Slashdot Mirror
Local Network IPs - 10.0.0.0/8 or 192.168.0.0/16?
mike9010 asks: "After reading a few articles on the net about networking, I have come up with a question. It seems that most of them say to use 192.168.0.0/16 for a local network. Why not use 10.0.0.0/8 though? It is my understanding that it can hold a lot more IP addresses, and it is also prettier." What local network range are you using for your networks?
This is an intermediate one that isnt widely used.
I dont think it matters too much; few businesses have as many as 64,000 computers, so the 192.168 is big enough. But the 10 makes it easy to do interesting things with the other numbers, like making the first number the department number, etc.
Sunlit World Scheme. Weird and different.
There's no reason why not. I have no idea why every manufacturer wants the masses to use the pretty confusing IP range when 10.0.0.0./8 is easier to remember/type.
I use it myself. Nothing wrong with it.
-- iCEBaLM
It doesn't seem to conflict with anything important.
There are no karma whores, only moderation johns
There is no real reason to use one or the other except that many devices come with built in static IP addresses. I've seen some with 10.x addresses, others with 192.168.x addresses. I guess not looking at that, it just comes down to choice. I like 192.168 and use it on my home network... but my work network uses 10. JUST GO FOR IT MAN!
The 10.x.x.x IPs are used for larger networks. Suppose you switch ISPs and get connected with an ISP with a NAT, or you VPN with some other network. Chances are they will be 10.x.x.x. In general use 10.x.x.x if you're running a large network and 192.168.x.x for a smaller network.
Make even shorter URLs - 8LN.org
Oh sure, it's prettier if you are into the modern reductionist view of IP address beauty. I, for one, continue to prefer form and substance. How can someone compare 192.168 with 10.0? Praising 10.0 is like calling a blank canvas a masterpiece. Some people would not know real IP art if it hit them in the face.
I actually asked this question once. Nobody could really give me a good answer. I personally prefer 10.0.0.0 over 192.168.0.0. It does look pretier, it's easier to type, and you do have more IPs to play with. Who has need for all those IPs is beyond me, but I say you can never have too many IPs.
It does look prettier. here is how I broke down my NAT network
10.0.0.0-255 = Routers/Server - Kinda, sorta DMZ
10.0.1.0-255 = Wired Workstations
10.0.2.0-255 = Wireless Workstations
10.0.3.0-255 = Test stuffage
192.168.0.0 is the defacto standard for just about any router you buy off the shelf. Perhaps there is a valid reason?
So my advice is whack off 1/4 of the 10/8 space - and reserve it for true "private addressing" and use all of the rest of the private addressing ranges as you see fit
I have mod points and I am not afraid to use them
furthermore, DO NOT use 192.168.0.XX. Because you might get a job with a vpn-ing company that uses that to. Get a random number under 256, and use that instead of 1.
...
e.g. I use 192.168.88.XX. I used to use 192.168.1.XX, but guess what, I got a job
The one most often used by home networking products is 192.168.1.x in my experience, not the full
RFC 1918 recommends that you choose a network randomly in order to reduce the chances of colliding with any other internal network you may ever want to connect to.
The 192.168 and 10 networks are functionally equivalent except that the 10 network is class A and the 192.168 is class B (i.e. 10 is bigger).
You will find that many off-the-shelf devices, like NAT/Routers from Linksys, Netgear, etc. use 192.168.x.x by default; some of them don't let you use anything else (I think Linksys locks you in to 192.168, but you can change the lower two octets).
I personally use a 10.x.x.x network in my test lab at work, because it allows me to choose network addresses that make sense and are somewhat human-readable. If you're setting up a network for a business, it might make sense to use a 10 network just for expandibility. Then again, if you need more than 64k addresses, you probably have bigger problems to deal with.
One thing I like about the 10 networks is that when you see their addresses scream across a packet dump, you can immediately recognize them as "fake" addresses.
One security/network citizenship point (assuming that your 10 or 192.168 network is behind a NAT connected to the outside world): your firewall/router should NEVER pass packets destined to or accept packets sourced from a fake address range (10/24, 192.168/16, etc.). This can lead to evil attacks, garbage traffic on or out of your network, and a whole host of problems.
I inadvertently flooded my company's T1 line while running a test because our sysadmins hadn't configured our firewall to block outbound packets destined to a 10 address. A bug in a server I was testing caused it to send data back to the wrong address and our router happily sent the data out over the T1. No major harm was done, but a few people couldn't read their Slashdot until we discovered what the problem was.
