doc question on private network IP allocation

Dave Ihnat dihnat at
Fri Oct 14 19:26:19 UTC 2011

On Sat, Oct 15, 2011 at 01:32:47AM +1030, Tim wrote:
> Out of the various IP ranges [1] that are available for private use,
> because they are not, and will not, be used as public IPs on the
> internet, ...

Very specifically, look up RFC1918, where these ranges were defined.

> It's common practice to use an address ending with 254 for routers and
> gateway, but it's purely customary.

Actually, in my experience it's much more customary to use the .1 adress as
the main gateway in the network, especially for Class 'C' networks.  I
really only started seeing .254 when some of the manufacturers of retail
router/firewalls picked it.  But, as you say, it's a matter of convention.
Probably the most important item to pick up on is to put the main gateway
at one end or the other of the subnet address range.

> As for how to allocate IPs within a LAN, that's up to you.  Some people
> have ...

It is extremely useful to have conventions for IP address assignment, since
you, as the administrator, can look at an address and *know* what that
piece of equipment should be, or can *know* where to start assigning static
IP addresses if necessary (e.g., for printers, VOIP phone systems, etc.)

A common convention I've used for (literally) decades now is:

  Low addresses:  Network Equipment (gateway, routers, terminal servers, etc.)
  Next range:     Servers
  Next range:     Printers & end-user equipment w/static addresses
  DHCP Range
  Top Addresses:  VPN addresses, experimental/temporary equipment

Just what these values are depends on how big your subnet is.  For
instance, most people use what we called a Class 'C' subnet--netmask is 24
bits ( a max of 254 devices; let's use as an example subnet:     - Entire Network - Usable device range   - Broadcast Address

For this small network, a usable convention would be:     - Network Equipment.  Gateway at   - Servers   - Printers & End-User Equipment w/static addresses - DHCP-assigned addresses - VPN addresses, experimental/temporary equipment

As a further convention, if you're using a VPN scheme that requires address
assignment, start from 254 and work down; that lets you know that if you
want to temporarily assign ad-hoc static addresses, you can start at 200
and work your way up.

Obviously, you can shift the boundaries to meet your local needs; and if
any of these ranges are too small, you can pick one of the Class 'A' or
Class 'B' (yeah, I know, old terms) address/netmask combinations.

	Dave Ihnat
	dihnat at

More information about the users mailing list