Skip to main content
  1. 2024/
  2. Posts from November/

Using Non RFC1918 Private IP Space

Stuff I think is interesting, cool, or otherwise worth sharingℒ️.

What to do when you can’t use the commonly used “unroutable” subnets #

RFC1918 outlines a few fairly large swaths of address space reserved for ‘private’ use.

Those networks:

  • 10/8
  • 172.16/12
  • 192.168/16

However, often times, due to organizational uses, and other, unrelated external entities, you run into overlapping assignments.

The implementation of CGNAT IP space in RFC6598 helped a bit for the majority of these conflicts, but didn’t COMPLETELY alleviate them.

Well, Timmy, It just so happens, that there’s a couple more networks that can be used, (albeit with some noteworthy caveats)

The following tables enumerate the IPv4 subnets outlined in RFC6890.

RFC6890 Special-Purpose IPv4 Address Registry Entries #

Usable subnets #

Subnet Description RFC Allocation SRC DST FWD GR RSVD
10.0.0.0/8 Private-Use [RFC1918] 02.1996 βœ… βœ… βœ… ❌ ❌
172.16.0.0/12 Private-Use [RFC1918] 02.1996 βœ… βœ… βœ… ❌ ❌
192.168.0.0/16 Private-Use [RFC1918] 02.1996 βœ… βœ… βœ… ❌ ❌
198.18.0.0/15 Benchmarking [RFC2544] 03.1999 βœ… βœ… βœ… ❌ ❌
100.64.0.0/10 Shared Address Space [RFC6598] 04.2012 βœ… βœ… βœ… ❌ ❌

“Usable”* Subnets #

Subnet Description RFC Allocation SRC DST FWD GR RSVD
192.0.2.0/24 Docs - (TEST-NET-1) [RFC5737] 01.2010 ❌ ❌ ❌ ❌ ❌
198.51.100.0/24 Docs - (TEST-NET-2) [RFC5737] 01.2010 ❌ ❌ ❌ ❌ ❌
203.0.113.0/24 Docs - (TEST-NET-3) [RFC5737] 01.2010 ❌ ❌ ❌ ❌ ❌

Unusable subnets #

Subnet Description RFC Allocation SRC DST FWD GR RSVD
0.0.0.0/8 THIS host+network [RFC1122] 09.1981 βœ… ❌ ❌ ❌ ❌
255.255.255.255/32 Limited Broadcast [RFC0919] 10.1984 ❌ βœ… ❌ ❌ ❌
127.0.0.0/8 Loopback [RFC1122] 09.1981 ❌ ❌ ❌ ❌ βœ…
240.0.0.0/4 Reserved [RFC1112] 08.1989 ❌ ❌ ❌ ❌ βœ…
169.254.0.0/16 Link Local [RFC3927] 05.2005 βœ… βœ… ❌ βœ… βœ…
192.0.0.0/24 IETF [RFC6890] 01.2010 ❌ ❌ ❌ ❌ ❌
192.0.0.0/29 DS-Lite [RFC6333] 06.2011 βœ… βœ… βœ… ❌ ❌
192.88.99.0/24 6↔4 Relay Anycast [RFC3068] 06.2001 βœ… βœ… βœ… βœ… ❌

Header Description #

SRC
Are packets SOURCED from this IP considered valid?
DST
Are packets DESTINED to this IP considered valid?
FWD
May a router emit packets destined to this address space on an external interface?
GR:
May packets destined to this address space traverse an administrative domain?
RSVD
Indicates if a compliant protocol stack will handle packets in a “special” way when dealing with traffic relating to addresses within this block.

So What does this mean? #

What I’ve found this means, in practice, is that one can use the following networks FAIRLY safely for internal networks:

⭐️⭐️⭐️⭐️_
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

These networks are intended to be used for internal networks.
As such, if you can use this space, you are strongly encouraged to do so.
There are far fewer problems that will arise, as there are very few non-standard uses of this space.

Use these networks when possible.

⭐️⭐️⭐️⭐️_
192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

These networks have been fairly easy to use.

Some wifi routers have classified this traffic incorrectly and discarded it.

⭐️⭐️⭐️⭐️⭐️
198.18.0.0/15

I have personally observed very few problems in the use of this address space internally.

⭐️⭐️⭐️__
100.64.0.0/10

With the regularity with which this address space is used for connectivity to the home, I discourage the use of this space by default.

If you are given a static IPv4 address from your ISP, then this space is safe to use internally. HOWEVER, it would really, really suck if you switch providers, and are unexpectedly forced to re-ip your internal networks as your ISP uses this address space to deliver you connectivity.

⭐️____
240.0.0.0/4
192.88.99.0/24

The use of address space in these networks is… ill advised at best.

Thoughts about the process #

I hope this helps y’all in finding the right private network address space to use. Or, at least, I hope it doesn’t steer ya in the wrong direction πŸ˜€

I found This Wikipedia❀️ Article1 which gave some initial grounding.
I then went RFC diving in the IETF website:
πŸ“š RFC-09192
πŸ—“οΈ Oct 1984 🏷️ Broadcasting Internet Datagrams
πŸ“š RFC-11223
πŸ—“οΈ Oct 1989 🏷️ Requirements for Internet Hosts – Communication Layers
πŸ“š RFC-19184
πŸ—“οΈ Feb 1996 🏷️ Address Allocation for Private Internets
πŸ“š RFC-25445
πŸ—“οΈ Mar 1999 🏷️ Benchmarking Methodology for Network Interconnect Devices
πŸ“š RFC-30686
πŸ—“οΈ Jun 2001 🏷️ An Anycast Prefix for 6to4 Relay Routers
πŸ“š RFC-39277
πŸ—“οΈ May 2005 🏷️ Dynamic Configuration of IPv4 Link-Local Addresses
πŸ“š RFC-57378
πŸ—“οΈ Jan 2010 🏷️ IPv4 Address Blocks Reserved for Documentation
πŸ“š RFC-63339
πŸ—“οΈ Sep 2011 🏷️ Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion
πŸ“š RFC-659810
πŸ—“οΈ Apr 2012 🏷️ IANA-Reserved IPv4 Prefix for Shared Address Space
πŸ“š RFC-689011
πŸ—“οΈ Apr 2013 🏷️ Special-Purpose IP Address Registries