They needed private IP ranges that wouldn't conflict with the real internet. 192.168 was just sitting there unused, so they grabbed it along with 10.x.x.x and 172.16-31.x.x.
>>> This is a fuzzy recollection of something I believe I read, which might
well be inaccurate, and for which I can find no corroboration. I
mention it solely because it might spark memories from someone who
actually knows:
>>> A company used 192.168.x.x example addresses in some early
documentation. A number of people followed the manual literally when
setting up their internal networks. As a result, it was already being
used on a rather large number of private networks anyway, so it was
selected when the RFC 1597 was adopted.
>> sun
> Wasn't 192.9.200.x Sun's example network?
of course you are correct. sorry. jet lag and not enough coffee.
User bmacho cites this Superuser question [1] in a reply to a downvoted comment at the bottom of this thread. It’s much more illuminating than the OP emails; Michael Hampton’s answer in particular is amazing. I had never heard of Jon Postel before.
Weirdly enough, there are a few systems at my workplace which are in the 192.9.200.x subnet! They're only about 20 years old, though. We are actively looking to replace the entire system.
Daniel Karrenberg, co-author of RFC1918, said this 2017-10-06 on the NANOG mailing list:
> On 05/10/2017 07:40, Jay R. Ashworth wrote:
> > Does anyone have a pointer to an *authoritative* source on why
> >
> > 10/8
> > 172.16/12 and
> > 192.168/16
> >
> > were the ranges chosen to enshrine in the RFC? ...
>
> The RFC explains the reason why we chose three ranges from "Class A,B &
> C" respectively: CIDR had been specified but had not been widely
> implemented. There was a significant amount of equipment out there that
> still was "classful".
>
> As far as I recall the choice of the particular ranges were as follows:
>
> 10/8: the ARPANET had just been turned off. One of us suggested it and
> Jon considered this a good re-use of this "historical" address block. We
> also suspected that "net 10" might have been hard coded in some places,
> so re-using it for private address space rather than in inter-AS routing
> might have the slight advantage of keeping such silliness local.
>
> 172.16/12: the lowest unallocated /12 in class B space.
>
> 192.168/16: the lowest unallocated /16 in class C block 192/8.
>
> In summary: IANA allocated this space just as it would have for any
> other purpose. As the IANA, Jon was very consistent unless there was a
> really good reason to be creative.
>
> Daniel (co-author of RFC1918)
While I've got some eyeballs on the subject, I'm tiring of mistyping this across my local network devices. How many of you folks alias this, and in what way? /etc/hosts works for my *nix machines, but not my phones, I think?
I'm also tired of remembering ports, if there's a way of mapping those. Should I run a local proxy?
> I'm also tired of remembering ports, if there's a way of mapping those. Should I run a local proxy?
If we're talking web-services - absolutely. I put Caddy in front of everything just to be able to simply use domains. You can also use it to map ports to either standard or more convenient ones if that suffices. Configuring reverse-proxy with Caddy [0] takes just a few lines:
After setting up a reverse-proxy or two you might want to expand your infrustructure with the following to to neaten thing up even more:
- DNS-server: most routers can be that; another easy option would be PiHole.
- DHCP-server: same as above (PiHole does DHCP too).
- Reverse-proxie(s): you can have either just one for the entire network or a number closer to the amount of services if you choose to have HTTPS between everything. Wouldn't bother with Nginx for that unless there is a strong incentive.
- ACME-server: provides the certs for the local reverse-proxies if you choose to have HTTPS between everything. Caddy can also act as a very easy to set up ACME-server [1].
If you have all that set up, you can access all the local services securely and via readable URLs. Given all the services get their certs from the ACME-server, the consumers only need to trust (install) one root cert in order to consider all the local connections secure.
Might seem like a lot at first, but the configuration is fairly straightforward and I found it's worth the effort.
This is probably apocryphal, and I'm probably getting the details wrong anyway, but tangentially related to this, when I worked for a small network security firm (later purchased by Cisco, as most were), we had a customer that used, I'm told, the IP ranges typically seen in North Korea as their internal network. They TOLD us they did it because the addresses wouldn't conflict with anything they cared about, and no one had told them about 1918 + NAT, which I find dubious.
Most SMB companies did not have IP addresses in 1994 when RFC 1597 was published, although the range was known. However, the well known companies did, and some of those have the older full class B assignments. It was common for those companies to use those public IP addresses internally to this day, although RFC-1918 addresses were also in use.
Since Netware was very popular in businesses and it was possible/common to use only the IPX protocol for endpoints, you could configure endpoints to use a host that had both an IPX and IP address as the proxy, and not use an IP address on most endpoints. That was common due to Netware actually charged for DHCP and DNS add-ons. When Windows became more popular, IP on endpoints likely used RFC-1918 around ~1996.
Well, I'll try summarize answers and my experience.
At beginning, Internet used network classes, because of hardware limitations (later switched to address blocks). And even in 1990s still existed very old hardware, only could use class addresses.
What classes mean, existed early very large organizations, got more addresses than they could use. And even happen few cases, when such organizations lost rights for these addresses.
And these unlucky organizations was some big whales, like IBM or ATT/Bell or Sun.
And once invented solution - state some big enough network as not allocated to use under NAT (or when network is not connected to Internet). So, departments of big organizations could use TCP/IP stack in their networks, even with old hardware, but don't need to contact Internet officials to got real internet addresses.
192.168 was just first C-class network prefix, was not assigned at the moment (or just released).
Later, to list of unassigned added 172.16/12 network.
