| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| networking:ipv4 [2025/07/30 09:04] – bstafford | networking:ipv4 [2025/08/05 16:08] (current) – bstafford |
|---|
| ====== IPv4 ====== | ====== IPv4 ====== |
| | |
| | Note: [[infoblox_threat_defense:endpoints#ptr_and_internal_zones|Ipv4 and IPv6 PTR zones for private ranges]] |
| | |
| |
| From | From |
| * [[http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt|Team Cymru Bogons IPv6]] | * [[http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt|Team Cymru Bogons IPv6]] |
| |
| | Also, |
| | * 172.17.0.0/16 - Default subnet for docker and developers often do not change it. |
| | * 10.88.0.0/16 - Default network for podman. |
| |
| Host | More details [[https://en.wikipedia.org/wiki/Reserved_IP_addresses|here]]. |
| * 127.0.0.0/8 | |
| |
| Link Local ([[https://datatracker.ietf.org/doc/html/rfc3927|RFC 3927]]) | Host ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| | * 127.0.0.0/8 - host loopback address |
| | |
| | Link Local ([[https://datatracker.ietf.org/doc/html/rfc3927|RFC 3927]]) and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) - Used for connectivity links. This makes it ideal for HA connections on firewalls and for on-prem to cloud connections. |
| * 169.254.0.0/16 | * 169.254.0.0/16 |
| |
| Private IPv4 (([[https://datatracker.ietf.org/doc/html/rfc1918|RFC 1918]]) | Private IPv4 (([[https://datatracker.ietf.org/doc/html/rfc1918|RFC 1918]]) and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 10.0.0.0/8 | * 10.0.0.0/8 |
| * 172.16.0.0/12 | * 172.16.0.0/12 |
| |
| Carrier-Grade NAT ([[https://www.rfc-editor.org/rfc/rfc6598.html|RFC 6598]]) | Carrier-Grade NAT ([[https://www.rfc-editor.org/rfc/rfc6598.html|RFC 6598]]) |
| * 100.64.0.0/10 | * 100.64.0.0/10 - Carrier-Grade Shared Address Space |
| |
| IEFT Protocol Assignments ([[https://datatracker.ietf.org/doc/html/rfc5736|RFC 5736]]) | IEFT Protocol Assignments ([[https://datatracker.ietf.org/doc/html/rfc5736|RFC 5736]]) and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 192.0.0.0/24 - This block is reserved for IETF protocol assignments. | * 192.0.0.0/24 - This block is reserved for IETF protocol assignments. |
| |
| Documentation ([[https://www.rfc-editor.org/rfc/rfc5737.html|RFC 5737]]) | Documentation ([[https://www.rfc-editor.org/rfc/rfc5737.html|RFC 5737]]) |
| * 192.0.2.0/24 Assigned as TEST-NET-1, documentation and examples. | * 192.0.2.0/24 Assigned as TEST-NET-1, documentation and examples. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 198.51.100.0/24 Assigned as TEST-NET-2, documentation and examples. | * 198.51.100.0/24 Assigned as TEST-NET-2, documentation and examples. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 203.0.113.0/24 Assigned as TEST-NET-3, documentation and examples. | * 203.0.113.0/24 Assigned as TEST-NET-3, documentation and examples. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 233.252.0.0/24 Assigned as MCAST-TEST-NET, documentation and examples. | * 233.252.0.0/24 IPv4 Multicast Documentation Addresses ([[https://datatracker.ietf.org/doc/html/rfc6676|RFC 6676]]) |
| * 198.18.0.0/15 Used for benchmark testing of inter-network communications between two separate subnets. | * 198.18.0.0/15 Used for benchmark testing of inter-network communications between two separate subnets. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| |
| Other | Other |
| * 0.0.0.0/8. | * 0.0.0.0/8. |
| * 224.0.0.0/4 Multicast. | * 224.0.0.0/4 Multicast. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 192.88.99.0/24 IPv6 to IPv4 Translation. | * 192.88.99.0/24 IPv6 to IPv4 Translation. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| * 240.0.0.0/4 REserved for future use. | * 240.0.0.0/4 Reserved for future use. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| | * 255.255.255.255/32 broadcast address ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) |
| Bogon | Bogon |
| * Team Cymru Bogons IPv4 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt</code> | * Team Cymru Bogons IPv4 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt</code> |
| * Team Cymru Bogons IPv6 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt</code> | * Team Cymru Bogons IPv6 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt</code> |
| IPv6 addresses that should not be routed across the Internet. Either reserved IP address space or unassigned and may be used for malicious purposes. More information: https://www.team-cymru.com/bogon-reference-bgp | IPv6 addresses that should not be routed across the Internet. Either reserved IP address space or unassigned and may be used for malicious purposes. More information: https://www.team-cymru.com/bogon-reference-bgp |
| | |
| | |
| | ===== GCP ===== |
| | * ''169.254.169.254'' Provides DNS |
| | |
| | ===== AWS ===== |
| | * ''169.254.169.254'' Provides vairous meta data |
| | * ''169.254.169.253'' Provides DNS |
| | * ''169.254.169.123'' provides a Stratum-3 NTP time source |
| | |
| | You cannot assign the following CIDR blocks to an interface, because they are reserved for AWS |
| | system use: |
| | * ''169.254.0.0/30'' |
| | * ''169.254.1.0/30'' |
| | * ''169.254.2.0/30'' |
| | * ''169.254.3.0/30'' |
| | * ''169.254.4.0/30'' |
| | * ''169.254.5.0/30'' |
| | * ''169.254.169.252/30'' |
| | |
| | You must begin with the ''169.254.x.4/30'' range. |
| | |
| | Also, you will find that for any subnet in AWS, if you take the subnet identifier and increase the number by two, the resulting IP will be a DNS resolver available in that subnet. |
| | |
| | In AWS, Network ACLs do not provide control of traffic to Amazon reserved addresses (first four addresses of a subnet) nor of link local networks (169.254.0.0/16), which are used for VPN tunnels. |
