INTERNET PROTOCOL ADDRESS ASSIGNMENT STANDARD

Purpose

This document establishes standards for the allocation, registration and reclamation of IP addresses on the University of Florida network.

Standard

1. Publicly routable IPv4 address space will only be used where it is required, and publicly accessible servers are one of the very few standard use cases. Network Address Translation of private IP addresses at the University of Florida network and Internet boundary is the largest use of public IP addresses.
2. All other devices will be allocated private (RFC 1918) addresses. In general, if a device and application will function on private IP, then it should reside on private IP.
3. Network Contacts are authorized to request network changes such as assignments of public and private IP addresses. Network Contacts are responsible for registering IP addresses used by their unit, according to the standards established by ICT.
4. Infrastructure and Communication Technology (ICT) may manage IP address assignments for Units at the request of the IT-Director.
5. IP address assignment requests will be fulfilled with addresses assigned in maskable ranges and/or subnets.
6. The minimum registration information required to be eligible for an IP address assignment is:
   1. Unit Name
   2. Network Contacts
7. Network optimization and/or design may occasionally require re-assignment of IP addresses. ICT will work with affected units to schedule such changes expeditiously while attempting to minimize disruptions.

Private IP Standard

Approved by ITAC-NI 06/20/02

Abstract: This document addresses the issues of use and management of the Private IP space at the University of Florida.

1. Definition of Private IP Addresses

Private IP addresses are defined in Internet RFC 1918. For those wishing to know more about Private IP, RFC 1918 is suggested reading. See ftp://ftp.ufl.edu/net/rfcs. The private IP adresses are the following blocks:

Class A 10.0.0.0 – 10.255.255.255
Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255

These addresses are not recognized by Internet routers. Packets with either source or destination private addresses are not forwarded across Internet links. As such these addresses can be used by the University of Florida on host machines which do not require direct connection to other hosts across the Internet. It is possible, through address translation, for some UF hosts using private IP to access a host across the Internet. The configuration of an address translator requires a pool of public IP addresses. When an IP application originating from a host with a private IP address which is destined for the Internet is opened, the address translator assigns an IP number from the address pool. Every packet related to this application aquires the assigned IP number at the translator. UF supports an IP translator for this purpose. The translator will be located near the Internet POP. Each block of IP private addresses will be labelled as translated or untranslated. Packets carrying addesses from a translated block are routed through the translator. Public addresses for the translator pool will be assigned from one of the blocks of UF public IP addresses.

2. Rationale

The rationale for the Internet private IP space is given in RFC 1918. In addition to the motivations provided there, private IP offers a modicum of security by restricting the visiblity of a host from the general Internet community.

3. UF Private IP Addresses

Addresses from the Class A 10.255.255.255 block will be assigned and kept in an authoritative database at Network Services. Packets with these addresses will be passed by Network Services core routers after an appropriate assignment and entry has been made in the database. Hosts which have been assigned a private IP number in the 10.0.0.0/8 range can access Internet and Internet 2 resources through the use of an address translator.

Addresses from the Class B 172.16.0.0 – 172.31.255.255 block will be assigned and kept in an authoritative database at Network Services. Packets with these addresses will be passed by Network Services core routers after an appropriate assignment and entry has been made in the database. This address space is used primarily to restrict access to the UF network only. Hosts in this address space are not accessible from off campus, including Internet and Internet 2, except through the UF dial-up and VPN connections. It can also be used to provide access to a subnet that is only reachable from within an existing network, and not from the core UF network. Hosts assigned a private IP number in 172.16.0.0/12 cannot access Internet or Internet 2 resources.

4. Initial Address Reservations

The following are the initial reservations for the class A block 10.0.0./8. The private IP addresses assigned here will not be routed locally until a request is made by the user.

1. The class B block 10.1.0.0/16 is reserved for Network Services
2. The class B block 10.2.0.0/16 is assigned to the Division of Housing
3. The class B block 10.3.0.0/16 is assigned to CIRCA for use in labs and classrooms.
4. The class B block 10.4.0.0/16 is assigned to HEALTHNET.
5. The class B block 10.5.0.0/16 is assigned to various campus networks.
6. The class B block 10.10.0.0/16 is assigned to NS for classrooms with the exception of a few subnets that are assigned to HealthNet.
7. The class B block 10.20.0.0/16 is assigned to Network Services for walk-up ports.
8. The class B block 10.30.0.0/16 is assigned to Network Services for authenticated networks.
9. The class B block 10.178.* is assigned in parallel to the existing UF/UMC class B block 159.178.0.0/16.
10. The class B block 10.227.0.0/16 is assigned in parallel to the existing UF class B block 128.227.0.0/16.
11. The class B block 10.228.0.0/16 is assigned to Network Services for VPN.
12. The class B block 10.229.0.0/16 is assigned to Network Services for VoIP.

Domain Name Service

Since Private IP addresses are not passed on the Internet, InterNIC DNS services are not available. Local DNS services can be used for Private IP addresses with the same conventions as are currently used locally. To prevent leaking DNS RRs, RFC 1918 recommends running two DNS servers, one internal and one external. It is recommended that UF establish an internal DNS server if DNS services are to be provided for private IP.

DHCP IP Network Number Distribution Standard

Approved by ITAC-NI 06/20/02

To support the use and growth of mobile computing at the University of Florida it is recommended that network mangers provide Dynamic Host Configuration Protocol (DHCP) support on their networks that support mobile computing users and instruct their users in configuring their mobile computing devices to use DHCP.

DHCP is used to enable individual computers on an IP network to retreive configuration information from a server (the ‘DHCP server’). Retreiving such information using DHCP (rather than using a static configuration) makes it easier to move a machine from one network location to another because the computer’s user does not need to make any system changes to accommodate the move.

Since DHCP can be used to provide Internet service to machines that cannot be identified and may belong to unknown users, it introduces a network security risk. For this reason, internet access can be provided only to DHCP client machines that either can be identified by MAC address, or whose user can be identified by GatorLink authentication.

Departments can set up their own DHCP servers or can request DHCP service by calling Network Services at 392-2061. Faculty and staff can receive help configuring their mobile computing devices from the UF Helpdesk or by calling 392-HELP. Faculty and staff at the Health Science Center should call Health Net at 392-6050.