Local Network IPs - 10.0.0.0/8 or 192.168.0.0/16? 215
mike9010 asks: "After reading a few articles on the net about networking, I have come up with a question. It seems that most of them say to use 192.168.0.0/16 for a local network. Why not use 10.0.0.0/8 though? It is my understanding that it can hold a lot more IP addresses, and it is also prettier." What local network range are you using for your networks?
What about 172.16.0.0/12? (Score:5, Insightful)
This is an intermediate one that isnt widely used.
I dont think it matters too much; few businesses have as many as 64,000 computers, so the 192.168 is big enough. But the 10 makes it easy to do interesting things with the other numbers, like making the first number the department number, etc.
Re:What about 172.16.0.0/12? (Score:5, Interesting)
Re:What about 172.16.0.0/12? (Score:4, Informative)
Here at my company I use the 10/8 wherever I can.
Set it up something like this
10.0.0.0 = IT
10.0.1.0 = dhcp range
10.1.0.0 = IT at a different site
10.1.1.0 = dhcp range 2nd site
10.4.0.0 = test systems
10.5.0.0 = production nat
The ranges have been changed to protect the weak
There's a couple of 192.168 network scattered about, but this makes things really easy.
I do use the 192.168.0.* range on my home LAN though.
Re:What about 172.16.0.0/12? (Score:3, Funny)
Plus, if I wind up with more than 254 networked devices in the house, I'll either go bankrupt paying the power bill, or the girlfriend will kill me once she finds her way through the Cat5 to throttle my neck.
There can only be one! (Score:5, Funny)
On the 17th day of February, in the year of our Lord 1600, I was born a highlander. I am Colin McLeod of Clan McLeod and I cannot die.
Re:There can only be one! (Score:2)
Re:There can only be one! (Score:3, Funny)
>Friend 3: 10.0.0.5.
Three friends? Who are you and what have you done with the real Echnin?
Re:There can only be one! (Score:2)
Re:What about 172.16.0.0/12? (Score:2)
Well...I'd want the default subnet mask to be correct, so barring other concerns, I'd choose the IP range that has the subnet mask correct.
Re:What about 172.16.0.0/12? (Score:2, Informative)
CIDR [pacbell.net], an acronym for Classless Inter-Domain Routing makes this irrelevant.
Oh yes, and an Everything2 Node [everything2.com] for your reading pleasure.
Chris Benard [talkingtoad.com]
Re:What about 172.16.0.0/12? (Score:2)
Why not? (Score:4, Interesting)
I use it myself. Nothing wrong with it.
-- iCEBaLM
Re:Why not? (Score:2)
we use 10/8 (Score:3, Informative)
Use of 10/8 can be a fine choice.
10/8 vs. 10.*/16, 10.*.*/20, 10.*.*/24 Subnets (Score:2)
If you're not going to have more than ~250 hosts per segment or more than ~250 segments, I've generally taken the approach of "pick a random number R in 21..250 for the second octet, and create a bunch of 10.R.*/24 subnets" -
I use (Score:5, Funny)
It doesn't seem to conflict with anything important.
Why? Why not? Because. (Score:5, Interesting)
A completely pointless question (Score:2)
Re:A completely pointless question (Score:5, Funny)
Re:A completely pointless question (Score:2)
You've probably figured it out by now: I'm not an IT person.
Re:A completely pointless question (Score:2)
Re:Bzzzt. Thanks for playing! (Score:2)
Re:Bzzzt. Thanks for playing! (Score:2)
Re:A completely pointless question (Score:2)
Re:A completely pointless question (Score:2)
Re:A completely pointless question (Score:2)
What if your provider has a private network too? (Score:5, Interesting)
Re:What if your provider has a private network too (Score:5, Informative)
e.g. I use 192.168.88.XX. I used to use 192.168.1.XX, but guess what, I got a job
Re:What if your provider has a private network too (Score:2)
I think that it's actually a suggestion of the RFCs that you avoid using networks 0 and 1, and use random numbers instead -- precisely to minimize the probability of address space collisions if you end up merging nets with another entity.
