Hello S0chia--I'm not sure there's any guide to IP addressing in a data center, but I haven't seen anything like that. I can share with you some of my own experiences... limited though they are... in hopes that they might help.
- One IP subnet for MGMT. The best practice as I understand it is that MGMT is completely separate from the production network, with its own separate cabling and switching, and if needed VRF.
- The rest depends on your data center design. The prevailing pressure is to be able to extend Layer 2 (same IP subnet) without having to extend STP. So for example, if you use VXLAN to do that, you would need to have Layer 3 connectivity to run VXLAN over top (MAC-in-IP), but other Layer 2 extension technologies, like the older FabricPath don't use IP. You might need separate IPs for different zones, data centers, etc.
To complement what Micheline said, Further than the IP address schema you need to have clearly defined the services (Management, DB, Virtualization, Storage, etc) you are going to have running in your data center. Based on that you can assigned the appropriate segment of IP addresses to that service, vlan, etc.
Just a general recommendation: The world is moving towards automation. Trying to encode too much information into IP addressing etc. by encoding VLAN numbers into the subnet etc. makes it difficult to do automation and normally the plan breaks down after a while when it's not possible to get the subnet corresponding the VLAN and so on.
Ideally VLANs and subnets should just be pooled resources where the next available one is grabbed when needed. Security should be based on who you are, not where you are located. This can be done by using 802.1X and authenticating with for example an LDAP server.
Now, I know most organizations aren't there yet in their designs but generally that's where things are heading.
If you are starting out from scratch then you are free to assign subnets so that they are summarizble and so on but it totally depends on what design you are going for with the DC.
There's no best way of doing it. Design is always based on business requirements and constraints.
My main point was that security models are changing. Rather than just relying on traffic source and destination for policy we now use more granular methods such as 802.1X, dACL, authenticating users etc.
Don't try to encode too much information into your addressing as it will be difficult to keep up with that model.
Have a look at ciscolive365.com for resources.
Hi Daniel i have simillar issue with a Ip addressing in a DC, this Ip adressing is implemented. but i have problems to keep it and the scheme is something like that.
and this is one POD. But I have a lot PODs like that.
The Question: Is necesary the MGMT Network for the servers. ?
Because the implementation is so more difficult with the MGMT Network, the troubleshooting to IT Server support is to long, and i think is a possible a point failure to security.
what do you thing ??