Contact us
Start for free
Blog/Blog

IP Planning Explained: Your Guide to Getting Started

|
10 min
Authors
Kiley Nichols
IP Planning Explained: Your Guide to Getting Started
Key links
Share

Cables connected to the server
Picture this: You’ve set up a new office network, all devices are connected, and all services are running smoothly. All of a sudden, someone plugs in a printer and suddenly half the team loses access.

How could that happen?

If there’s no IP plan in place, turning on the printer could have created an IP conflict — potentially knocking other devices offline, interrupting service, or causing broader network issues.

However, in today’s network, IP planning goes way beyond avoiding simple conflicts. With IPV6 adoption, hybrid cloud deployments and push for micro-segmentation, IP planning has to deal with far more complexity.

By creating an IP plan — a structured approach of assigning IP addresses in a network — you can map out which devices get what IP address, how subnets are separated, and how growth is accounted for, all before any connection is made.

This guide will walk you through the why, what, and how of IP planning.

What Is IP Planning Used For?

IP planning is the process of assigning and organizing IP addresses in a way that supports your network’s current needs and future growth. It also helps answer some critical questions about your network upfront — like which devices should receive specific IP addresses and how to allocate address space efficiently.

In simple terms, IP planning provides structure for the network.

Why Is IP Planning Useful?

IP planning is useful because it provides clarity and control of the network from day one and builds a foundation for:

  • Staying organized by preventing IP conflicts, making the troubleshooting process easier
  • Ensuring the network can scale to accommodate future needs
  • Enabling smoother automation and easier monitoring
  • Improving network security and segmentation

A good IP plan ensures that your network grows without becoming unmanageable.

How to Get Started in IP Planning

A good IP plan ensures that your network grows without becoming unmanageable. In this section, we’ll explore some specific steps you should take as you begin developing your own IP plan.

Step 1: Begin With Discovery and Assessment

Before you assign a single IP address, take a step back and map out what exists today. This initial discovery phase gives you the context needed to make smart decisions later on. You can start taking inventory by asking these questions:

  1. What devices are already on the network? If it’s for a new network, what devices do you plan to have?
  2. What services are active or will be active on the network? Think DHCP, DNS, firewalls, cloud-based networking and anything else with a stake in IP.

While taking inventory, it’s important to look beyond the network and speak with different teams because their contributions could influence your IP plan. For instance, the IT team can highlight issues they are facing with scaling, app owners might flag IP sensitive systems, the security team might communicate certain kinds of segmenting that they need, and business leads can share insights into upcoming growth or organizational changes that could have an effect on the network.

As a rule of thumb, allocate about 10% to 20% more IP address space than you think you’ll need because — based on experience — networks rarely shrink.

Step 2: Design a Logical Hierarchy

Once you understand the current network, the next step is to define how your address spacing should be structured. The model you choose should reflect both your network’s topology and how your organization actually operates.

Start by picking a private address range from the RFC1918 space that fits your scale:

  • 10.0.0.0/8 – good for large enterprises with global reach
  • 172.16.0.0/12 – works for medium-sized internal networks
  • 192.168.0.0/16 – fits smaller offices or labs

Next, organize the addresses into clear logical blocks which could be by region, by site, or by function. For example:

  • 10.1.0.0/16 for headquarters
  • 10.0.2.0/16 for the EMEA region
  • 10.10.0.0/16 for the data center
  • 10.99.0.0/16 for guest WiFi

At this stage, try thinking in terms of layers because having a consistent hierarchy can make routing, documentation, and troubleshooting a lot simpler down the line.

Step 3: Subnet and Assign Addresses Thoughtfully

Using the same subnet size everywhere may seem simpler at first, but it often leads to waste or rigidity later on. Instead, use Variable Length Subnet Masking (VLSM), which lets you allocate subnets of different sizes based on actual needs to ensure you’re not wasting address space.

Here are some examples:

  • 10.1.1.0/24 for user LANs with up to 254 hosts
  • 10.1.2.0/27 for VoIP with 30 hosts
  • 10.1.3.0/28 for printers with 14 hosts
  • 10.1.10.0/26 for server blocks with 62 hosts
  • 10.1.20.0/30 for router links with 2 hosts

When it comes to assigning addresses, it’s best to align the method with the device’s role. Core infrastructure — such as routers, firewalls, and servers — typically performs best with static IPs to ensure consistent connectivity and easier management. Devices that need consistent addresses but don’t require manual configuration can use DHCP reservations. For everything else, standard DHCP pools usually get the job done.

While you are defining your subnet structure, it’s quite important to think beyond IPv4, especially with the growing requirement for modern cloud deployments.

Plan for IPv6

While most networks still depend on IPv4, IPv6 adoption is gaining momentum, especially in ISP and Cloud environments. But achieving this is not as simple as flipping a switch. Teams face tough choices around delegation sizes, address types and tool support.
Let’s discuss some key guidelines while planning for IPv6:

Begin With the Correct allocation
  1. A good rule of thumb is to allocate /48 per location or environment, then break it into /64 subnets for each function or VLAN. For example, 2001:db8:finance::/48 could be reserved for finance, then divided into /64 for payroll, analytics or HR services.
  2. On point to point links, consider using /127 to avoid or limit neighbor discovery floods.
Choose the Correct Scope
  1. For traffic that’s internal only, Unique Local Addresses (ULAs, fc00::/7) may be all you need.
  2. For anything public facing like the cloud, the internet, Global Unicast (2000::/3) is the safer choice.
Verify Supporting Tools and Services
  1. Designing the space is one thing; running it day to day is another. You’ll want to assign a static IPv6 address to the infrastructure, and use DHCPv6 or SLAAC for endpoints.
  2. Also, ensure that DNS supports AAAA records and confirm that your monitoring tools and firewall handle IPv6 traffic.

