![]() |
Also On This Page |
Advice on Choosing the best Range of IP Addresses |
In theory, 64,000 PCs can operate behind one NAT router. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
There is another range of IP addresses that don't appear
on the Internet and are reserved for private networks:- Loopback IP AddressesFor completeness I'll also mention another range of IP addresses not found on either the Internet
or on private LANs:- |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Which range of IP addresses should I choose for my LAN?The choice is so big it's hard to know which
range you should choose for your own network.
When you've chosen between the 192.168 and 10 ranges of
IP addresses, which exact one should you choose? |
In some people's minds an address range starting with
10 sounds more professional than one starting with 192.168 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Similarly 10.0.0.0 to 10.0.0.255 is another common range to avoid. Network range shorthandTo specify the range of IP addresses used on a
network you usually write the first IP address in the range followed by
the subnet mask such as:- What to do if your LAN is larger or more complicated than normalWhen you use an IP range with a subnet mask of
255.255.255.0 you get 256 different IP addresses. |
"Device" is a term denoting a piece of equipment that requires an
IP address. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The problem with Option 1 is that you now need to purchase, configure and
maintain a router. My recommendations are:-If you need a network with more than 254 devices then
use a network range beginning with 10 and the subnet mask of
255.255.248.0 and be prepared for the
differences from the 255.255.255.0 networks you are familiar with. Detailed recommendations of how to assign the internal IP addresses |
192.168.25.1 | Your Router or whatever you set as your gateway to the Internet |
---|---|
192.168.25.5 | Your main server. If this is also your router to the Internet then keep it as 5 |
192.168.25.6 | A second server, if you have one |
192.168.25.15 | Your network switch. Not all switches can have (or need) an IP address assigned to them |
192.168.25.20 to 192.168.25.30 | Other special devices that require a static IP address |
192.168.25.50 to 192.168.25.149 | Your DHCP address pool for workstations |
192.168.25.225 | A Network Attached Storage (NAS) Drive |
192.168.25.240 | A network-attached printer |
192.168.25.241 | A second printer |
This scheme allows room for the various categories of
devices to expand as required.
For larger 255.255.248.0 networks, keep
the same categories, in the same order but increase the amount of IP
addresses in each category, as necessary.
One very large pool of DHCP addresses is OK.
![]() |
Definitely have one. It's not hard to set up and it makes managing your network's IP addresses easier. |
||
![]() |
Have only one. Router's and other devices often come
with a built-in DHCP server. |
||
![]() |
If you have multiple servers and want a second DHCP
server for redundancy then use another Windows Server as the second DCHP
server and make sure that the range of IP addresses available to clients
is different on each server. |
||
![]() |
In the Scope Options set values for the following options:- |
||
Option |
Value |
||
003 | Default Gateway. This is your Internet router. |
||
006 |
The main DNS server plus a second one if your network has one. |
||
015 | Your local network's DNS name e.g. mycompany.local |
||
044 | Your network's WINS server. Most networks still use this service and it should be provided by a Windows server. |
||
046 | Set it as 0x8 |
Don't forget to actually install a WINS server.
![]() |
On Windows Server 2003 also set these options:- |
||
![]() |
|||
On the Advanced tab set administrator level credentials:- |
|||
![]() |
|||
![]() |
If you are using a Windows 2003 Active Directory controller as your DHCP server, make the server a member of the built-in DNS Proxy group. |
||
![]() |
If the number of workstations requiring DHCP addresses exceed 75% of the available address pool then increase the address pool and/or reduce the lease time from the default value of 8 days to 4 days or less. |
||
![]() |
If you have server, printers etc that have static IP addresses then also set these up as reservations in the DHCP server. This has the advantages that:- |
1 - |
If the devices loses its settings and reverts to DHCP it will still get the correct IP settings. |
|
2 - |
The DHCP management console has a complete record of all the IP and MAC addresses used on your network. |
|
![]() |
Make sure that any firewall running on the DHCP server computer isn't blocking incoming DHCP requests to the broadcast address 255.255.255.255 on UDP ports 67 and 68. |
To allow remote access to your network, or the operation of
an in-house mail-server, you need a static Public Internet IP address from your ISP.
A static IP address is one whose value never changes as opposed to
a dynamic IP address where a different address is assigned every
time your Internet service connects.
A static IP address usually costs between £2 and £5 extra per month.
