36
6
I'm at a computer camp, and I noticed that every single device connected to the network has a different public IP, which really surprised me. What is even more strange is that their public IPs are exactly the same as their private IPv4 addresses. How is this possible?
Flare Cat
Posted 2016-08-01T01:52:58.410
Reputation: 884
63
They own an IP range, and are using the range to directly connect to WAN (Internet) instead of hiding behind NAT (Network Address Translation). Basically, NAT was made for environments lacking enough Public IP addresses for all the machines in the network, so all of them can hide behind a pool of (one or more) Public IP address(es). If you got at least one Public IP address per machine, then using NAT is a matter of choice.
NetwOrchestration
Posted 2016-08-01T01:52:58.410
Reputation: 2 385
32You don't need to be an ISP for this. Plenty of old companies have original IP assignments; HP before the split had 48 million IPv4 addresses ! – MSalters – 2016-08-01T10:00:10.703
3You are right. I mentioned ISP because he told an ISP holds the camp. – NetwOrchestration – 2016-08-01T12:36:54.710
5If I recall correctly, MIT (as in mit.edu) has or had a larger IP address block than China. – Ti Strga – 2016-08-01T18:55:00.967
2
@TiStrga: See IANA's IPv4 Address Space, or xkcd's 2006 Map of the Internet, for the "grandfathered in" assignments, including "Class A" (now /8's) for MIT, Ford, etc.
– user1686 – 2016-08-02T09:29:53.217But you don't need to be an 'old company' for that, either – plenty of organizations have gotten their own allocations, sometimes massive, sometimes tiny. (At a small university, we have a /26¼.) Some even participate in BGP. – user1686 – 2016-08-02T09:40:28.730
1@grawity /26¼ ? How does that work? how do you have 1/4 of a bit? – HorusKol – 2016-08-03T00:19:28.180
@HorusKol: Presumably they have multiple blocks, something like one /24 block and one /4 block or something. Haven't done the math. The 1/4 bit is presumably the most significant bit. Each significant bit doubles the previous bit. So at /26 the 1/4 bit represents 16 addresses – slebetman – 2016-08-03T02:54:40.890
2@HorusKol: It's a silly way of writing "a /26 and a /28". – user1686 – 2016-08-03T04:52:17.520
19
Back in the old days (before the Public Internet came into being in 1991), technologies like NAT were not common, and most operators did not use RFC1918 addresses. They didn't divide the Internet into public and private spaces as they commonly do today.
In the early days, companies grabbed huge blocks of public IPs by reserving entire /8 networks, consisting of 16,777,216 discrete addresses each. The US Dept of Defense owns 13 such blocks. See here for well-known owners of /8 blocks: https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks#List_of_assigned_.2F8_blocks
Its been many years since blocks of that size have been available to new registrants, due to IPv4 address-space depletion, so technologies like NAT and RFC1918 networks were required to limit the number of public IPs necessary for network access. Large organizations however still hold their blocks, so they are free to use them themselves, or rent them out to others.
Frank Thomas
Posted 2016-08-01T01:52:58.410
Reputation: 29 039
why do some network engineers say NATs are a bad idea? – Celeritas – 2016-08-03T06:56:05.123
1NAT is more complicated, and limits node-to-node visibility. In the long run, the advantages far outweigh the costs for most people. I don't think they can responsibly say that they are a "bad idea" because the Internet has kept running despite address depletion, but I think most would say that NAT is sub-optimal from their perspective. Very few engineers are concerned about home router configurations, which is where NAT has the biggest benefit. We wouldn;t have routers that non-IT folk can just un-box, plug-in, and go, were it not for the SPF + NAT + RFC1918 combo. – Frank Thomas – 2016-08-03T11:55:54.277
18
This is how the internet is supposed to work.
People started using private address ranges and NAT because the number of spare IP addresses started to get used up. And then people found that using NAT was easier than using a proper firewall despite it not really being for that.
