Approved by ITAC-NI 06/20/02
Abstract: This document addresses the issues of use and management of the Private IP space at the University of Florida.
1. Definition of Private IP Addresses
Private IP addresses are defined in Internet RFC 1918. For those wishing to know more about Private IP, RFC 1918 is suggested reading. See ftp://ftp.ufl.edu/net/rfcs. The private IP adresses are the following blocks:
Class A 10.0.0.0 - 10.255.255.255
Class B 172.16.0.0 - 172.31.255.255
Class C 192.168.0.0 - 192.168.255.255
These addresses are not recognized by Internet routers. Packets with either source or destination private addresses are not forwarded across Internet links. As such these addresses can be used by the University of Florida on host machines which do not require direct connection to other hosts across the Internet. It is possible, through address translation, for some UF hosts using private IP to access a host across the Internet. The configuration of an address translator requires a pool of public IP addresses. When an IP application originating from a host with a private IP address which is destined for the Internet is opened, the address translator assigns an IP number from the address pool. Every packet related to this application aquires the assigned IP number at the translator. UF supports an IP translator for this purpose. The translator will be located near the Internet POP. Each block of IP private addresses will be labelled as translated or untranslated. Packets carrying addesses from a translated block are routed through the translator. Public addresses for the translator pool will be assigned from one of the blocks of UF public IP addresses.
The rationale for the Internet private IP space is given in RFC 1918. In addition to the motivations provided there, private IP offers a modicum of security by restricting the visiblity of a host from the general Internet community.
3. UF Private IP Addresses
Addresses from the Class A 10.255.255.255 block will be assigned and kept in an authoritative database at Network Services. Packets with these addresses will be passed by Network Services core routers after an appropriate assignment and entry has been made in the database. Hosts which have been assigned a private IP number in the 10.0.0.0/8 range can access Internet and Internet 2 resources through the use of an address translator.
Addresses from the Class B 172.16.0.0 - 172.31.255.255 block will be assigned and kept in an authoritative database at Network Services. Packets with these addresses will be passed by Network Services core routers after an appropriate assignment and entry has been made in the database. This address space is used primarily to restrict access to the UF network only. Hosts in this address space are not accessible from off campus, including Internet and Internet 2, except through the UF dial-up and VPN connections. It can also be used to provide access to a subnet that is only reachable from within an existing network, and not from the core UF network. Hosts assigned a private IP number in 172.16.0.0/12 cannot access Internet or Internet 2 resources.
4. Initial Address Reservations
The following are the initial reservations for the class A block 10.0.0./8. The private IP addresses assigned here will not be routed locally until a request is made by the user.
- The class B block 10.1.0.0/16 is reserved for Network Services
- The class B block 10.2.0.0/16 is assigned to the Division of Housing
- The class B block 10.3.0.0/16 is assigned to CIRCA for use in labs and classrooms.
- The class B block 10.4.0.0/16 is assigned to HEALTHNET.
- The class B block 10.5.0.0/16 is assigned to various campus networks.
- The class B block 10.10.0.0/16 is assigned to NS for classrooms with the exception of a few subnets that are assigned to HealthNet.
- The class B block 10.20.0.0/16 is assigned to Network Services for walk-up ports.
- The class B block 10.30.0.0/16 is assigned to Network Services for authenticated networks.
- The class B block 10.178.* is assigned in parallel to the existing UF/UMC class B block 220.127.116.11/16.
- The class B block 10.227.0.0/16 is assigned in parallel to the existing UF class B block 18.104.22.168/16.
- The class B block 10.228.0.0/16 is assigned to Network Services for VPN.
- The class B block 10.229.0.0/16 is assigned to Network Services for VoIP.
Domain Name Service
Since Private IP addresses are not passed on the Internet, InterNIC DNS services are not available. Local DNS services can be used for Private IP addresses with the same conventions as are currently used locally. To prevent leaking DNS RRs, RFC 1918 recommends running two DNS servers, one internal and one external. It is recommended that UF establish an internal DNS server if DNS services are to be provided for private IP.