My company installs specialized webservers for tracking commercial building HVAC performance. These machines each have two LAN adapters–a primary and a secondary.
The way the system is intended to work, only one port is supposed to be able to access external network segments–the system only supports a single default gateway between both ports, rather than maintaining a separate gateway for each individual adapter. When resolving addresses, the server first checks whether the destination IP shares a subnet with either adapter, then sends external traffic to the default gateway using whichever adapter resides on the same subnet as the gateway. This creates problems if both adapters reside on the same subnet, because the device doesn't know which adapter to forward external traffic to.
In general, my company has control over the addressing of the secondary port while our customers provide us with the addressing for the primary port so they can access it on their corporate LAN.
In an ideal world, I would set that secondary port to a standard IP configuration so that our field techs could directly connect to any server we install and not have to reconfigure their clients depending on where they are working.
As it currently stands, our current company IP address standard is 192.168.1.100/24 for the secondary port, except in all those places where the customer kept their local LAN segment on the default 192.168.1.x/24 and our standard goes out the window.
I want to change my company standard to avoid these subnet collisions so we don't have to track which sites are exceptions to the standard, but I need to know: what subnet configuration am I least likely to run into? 192.168.1.X is an obvious one, but in my experience I've run into a lot of 10.x.x.x and 172.18.x.x. Are these the only major ranges I need to avoid? Is there another address range that I could comfortably move our standard to because common practice among network administrators is to avoid it?
Best Answer
You can use
fdc8:6837:6e34:2b0c::/64to avoid collisions. It is highly unlikely that anybody else is using that exact prefix.That prefix was generated according to RFC 4193. The way RFC 4193 works is that you start with
fdas the first octet, the next five octets must be randomly generated. The randomness of those five octets ensures that you will only have a negligible probability of collisions.That approach will produce a
/48prefix, and you are allowed to use the remaining 80 bits as you see fit. In the example above I chose to generate the next 16 bits randomly as well to reduce the probability of collisions even further.If you insist on using IPv4 (which I would not recommend because IPv6 is better suited to the requirements you mention than IPv4 is), you can still take some inspiration from RFC 4193. When choosing an RFC 1918 prefix, you can generate some octets in the address randomly. You are not required to use a
/24. Judging from your requirements, I think a/29prefix could be more suitable. So you can take10.0.0.0/8and append 21 random bits, which could end up as10.123.71.152/29.The risk of a collision if you use that prefix will be fairly low, but it will still be higher than with IPv6.