If you can get the IP addresses and configure a proper firewall as required then this is a perfectly good way to work. With IPv6 it will hopefully become more common
John Burton
Posted 2016-08-01T01:52:58.410
Reputation: 441
6That is entirely true, but I have no intention of giving up the benefits of Statefull Packet Firewalling + NAT + RFC1918 addressing even when everyone goes IPv6. There are no advantages to me to having my kids PCs directly accessible by the Internet at large, and broadcasting their hardware Id (MAC address) to the world, at that. – Frank Thomas – 2016-08-02T12:35:44.403
2@FrankThomas I like the convenience of RFC1918 addressing in that it's portable (if I move to a different ISP I don't need to re-number everything), but otherwise I find NAT to be a huge chore. I have a (relatively) small IPv6 block, so that's easily portable too. Of course, nothing prevents anyone from using public IPv4 or v6 addresses with an upstream stateful firewall without NAT, or using non-MAC-derived IPv6 addresses. I do just that with all my IPv6 systems and it works well. – heypete – 2016-08-02T13:41:36.843
4
@FrankThomas 'routable' does not mean reachable. Use a firewall. Also, you don't need to embed the MAC into the ipv6 address if you use a thing called privacy addressing: http://superuser.com/questions/243669/how-to-avoid-exposing-my-mac-address-when-using-ipv6
– Sirex – 2016-08-02T20:34:14.2305
Their only limit in the number of IP addresses they own. The public addresses are most likely configured in their router and routed based on the local addresses.
Because of IPv4 address shortage, it is indeed unusual to waste so many public addresses, but I suspect they probably split the load between them for network performance and security reasons. This could be managed through the router's routing table or firewall rules (or a combination of both).
In certain network designs, the public IP used can actually change over time.
Julie Pelletier
Posted 2016-08-01T01:52:58.410
Reputation: 2 065
4Not sure about 'wasting' public IPs. Having at least one public IP per device is perfectly normal as long as you own enough address range. Using RFC1918 addresses (and or NAT) is an ugly hack and avoiding its use whenever possible is a good thing. – Hennes – 2016-08-01T19:45:22.510
Not sure which planet you've been on for the past 10 years but, except for servers, most public IP addresses are now NATed because of the shortage that started around 2000. – Julie Pelletier – 2016-08-01T19:54:49.483
4Most newly allocated residential and small business IP addresses are NATed. Many organizations which obtained class A or B blocks back in the day have no IP shortage and no need to be parsimonious, even if globally there is a shortage. Even my son's high school had public IP addresses for all devices, including BYO laptops, due to the fact that its "ISP" was the local state university, which had no shortage of IPv4 addresses. – user4556274 – 2016-08-01T20:21:29.563
2Which is why we [started] to move to IP v6 since the last two decades. And yes, I know they are scarce these days. Getting another 8 just for home useage might be a tad hard these days. Which is why NAT is a nessecary evil for many people. But for those with /16's at work and a handful of static IPs at home the ability to avoid NAt is a good thing. – Hennes – 2016-08-01T20:22:19.183
1@user4556274 Heh, I still got servers at my old uni. At the uni's the computer club we had two /24 blocks to play with. (Uni had a /16). Plenty for the old guys we got there first. And plenty v6 for the new people. – Hennes – 2016-08-01T20:24:49.593
3
It is impossible for a computer to have the same public and private IPv4 address. It is either a private IP, which (according to RFC1918) is in the range 192.168.xxx.xxx, 172.16.xxx.xxx, or 10.xxx.xxx.xxx, or a public IP, which is any other address.
EDIT: Yes, I am aware you can use public IP addresses in your LAN. Nobody does, though, because of standards and the fact that you will not be able to access those addresses on the Internet. I am also aware that there are other address spaces other than public and private, but again, no one uses those and thus you will not encounter them.
It is possible for every computer to have a different public IP address. It simply means that whatever establishment you were at purchased the right to multiple IP addresses and their routers are configured to give one to each computer. You could probably even do this at home if you wanted to.