Just like IPv4, IPv6 subnets should be documented and logically structured.

Step 4: Integrate With Existing Network Services

Your IP plan isn’t a standalone document; it influences how other parts of your network function. Once you’ve defined your subnets, the next step is making sure everything fits smoothly with other services.

This can mean reviewing how DHCP handles address scopes and exclusions, checking that DNS zones match the updated layout, or confirming that NAT rules reflect the right private-to-public mappings.

After making these adjustments, it’s important to test the setup in a safe environment to catch any potential issues that could surface.

Step 5: Extend Your Plan to Cloud and Overlays

Once your plan works with on-prem services, extend it to the cloud and to container platforms. Do not assume the same space everywhere. In enterprise networks a /48 per site is common, but the cloud providers set limits. AWS typically offers a /56 or /64 VPC Azure assigns a /48 per VNet, while GCP support varies per region, so it’s important to check what you actually get before dividing the subnets.

As you are extending into the cloud, look out for a common pitfall – overlapping ranges. For instance, if you are already using 10.0.0.0/8 in your on-premise environment and the same space is assigned by AWS for your VPC, it may cause your hybrid connectivity to fail.

Then, look at overlays like Kubernetes. IPv6 clusters require explicit /64s for pods or  services and your CNI plugin, service mesh and ingress controllers must advertise those prefixes consistently. Skipping these steps leaves you with fragmented ranges that don’t align with your enterprise plan.

Step 6: Document Everything

Treat documentation like it’s part of your infrastructure — not something you patch in later — because even a great IP plan can fall apart if the details are scattered or locked away in someone’s head.

At a minimum, be sure to capture:

  • Subnet CIDRs and usage descriptions
  • Default gateways, DNS servers, and exclusion zones
  • VLAN IDs and associated services
  • IP reservation pools and static assignments
  • Ownership and change tracking

You should store this information in a proper IP Address Management (IPAM) tool like NetBox, which gives you more than just a place to keep your records. With NetBox, you can create a system you can audit, automate, and actually rely on as your business scales.

As you get feedback and make observations, adjust the structures accordingly for the next phase.

Step 7: Deploy the IP Plan in Phases (IP Planning in Agile)

The IP plan doesn’t have to be implemented all at once, so depending on your network, you could start with low risks like guest Wi-Fi or a test VLAN and use your IPAM to assign space, monitor the usage, and then track changes.

As you get feedback and make observations, adjust the structures accordingly for the next phase. If automation is in place, use it to streamline your provisioning and validation step.

Think of your plan as something that grows and evolves with your network, not a one-time setup.

Challenges Faced in IP Planning

When creating an IP plan, teams can encounter a lot of challenges along the way, including:

  • Inheriting undocumented networks
  • Renumbering legacy address spaces
  • Dealing with poor adoption across multiple teams
  • Overcomplicating subnet designs with too many smaller blocks
  • Planning too narrowly, which leaves no room for network growth
  • Cloud and hybrid overlaps from inconsistent allocation across providers
  • IPv6 complexity: choosing prefix sizes, balancing ULAs vs Global unicast and checking tool support

It’s important to be cognizant of these challenges and put together a plan of attack before deploying your IP plan across the organization.

Best Practices for IP Planning

Use IPAM and Let Go of Spreadsheets

Manual tracking breaks down fast, especially when multiple teams are assigning IP addresses. Use a purpose-built tool like NetBox to manage the process and make your life easier. NetBox also supports custom fields, IPv6 planning, and can integrate with automation tools like Nornir or Ansible, thus making it a great choice to manage dynamic and modern network environments.

Continuously Update the Document

A lot of plans fall apart because no one pays attention to them after implementation. Subnets, gateways, ownership, and changes history all need to be documented and kept up to date. Otherwise, the next time something breaks, you’ll be stuck.

Design With Just Enough Structure

Networks grow quickly, so leave extra room to accommodate that future growth. Use VLSM to avoid waste, but don’t slice too tightly just to be efficient because it can limit future expansion. Route summarization can also help keep things clean, especially across WAN links.

Think Dual Stack

Most networks still lean on IPv4, but IPv6 is showing up more and more. Running both lets you ease into the shift without breaking what already works. Just make sure your tools, DNS records, and access controls support both stacks. Even when IPv6 is enabled, IPv4 usually stays as the default path. If your hybrid or multi-cloud setup reuses overlapping RFC1918 ranges, traffic may silently fall back to IPv4. To prevent this, align the two stacks in routing design, ACLs and DNS. Otherwise, your IPv6 will exist on paper but not in production.

Design for Security Segmentation

Avoid allocating space only by geography or department. Reserve ranges by application tiers like web, app and database. This makes Zero Trust easier to enforce, keeps ACLs from sprawling and simplifies audits later. You can take this a bit further with microsegmentation by isolating services or workloads into their own subnets. This will help you to limit lateral movement and strengthen compliance.

Wrapping Up

IP planning isn’t just about keeping things tidy. It’s how you stay fast, secure, and ready for what’s next.

A clear, flexible plan turns your network from a bottleneck into a scalable platform. As devices are continuously added and demands evolve, the question isn’t if you need a plan. It’s how well you can keep it relevant, adaptable, and aligned with future growth.

Learn more about how NetBox can help with accurate network documentation by visiting netboxlabs.com/solutions/operations.

This post was written by Chinyere Ordor. Chinyere is a versatile writer and developer with expertise in Network engineering, Data Analysis, RPA, and various other cutting-edge technology fields. With a passion for technology and innovation, Chinyere has written various articles on Node.js, test automation, etc. showcasing their deep understanding of the subject. When she’s not working, she’s found catching up with friends

Make sense of your network
Start for free
Contact us
Background