[IPVM Mod Background Note: For IP security systems, some use whichever IP scheme is default in the switch, or use a common Private IP scheme for systems. Others do not, instead configure their own 'uncommon' scheme.]
This may sound like a rookie question, but what are the advantages in using a non-standard subnet scheme?
NOTICE: This comment was moved from an existing discussion: Which Private IP Addresses Do You Use For IP Video?
One reason is to carve up public IP addresses, so small blocks of them can be allocated to different customers instead of needing a whole class per customer.
For instance, my ISP, assigns me 8 IP address as well as using 6 addresses itself for the gateway, (both sides), and other administrative purposes. My netmask is 255.255.255.240.
Take a look and see what your public ip and mask is...
Amending my answer to be concerning only private ip video subnetting after seeing the mod's note above.
Much like an ISP will break a Public Class A network into thousands of smaller subnets, corporations which employ the Private Class A network, 10.x.x.x, will soon need to slice up the address space (usually in bigger pieces than an ISP) as the number of hosts start to grow into triple digits. Although 10.x.x.x technically allows over 16 million hosts to be part of the same 'network', usually no more than a few hundred are feasible.
One reason is due to the fact that the local broadcast chatter, (discovery, ARP, NetBios, other administrative protocols), will soon overwhelm the 'real' traffic on the network. In addition, if the network is geographically disparate, the WAN between them will normally have reduced bandwidth making the elimination of these non-essential packets critical.
Also, subnetting requires at least one router for every subnet, and because of this some additional benefits are made possible, such as more granular control of firewalls and individual Qos (Quality of Service) settings.
As for an example regarding ip video, we all prefer to have our own dedicated 'network' for video, right? But what does that mean really, our own Class C network, our own VLAN, or no shared catx cable/switches at all?
Although their are many reasons that demand stronger forms of isolation, I'm not aware of a reason that an existing 10.x.x.x network should not be subnetted out when adding a substantial number of hosts to an existing network. Once the mask is assigned by IT, you will be on your 'own' sub-network, at least in the IP sense.
The beauty of much of the networking terminology is that several of the most common words can be interpreted to mean different (and perfectly valid) things, depending on how you interpret the question.
Reading through the other thread and this question, I *think* you mean, "Why would use not use 192.168.1.x (et al) all the time?"
Most devices of what I call the "Plastic Router Class" default to 192.168.1.x or 192.168.0.x for the LAN subnet. Further, this is done with a subnet mask of 255.255.255.0, indicating that you can have 255 hosts on the IP network (though the physical LAN itself might breakdown if you have 255 devices all on one giant unmanaged network).
One advantage of sticking with whatever default LAN subnet is supplied with your router is that it is one less thing you have to manually configure our change around. A disadvantage of this is that many devices come with default IP's in one of these subnets.
Personally, I typically use 192.168.11.0/24, 192.168.13.0/24 and 192.168.15.0/24 for my "private" IP's. There is no significance to the 11, 13 and 15, they're just fairly uncommon.
As you hopefully know, you can't have 2 devices on the same LAN with the same IP and expect everything to work. Because LANs have become a lot more common, and people in general are more comfortable plugging things into networks (even if they shouldn't be), there is a high probability that at some point, probably years after you set everything up, that somebody is going to get a new multi-function printer thing, or a camera off Amazon, or whatever and plug it into the network. If that devices default IP conflicts with something else on your network, unpredictable things can happen, but they usually manifest in the form of really sporadic problems.
I'd rather that any random device plugged into a network by someone who is not quite sure what they are doing be logically isolated from the working devices on the network. It's not an outright guarantee that nothing bad will happen, but it will often prompt a phone call "I just got this Widget, and I plugged it into the network and my PC doesn't discover it the way it is supposed to". Maybe that call comes to you, or hopefully it goes to the manufacturer of that device, but either way it's a bit of cheap insurance.
In the end, any IP addressing scheme that lets all the appropriate devices talk to each other is perfectly fine, and no one set of numbers has any inherrent advantage over another set of numbers. It's mostly personal preference or corporate standards for how to set things up.
Thank you. Very well stated. This is very much how I feel about it as well.
Undisclosed B,
You hit it right on the head. My original question was really just about non-standard IP address schemes and not necessarily about masking, although being thrusted into that discussion was a good eye opener for me.
Since I deal with smaller projects (10-50 cameras) and build seperate networks for the video systems, I never really had to knuckle down and learn the nitty-gritty of non-standard IP schemes. Perhaps a bit of laziness on my part, but being a one man crew and a self-proclaimed 'rookie', I have to balance my on-going education with keeping the lights on in the office.
With that said, I've had to speed-up my education process on this particular matter due to client-driven changes to a system I am 90% finished with. Originally, all the viewing and recording was supposed to occur on the same system, but they now want viewing done via a couple of the PC's on the office network. The good thing: some load will be removed from the server......bad thing: my convenient seperate networks that were blissfully unaware of each other, now have to start communicating inteligently and on a limited basis. Ugh!
No problem, this well within my capacity to learn.....I just don't like crash courses that's all.
I'm sorry if I'm unclear about your method, but I'm unsure what a "non-standard subnet scheme" is if you're not talking about custom masking. I'm not trying to call you to the mat, I'm just trying to get an understanding of what it is we are talking about here.
Also, in your example above, where you need limited access between two networks, that's easily accomplished with a decent firewall and switch that support VLANs.
Just to be clear the "non-standard subnet scheme" phrase was not mine to start with. I was merely asking an exploratory question in another discussion about another person's statement. At the time I asked that question (in the other discussion), I was unsure if that person was talking about masking or just IP schemes in general, but was intesterested in either case since I am trying to further my knowledge on the subject.
First time saw that "Non-Standard IP address". It just pop up a "266.266.266.266" in my head.
Because all IP address IS a standard.
I think "How can non-standard IP address use in network???"
Maybe you can use "Non-common private IP address" in the next time?
Assign which IP on the site is just an future planning.
Admin always choose class A network if the site could be expand in the future or he/she already assigned a lot of vlan.
It just easy to manage IP address in class A network only.
Last big project I was on had more than 254 cameras, but less than 65K, so I didn't want to use a full class B, so I used what I think they call supernetting for ex:
Network 172.16.12.0/23 gave me 510 hosts (172.16.12.1-172.16.13.254), subnet mask 255.255.254.0
Is that what you mean by non-standard?
A good article on the subject
http://blog.erratasec.com/2013/12/dod-address-space-its-not-conspiracy.html?m=1
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