Assuming what you said about every computer having the same public and private addresses is correct, my guess is that every computer has only a public address. All the establishment would have to do to make this happen is purchase the right to multiple addresses and configure their DHCP server to give an address in the assigned range to each computer.
theJack
Posted 2016-08-01T01:52:58.410
Reputation: 325
It's probably worth noting that it's also possible to just use any old public address block on your own LAN. You just won't be able to reach the 'real' one on the internet doing that. I've worked at a company that did this. It was not pretty. Don't do that. – Sirex – 2016-08-02T20:37:19.120
@Sirex Yes, I know. There were about twenty comments on this answer discussing that. Somehow they were all deleted, though. I will make an edit to the answer to acknowledge this. – theJack – 2016-08-02T20:48:29.023
Of course nobody connects to the Internet using (public) IP addresses that are assigned to somebody else. If that’s what your second paragraph is talking about, though, it’s far from clear. And if that’s not what your second paragraph is talking about, then what is it that you are saying “Nobody does”? Because your third and fourth paragraphs are saying that it is perfectly possible to use public IP addresses in your LAN. P.S. Your third and fourth paragraphs seem to be saying very nearly the exact same thing; i.e., they appear to be redundant. – Scott – 2016-08-14T12:21:33.970
1Proof is not what's interesting but the facts you could provide would perhaps allow us to clarify your situation. How do you determine the public IP and what does it look like? – Julie Pelletier – 2016-08-01T02:00:51.730
@JuliePelletier I did a google search of What's my IP. It starts with 137.167. Also, please read the update. – Flare Cat – 2016-08-01T02:03:22.697
87This is how the Internet was designed to work, and how it will (hopefully) work again in IPv6. – user253751 – 2016-08-01T04:58:27.600
13It is impossible for their public and private IPv4 addresses to be the same. Perhaps you incorrectly concluded that they have a private IPv4 address when they do not have a private address at all. – David Schwartz – 2016-08-01T10:43:17.637
@user20574 When do you think it is possible this might happen again? – Flare Cat – 2016-08-01T11:17:35.787
3@FlareCat: Apparently, for major sites such as Google.com, the majority of their users now use IPv6. Strictly speaking that doesn't mean they connect directly, but since companies get IPv6 addresses by the billions it's obvious that every IPv6 user could have its own IPv6 address. – MSalters – 2016-08-01T13:04:08.577
3@FlareCat imagine that every time you call someone on a different carrier, instead of having their direct number you only have the number of a big "switchboard" at the carrier. You'd have to tell them to route your call to that person manually. And when you do get a call the only number you see is the switchboard's, and not the person's direct number (because there is none). This is exactly what happens with IPv4 and NAT (your router becomes the switchboard) and is a huge pain to work with. IPv6 would allow every computer to have a "direct number" so no more NAT nonsense. – André Borie – 2016-08-01T14:27:58.370
1@DavidSchwartz There are plenty of NAT implementations that allow the same address on both sides :) – Navin – 2016-08-02T01:03:03.510
@Navin: Sure, but those aren't called "private" addresses just because they're on the wrong end of NAT; they're usually still globally-assigned. – user1686 – 2016-08-02T09:43:13.760
@MSalters According to google itself IPv6 adaption for google.com is about 13%. Source. Sadly far from a majority.
– Voo – 2016-08-02T18:49:41.5371@MSalters Can you provide a source for the claim that any company only got billions of IPv6 addresses? As far as I understand RFC 6177, the smallest assignment to an end user is about 18 quintillion addresses, and most companies have on the order of sextillions or more. – phihag – 2016-08-02T21:24:49.983
1@phihag: A quintillion is many, many billions ;) – MSalters – 2016-08-03T07:06:11.333
1@Navin NAT means Network Address Translation. If it's the same address on both sides, it's not translating anything. It's just a normal router. – Barmar – 2016-08-05T17:46:39.627