Are there any advantages to using someone else's publicly-routable IPv4 addresses locally?

user1828083 asked:

My 10000+ users network, which spans the whole State and is very complex, has a “strange” addressing scheme.

Though our PCs are not directly connected/exposed to the Internet, our network designers assigned IP addresses taking them from a range different the “ordinary” IANA-reserved private IPv4 network ranges (10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255).

Assume that the IP addresses used in our intranet are in the range
20.*.*.*

, i.e. addresses that are officially assigned in Internet (and don’t belong to us).

Can anyone explain the advantages (if any) of this strange choice?

My answer:


Don’t do this if you ever intend to connect the network to the Internet. It’s just far too risky.

First, you’re using blocks of IP address space which belong to someone else. Because of this, you will have difficulty communicating with that other party as your routers may get confused as to whether the traffic should be sent to the other party or your internal network.

Along the router confusion line, this is a seriously non-default configuration, and the slightest mistake can result in live traffic with those IP addresses going over the public Internet, or worse, routes being announced to the Internet’s default-free zone. Just like when somebody in Pakistan screwed up a router config and caused all of YouTube’s traffic to be routed to that country, you could find yourself swamped with the other party’s traffic.

And many ISPs and peering/transit providers have terms of service which prohibit using others’ IP address blocks. If you use other people’s IP address blocks, and they leak onto the Internet, you could be nullrouted or depeered or worse.

(Interestingly, Apple was one of the first companies to make this mistake; they had to renumber 5000 machines to recover. Their story is mentioned in RFC 1627.)

Since you or your predecessors already did it, your only way forward is to fix the numbering scheme. This is not particularly challenging technically, but it will be very time consuming and require some maintenance windows as well as coordination between the system and network administrators. Hopefully you can finish before something really bad happens.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.