The one nice thing about 192.168/16 is that it's a class-C block in the old class-full address system and so many programs which pay attention to that will give you a /24 netmask and broadcast numbers by default. It's not that
Re:What if your provider has a private network too (Score:2)
the city uses 172.24, and the hospital uses 172.26
Re:What if your provider has a private network too (Score:2)
A few months ago I changed my network to 192.168.2.* for this reason -- because work used 1.*. My coworkers also changed their networks for the same reason, each of us picking various numbers randomly (one moved to 10.0.0.*). My cubemate changed to 100. Apparantly TechOps got tired of people having problems when VPN'd in though, so they decided to change
That's great in theory (Score:2)
Yeah, NAT sure does work great, doesn't it!
Re:That's great in theory (Score:2)
Re:Please realize what RFC 2119 says about MUST (Score:2)
Pretty? (Score:4, Funny)
Re:Pretty? (Score:2)
I may not know art, but I know what I like!
Re:Pretty? (Score:2)
Take it to the next level. 10.0.0.0/8 simply cannot match the sweat, blood and tears of 192.168.37.0/19 using NT4 DHCP+WINS+MSDNS.
I use.. (Score:2)
I use 192.168.0.0-xxx for my home network because a lot of businesses use 10.0.0.xxx and I have faced network access issues when connecting through VPN to business networks...
10.0.0.0/8 (Score:4, Informative)
It does look prettier. here is how I broke down my NAT network
10.0.0.0-255 = Routers/Server - Kinda, sorta DMZ
10.0.1.0-255 = Wired Workstations
10.0.2.0-255 = Wireless Workstations
10.0.3.0-255 = Test stuffage
192.168.0.0 is the defacto standard for just about any router you buy off the shelf. Perhaps there is a valid reason?
Broadcast domains. (Score:3, Insightful)
If you're using 10/8 vs. 192/24, and have enough computers to justify that, you'll want to break it up into subnets to limit the size of your broadcast domains.
What ever you do PLEASE document it (Score:5, Insightful)
So my advice is whack off 1/4 of the 10/8 space - and reserve it for true "private addressing" and use all of the rest of the private addressing ranges as you see fit
Re:What ever you do PLEASE document it (Score:3, Funny)
Re:What ever you do PLEASE document it (Score:2)
it depends, of course. (Score:2)
but most large internal networks do use 10/8, 10/16, or 10/24- it is a lot cleaner to setup, and does allow some neat organizational capabilities. i used 10/16 back in 97 when i set up my school district's WAN, and is still being used too.
in times past, an argument might have been made for 172.whatever/16-23, because the larger subnets are "slower" on a network- but we've got switches, so
IP Subnetworking (Score:5, Informative)
The one most often used by home networking products is 192.168.1.x in my experience, not the full
Re:IP Subnetworking (Score:2)
Just as a data point, I bought a CompUSA cable router last week (because it was $40 and all the other brands they carried were $50) and it insists on using 192.168.8/24 as the local subnet. No idea why they chose 8...
Re:IP Subnetworking (Score:2)
Choose randomly (Score:5, Informative)
Re:Choose randomly (Score:2)
And most of us use DHCP too so if we bring machines to LUG meetings or whatever, they reconfigure themselves altomatically.
And to talk to my ADSL modem I'm using a 172.16.254.252/30 subnet.
The rfc's advice is all very good in theory, but I wonder how
Re:Choose randomly (Score:2, Funny)
The right answer is 8 d2's, and simple binary arithmetic.
Or a perl one-liner.
Take your pick.
I usually go for 10.0.x.0 (Score:2)
No real difference (Score:5, Interesting)
You will find that many off-the-shelf devices, like NAT/Routers from Linksys, Netgear, etc. use 192.168.x.x by default; some of them don't let you use anything else (I think Linksys locks you in to 192.168, but you can change the lower two octets).
I personally use a 10.x.x.x network in my test lab at work, because it allows me to choose network addresses that make sense and are somewhat human-readable. If you're setting up a network for a business, it might make sense to use a 10 network just for expandibility. Then again, if you need more than 64k addresses, you probably have bigger problems to deal with.
