Enterprise IPAM: Hierarchical Subnet Planning at Scale

IP Address Management (IPAM) is the discipline of planning, tracking, and administering the IP address space used by a network. In small environments it's a spreadsheet. In enterprise environments it's a mission-critical function that, when done poorly, causes outages, security incidents, and multi-week re-IP projects.

What Is IPAM?

IPAM encompasses three functions that are often combined into a single system:

• IP address planning: Allocating ranges to sites, environments, and services.
• IP address tracking: Recording which addresses are assigned, to what, and by whom.
• DNS and DHCP integration: Ensuring that address assignments are reflected in DNS records and DHCP scopes (sometimes called DDI: DNS, DHCP, IPAM).

Why Spreadsheets Fail

Spreadsheets work until they don't. The failure modes are predictable:

• Concurrency: Two engineers assign the same IP to different hosts simultaneously.
• Staleness: Decommissioned hosts aren't removed; the spreadsheet becomes an archaeology project.
• No audit trail: You can't determine who made a change or when.
• No validation: Overlapping subnets, exhausted ranges, and typos go undetected.

At 500+ hosts, the operational cost of maintaining an inaccurate IPAM exceeds the cost of a proper solution.

Hierarchical Subnet Planning

The key to scalable IPAM is a hierarchical allocation model. Think of it as a tree: the root is your entire private address space, and you progressively subdivide it.

Level 1: Major Aggregates by Region or Cloud

10.0.0.0/8   — Global enterprise
  10.0.0.0/12  — North America
  10.16.0.0/12 — Europe
  10.32.0.0/12 — Asia-Pacific
  10.48.0.0/12 — Cloud (AWS, GCP, Azure)

Level 2: Site or VPC Allocation

10.0.0.0/12  — North America
  10.0.0.0/16  — NYC HQ
  10.1.0.0/16  — Chicago Office
  10.2.0.0/16  — Dallas Datacenter
  10.3.0.0/16  — AWS US-East-1

Level 3: Zone and Function Subnets

10.0.0.0/16  — NYC HQ
  10.0.1.0/24  — Management
  10.0.2.0/24  — Servers
  10.0.3.0/23  — Workstations
  10.0.8.0/22  — Guest WiFi
  10.0.16.0/20 — VDI

This structure ensures every subnet is unique globally, aggregation is clean (routing tables stay small), and you always know which part of the tree to extend when you need more space.

Subnet Sizing Guidelines

Use Case	Recommended Prefix	Hosts
Point-to-point link	/30 or /31	2
Small server cluster	/28	14
Standard server subnet	/24	254
Workstation floor	/22	1,022
DHCP pool (large office)	/20	4,094

Always leave room to grow. A /24 that's 90% utilized cannot be expanded without disruption. Plan for 50% utilization as your "full" marker and allocate the next block before you hit it.

IPAM Documentation Standards

For each allocated block, record:

• CIDR notation (e.g., 10.2.0.0/24)
• Purpose (e.g., "Dallas DC — Web Tier")
• Owner (team or individual)
• Allocation date
• Parent block
• VLAN ID if applicable
• Gateway address
• DHCP range if applicable

Consistent documentation makes onboarding new engineers faster and makes audits far less painful.

Integration with Automation

Modern IPAM integrates with infrastructure-as-code tools:

• Terraform can query an IPAM system to allocate the next available subnet automatically.
• Ansible can pull IPAM data to populate network device configurations.
• CMDB systems (like ServiceNow) can sync with IPAM to link IP assignments to CMDB records.

AWS, GCP, and Azure all offer native IPAM services that integrate with their VPC constructs. AWS IPAM, for example, can enforce that no VPC is created with a non-allocated CIDR.

Plan Your Enterprise Subnet Hierarchy

The Network Planner on InfraHub helps you design and document a hierarchical IP address plan. Visualize your subnet tree, check for overlaps, and export your allocation plan — all in the browser without storing your data on any server.

Whether you're designing from scratch or auditing an existing allocation, structured IPAM planning prevents the cascading failures that come from ad hoc IP assignment.