If you want to send emails directly you should also have a DNS name assigned to your static IP address
Most ISPs offer businesses a choice of a single IP address or a group of 8.
So how many do you need?
Because Internet IP addresses are precious, a whole range of techniques have
evolved to allow you to perform a multitude of different functions from
behind a single IP address.
The only good reasons I can think of for having more than one
Public IP address are:-
![]() |
You want to operate multiple SSL websites. |
![]() |
You need to have 2 or more of the same type of server, using the same TCP port, accessible from the Internet - such as 2 Terminal Servers. |
I've seen several companies
that opted for a block of 8 Internet addresses but only ever use one and so,
for simplicity and cheapness, go for a single IP address unless you are
sure that you need more.
With a single Public IP address you can use a standard
ADSL/Cable router while with a block of 8 you need a special router or 2
standard routers back-to-back.
To check if a DNS name is assigned to your IP address, at the
command prompt type:-
nslookup <your IP address>
This DNS name should be entered as your mail-server's masquerade name.
(Arrowmail needs 15 public IP addresses to run all of its services.)
Everything on this webpage, besides this section, talks about Internet Protocol
version 4. However, a new system called Internet Protocol version 6 (IPv6) has
been designed, trialled, universally agreed on and built into the latest versions
of operating systems.
There are routers and switches available that work
with IPv6 which also perform any necessary IPv4-to-IPv6 conversions.
IPv6
was designed to overcome the limitations of IPv4, most notably the
number of IP addresses available. Here's a comparison:-
Number of Available IP addresses | |
IPv4 | 4,294,967,296 |
IPv6 | 340,282,366,920,938,463,463,374,607,431,768,211,456 |
A typical IPv6 address looks like this:-
It's 8 blocks of 4-digit hexadecimal numbers with leading zeroes omitted, and any
block that is all zeroes is also omitted - hence the "double colon".
However, right now, IPv6 isn't used on the Internet and no ISP will assign you a
public IPv6 address.
IPv6 is the solution to the
ongoing expansion of the Internet but it's probably going to be another 20 years
before it will have replaced IPv4 on the Internet.
At the moment nothing.
You could if you wished use IPv6 addresses on your LAN and buy IPv6
enabled switches and routers, but you would need to go through an IPv6-to-IPv4
convertor to access the Internet.
In the vast majority of cases this would be madness.
When IPv6 addresses go live on the Internet your ISP will probably do the
conversion for you to start with, and later you'd have your own IPv6 Internet
Router and IPv4 convertor.
Finally, when the Internet has completely changed over to IPv6, private LANs
will use IPv6 addresses and the information and recommendations on this page will then be
irrelevant.
So you've chosen the IP range for your LAN, set up the
static IP address devices, configured a DHCP scope and established a DNS
server on your LAN to resolve local DNS names.
Is there anything else you've forgotten to do?
Many people forget to set up a reverse DNS zone on the local DNS server.
A reverse DNS zone allows your LAN's DNS server
to answer questions such as:-
"What is the name of the computer with IP address 192.168.1.123?"
The answer might be something like:-
workstation28.companyname.local
With no reverse DNS zone, your DNS server does what it does with all
questions it doesn't know the answer to: it asks its big brother on the
Internet who then passes the query around other DNS servers until, after
a minute or so, the answer comes back "Don't know".
Because there are 10s of 1000s of computers around the world with the
IP address 192.168.1.123, each with a different name, it's not a
question that Internet DNS servers can ever answer.
There are so many request for DNS names of private IP addresses sent
out to the Internet that a special DNS server has been set up to answer them all.
It has the the striking DNS name of prisoner.iana.org
and it relieves other DNS servers from the burden of answering these requests.
What answer does prisoner.iana.org give in reply to requests
for the DNS name of a private IP address?
![]() |
It blows a raspberry. |
![]() |
It gives the Buddhist answer "mu" - un-ask the question. |
![]() |
42 |
![]() |
It shouts "stop wasting my time with stupid questions." |
A more technically accurate explanation is
that it tells the requesting server that it's failed to authenticate
when trying to register its DNS record. |
|
![]() |
The server is a prisoner of other people's stupidity.
© 2018 Arrowmail Ltd, a UK-registered company, number 4079706, registered VAT Number GB 895 0987 60
We welcome any comments about this website, good or bad. Send them to
webmaster@arrowmail.co.uk