Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Network IPs - 10.0.0.0/8 or 192.168.0.0/16?

Posted by Cliff on from the matters-of-personal-opinion dept.

mike9010 asks: "After reading a few articles on the net about networking, I have come up with a question. It seems that most of them say to use 192.168.0.0/16 for a local network. Why not use 10.0.0.0/8 though? It is my understanding that it can hold a lot more IP addresses, and it is also prettier." What local network range are you using for your networks?

4 of 215 comments (clear)

  1. Why? Why not? Because. by MattCohn.com · · Score: 5, Interesting

    There is no real reason to use one or the other except that many devices come with built in static IP addresses. I've seen some with 10.x addresses, others with 192.168.x addresses. I guess not looking at that, it just comes down to choice. I like 192.168 and use it on my home network... but my work network uses 10. JUST GO FOR IT MAN!

  2. What if your provider has a private network too? by epsalon · · Score: 4, Interesting

    The 10.x.x.x IPs are used for larger networks. Suppose you switch ISPs and get connected with an ISP with a NAT, or you VPN with some other network. Chances are they will be 10.x.x.x. In general use 10.x.x.x if you're running a large network and 192.168.x.x for a smaller network.

    --

    Make even shorter URLs - 8LN.org

  3. Re:What about 172.16.0.0/12? by Magic+Thread · · Score: 5, Interesting

    I use 172.16.0.0/12. That way I don't have any problems connecting over VPN to networks that use 10.0.0.0/16 or 192.168.0.0/8.

  4. No real difference by blate · · Score: 4, Interesting

    The 192.168 and 10 networks are functionally equivalent except that the 10 network is class A and the 192.168 is class B (i.e. 10 is bigger).

    You will find that many off-the-shelf devices, like NAT/Routers from Linksys, Netgear, etc. use 192.168.x.x by default; some of them don't let you use anything else (I think Linksys locks you in to 192.168, but you can change the lower two octets).

    I personally use a 10.x.x.x network in my test lab at work, because it allows me to choose network addresses that make sense and are somewhat human-readable. If you're setting up a network for a business, it might make sense to use a 10 network just for expandibility. Then again, if you need more than 64k addresses, you probably have bigger problems to deal with.

    One thing I like about the 10 networks is that when you see their addresses scream across a packet dump, you can immediately recognize them as "fake" addresses.

    One security/network citizenship point (assuming that your 10 or 192.168 network is behind a NAT connected to the outside world): your firewall/router should NEVER pass packets destined to or accept packets sourced from a fake address range (10/24, 192.168/16, etc.). This can lead to evil attacks, garbage traffic on or out of your network, and a whole host of problems.

    I inadvertently flooded my company's T1 line while running a test because our sysadmins hadn't configured our firewall to block outbound packets destined to a 10 address. A bug in a server I was testing caused it to send data back to the wrong address and our router happily sent the data out over the T1. No major harm was done, but a few people couldn't read their Slashdot until we discovered what the problem was.

    Bottom line: choose what works for you (which may be either address range).