====== IPv4 ======

Note: [[infoblox_threat_defense:endpoints#ptr_and_internal_zones|Ipv4 and IPv6 PTR zones for private ranges]]


From 
  * [[https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml|IANA]]
  * [[https://radwebhosting.com/client_area/knowledgebase/445/Bogon-IP-Addresses.html|RAD Web Hosting]]
  * [[https://ipinfo.io/bogon|ipinfo.io]]
  * [[http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt|Team Cymru Bogons IPv4]]
  * [[http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt|Team Cymru Bogons IPv6]]

Also,
  * 172.17.0.0/16 - Default subnet for docker and developers often do not change it.
  * 10.88.0.0/16 - Default network for podman.

More details [[https://en.wikipedia.org/wiki/Reserved_IP_addresses|here]].

Host ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 127.0.0.0/8 - host loopback address

Link Local ([[https://datatracker.ietf.org/doc/html/rfc3927|RFC 3927]]) and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]]) - Used for connectivity links. This makes it ideal for HA connections on firewalls and for on-prem to cloud connections.
  * 169.254.0.0/16

Private IPv4 (([[https://datatracker.ietf.org/doc/html/rfc1918|RFC 1918]]) and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 10.0.0.0/8
  * 172.16.0.0/12
  * 192.168.0.0/16

Carrier-Grade NAT ([[https://www.rfc-editor.org/rfc/rfc6598.html|RFC 6598]])
  * 100.64.0.0/10 - Carrier-Grade Shared Address Space

IEFT Protocol Assignments ([[https://datatracker.ietf.org/doc/html/rfc5736|RFC 5736]]) and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 192.0.0.0/24 - This block is reserved for IETF protocol assignments.

Documentation ([[https://www.rfc-editor.org/rfc/rfc5737.html|RFC 5737]])
  * 192.0.2.0/24 Assigned as TEST-NET-1, documentation and examples. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 198.51.100.0/24 Assigned as TEST-NET-2, documentation and examples. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 203.0.113.0/24 Assigned as TEST-NET-3, documentation and examples. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 233.252.0.0/24 IPv4 Multicast Documentation Addresses ([[https://datatracker.ietf.org/doc/html/rfc6676|RFC 6676]])
  * 198.18.0.0/15 Used for benchmark testing of inter-network communications between two separate subnets. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])

Other
  * 0.0.0.0/8.
  * 224.0.0.0/4 Multicast. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 192.88.99.0/24  IPv6 to IPv4 Translation. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 240.0.0.0/4 Reserved for future use. and ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
  * 255.255.255.255/32 broadcast address ([[https://datatracker.ietf.org/doc/html/rfc5735|RFC 5735]])
Bogon
  * Team Cymru Bogons IPv4 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt</code>
IPv4 addresses that should not be routed across the Internet (including RFC1918 private IP addresses). Either reserved IP address space or unassigned and may be used for malicious purposes. More information: https://www.team-cymru.com/bogon-reference-bgp

  * Team Cymru Bogons IPv6 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt</code>
IPv6 addresses that should not be routed across the Internet. Either reserved IP address space or unassigned and may be used for malicious purposes. More information: https://www.team-cymru.com/bogon-reference-bgp


===== GCP =====
  * ''169.254.169.254'' Provides DNS

===== AWS =====
  * ''169.254.169.254'' Provides vairous meta data
  * ''169.254.169.253'' Provides DNS
  * ''169.254.169.123'' provides a Stratum-3 NTP time source

You cannot assign the following CIDR blocks to an interface, because they are reserved for AWS
system use:
  * ''169.254.0.0/30''
  * ''169.254.1.0/30''
  * ''169.254.2.0/30''
  * ''169.254.3.0/30''
  * ''169.254.4.0/30''
  * ''169.254.5.0/30''
  * ''169.254.169.252/30''

You must begin with the ''169.254.x.4/30'' range.

Also, you will find that for any subnet in AWS, if you take the subnet identifier and increase the number by two, the resulting IP will be a DNS resolver available in that subnet.

In AWS, Network ACLs do not provide control of traffic to Amazon reserved addresses (first four addresses of a subnet) nor of link local networks (169.254.0.0/16), which are used for VPN tunnels.