This lab *could* be filled with millions of hosts (real/simulated)
and thousands of networks (real/simulated). This lab is
yup. built several of those over the years. last simulated
network had 100,000 networks, ASNs et.al.
(built it all inside a single host!)
1) create manageable and quickly adaptable firewall rulesets
2) create an IP plan that will lend itself to quick human parsing
both in routing tables and router/firewall logs
3) consider that the lab will likely have machines that require
patching/updates, etc from the real internet.
if this is supposed to represent realworld,
then use realworld numbers. design your lab so that
patches/updates go to staging platforms and then
pull into your lab from those - no direct network
connections.
Imagine you want to create an environment for experiments.
You want to reduce complexity as much as possible and create
a scenario where feedback of a test is quick...doesnt require
much memorization of what is what and that allows you to suddenly
stop and rerun tests. Rapidly. Think of access lists,route tables,
firewall rulesets and logs. If you're running tests do you want too
see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222,
10.12.22.2? Wouldnt it be easier if your test results looked
like this: 1.10.1.1, 10.10.1.1, 100.10.1.1, 1.1.1.1, 10.1.1.1,
100.1.1.1, etc?
perhaps I am unique, but I suffer from dyslexia.
1.1.10.0.1.1.0.0.0.0.1.1.1.11.0 looks way too much
like binary to me. Much easier for machine parsing.
Humans that I have worked with tend to discriminate
easier on differing patterns.