Internal IP Range
-
Are we a WTF?
For reasons that are lost to us, because, thankfully, the people who made this decision no longer work for us, our internal network was implemented using the 6.0.0.0/8 IP range. This is the range, as you may know, reserved for use by the US DoD. That means that if I use Geotool on an intranet site I get this:
Which is quite impressive as we're in the UK. We get contractors and support bods in quite often and when we give them the IP address of the box they're working on their reaction is usually
Why?
And to be honest that was my response when I started working here. The plan is to shift everything over the 10. range, but that's been the plan for 5 years and it'll probably never get done now. We're just sitting tight hoping not to get invaded.
-
Shouldn't the Geotool detect your external IP?
Or are you manually entering the IP address into it?
-
It's a firefox plugin rather than a website so it does a lookup on the client side info.
-
Ah, gotcha.
-
reserved for use by the US DoD
should be interesting if you ever have a legitimate business reason to want to talk to a DoD server....
-
Extremely unlikely, but you never know...
-
Extremely unlikely
we had a famous last words thread around here somwehere didn't we? where did it go? :-P
-
Companies doing things like this is why a few chunks of 1.0.0.0/8 can't be used. Iirc 1.2.3.0/24 and 1.1.1.0/24 are the main offenders. When they were writing rfc 1918 why did they choose 10 over 1, anyway?
-
I work at a place that uses 198.* for internal IP addresses ...
-
why did they choose 10 over 1, anyway?
Good question.
I work at a place that uses 198.* for internal IP addresses ...
Is it the full 198.0.0.0/8? Because the wiki below gives a couple of obscure 198 ranges that are reserved.
-
198.200.0.0/16, I think?
-
why did they choose 10 over 1, anyway?
Here's a map of the Internet in 1982. (from here)
ARPA owned network 10, so they could make decisions for it. BBN had network 1.
-
Well at least we're semi-sane at my work:
- 172.16/12 (assigned by sysadmins) for intranet and other internal purposes,
- 10/8 (assigned by me) for our company access to projects and
- 192.168/16 (project engineer discretion) duplicated across projects for internal project use.
I did make a minor wtf before we started using the 10/8 in general, and wasted a few /16's on an earlier project when a single /22 would have sufficed - think I've managed to convince the project to switch to a saner scheme.
-
Here's a map of the Internet in 1982. (from here)
That says it's a prototype.
That says 1.0.0.0/8 was reserved in 1981 - was ARPANET that required to use their own network for the RFC?
When I first started going to LANs we used 1.1.1.0/24 which I changed to 10.1.1.0/24 fairly quickly, even though it was years before APNIC was allocated that block.
-
-
Well... quite. Not one of his brighter moments.
-
Well at least we're semi-sane at my work:
172.16/12
10/8
192.168/16The entire RFC1918 range? :)
At my work we use 192.168.1.0/24 for the office LAN but that certainly is already running out with a few dozen employees: think PC, IP phone, mobile phone, laptop/tablet that almost everyone has, plus the other office things (dev servers, printers, chromecasts, access points, etc)
The production server cluster network uses a few /24s in 192.168/16 and 10/8 (plus there's a few /24s of public IPs floating around)
or any of the 10/8 subnets that the mobile carriers, in various countries, use that could likewise potentially break connectivity.
My mobile phone cellular IP address was 10.70.112.x. I reconnected and got 10.64.13.x. ADSL systems here used to use IPs in 172.16/12. The PtP IP address on my home broadband is 10.20.21.x (the IP address on my end is a proper public address). My home IP range is 192.168.0/24. I used 10.169.42/24 for a while, when I was part of a wireless mesh network. How could you possibly expect to not have clashes here?
On the mobile phone I have seen an IP address in the 100.64/12 range but that was not my usual network. At least this is what is meant to be used for carrier NAT. I know Optus gave out public IP addresses until mid-2012.
-
The entire RFC1918 range?
Well, yes. For different purposes, hence the different departments being responsible for allocation. Keeps things saner than divvying up only one of them.
There was some talk of using 240/4 for (internal-project use on) one project since they wanted a large range and for some reason 192.168/16 wasn't big enough for them (don't ask - I don't know, and don't want to,) but it was noticed that the Windows boxes on there wouldn't be happy using it, so we basically reserved 10.128/9 for them, and by-and-large I keep most other relevant stuff out of that CIDR range.
