diff --git a/README.md b/README.md
index b8849d8..11a0981 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,70 @@
-# ip_schema
+# IP Schema
+
+## Definitions
+
+VPN
+WireGuard
+routable
+LAN
+site
+Site id
+
+## WireGuard VPN network
+
+CIDR Range	        172.24.0.0/13
+Netmask	            255.248.0.0
+Wildcard Bits	    0.7.255.255
+First IP	        172.24.0.0
+Last IP	            172.31.255.255
+First IP (Decimal)	2887254016
+Last IP (Decimal)	2887778303
+Total Host	        524,288
+
+This network rage will power the WireGuard network and does not need to routable
+on site.
+
+The last octet will match the site id. For the moment, all sites will be in
+172.24.0.{site id} and the third octet reserved.
+
+## Global site network
+
+CIDR Range	        10.{site id}.0.0/16
+Netmask	            255.255.0.0
+Wildcard Bits	    0.0.255.255
+First IP	        10.{site id}.0.0
+Last IP	            10.{site id}.255.255
+First IP (Decimal)	170524672
+Last IP (Decimal)	170590207
+Total Host	        65,536
+
+Site id has to match for local WireGuard node site id and the sites assigned
+site id. A lose Schema of this a site Schema should be created. At the moment,
+if and how 10.{site id}.0.0/16 is broken up is up to the local site admin.
+
+## Private site network
+
+
+CIDR Range	        172.16.0.0/13
+Netmask	            255.248.0.0
+Wildcard Bits	    0.7.255.255
+First IP	        172.16.0.0
+Last IP	            172.23.255.255
+First IP (Decimal)	2886729728
+Last IP (Decimal)	2887254015
+Total Host	        524,288
+
+and
+
+CIDR Range	        192.168.0.0/16
+Netmask	            255.255.0.0
+Wildcard Bits	    0.0.255.255
+First IP	        192.168.0.0
+First IP (Decimal)	3232235520
+Last IP	            192.168.255.255
+Last IP (Decimal)	3232301055
+Total Host	        65,536
+
+This network range(s) are for private LAN nodes and should NOT be routable via
+the WireGuard VPN. The site admin is fully responsible for the management of
+these networks.