1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Public & Private IPs

Discussion in 'Routing & Switching' started by Crazydave1990, Mar 7, 2013.

  1. Crazydave1990

    Crazydave1990 Bit Poster

    19
    0
    9
    Yo guys...

    I understand that a public IP address is assigned by the ISP... and Routers perform a process of NAT to allow a private IP to 'converted' into a public IP, which is able to be used on the internet.

    However, my query is, with public IPs, when you are creating a network... can you use any ip range you like within reason? so if I wanted to set-up a network, would I have to use a private class C address of 192.168.1.0 (255.255.255.0) for example, or could I just use any address I like within reason? (other than the addresses which you are unable to use such as 127.0.0.0)???

    Might be a stupid question... but heyoh...
     
  2. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    The short answer to your question is yes you can - but best practise would be to use one of the private ranges specified in RFC1918

    The first company I worked for used a range outwith the private address space internally - it didn't cause any issues but used to really bug me...
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  3. BraderzTheDog

    BraderzTheDog Kilobyte Poster

    276
    2
    49
    Well the answer is simple,

    So here's an example of why this wouldn't work. You give a device in your network the public IP address of 8.8.8.8 (e.g. load balancer), a host in the LAN makes a request for googles DNS server which conveniently is 8.8.8.8. Where is the DNS lookup query going to go?

    Yep... that's right straight to the load balancer... This will cause you loads of problems, thus NEVER ever EVER use public IP addresses on your internal network.

    If you use public's on the internal network any legitimate public request that should be going out the default gateway to the ISP for routing will be routed internally instead...

    Funnily enough this is a common thing people do. I have worked with a Bank that did this and yes it caused a huge amount of problems.
     
    Last edited: Mar 7, 2013
    Certifications: CCNA R&S, CCNA-SEC, CCSA, JNCIA FWV, MCITP, MCTS, MTA, A+
  4. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    As the others have said, only use the private ranges (copied from RFC1918):

    10.0.0.0 - 10.255.255.255 (10/8 prefix)
    172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
    192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

    I've got one client where the previous IT company set them up on 192.169.0.0 range - that's a muscle and mental memory screw up for me whenever I'm manually addressing something on their network.
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    I inherited a network that had a full class A subnet for the LAN which didn’t follow the standards for the reserved LAN subnets.

    Completely freaked out the SBS migration I was doing as the install tools keep failing with errors as they thought the server was not protected by a firewall. Ended up giving all the servers a second IP address in a correct range 192.168.1.0/24 so I could do the migration!
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    I am pretty sure the OP is asking "can you" purely from a technical point of view, i.e. will this still work at a local level. The answer to this is yes.
     
    Last edited: Mar 8, 2013
    Certifications: CCENT, CCNA
    WIP: CCNP
  7. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    Back when the first IPv4 allocations were given to large, public companies, several of them picked up large ranges of addresses. I read somewhere (maybe it was the Network+ CompTIA study material that mentioned this) that Apple got something like 65k addresses and Microsoft received a few thousand as well.

    Recently, Microsoft also received 666k addresses from Nortel: Microsoft offers $7.5M for 666,624 IPv4 addresses - Computerworld

    Technically, these things 'could' mean that Microsoft could assign a public IP address for every employee (90k FTE's and 50k non-FTE's) and Apple could nearly do the same as well (~70k employees).

    But is it a good idea? Maybe not always, IPv4 to begin with, isn't secure in the same manner as IPv6 is, so you may not wish to give public IP's to internal networks 'as is' with a fully routable network.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  8. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    Yep, this. The company networks I work on own a class A each and they are assigned to the client network, not just internet facing services

    Of course these networks still sit behind a firewall and use NAT.
     
    Certifications: CCENT, CCNA
    WIP: CCNP

Share This Page

Loading...