My mobile phone cellular IP address was 10.70.112.x. I reconnected and got 10.64.13.x. ADSL systems here used to use IPs in 172.16/12. The PtP IP address on my home broadband is 10.20.21.x (the IP address on my end is a proper public address). My home IP range is 192.168.0/24. I used 10.169.42/24 for a while. How could you possibly expect to not have clashes here?
The only ones I've blocked out so far for allocation to projects are 10.16/16 and 10.17/17 ( ) for
m2mdata for EE
- we've generally had no problems with clashes with mobile networks otherwise.
-
What, no one is going to chime in with, "Well at my company, we use 169.254.*!"?
-
Yes. Someone is. His name is Magus. He enjoys making really lame jokes, apparently, before anybody else can make the same really lame joke.
-
I genuinely want to see someone say that, because it'd be one of the most colossal s this place has ever seen.
-
I genuinely want to see someone say that,
You already said it. Like two posts ago.
Am I the one speaking martian moon language now?
because it'd be one of the most colossal s this place has ever seen.
Yeah, I agree.
-
What, no one is going to chime in with, "Well at my company, we use 169.254.*!"?
Since I'm obviously whooshing... (I don't pay attention to ip ranges), what is the joke?
Considering (from ipconfig):
Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::fd77:4aa2:7aa8:95a6%34 Autoconfiguration IPv4 Address. . : 169.254.149.166 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . :
-
-
Wait, what really? You don't have routers where you work? Windows is doing your DHCP?
-
That's a VMware virtual adapter, presumably that isn't the actual adapter he uses to connect to that network.
-
Since I'm obviously whooshing... (I don't pay attention to ip ranges), what is the joke?
Simplistically, that range is used as a pseudorandom pool to select an IP address from if there isn't a dhcp server answering queries.
A dhcp server shouldn't be handing that range out, nor should devices be hardcoded to use an address in that range.
-
That's a VMware virtual adapter, presumably that isn't the actual adapter he uses to connect to that network.
Exactly (I have VMware Workstation installed). Just grabbed the one entry from the 15 ipconfig spewed.
I'm in a 10/24 range - no idea what the entire range the company uses... Probably 10/8 since what looks like the VPN connection is in a different 10.x segment (with a subnet mask of 255.255.255.255)
-
I know that range well, because my friends and I used to host ad-hoc wireless networks at uni to play lan games on occasion (the feature I was most unhappy to see removed from 8. The similar things you can do are really weird.). If one were to see it on a company network, one's best move would be to initiate a tactical retreat with maximum haste.
-
Since I'm obviously whooshing... (I don't pay attention to ip ranges), what is the joke?
There isn't one.
-
-
-
-
-
welp. there goes the planet.
been nice knowin' y'all. i die happy in the knowledge that some jedi, somwhere will feel a great disturbance in the force.
-
So that's what Batman was talking about at the beginning of that trailer...
-
-
welp. there goes the planet.
Mars' disappearance doesn't bother me too much, except it's probably a better long-term destination than the Moon.
-
Maybe you're a secret US DoD defence contractor and you didn't even know it.
-
We're just sitting tight hoping not to get invaded.
You'll be fine. They'll invade you by going to Tuscon…
-
We use:
- 10.10.0/20 for internal-only systems, with subdivision by physical location. So 10.10.6/24 is our corporate office, 10.10.10/24 is our data center, and so on.
- 172.16/16 for externally facing servers. These servers are in our datacenter on a firewalled portion of our network.
-
10.17/17
Is that documented somewhere or have you just been lucky so far to not have any addresses with the 16th bit set?
-
You should first go to Phobos and Deimos, though.
-
-
Is that documented somewhere or have you just been lucky so far to not have any addresses with the 16th bit set?
Had a look - it was a forwarded email from bcr.wholesaletelemetry(at)ee.co.uk dated 18 March 2013:
###IP Expansion for m2mdata APNs
Recent monitoring of the m2mdata APN has indicated a need to increase the associated IP pool in order to maintain a good service. We will be expanding the m2mdata APN range on our core network equipment (GGSN’s). The change will NOT be service impact and will enable us to expand the IP pools creating higher data session availability.
###How this affects you
You will need to update your systems with all the new private IP’s listed below.
Please note if the modifications are not made to your systems there is a risk that your service may suffer impairment or stop working as a result of being provided with one of the new IP addresses.
Please can you update your system with the following 6 IP address’ ASAP:
10.16.0.0/18
10.17.0.0/18
10.17.64.0/18
10.16.64.0/18
10.16.128.0/18
10.16.192.0/18
-
-
-
-
I just visited those over the weekend. Now I'm visiting Mars itself.
-