One thing I like about the 10 networks is that when you see their addresses scream across a packet dump, you can immediately recognize them as "fake" addresses.
One security/network citizenship point (assuming that your 10 or 192.168 network is behind a NAT connected to the outside world): your firewall/router should NEVER pass packets destined to or accept packets sourced from a fake address range (10/24, 192.168/16, etc.). This can lead to evil attacks, garbage traffic on or out of your network, and a whole host of problems.
I inadvertently flooded my company's T1 line while running a test because our sysadmins hadn't configured our firewall to block outbound packets destined to a 10 address. A bug in a server I was testing caused it to send data back to the wrong address and our router happily sent the data out over the T1. No major harm was done, but a few people couldn't read their Slashdot until we discovered what the problem was.
Bottom line: choose what works for you (which may be either address range).
NAT within NAT (Score:3, Interesting)
One detail to bear in mind: sometimes you need to NAT within NAT. You can end up with nested NAT zones. 10.x.x.x does *NOT* NAT well within 10.x.x.x I've had to debug routing table illness for this situation several times.
My company makes a security product with its own Linux host, and the host operates cameras with a private NAT of its own. In one version, we had the Linux host and cameras behind an 802 network gateway, and the gateway performed NAT. We had the gateway configured to create a 10.x.x.
Re:No real difference (Score:2)
Speaking of internal address ranges and Linksys, anyone else notice you can see the HTTP (& Sometimes TFTP) ports on your external IP
Re:No real difference (Score:2)
And you're right, your firewall isn't going to let in a packet sourced from its inside interface. Well, most of the time. Some of the cheaper boxes, e.g., the older Netgear and D-Link boxes, do allow this routing path. You're correct: This path should not be allowed, as it may allow a mischevious outsider access
Re:No real difference (Score:2)
This is with "Remote Mangement" set to disabled. That was one of the first things that I've checked.
your firewall isn't going to let in a packet sourced from its inside interface
I just doublechecked, and from my computer (with the IP of 192.168.1.100), I can connect to port 80 on the Linksys's external IP address (IP is like 63.169.113.0), as well as port 80 on the internal IP address (192.168.1.1
Re:No real difference (Score:2)
FYI, there's a new firmware out (for BEFSR41), circa June 20-something 2003. Nothing much changed, so far as I can tell.
Re:No real difference (Score:2)
Class A - networks 1 thru 126.
Class B - networks 128 - 191.
Class C - networks 192 - 224 ( I think - then there's the class D multicast space).
It's a minor quibble, I know, but you should know the difference between classes and how to tell which is which, otherwise you may look clueless to someone important.
Re:No real difference (Score:2)
Being a somewhat younger lad, I've gotten used to calling
Kind of ironic, since almost all routing now is classless.
Anyway, thanks for keeping me on my toes
Re:No real difference (Score:2)
As for your closing comment
Re:No real difference (Score:2)
It was terribly ironic when microsoft made the default "shared internet" settings 192.168.x.x
A user starts sharing his dialup in an office on XP, and that little DHCP server starts spreading 192s around.
Another MS flaw, consistancy with their flaws..
Re:No real difference (Score:2)
Forget Classes (Score:2)
Subnetting has been completely divorced from classes for about 10 years now.
Re:No real difference (Score:2)
Just FYI, but on my LinkSys BEFSR41 (firmware rev 1.44.2), all four octets are configurable.
Mind you, with only five hosts at the moment, I haven't bothered to change it out of the 192.168.x.x address space.
Yaz.
Re:No real difference (Score:2)
Nope, Linksys routers can be changed all you want. My home network uses 10.10.10.x addressing and it works like a charm.
I use 127.0.0.1 (Score:5, Funny)
I highly recommend you try it.
Re:I use 127.0.0.1 (Score:2, Interesting)
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.043 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.061 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.052 ms
I had a situation where someone external to my network got lower pings to the game server sat on the LAN only 100Mbs away. It was NT adding the latency, dropping to 98 sorted it out.
