Tag Archives: rfc1918

Why are you using public IP’s on your LAN (that don’t belong to you) ?

I can’t tell you how many times I’ve seen this when speaking to customers. I ask what their LAN range is and they’ll give me something like 192.10.0.0/16

Hang on a minute, has your provider assigned 192.10.0.0/16 for you to use on your network? Of course not! So why exactly are you using it?

Typical excuses:
1. “When I started working at the company it was addressed that way”
2. “It’s always worked, so why change it?”
3. “We NAT our traffic when going out to the internet, so what harm does it do?”

My responses:
1. Perhaps you were employed to make better changes to the network? Surely you have a plan to change the internal network addressing some time? Are you just going to continue to run bad practice?
2. It will eventually break something. The reason why is shown in point #3
3. In the above example, Customer A says that they are using 192.10.0.0/16 internally. They have essentially assigned 65535 public IP’s for use inside their LAN. But they are NAT’ing, so what’s the harm? Let’s say user 1 in Customer A needs to use a service on the internet. That service happened to be assigned a public address in the range that Customer A is now using on their LAN. What’s going to happen? They are going to happilly send traffic off to 192.10.100.50 – only for their router to send that traffic straight back into the LAN. – You’ve now black-holed 65535 public IP’s getting reached from within your network.

RFC1918 gives you a total of 16 843 007 addresses to use. More than enough! Use them!

/rant