CNS home page

Use of RFC 1918 "Private Addresses" on the UC Berkeley Campus Network

RFC 1918, "Address Allocation for Private Internets," specifies ranges of IP addresses that will never be routable on the global Internet. These addresses can therefore be used on "private" networks without concern for potential addressing conflicts with other networks.

However, RFC 1918 addresses are routable inside an enterprise. As stated in RFC 1918:
"... an enterprise needs to determine which hosts do not need to have network layer connectivity outside the enterprise in the foreseeable future and thus could be classified as private. Such hosts will use the private address space defined above [in RFC 1918]. Private hosts can communicate with all other hosts inside the enterprise, both public and private."
The ability for "private hosts" (i.e. hosts using RFC 1918 addresses) to communicate with all other hosts in the enterprise dictates that RFC 1918 addresses may be routed inside the enterprise.

Some Berkeley campus sysadmins use RFC 1918 addresses in order to assure that the devices using these addresses cannot be reached by any other device outside the "private" network, including elsewhere on campus. While this degree of privacy is not actually guaranteed by RFC 1918, it is not inconsistent with RFC 1918.

RFC 1918 requires that DNS information about RFC 1918 addresses must not be visible outside the enterprise. IST believes that any IP address that is used should be registered in the DNS; therefore, IST will create DNS information about RFC 1918 addresses only within "local zones" that can be queried only from hosts on the campus network. (i.e. the campus name servers will not answer queries that come from hosts outside of the campus network.)

The purpose of this document is to describe a set of conventions that will allow campus sysadmins to use RFC 1918 addresses today, with reasonable confidence that the use of these addresses will not cause serious conflict in the future. Specifically, this document identifies ranges of RFC 1918 address that IST will not route inside campus, as well as ranges that might someday be routed inside campus.

I. RFC 1918 address ranges are: 

     10.0.0.0/8         (10.0.0.0 - 10.255.255.255)
     172.16.0.0/12      (172.16.0.0 - 172.31.255.255)
     192.168.0.0/16     (192.168.0.0 - 192.168.255.255)

As required by RFC 1918, these addresses will never be routed outside the campus network.

II. RFC 1918 addresses that IST will not route inside campus are: 

     10.0.0.0/12        (10.0.0.0 - 10.15.255.255)
     192.168.0.0/16     (192.168.0.0 - 192.168.255.255)

Campus computer users can use addresses in those two ranges however they like, confident that these addresses will not be routed by IST.

III. RFC 1918 addresses that IST may route inside campus are:

    10.16.0.0/12
    10.32.0.0/11
    10.64.0.0/10
    10.128.0.0/9 		     (10.16.0.0 - 10.255.255.255)
    172.16.0.0/12      (172.16.0.0 - 172.31.255.255)

RFC 1918 addresses in the blocks listed immediately above can be routed inside campus. Campus sysadmins who might someday want to take advantage of this -- i.e. who want to use RFC 1918 addresses that can be routed on the campus network -- should choose RFC 1918 addresses according to the guidelines in the following section ("IV. Guidelines...").

Note:Choosing RFC 1918 addresses from the list above, in adherence with the guidelines below, does not mean that these addresses will automatically be routed: at least initially, routing of RFC 1918 address will only happen when requested. (Requests can be sent to noc@berkeley.edu.)

IV. Guidelines for choosing RFC 1918 addresses to use on the campus network:

Guideline (1)
If the RFC 1918-addressed devices will somehow connect (e.g. through a NAT device) to a campus subnet in one of the three main address ranges -- 128.32.0.0/16, 136.152.0.0/16, 169.229.0.0/16 -- replace the first octet with 10, as follows:

if your subnet is 128.32.x.y/N --> use 10.32.x.y/N
if your subnet is 136.152.x.y/N --> use 10.152.x.y/N
if your subnet is 169.229.x.y/N --> use 10.229.x.y/N

Note that the lowest number in the RFC 1918 address range should be left reserved for the router interface; the highest number in the RFC 1918 address range is reserved for the broadcast address.

Example: if your subnet is 128.32.155.0/25, use RFC 1918 address range 10.32.155.0/25, with 10.32.155.1 reserved for the router and 10.32.155.127 reserved for broadcast.

Guideline (2)
If your subnet campus subnet has some other address range (i.e. 192.31.161.z/N, 192.35.209.z/N, 192.58.221.z/N, etc.) send email to noc@berkeley.edu. As in guideline (1), the lowest and highest address in the RFC 1918 address block are reserved.

Guideline (3)
Guidelines (1) and (2) prevent the condition where private nets on different campus subnets use the same RFC 1918 addresses, which would cause problems if the addresses are routed inside campus. However, guidelines (1) and (2) do not prevent use of of the same RFC 1918 address range on two or more private networks within a single campus subnet. if this problem occurs, send email to noc@berkeley.edu.

Guideline (4)
Guidelines (1) and (2) limit the number of RFC 1918 addresses to the number of hosts on the conventional campus subnet. if this is too restrictive send email to noc@berkeley.edu.

Guideline (5)
Guidelines (1)-(4) will not meet all situations, but following them will minimize future problems, and maximize the chances that any RFC 1918 addresses you adopt will be routable in the future. If guidelines (1)-(4) don't meet your needs, please send email to noc@berkeley.edu.

Please send questions or comments about using RFC 1918 addresses at UCB to noc@berkeley.edu.

Last revised: June 09, 2009
Contact Information