Re:I use 127.0.0.1 (Score:2)
HP-UX 11 + (obsoleted) RFCs + 10.0.0.X = bad news (Score:2, Interesting)
Rather incredibly, HP-UX 11 actually won't let you use a 10.0.0.X address by default because it blindly (and wrongly) follows these ancient RFC specs ! If you don't believe me, check out this discussion [hp.com] , which thankfully does indeed have the fixes in the thread (patch PHNE_20633 and a hack to nddconf).
Yep, we use 10.X.X.X addresses and got bitten by this with our H
Hi, I'm ignorant. Pleeztameecha! (Score:2, Insightful)
Re:Hi, I'm ignorant. Pleeztameecha! (Score:5, Informative)
In 10.0.0.0/8 that means there are 8 bits that identify the network (10.x.x.x) and 24 bits (IP addresses are 32 bits, 8 bits are already used for network; 32-8=24) for the machine number (the x.15.53.45)
So now, for '192.168.0.0/16'. The 192.168 part is the network part, and the '/16' means the last 16 bits are used for hosts. When the slash-number is larger, that means the person with that IP range has less IPs.
I really hope this helps, sorry I'm not the greatest at explaining things.
Re:Hi, I'm ignorant. Pleeztameecha! (Score:3, Informative)
Almost
Pedantic correction: (Score:5, Informative)
192.168.0.0/16 doesn't exist.
It's really a set of 256 (254, really because you aren't supposed to use 0 or 255)
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.254.0/24
Now, if you set up your internal routing and gateways correctly, the difference doesn't matter, but TECHNICALLY, since 192 starts with the binary digits '110', it's a class C (/24) network.
FYI.
Which (10.0.0.0/8 or 192.168.0.0/24) you use doesn't matter unless you need to connect your network to somebody else's, but a bad decision (or evaluation of capacity) early on can come back to create problems if your network grows beyond the address space you planned for it. GOOD DESIGN IS ESSENTIAL to preventing problems down the road. Usually the # of hosts you need on your network segments drives the decision. Some larger networks will use the
I'd recommend searching Cisco's site for white papers on network design, or maybe googling for TCP/IP tutorials.
CIDR! (Score:5, Informative)
192.168.0.0/16 certainly does exist. The first three bits has not dictated the netmask for years. See RFC1817 [faqs.org] for more information on this. Here's a relevant excerpt (emphasis added):
Re:CIDR! (Score:2)
Neither (Score:4, Insightful)
TMTOWTDI (Score:2)
paper or plastic? (Score:3, Interesting)
Alternately, nat allows a natted ipaddress to be natted again and again. So you could setup a 192.168.1.x network then each 192.168.1 consists of 192.168.0.x networks. That should give you about 255 * 255 or 65025 ip addresses to play with. It would be interesting to know if it worked and you have a 192.168.0.1 address that gets natted to 192.168.1.1 and gets natted again to then to your public ip address.
I think the 10's give more addresses without double natting so it depends on how much you expect your network to grow.
Re:paper or plastic? (Score:2)
I use... (Score:2)
Why?
Re:I use... (Score:2, Informative)
Sometimes in firmware (Score:2)
I've had to work with some firmware where a ip address in the 10.x.x.x range was burned into firmware for the out-of-band port. (that is a ehternet port intended only for use with a crossover cable direct to a laptop for techs to debug with) Using that device on a 10.x.x.x network didn't always work. We did burn firmware for large customers who used the 10.x.x.x networks, but we didn't like it.
Microsoft and VPN (Score:2)
The only sane way out of this (aside from looking at the Windows VPN Client Source and posting a patch to the group... oh.... yeah, not open source)... is to use the ONLY available /8 address out th
Large mixed example... (Score:2)
Cisco-trained people, who have IP conservation drilled into their heads early on, almost drop dead at our lack of conservation. When I designed all this mess, I was trying to keep addresses 'logical'...as stated above, using department numbers and the like to help out the others on our staff that aren't the least bit network -savvy.
Inte
use 24/8 (Score:2)
A good scheme for the 10 network is to split it into class B's for large locations and class C's for smaller locations as such:
10.X.
where X is the location number 1 for new york, 2 for LA, 3 for hamburg, etc.
