. Use Summarizable Blocks
Assign address space so that locations/regions can be summarized. This simplifies routing and security policies.
3. Consistent Conventions
Use predictable patterns. E.g., .1 is always the gateway, .2-.10 for infrastructure, VLANs numbered consistently across sites.
4. Document Everything
Create an IP address management (IPAM) spreadsheet or use dedicated tools. Future you (and your colleagues) will thank you.
Scenario 1: Small Business Network
Requirements:
- Single location, ~75 employees
- Separate VLANs for: Users, Servers, Guest WiFi, VoIP phones, Management
- Room to double in size
- Available: 192.168.0.0/16 (private range)
Show Design
Strategy: Use 192.168.10.0/24 as our base (easy to remember), allocate /24 per VLAN for simplicity and growth room.
| VLAN | Name | Network | Gateway | DHCP Range |
|---|---|---|---|---|
| 10 | Users | 192.168.10.0/24 | .1 | .50-.200 |
| 20 | Servers | 192.168.20.0/24 | .1 | Static only |
| 30 | VoIP | 192.168.30.0/24 | .1 | .10-.200 |
| 40 | Guest WiFi | 192.168.40.0/24 | .1 | .10-.250 |
| 99 | Management | 192.168.99.0/24 | .1 | Static only |
Benefits: VLAN number matches third octet (easy to remember), plenty of room for growth, easily summarized as 192.168.0.0/16.
Scenario 2: Multi-Site Enterprise
Requirements:
- Headquarters: 2,000 users
- 3 branch offices: 200 users each
- Data center: 500 servers
- Point-to-point WAN links between sites
- Available: 10.0.0.0/8
Show Design
Strategy: Use second octet for site identification, third octet for VLAN. This allows route summarization per site.
Site Allocation:
- 10.0.0.0/16 - Reserved/Infrastructure
- 10.1.0.0/16 - Headquarters
- 10.2.0.0/16 - Branch 1
- 10.3.0.0/16 - Branch 2
- 10.4.0.0/16 - Branch 3
- 10.10.0.0/16 - Data Center
| Site | Network Block | Summary Route |
|---|---|---|
| HQ User VLANs | 10.1.10.0/24 - 10.1.19.0/24 | 10.1.0.0/16 |
| HQ Servers | 10.1.100.0/24 | ↑ |
| Branch 1 | 10.2.10.0/24, 10.2.20.0/24 | 10.2.0.0/16 |
| Data Center | 10.10.0.0/20 (prod), 10.10.16.0/20 (dev) | 10.10.0.0/16 |
WAN Links (using /30):
- 10.0.0.0/30 - HQ to Branch 1
- 10.0.0.4/30 - HQ to Branch 2
- 10.0.0.8/30 - HQ to Branch 3
- 10.0.0.12/30 - HQ to Data Center
Scenario 3: AWS/Azure VPC Design
Requirements:
- Production and Development environments
- 3 Availability Zones per environment
- Public, Private, and Database tiers per AZ
- Available: 10.0.0.0/16 for Production, 10.1.0.0/16 for Dev
Show Design
Strategy: Divide /16 into /20 per AZ, then /24 per tier within each AZ. This gives room for growth and clean summarization.
| Environment | AZ | Tier | Subnet | Usable IPs |
|---|---|---|---|---|
| Prod | AZ-1 | Public | 10.0.0.0/24 | 251* |
| Private | 10.0.1.0/24 | 251 | ||
| Database | 10.0.2.0/24 | 251 | ||
| AZ-2 | Public | 10.0.16.0/24 | 251 | |
| Private | 10.0.17.0/24 | 251 | ||
| Database | 10.0.18.0/24 | 251 | ||
| AZ-3 | Public | 10.0.32.0/24 | 251 | |
| Private | 10.0.33.0/24 | 251 | ||
| Database | 10.0.34.0/24 | 251 |
* AWS reserves 5 IPs per subnet (network, router, DNS, future, broadcast)
This pattern repeats for Dev at 10.1.x.x. Each AZ block (e.g., 10.0.0.0/20) can be easily referenced in security groups and NACLs.
Your Turn: Design Challenge
University Campus Network
- Main Campus: 5,000 students, 500 faculty, 200 staff
- Library: 500 public computers
- Research Lab: 100 servers, isolated
- Dormitories: 3 buildings, 1,000 students each
- Guest WiFi across campus
- Available: 10.0.0.0/8
Design an addressing scheme. Consider VLANs, summarization, growth, and security.
Show One Possible Solution
Top-Level Allocation:
- 10.10.0.0/16 - Academic Buildings (faculty, staff, labs)
- 10.20.0.0/16 - Student Resources (student computers, library)
- 10.30.0.0/16 - Dorm 1
- 10.31.0.0/16 - Dorm 2
- 10.32.0.0/16 - Dorm 3
- 10.100.0.0/16 - Research (isolated)
- 10.200.0.0/16 - Guest WiFi
- 10.250.0.0/16 - Infrastructure/Management
Each dorm gets its own /16 for easy summarization and policy application. Research is completely separate. Guest WiFi is isolated with its own range for easy firewall rules.
Checkpoint
You now have the skills to design real network addressing schemes. The final step is a quick reference sheet you can use in the field.