Local Network IPs - 10.0.0.0/8 or 192.168.0.0/16?

mike9010 asks: "After reading a few articles on the net about networking, I have come up with a question. It seems that most of them say to use 192.168.0.0/16 for a local network. Why not use 10.0.0.0/8 though? It is my understanding that it can hold a lot more IP addresses, and it is also prettier." What local network range are you using for your networks?

What about 172.16.0.0/12?

[Sunlighter]

This is an intermediate one that isnt widely used.

I dont think it matters too much; few businesses have as many as 64,000 computers, so the 192.168 is big enough. But the 10 makes it easy to do interesting things with the other numbers, like making the first number the department number, etc.

Re:What about 172.16.0.0/12?

[Magic+Thread]

I use 172.16.0.0/12. That way I don't have any problems connecting over VPN to networks that use 10.0.0.0/16 or 192.168.0.0/8.

I use

[The+Clockwork+Troll]

I use the 66.35.192.0/18 block.

It doesn't seem to conflict with anything important.

Why? Why not? Because.

[MattCohn.com]

There is no real reason to use one or the other except that many devices come with built in static IP addresses. I've seen some with 10.x addresses, others with 192.168.x addresses. I guess not looking at that, it just comes down to choice. I like 192.168 and use it on my home network... but my work network uses 10. JUST GO FOR IT MAN!

What if your provider has a private network too?

[epsalon]

The 10.x.x.x IPs are used for larger networks. Suppose you switch ISPs and get connected with an ISP with a NAT, or you VPN with some other network. Chances are they will be 10.x.x.x. In general use 10.x.x.x if you're running a large network and 192.168.x.x for a smaller network.

10.0.0.0/8

[MazTaim]

I actually asked this question once. Nobody could really give me a good answer. I personally prefer 10.0.0.0 over 192.168.0.0. It does look pretier, it's easier to type, and you do have more IPs to play with. Who has need for all those IPs is beyond me, but I say you can never have too many IPs.

It does look prettier. here is how I broke down my NAT network

10.0.0.0-255 = Routers/Server - Kinda, sorta DMZ
10.0.1.0-255 = Wired Workstations
10.0.2.0-255 = Wireless Workstations
10.0.3.0-255 = Test stuffage

192.168.0.0 is the defacto standard for just about any router you buy off the shelf. Perhaps there is a valid reason?

What ever you do PLEASE document it

[MerlynEmrys67]

Worked for a company doing networking software, so I kept a LARGE number of test devices/networks hanging off of my workstation on a test subnet... Problem was various company sites would drop off of my workstation when the IT dept. would randomly assign private addresses inside the company... I couldn't even get them to whack off a /16 for "test networks" because they thought that they would need all of the private address space scattered across all three ranges...

So my advice is whack off 1/4 of the 10/8 space - and reserve it for true "private addressing" and use all of the rest of the private addressing ranges as you see fit

Re:What if your provider has a private network too

[ArmorFiend]

furthermore, DO NOT use 192.168.0.XX. Because you might get a job with a vpn-ing company that uses that to. Get a random number under 256, and use that instead of 1.

e.g. I use 192.168.88.XX. I used to use 192.168.1.XX, but guess what, I got a job ...

IP Subnetworking

[hawkstone]

From the IP subnetworking HOWTO:

There are also special addresses that are reserved for 'unconnected' networks - that is networks that use IP but are not connected to the Internet, These addresses are:-

* One A Class Network
10.0.0.0
* 16 B Class Networks
172.16.0.0 - 172.31.0.0
* 256 C Class Networks 192.168.0.0 - 192.168.255.0

The one most often used by home networking products is 192.168.1.x in my experience, not the full /16. They are designed to hold 254 addresses, no more. Why are these designed for only a small number of IP addresses? Well, the home routers often have 4 ports, with maybe wireless. Are you really going to have a few hundred clients? Anyway, it's probably best to stick with the 192.168.1.x for a small network if you're planning on connecting to one of these. If, not, do whatever floats your boat!

Choose randomly

[Fluffy+the+Cat]

RFC 1918 recommends that you choose a network randomly in order to reduce the chances of colliding with any other internal network you may ever want to connect to.

No real difference

[blate]

The 192.168 and 10 networks are functionally equivalent except that the 10 network is class A and the 192.168 is class B (i.e. 10 is bigger).

You will find that many off-the-shelf devices, like NAT/Routers from Linksys, Netgear, etc. use 192.168.x.x by default; some of them don't let you use anything else (I think Linksys locks you in to 192.168, but you can change the lower two octets).