We're a 2-man crew, about to start one of America's biggest ISP's.
We'd just gotten the closet cleared, the racks assembled, the modems installed, the terminal server wired up, the USENET machine booted, and we're waiting for the T1 to go live. The modems are answering calls, but there's nowhere for our new subscribers to go .. yet.
The tech line rings, its the T1 guy on the other end "Ready to configure your router with you if you're ready .. "
Sure, I say .. whats our IP address ..
"198.162 .. "
"WAIT!", I say. "Are you SURE about that?"
He sure was.
The line comes up, the routes flow, customers get online for their first time.
But for months afterwards I was constantly in fear of our IP address.
Junior network guys would call me up in the middle of the night, adding some NOC somewhere or other "it doesn't work!" - "did you mix a 2 and an 8?", I'd say .. and much swearing would be heard until things started working again.
Man, that was fun. Getting that IP address assigned to us definitely was an act of mischief on the part of some devil somewhere, I'm quite sure ..
28 comments
[ 0.42 ms ] story [ 58.6 ms ] thread>>> This is a fuzzy recollection of something I believe I read, which might well be inaccurate, and for which I can find no corroboration. I mention it solely because it might spark memories from someone who actually knows:
>>> A company used 192.168.x.x example addresses in some early documentation. A number of people followed the manual literally when setting up their internal networks. As a result, it was already being used on a rather large number of private networks anyway, so it was selected when the RFC 1597 was adopted.
>> sun
> Wasn't 192.9.200.x Sun's example network?
of course you are correct. sorry. jet lag and not enough coffee.
---
So no answers.
192 is 11000000 in binary.
So it is simply the block with the first two bits set in the netmask.
168 is a bit more difficult. It is 10101000, a nice pattern but I don't know why this specific pattern.
Not everyone thought this was a good idea, and I still maintain the alternative path would have led to a better internet than the one we today.
[1] https://superuser.com/questions/784978/why-did-the-ietf-spec...
It created a big trauma when I joined the uni and hit the wall. I suppose this how americans feel about the metric system :p
I'm also tired of remembering ports, if there's a way of mapping those. Should I run a local proxy?
If we're talking web-services - absolutely. I put Caddy in front of everything just to be able to simply use domains. You can also use it to map ports to either standard or more convenient ones if that suffices. Configuring reverse-proxy with Caddy [0] takes just a few lines:
After setting up a reverse-proxy or two you might want to expand your infrustructure with the following to to neaten thing up even more:- DNS-server: most routers can be that; another easy option would be PiHole.
- DHCP-server: same as above (PiHole does DHCP too).
- Reverse-proxie(s): you can have either just one for the entire network or a number closer to the amount of services if you choose to have HTTPS between everything. Wouldn't bother with Nginx for that unless there is a strong incentive.
- ACME-server: provides the certs for the local reverse-proxies if you choose to have HTTPS between everything. Caddy can also act as a very easy to set up ACME-server [1].
If you have all that set up, you can access all the local services securely and via readable URLs. Given all the services get their certs from the ACME-server, the consumers only need to trust (install) one root cert in order to consider all the local connections secure.
Might seem like a lot at first, but the configuration is fairly straightforward and I found it's worth the effort.
[0]: https://caddyserver.com/docs/caddyfile/directives/reverse_pr...
[1]: https://caddyserver.com/docs/caddyfile/directives/acme_serve...
This was in the 10's of 1000's of devices.
Since Netware was very popular in businesses and it was possible/common to use only the IPX protocol for endpoints, you could configure endpoints to use a host that had both an IPX and IP address as the proxy, and not use an IP address on most endpoints. That was common due to Netware actually charged for DHCP and DNS add-ons. When Windows became more popular, IP on endpoints likely used RFC-1918 around ~1996.
At beginning, Internet used network classes, because of hardware limitations (later switched to address blocks). And even in 1990s still existed very old hardware, only could use class addresses.
What classes mean, existed early very large organizations, got more addresses than they could use. And even happen few cases, when such organizations lost rights for these addresses.
And these unlucky organizations was some big whales, like IBM or ATT/Bell or Sun.
And once invented solution - state some big enough network as not allocated to use under NAT (or when network is not connected to Internet). So, departments of big organizations could use TCP/IP stack in their networks, even with old hardware, but don't need to contact Internet officials to got real internet addresses.
192.168 was just first C-class network prefix, was not assigned at the moment (or just released).
Later, to list of unassigned added 172.16/12 network.
What's the history behind 192.168.1.1? - https://news.ycombinator.com/item?id=17467203 - July 2018 (48 comments)
https://en.m.wikipedia.org/wiki/Desire_path
We're a 2-man crew, about to start one of America's biggest ISP's.
We'd just gotten the closet cleared, the racks assembled, the modems installed, the terminal server wired up, the USENET machine booted, and we're waiting for the T1 to go live. The modems are answering calls, but there's nowhere for our new subscribers to go .. yet.
The tech line rings, its the T1 guy on the other end "Ready to configure your router with you if you're ready .. "
Sure, I say .. whats our IP address ..
"198.162 .. "
"WAIT!", I say. "Are you SURE about that?"
He sure was.
The line comes up, the routes flow, customers get online for their first time.
But for months afterwards I was constantly in fear of our IP address.
Junior network guys would call me up in the middle of the night, adding some NOC somewhere or other "it doesn't work!" - "did you mix a 2 and an 8?", I'd say .. and much swearing would be heard until things started working again.
Man, that was fun. Getting that IP address assigned to us definitely was an act of mischief on the part of some devil somewhere, I'm quite sure ..