RFC1918 and Link-Local Addresses

RFC1918 (which was originally described in RFC1597) sets aside specific ranges of IP addresses that cannot be used on the Internet. Instead, these addresses are to be used internally within an organization or network. If hosts with RFC1918 addresses want to communicate with a network like the Internet, they must go through some form of NAT because no host on the Internet will know how to route RFC1918 addresses. The addresses assigned by RFC1918 are as follows:

  • (netmask

  • (netmask, which covers

  • (netmask



In the sample network diagrams throughout this book, I am treating the address space as if it were routable on the Internet, though it normally is not.[3]

[3] If you happen to recall that I also mentioned this in Chapter 4, give yourself a cookie for being astute.

Another set of address spaces that can be used for NAT is 169.254/16 (netmask This address space is specified in an Internet Draft called "Dynamic Configuration of IPv4 link-local addresses" (available at http://files.zeroconf.org/draft-ietf-zeroconf-ipv4-linklocal.txt). Essentially, Microsoft Dynamic Host Configuration Protocol (DHCP) clients use this method to assign an address when they are unable to communicate with a DHCP server. This address space is reserved specifically for this purpose, so it will not be in use anywhere on the Internet and is thus safe to use for NAT.

If your situation requires the use of NAT, it is strongly advised that you use address space within the recommended ranges. If you are using someone else's address space within your internal network and you need to communicate with an Internet host that happens to use the same address range, you may find yourself not being able to do so because the network traffic may never leave your internal network.