this post was submitted on 06 Jul 2024
838 points (98.3% liked)

196

16745 readers
2118 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 5 months ago

My current work acquired a company with a very poorly provisioned IT department. Their networks all happen to be in the low 192.168.0.0/16 so users VPNing in often end up with wonky IP conflicts. I've heard warnings about similar when selecting subnet ranges, so I just stick with low 192.168.0.0/16 ranges for home networks from which I might potentially VPN into a network I don't control, and I use 172.16.0.0/12 or 10.0.0.0/8 at work as needed and as aligns with our wider topology.

I will also add that I encountered some fun challenges at a small bank I worked at where they clearly under-planned their network and carried a bunch of wonky configs as vestigial networking adaptations as they grew. They did do a cool thing where they made each branch its own /24 subnet so you could tell at a glance exactly what branch someone was connecting from, plus branches could theoretically limp along with an ISP outage, but they didn't the extra steps of setting up edge servers so the end result was a full branch outage during an ISP outage