Violating RFC 1918

Seth Karlinsey

Due to the number of times i have had address collisions when working over VPN with a client, i was forced to readdress some parts of our network into non-RFC1918 space. I am listing off some ranges that can be used in the event others run into the same issue. 

First set of ranges that can be safely used are the "test/documentation" testnet ranges. These are defines in RFC 5737. 
192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

There is then the "performance benchmark" range, defined in RFC 2544
198.18.0.0/15

Then we have the CGNAT space, defined in RFC 6598.  This particular range comes with the most caveats, and should be considered as a last resort. 
DO NOT USE IF:
1) you are on an LTE carrier for internet, or have them as part of your network environment. Most carriers are using CGnat in some capacity.
2)You are using tailscale. Tailscale uses the ENTIRE range. 
3) you are unsure of your internet carriers IPv4 exhaustion mitigation plans
The range is: 100.64.0.0/10

Link local: WTF!?! this cannot be used for routable links, but in many situations, it can be used for point to point links, management VLANS, or other VLANS that do not, or should not have internet connectivity. It is defined in RFC 3927. 
169.254.0.0/16

AMPRNet testnet. AMPRNET has a test range that is not considered routable. It is not documented in ANY rfc's, and may become routable, particularly in the event that the address pool is shrunk again to force the sale of the IP addresses. The range is a rather large one. It does (extremely rarely) become routable during testing, however, most businesses are prohibited from interacting with AMPRNET anyway due to its non commercial restrictions. 
44.128.0.0/16

 

This article was updated on April 23, 2024