Bottom line: choose what works for you (which may be either address range).
Its lightning fast! I always have 0 msec pings!
I highly recommend you try it.
Disabling Auto IP-address generation
192.168.0.0/16 doesn't exist.
It's really a set of 256 (254, really because you aren't supposed to use 0 or 255)
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.254.0/24
Now, if you set up your internal routing and gateways correctly, the difference doesn't matter, but TECHNICALLY, since 192 starts with the binary digits '110', it's a class C (/24) network.
FYI.
Which (10.0.0.0/8 or 192.168.0.0/24) you use doesn't matter unless you need to connect your network to somebody else's, but a bad decision (or evaluation of capacity) early on can come back to create problems if your network grows beyond the address space you planned for it. GOOD DESIGN IS ESSENTIAL to preventing problems down the road. Usually the # of hosts you need on your network segments drives the decision. Some larger networks will use the
I'd recommend searching Cisco's site for white papers on network design, or maybe googling for TCP/IP tutorials.
"Lawyers are for sucks."
- Doug McKenzie
Use IPv6 for your internal network.
It is a method of indicating how many bits in the address are part of the 'network' number, as opposed to the 'host' number. For example..
/24 means the user has 254 hosts at their disposal, while a /8 means over 16 million.
In 10.0.0.0/8 that means there are 8 bits that identify the network (10.x.x.x) and 24 bits (IP addresses are 32 bits, 8 bits are already used for network; 32-8=24) for the machine number (the x.15.53.45)
So now, for '192.168.0.0/16'. The 192.168 part is the network part, and the '/16' means the last 16 bits are used for hosts. When the slash-number is larger, that means the person with that IP range has less IPs.
I really hope this helps, sorry I'm not the greatest at explaining things.
:wq
It's to seperate the bitmask. An IPv4 address is 32 bits long, in big endian order (biggest value goes first, like our decimal system). The /XX is simply an abbreviated way of writing a subnet that starts with n 1's and ends with 32-n 0's. For instance, 10.0.0.0/8 means the 10.x.x.x network with a subnet mask of 255.0.0.0. 192.168.0.0/16 means the 192.168.x.x network with a subnet mask of 255.255.0.0. 192.168.123.128/26 means the 192.168.123.[128 to 192] network, with a subnet mask of 255.255.255.64.
Almost always, if written in binary, subnets will look like a bunch of ones, then a bunch of zeros. Sometimes, it's convenient to have a subnet that does *NOT* designate a contiguous network segment. For instance, you might have 192.168.2.[64 to 127] and 192.168.3.[64 to 95]. In this case, this is a network 192.168.[2-3].[64-95] with a subnet mask of 255.255.253.32 (which can't be represented in the / form). Don't try this though, as certain buggy OS's might get confused.
He who laughs last is stuck in a time dilation bubble.
192.168.0.0/16 certainly does exist. The first three bits has not dictated the netmask for years. See RFC1817 for more information on this. Here's a relevant excerpt (emphasis added):
On the 17th day of February, in the year of our Lord 1600, I was born a highlander. I am Colin McLeod of Clan McLeod and I cannot die.
These are not BS. This was an IP block set aside for future use and Apple, MS, Sun, and others decided to use it for local link zero config stuff. This was codified by the ietf and is specified in RFC 3330 and other places.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
You probably have a hard time spelling banana or Mississippi, don't you? :)
Fellowship 9/11
Now granted this limits me to 256 IP's
/16 instead of /24? Considering that the 172.(16-32).x.x addresses are all /16's anyway.
So if you're concerned about that, why not just change the mask to
honestly, you could use whatever you wanted with the proper network setup.
Please, PLEASE, PLEASE, never do any network setup. Ever. Until such time as you understand what you're talking about.
Worst case scenerio is that you might stumble upon a computer in the real world with the same IP address as you, but that'd be rare.
Depending on the range, "rare" is pretty subjective.
It's not the specific IP address, but the whole network. When you take an IP address belonging to someone else, you are not only limiting yourself from talking to that one IP address, but you're limiting yourself from talking to every computer on that IP network.
It might not even be a problem if you accessed it by a DNS entry through a DNS server that was external to your network
Before giving out advice, please learn a little bit about IP. DNS means NOTHING .