11.0.0.1

[13Gigatons]

If you use a non-private IP block as your LAN IP what are the downsides?

Such as 11.0.0.1 or 15.0.0.1 ?

 

[VirtualLarry]

Well, you are violating internet RFCs, you won't be able to access parts of the internet, etc.

Not that I haven't heard of it being done in extremely large orgs, but generally, it's a bad idea.

Edit: For a home user, I would absolutely avoid it.

 

[Railgun]

Well, you are violating internet RFCs, you won't be able to access parts of the internet, etc.

Assuming you're behind a nat, and depending on how said enterprises do it if not, that's entirely untrue.

 

[imagoon]

If you use a non-private IP block as your LAN IP what are the downsides?

Such as 11.0.0.1 or 15.0.0.1 ?

If you own the block, there is no downside as long as you have proper access control. If you don't own the block then you are no longer able to access the range on the net you selected without a whole lot of NAT trickery in the middle.

This is one of the reasons when 1.0.0.0/8 was provisioned many companies were having issues as for years 1.1.1.1 was utilized as a sort of dummy IP address so there was odd routing issues caused by that.

11.0.0.0/8 seems to be owned by US DoD
15.0.0.0/8 is owned by HP.

Random note of interest (to me at least) is "Class E" IP addresses have be reallocated to "Future Use" again. Wonder if they are back on the table for allocation.

 

[VirtualLarry]

Assuming you're behind a nat, and depending on how said enterprises do it if not, that's entirely untrue.

SOHO routers are unable to route properly, if an IP subnet is the same on WAN and LAN.
So presumably, if you chose 11.0.0.0/8 for your local LAN subnet, and you wanted to reach a public IP on 11.1.2.3, it wouldn't route that packet out the WAN.

 

[drebo]

SOHO routers are unable to route properly, if an IP subnet is the same on WAN and LAN.
So presumably, if you chose 11.0.0.0/8 for your local LAN subnet, and you wanted to reach a public IP on 11.1.2.3, it wouldn't route that packet out the WAN.

It's not the router that can't do it, it's the computer. If a computer has an IP address on 11.0.0.0/8, it will not send a packet destined for that network with a destination MAC address of the router and instead will attempt an ARP lookup (which will fail) for local delivery.

 

[imagoon]

It's not the router that can't do it, it's the computer. If a computer has an IP address on 11.0.0.0/8, it will not send a packet destined for that network with a destination MAC address of the router and instead will attempt an ARP lookup (which will fail) for local delivery.

To be fair, even if the packet made it to the router, it would fire back in to the LAN since it is locally attached. (Barring routing magic / NAT work etc)

 

[xSauronx]

If you use a non-private IP block as your LAN IP what are the downsides?

changing everything later to fix such a ridiculous mistake.

we have a non-private block as internal addressing at one of the work sites, and i am pushing very hard to get it fixed this year.

it is a fair amount of work, and i am not a network guy, so i will inevitably screw it up if left to do it on my own.

fortunately, what we use is allocated in asia iirc so it hasnt caused any issues so far.

 

[dave_the_nerd]

Yeah, it's just a bad idea.

For similar reasons, I'm really, really hoping that ".home" doesn't get turned into an official TLD.

 

[XavierMace]

.home wouldn't bother me, .corp would be more concerning personally.