# Network # Physical Layout [![network-physical.png](https://bookstack.swigg.net/uploads/images/gallery/2021-03/scaled-1680-/network-physical.png)](https://bookstack.swigg.net/uploads/images/gallery/2021-03/network-physical.png) # VLAN Segmentation ### VLAN 1 (LAN) The primary home network for devices and services that don't need to be publically facing to the Internet.
**Name**LAN
**CIDR**10.0.1.1/21
**Range**10.0.0.1 - 10.0.7.254
### VLAN 8 (DMZ) A [DMZ](https://en.wikipedia.org/wiki/DMZ_%28computing%29) for devices and services that are meant to be exposed to the Internet.
**Name**DMZ
**CIDR**10.0.8.1/24
**Range**10.0.8.1 - 10.0.8.254
### VLAN 9 (WARP) A network where all outbound traffic is routed through a [WireGuard VPN](https://www.wireguard.com/) to protect privacy.
**Name**WARP
**CIDR**10.0.9.1/24
**Range**10.0.9.1 - 10.0.9.254
# Subnet IP Ranges ### LAN (VLAN1) [LAN](https://bookstack.swigg.net/link/74#bkmrk-vlan-1-%28lan%29) - The primary home network for devices and services that don't need to be publically facing to the Internet.
SubnetVLANPurpose
10.0.1.0/241Network related infrastructure (dns server, router, switches, etc.)
10.0.2.0/281WireGuard VPN clients tunneling into the network
10.0.3.0/241Proxmox management port addresses
10.0.4.0/241Static IP address assignments
10.0.5.0/24 10.0.6.0/231DHCP IP assignments
### DMZ (VLAN8) [DMZ](https://bookstack.swigg.net/link/74#bkmrk-vlan-8-%28dmz%29) - A DMZ for devices and services that are meant to be exposed to the Internet.
SubnetVLANPurpose
10.0.8.0/248DHCP IP assignments
### WARP (VLAN9) [WARP](https://bookstack.swigg.net/link/74#bkmrk-vlan-9-%28warp%29) - A network where all outbound traffic is routed through a WireGuard VPN to protect privacy.
SubnetVLANPurpose
10.0.9.0/249DHCP IP assignments