10.1.Y
where Y is 0 for routers/network devices, 1 for servers, 2 for remote access, 3 for static addresses, and 4-10 for DHCP addresses. 11-254 (255) are rese
Yes, mod as flamebait, but it's true. (Score:3, Informative)
The correct answer to this question is RTFM. If you have to ask this question, you're not competent to plan out a large network.
Re:Yes, mod as flamebait, but it's true. (Score:2)
192.168.1/24 is great for home setups (192.168.0/24 is broken for some really ancient TCP/IP stacks). The elegance of a simple class C subnet can't be beat.
172.16/16 subnets are the next size up on the private IP scale.
10/8 subnets are larger still.
Sure.. you *could* go right for the 10/8 even though you have only three computers, a router, and a network printer. You could also install "Windows 2000 Advanced Enterprise Server" for you
Moo (Score:2)
So, the answer is to use Class A when you design it, unless subn
You are not limited if you are using NAT (Score:2)
Every company in the world could use the same internal address range, and return all their privately held addresses. They only need:
(number of externally visible servers / 65535)
Internet visible addresses. For most every company in the world, that's just one address.
Many compani
Badly allocated Private IP space headaches (Score:2, Interesting)
Reasonably estimate how many hosts will ever exist on a subnet, and use the RFC1918 netblock size that will best handle the hosts, and predicted expansion.
For example, don't use 10.0.0.0/8 for your local LAN if you only have 20 machines. Decisi
My school (Score:2)
Main server 90.0.0.0
Room 1 main: 90.0.1.0
Room 1 boxes: 90.0.1.*
Room 2 main: 90.0.2.0
Room 2 boxes: 90.0.2.*
Room 3 main: 90.0.3.0
Room 3 boxes: 90.0.3.*
Is this scheme phuX0red, or some netware specific thing? It's been buging me for a while, so any explanations appreciated...
Re:FP... (Score:2, Informative)
Re:FP... (Score:3, Informative)
All the services will work over APIPA fine...file sharing, etc. just no central server is required to do it.
Disabling APIPA (Score:4, Informative)
Disabling Auto IP-address generation [wown.com]
Re:FP... (Score:2)
IIRC, the 169.254.xx.yy address range is also used for Zeroconf / Rendezvous networking, being plugged by Apple, as well as an implementation on Mandrake. The August issue of Linux Magazine [linux-mag.com] just did a write-up on it.
Re:FP... (Score:5, Informative)
Re:Don't go with the flow (Score:3, Informative)
Though honestly, you could use whatever you wanted with the proper network setup. After all, if the stuff isn't visible to the rest of the world, then it doesn't matter what you use. Worst case scenerio is that you might stumble upon a computer in the real world with the same IP address as you, but that'd be rare. It might not even be a problem if you accessed it by a DNS entry through a DNS server that was external to your network, but I can't say that for sure.
You're wrong. How the computer obtains th
Re:Don't go with the flow (Score:4, Informative)
So if you're concerned about that, why not just change the mask to
honestly, you could use whatever you wanted with the proper network setup.
Please, PLEASE, PLEASE, never do any network setup. Ever. Until such time as you understand what you're talking about.
Worst case scenerio is that you might stumble upon a computer in the real world with the same IP address as you, but that'd be rare.
Depending on the range, "rare" is pretty subjective.
It's not the specific IP address, but the whole network. When you take an IP address belonging to someone else, you are not only limiting yourself from talking to that one IP address, but you're limiting yourself from talking to every computer on that IP network.
It might not even be a problem if you accessed it by a DNS entry through a DNS server that was external to your network
Before giving out advice, please learn a little bit about IP. DNS means NOTHING .
Re:Don't go with the flow (Score:2)
I didn't. This guy claims that it's OK to use someone else's routable address space, if you believe that anyone who thinks this knows enough to adminster an IP network, then you're worse than he is.
Anyone who actually works on internet routers knows that the Class system is entirely ignored.. for the last 10 years or so we've been using another system called "Classless InteRdomain Routing" (CIDR)
I'm sorry, but WHAT THE FUCK ARE YOU TALKING A
Re:10.0.0.0 is faster to type (Score:2)