I personally use a 10.x.x.x network in my test lab at work, because it allows me to choose network addresses that make sense and are somewhat human-readable. If you're setting up a network for a business, it might make sense to use a 10 network just for expandibility. Then again, if you need more than 64k addresses, you probably have bigger problems to deal with.

One thing I like about the 10 networks is that when you see their addresses scream across a packet dump, you can immediately recognize them as "fake" addresses.

One security/network citizenship point (assuming that your 10 or 192.168 network is behind a NAT connected to the outside world): your firewall/router should NEVER pass packets destined to or accept packets sourced from a fake address range (10/24, 192.168/16, etc.). This can lead to evil attacks, garbage traffic on or out of your network, and a whole host of problems.

I inadvertently flooded my company's T1 line while running a test because our sysadmins hadn't configured our firewall to block outbound packets destined to a 10 address. A bug in a server I was testing caused it to send data back to the wrong address and our router happily sent the data out over the T1. No major harm was done, but a few people couldn't read their Slashdot until we discovered what the problem was.

Bottom line: choose what works for you (which may be either address range).

I use 127.0.0.1

[s88]

Its lightning fast! I always have 0 msec pings!
I highly recommend you try it.

Pedantic correction:

[Asprin]

192.168.0.0/16 doesn't exist.

It's really a set of 256 (254, really because you aren't supposed to use 0 or 255) /24 networks:
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
...
192.168.254.0/24

Now, if you set up your internal routing and gateways correctly, the difference doesn't matter, but TECHNICALLY, since 192 starts with the binary digits '110', it's a class C (/24) network.

FYI.

Which (10.0.0.0/8 or 192.168.0.0/24) you use doesn't matter unless you need to connect your network to somebody else's, but a bad decision (or evaluation of capacity) early on can come back to create problems if your network grows beyond the address space you planned for it. GOOD DESIGN IS ESSENTIAL to preventing problems down the road. Usually the # of hosts you need on your network segments drives the decision. Some larger networks will use the /24 blocks for local departmental LANs, and hook them together with /8 block addresses on the internetwork routers, but there are gobs of ways to do it.

I'd recommend searching Cisco's site for white papers on network design, or maybe googling for TCP/IP tutorials.

Re:Hi, I'm ignorant. Pleeztameecha!

[Medieval_Gnome]

It is a method of indicating how many bits in the address are part of the 'network' number, as opposed to the 'host' number. For example..

In 10.0.0.0/8 that means there are 8 bits that identify the network (10.x.x.x) and 24 bits (IP addresses are 32 bits, 8 bits are already used for network; 32-8=24) for the machine number (the x.15.53.45)

So now, for '192.168.0.0/16'. The 192.168 part is the network part, and the '/16' means the last 16 bits are used for hosts. When the slash-number is larger, that means the person with that IP range has less IPs. /24 means the user has 254 hosts at their disposal, while a /8 means over 16 million.

I really hope this helps, sorry I'm not the greatest at explaining things.

CIDR!

[tachyonflow]

Welcome to the world of classless routing!

192.168.0.0/16 certainly does exist. The first three bits has not dictated the netmask for years. See RFC1817 for more information on this. Here's a relevant excerpt (emphasis added):

Classless Inter-Domain Routing (CIDR) ([RFC1518], [RFC1519]) is deployed in the Internet as the primary mechanism to improve scaling property of the Internet routing system. Essential to CIDR is the generalization of the concept of variable length subnet masks (VLSM) and the elimination of classes of network numbers (A, B, and C). The interior (intra-domain) routing protocols that support CIDR are OSPF, RIP II, Integrated IS-IS, and E-IGRP. The exterior (inter-domain) routing protocol that supports CIDR is BGP-4. Protocols like RIP, BGP-3, EGP, and IGRP do not support CIDR.

There can only be one!

I use a /24 chunk of 172.16.0.0/12, because it's a chunk that is easy for me to remember -- it maps to my birth date.

On the 17th day of February, in the year of our Lord 1600, I was born a highlander. I am Colin McLeod of Clan McLeod and I cannot die.

Re:FP...

[afidel]

These are not BS. This was an IP block set aside for future use and Apple, MS, Sun, and others decided to use it for local link zero config stuff. This was codified by the ietf and is specified in RFC 3330 and other places.

Re:A completely pointless question

[Bombcar]

You probably have a hard time spelling banana or Mississippi, don't you? :)