Why the 192.168.x.x range?

Kris.J · Mar 27, 2008, 9:00 PM

I've often wondered why developers, manufacturers, many network admins, etc. use the 192.168.x.x range by default for their private networks instead of ten-dot, but I've never posted the question anywhere.

This seems as good a place as any - so, why?

Personally, I find the 10.x.x.x range many times easier to subnet out, to remember, to type, to vocalize, etc. than anything ever was in the 192.168.x.x range.
Easier to say, easier to type, easier to keep straight in my head!

I always change anything I get my hands on to ten-dot right away - even pfSense. ;)

I've got a detailed addressing scheme based on all ten-dot with a 16 bit mask that I use, it's very logical and intuitive (IMO of course).

sullrich · Mar 27, 2008, 9:07 PM

If we changed it to a 10.0.0.0/8 address someone would just complain that they liked it better on 192.168.0.0

Sorry but this is semantics and we are not changing the default.

Kris.J · Mar 27, 2008, 9:44 PM

I'm not asking anyone to change - did it seem like I was complaining, asking you for a change, or any such other thing? ;)

I'm just wondering why in general, and this seemed like a good community of fellow networking professionals in which to pose a simple "I wonder why this is…" question.

Cry Havok · Mar 27, 2008, 11:14 PM

Probably because a /24 is (more than) enough for most small networks and despite CIDR being around for a small eternity, many people still think in terms of classful addressing. That and the fact that, when you're dealing with the average end user, it's easier if you know that their (say) Netgear router will be on 192.168.1.1/24.

Personally I make use of the full range of RFC1918 address options and a wide variety of netmasks.

hoba · Mar 27, 2008, 11:24 PM

Reconfiguration is pretty easy anyway. You even can do it from the shell so you don't have to configure a client first for the factory default subnet to do it via webgui. It's a few keystrokes after installation only ;)

sai · Mar 28, 2008, 10:43 AM

when you start doing vpns ,you need different subnets and if you have used 10.0.0.0/8 then you get stuck.

GruensFroeschli · Mar 28, 2008, 1:08 PM

I personally like the 172.x.x.x range ;)

not 192.168.x.x which might cause problems if i connect a new device and it has per default an IP i use.
and not the 10.x.x.x range because, like sai said: range is used for VPN's or the private net of a bigger company.

Kris.J · Mar 28, 2008, 1:42 PM

@sai:

when you start doing vpns ,you need different subnets and if you have used 10.0.0.0/8 then you get stuck.

No, not if you think CIDR instead of classful! ;)
I don't ever think in terms of Class A,B,C anymore - it's obsolete.
When doing private networks, we can use any mask we want thanks to CIDR.

I use an all-inclusive ten-dot scheme with a global 16-bit mask.
10.x.x.x/16

2nd Octet = network designator. Each physical location gets its own subnet. If you have a WAN comprised of 3 separate offices for example, it would go like this:
10.10.x.x/16 = Main Office
10.20.x.x/16 = Remote Office A
10.30.x.x/16 = Remote Office B

3rd Octet = device type
10.10.1.x/16 = a DHCP client at the main office
10.20.254.x/16 = a router/gateway at remote office A
10.30.253.x/16 = a wireless access point at remote office B
10.30.252.x/16 = a managed switch at remote office B
10.10.240.x/16 = a F&P server at the main office
10.10.242.x/16 = a terminal server at the main office
10.20.229.x/16 = a ip camera at remote office B

And so on - I've got a long list of 3rd octet designations - the point being that given any IP, one who knows the scheme can instantly derive where geographically the device is located and what type of device it is. The reversal of that is "I wanna telnet/ssh to the sole wireless access point over at remote office C - it must be 10.30.253.1"

4th Octet = host
10.10.240.3 = a F&P server at the main office, chances are good that this is the third server of three
10.20.253.2 = a wireless access point at remote office, chances are good that this is the second of two WAPs

VPN road-warrior client pools always get 172.16.1.0/24
If I have several different vendors who need VPN access to different systems on the private network, I'll subnet them out separately
Vendor A = 172.16.1.0/24
Vendor B = 172.16.2.0/24
etc.
Then I'll write ACL to allow each vendor to get to the hosts they need access to, and nothing else.

Site-to-site "24/7" VPN tunnels are a little different though - if both end-point private networks are numbered ten-dot/16, that's when the potential for conflict arises.
The solution is to keep with the 16-bit subnet mask, and make sure the LANs are different.
For example:
10.10.x.x/16 = main office
10.11.x.x/16 = home office of a main office staff member, with a "24/7" VPN tunnel link up and running.

In closing, the "Why 192.168.x.x?" question is simply a philosophical musing - I always wonder what motivates people to make the decisions they do, and based on my experience ten-dot is many times easier to manage than 192.168.x.x for private networks.

This wondering naturally leads me to ask the question "Why did the person who made the out-of-the-box-defaults at Netgear/Linksys/DLink/etc. choose 192.168.x.x?"

I'm sure those persons had what they thought were good reasons at the time - I just like to find out what those reasons are.
I cannot accept things at face value, I have to know why - there always seems to be an interesting story behind the "why", and listening to the logic behind decisions made by other people is a useful learning experience.

Eugene · Mar 28, 2008, 5:53 PM

@Kris.J:

I don't ever think in terms of Class A,B,C anymore - it's obsolete.
When doing private networks, we can use any mask we want thanks to CIDR.

It is news for me that it is obsolete ;-)
If it is obsolete why do not you use 192.0.0.0/8 instead of 10.0.0.0/24? :-)

Eugene.

Kris.J · Mar 28, 2008, 6:15 PM

@Eugene:

@Kris.J:

I don't ever think in terms of Class A,B,C anymore - it's obsolete.
When doing private networks, we can use any mask we want thanks to CIDR.

It is news for me that it is obsolete ;-)
If it is obsolete why do not you use 192.0.0.0/8 instead of 10.0.0.0/24? :-)

Eugene.

When numbering a private network, why should we care about classes?
I only need to know what ranges are reserved for private use, then CIDR lets me sub- and super- net them to my heart's content. Right?

hoba · Mar 28, 2008, 7:02 PM

I agree that such a scheme is pretty nice if you setup and plan everything from scratch. However my experience is that you nearly always find networks that follow completely different schemes (as the network was built by someone else, maybe even someone who had no clue) or that have grown wild in a chaotical way. From my businessexperience I can say that it's often impossible or a really big effort to start over and do it right or the customer doesn't see the need or wants to pay for it. Once you have multiple locations and subnets it starts to become tricky. No matter what default IPs/subnets we would put on LAN it will be wrong for these cases and even in your scenario it will be wrong unless it's the one router at the one location doing the right task.

Cry Havok · Mar 28, 2008, 8:21 PM

@Eugene:

It is news for me that it is obsolete ;-)

Hey, it's only been around for 15 years or so:

http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing (for those that haven't come across it yet)

Eugene · Apr 2, 2008, 12:00 AM

@Cry:

@Eugene:

It is news for me that it is obsolete ;-)

Hey, it's only been around for 15 years or so:

http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing (for those that haven't come across it yet)

Agree, I misread Kris… He does not reject terms network of class A,B,C. He simply does not think in these terms:

@Kris.J:

I don't ever think in terms of Class A,B,C anymore - it's obsolete.

Sorry.