Multi-Site network design. Input/advice needed.

Hi yall,

so I'm currently (re)designing a network for an upcoming hardware refresh and came across some knowledge gaps while trying my initial design. I'm facing a few design choices where I'm either overthinking something or just lack experience.

I'll try to outline the basic environment to paint a better picture.

We got company A, B and C.

A:

• This is where the datacenter for all other companys is.
• Network consits of multiple Class C VLANs under 10.1.0.0/16
• Multiple buildings all connected via fiber

B:

• Connects to A via Site-2-Site VPN
• Network consits of multiple Class C VLANs under 10.2.0.0/16
• Multiple buildings all connected via fiber

C: (This one gets new hardware)

• Multiple branch offices, all in different locations
• Connects to A via Site-2-Site VPN
• Each office has its own 172.xx.2.0/24 network

The idea is to get C in line with with the 10.X addressing scheme and introduce some segmentation. Which is definitely overkill since most offices only have like 10 devices and 1-2 printers (and possibly some VoIP in the near future). But hey, can't hurt to make it more scalable.

My first draft looked something like this:

10.3.10-20.0 - Office 1

• 10.3.10.0/24 - MGMT VLAN10
• 10.3.11.0/24 - DMZ (not needed, but better to plan for it now) VLAN11
• 10.3.12.0/24 - Clients VLAN12
• 10.3.13.0/24 - VoIP VLAN13

10.3.20-30.0 - Office 2 etc.

Basically give each office 10 Class C subnets to leave room for expansions.

Pros:

• Subnets and VLAN tags are easy to remember since the last digit aligns.
• More then enough room for future expansions

Cons:

• I didn't account for routing **sigh**. All Site-2-Site routes are static, so in order to reach every subnet/vlan of every office (from A) I would need to create <Num. Offices>*Subnets of routes.

​

Enter draft number 2.

The idea this time was to put each office in a 10.3.X.0/22 range.

10.3.0.0/22 - Office 1

• 10.3.0.0/24 - MGMT VLAN10
• 10.3.1.0/24 - DMZ VLAN11
• 10.3.2.0/24 - Clients VLAN12
• 10.3.3.0/24 - VoIP VLAN13

I would leave a 1 block gap between each office to make room for expansion (or more segmentation) in the future by switching to a /21 netmask.

Pros:

• Simpler routing **yay**

Cons:

• IP->VLAN tag won't be easy to remember

​

I know that, given the size of each office, the simplest solution would be to slap everything in one /24 subnet per office and call it a day. But that feels short sighted. May be just me though.

Anyway...any input, pros/cons, gotchas or "have you thought about <this>/<that>" will be much appreciated.

PS. probably obvious, but I'm not a network engineer by trade. But when time and money is short beggars can't be choosers ;D