Best Practice

rob42

When I configure Networks for my studies, I always assign Router Interfaces with the 1st Host Address of any given IP Network.

Eg: For Network 192.168.55.16 /28, the Router Interface would be assigned 192.168.55.17 /28 as opposed to say, 192.168.55.27 /28

Is there any 'Best Practice' for this? Is there a valid reason that one wouldn't use the 1st Host Address, but maybe instead use the last one [192.168.55.30 /28]?

I'd be interested to learn what admins do in the real world, please.

clarson

usually what you do is follow the "standard" for the organization. As long as everyone knows, understands, and uses whatever is the "standard" it doesn't make a difference what it is. standards are put in place for "consistency" and to avoid one off solutions which require more maintenance.

And, what about using more than one router with the first hop redundancy protocols. you have more than one hardware interface to address on the network and virtual addresses too.

rob42

Thank you for the reply.

I get what you're saying, about the standards for the organisation. But, what if you're responsible for those standards?

I was also thinking, what about a Firewall. Should that not be on the 1st Host Address?

If I were to design a network [192.168.10.0 /24] and decided that my DHCP server pool started at 192.168.10.100 so that I could have static IPs between 1 and 99, (for the Default Gateway, Routers, Servers, Switch management, a Firewall) and 'know' that all the PCs were on IPs of 100 to 254, would that be a floored concept?

clarson

I would say a lot of these kind of thing would be covered in the "Design" certification path. Cisco has defined several building "blocks" of network componets to implement features of a network. Such as the access layer, distribution layer, core layer. There are also blocks for the internet edge, services, and data center. And, of course, each block has design considerations based on scalability, resiliency, cost effectiveness, etc. And, a company might have a different standards for a large campus compared to a branch office. the company standard shouldn't be a one size fits all.

I was also thinking, what about a Firewall. Should that not be on the 1st Host Address?

I would guess that "standard" would depend on where and how it is being implemented. A firewall(s) protecting a data center from the rest of the company network is going to be different than a firewall(s) that are protecting the company network from the internet.

And, for security reasons, the equipment shouldn't be using default passwords or default ip addresses.

Verities

rob42 wrote: »

Thank you for the reply.

I get what you're saying, about the standards for the organisation. But, what if you're responsible for those standards?

I was also thinking, what about a Firewall. Should that not be on the 1st Host Address?

If I were to design a network [192.168.10.0 /24] and decided that my DHCP server pool started at 192.168.10.100 so that I could have static IPs between 1 and 99, (for the Default Gateway, Routers, Servers, Switch management, a Firewall) and 'know' that all the PCs were on IPs of 100 to 254, would that be a floored concept?

I've seen it done this way at pretty much all the places I've worked except for my current position. I really went down a rabbit hole and eventually found this:

Configuration Management: Best Practices White Paper - Cisco

rob42

Thanks for your input, guys; much appreciated.