What are private IP addresses, and what are the reserved ranges?
Internet Assigned Numbers Authority (IANA) has reserved certain IP addresses as private addresses for use with internal web sites or intranets. These are also referred to as RFC 1918 addresses. These addresses are not routable on the public Internet, but are meant for devices that reside behind a router or other Network Address Translation (NAT) device or proxy server. Private IP addresses are used either to hide systems from the public Internet or to provide an additional range of addresses to organizations that do not have sufficient public IP addresses to distribute on their network. Organizations can use these numbers to assign internal IP addresses without having to worry about an IP address conflict or having to obtain a new block of IP addresses.
If you connect to the Internet as a home user with a residential router, you will typically benefit from this arrangement. Although you may be paying for only one IP address through your Internet service provider (ISP), you can have unlimited devices connected to the Internet. Using a private IP address will make your computer invisible to certain types of network attacks; however, you will not be able to easily establish your computer as a server.
At Indiana University, private IP addresses are used for several purposes:
- For users who have not registered their computers with the
DHCP service, the network assigns internal addresses so
they have enough connectivity to reach the DHCP registration web
- For computers that do not need Internet connectivity, such as
printers, print servers, and local file servers, private addresses
allow them to communicate with computers on the IU campus network or
remote computers connected to VPN, but not be vulnerable to attacks
from the Internet.
- For servers such as backup or database servers that need to communicate only with locally connected servers, usually in the same rack, which then communicate with the outside world, private addresses allow server-to-server communication over a dedicated, private network. These private networks are not accessible even to other computers on the IU network. This kind of network is sometimes referred to as a back-net because it is used for communication between front-end and back-end servers.
It is very important that private addresses used within an organization do not conflict with each other. Since back-nets are available only to the locally connected servers, not to any other computers on campus, the private IP addresses used for two different back-nets can be the same, but they cannot conflict with other private IP addresses on campus.
Therefore, UITS has designated the 10.0.0.0/8 and 172.16.0.0/14 private address blocks to assign to devices that need to be reachable across campus, but not on the Internet. 192.168.0.0/16 is designated for private back-nets available only to locally connected computers and not to the rest of the IU network.
If you currently deploy a back-net that uses addresses in the
10.0.0.0/8 or 172.16.0.0/14 address blocks, please email
firstname.lastname@example.org so this can be
documented. These subnets will not be used when assigning new
university-wide private IP addresses. Please plan to migrate to the
192.168.0.0/16 private address block when feasible, and notify
email@example.com when you have completed
Note: Addresses in the range 169.254.0.0/16 are auto-assigned by a host (to itself) if it is not configured with a static IP and is unable to obtain a DHCP lease. As these addresses are auto-assigned, they should not be used for private networks and should not be statically configured on hosts.
Last modified on October 17, 2013.