And said the same on SuperUser the day after.

* https://superuser.com/a/1257080/38062

And I suppose 127/8 because it's the highest /7 or highest /8 without the MSB on?

[flagged]

I worked in the early 90s getting UK companies connected. The number of people who had copied Suns (and HPs and others) addresses out of the docs was enormous. One of them was a very well known token ring network card vendor.

Hooking up that first T1 was super exciting! I worked at an early ISP (not a big one) in 1995. They were still on a 56K dedicated line and a very small bank of modems. I still remember when the guy from MCI showed up to test the new T1 we were getting. The first frame relay customers I brought up were also super fun. I sometimes miss networking.

Oh wow. Genuine question - if you could go back, would you go through the hassle of getting a different one assigned?

As the authors themselves note, RFC 1597 was merely formalizing already widespread common practice. If the private ranges were not standardized then people would still have created private networks, but just used some random squatted blocks. I can not see that being better outcome.

Can you please elaborate? How would such a minute change lead to "a better internet"?

> It was common for those companies to use those public IP addresses internally to this day

Yep, a desktop PC with its own IPv4 address. Back in the day, no firewall afaik.

From another post on here:

> > Wasn't 192.9.200.x Sun's example network?

> of course you are correct. sorry. jet lag and not enough coffee.

I've done work for several municipalities and police departments in western Ohio and found 192.9.200.0/24 in several. They all had a common vendor who did work back in the 90s and was the source.

Note, the CIDR RFC didn't come out until Sep 1993. Thus even brand new network equipment in the mid 1990's were still very classful. And even then, knowledge of how to properly use /etc/netmasks in SunOS v4.x (or the equivalent if some other network stack even had one) was very scarce.

In the mid 90's, SMBs connecting to the Internet would have very typically obtained a /24 from their ISP, and had direct connection online, no firewalls, barely any proxy servers (although that was popular for some mid sized customers that would have needed multiple /24s or even a /16 to get all their workstations online).

It wasn't until the company Network Translation, with the PIX came about that anybody even considered doing private IP address in general as a firewall strategy with NAT translation using private IPs. And then it took years and years to become popular. Long bought by Cisco at that point.

I don't think Cisco IOS even had NAT until something like 10.2, when it was a premium license package.

> I had never heard of Jon Postel before.

Reading this makes me a bit sad and reminds me that I'm older now and lucky to have grown up during the golden age of the Internet.

Does that even work? I thought all 127/8 was loopback

I don't think this does anything to explain why 192.168/16 was chosen specifically. Three netblocks (10/8, 172.16/12, and 192.168/16) were selected from the class A, B, and C address spaces to accommodate private networks of various sizes. Class C addresses by definition have the two most significant bits set in their first octet and the third set to 0 (i.e., 192 - 223.)

192 in the first octet starts the class C space, but 10 and 172 do not have the same relationship in classes A and B.

192 is the first C class, 168 likely next available when rfc1918 was written.

Is it? What section do you mean? I don't see anything in there about private networks or 192.168.0.0/16 (in CIDR notation, which didn't exist at the time).

> I'm also tired of remembering ports, if there's a way of mapping those. Should I run a local proxy?

If we're talking web-services - absolutely. I put Caddy in front of everything just to be able to simply use domains. You can also use it to map ports to either standard or more convenient ones if that suffices. Configuring reverse-proxy with Caddy [0] takes just a few lines:

  http://some-service.internal {
      reverse-proxy localhost:12345
  }

- DNS-server: most routers can be that; another easy option would be PiHole.

- DHCP-server: same as above (PiHole does DHCP too).

- Reverse-proxie(s): you can have either just one for the entire network or a number closer to the amount of services if you choose to have HTTPS between everything. Wouldn't bother with Nginx for that unless there is a strong incentive.

- ACME-server: provides the certs for the local reverse-proxies if you choose to have HTTPS between everything. Caddy can also act as a very easy to set up ACME-server [1].

If you have all that set up, you can access all the local services securely and via readable URLs. Given all the services get their certs from the ACME-server, the consumers only need to trust (install) one root cert in order to consider all the local connections secure.

Might seem like a lot at first, but the configuration is fairly straightforward and I found it's worth the effort.

[0]: https://caddyserver.com/docs/caddyfile/directives/reverse_pr...

[1]: https://caddyserver.com/docs/caddyfile/directives/acme_serve...

DNS obviously. It’s easy, don’t let memes put you off.

For port mapping depends what specifically you’re aiming for. SVCB/HTTPS records are nice for having many https servers on a single system.

DNS (queue the "now you have two problems" meme)

Theoretically SRV records can be set in dns to solve the port issue, realistically Nothing uses them so.... You are probably out of luck there. The way SRV records work is you are supposed to ask a network "Where is the foo service at?"(SRV _foo._tcp.my.network.) and dns sez "it's at these machines and ports" (SRV 1(pri) 1(weight) 9980(port) misc.my.network.(target))

https://www.rfc-editor.org/rfc/rfc2782

My personal low priority project is to put mac address in DNS, I am about as far as "I could fit them in an AAAA record"

As for specific software recomendations, I am probably not a good source. I run a couple of small openbsd machines(apu-2) that serve most of my home networking needs. But, I am a sys-admin by trade, while I like it, I am not sure how enjoyable others would find the setup.

10.0.0.1 or 10.1.1.1 would be a bit easier to type. You could migrate there.

Local proxies are nice for these kinds of things, but most phones are running some kind of mDNS service so try setting up avahi/openmDNS to advertise services.

I just stick all my DNS records in a normal DNS server. In my case I’m terraforming some Route53 zones. So I havd a subdomain off a real domain I own that I use for LAN gear and they all have real DNS.

For ports, anything that can just be run on 443 on its own VM, I do that. For things that either can’t be made to run on 443, or can’t do their own TLS, etc, I have a VM running nginx that handles certificates and reverse proxying.

mDNS works well for names on your local network, you can integrate it with your dhcp server, works on hosts and phones. I don't have a good answer for ports.

Added above. Thanks!

> the downvote button is not for disagreeing

That's how I think it should be, but Paul Graham disagrees (or at least he did in 2008 and I haven't seen anything later about him changing his mind).

In [1] he wrote:

> I think it's ok to use the up and down arrows to express agreement. Obviously the uparrows aren't only for applauding politeness, so it seems reasonable that the downarrows aren't only for booing rudeness

[1] https://news.ycombinator.com/item?id=117171

The problem with this idea would be all the existing software, hardware and infrastructure out there. You would either need to make it an alias, which wouldn't really change anything, or you would need to update everything everyone everywhere has, which is essentially the IPv6 migration and we all know how that is going.

flagged for removing useful content for the discussion thread

You already have .internal reserved, you know?

How would you express that in an IPv4 header? These address ranges serve a real purpose.

edit: OP: just like the downvote button is not for disagreement, the delete button is not for karma management. Not sure why you would respond to my post here and then immediately delete it.

no

Read the article rather than making something up.