Usage of Network Addresses for individual hardware/software

(This page may benefit from additional hyperlinking to the various technologies for which these addresses are being reserved.)

This page discusses some example addresses that could be assigned to individual network services and/or individual NICs. The information on this page is simply meant to be an example. Feel free to adjust this example as desired.

This page is largely meant to be an example of how a private network may provide network addressing. (On a separate but similar topic: To see how some public addresses are assigned, see address usage. For some other similar topics, see: network addressing, network documentation.)

The addresses listed may show a period followed by a number, such as “.0”. The idea there is that the last octet in an IPv4 /24 could be set to the number showing after the period. Alternatively, such a number could serve just as well in a subnet of manually assigned IPv6 addresses. In cases where addresses may be getting used wastefully, which is generally not considered to be a problem for IPv6 ranges, earlier octets could be assigned using a number from the example of this page. In such a case, the number being used from this documentation could effectively be used to assign entire later octets, instead of just assigning a single specific system.

This is divided into three sections: some initial/early addresses for how some of the early addresses are assigned, and then two alternatives on how some remaining addresses may be used. The first is a simple plan for the first eighth of the addresses in an octet, followed by a more elaborate plan for the first half of the addresses in an octet which allocates some addresses to be used by implementations that provide some additional redundancy.

This example uses partial addresses (as discussed by network documentation page's section on using partial addresses). The simple reason is that there is intentionally no assumptions made about the earlier part of the network address: this example may work on multiple subnets. Many of these services (particularly the default gateway, and perhaps also the automatic address assignments) may be something found on multiple subnets, and perhaps each subnet.

[#sysadrly]: Some initial/early addresses
[#addrzip]: .0
Network ID. Should not be used due to potential incompatibility with some equipment that may treat this like broadcast traffic, and assumptions that other equipment/software may make that just assume this is not usable according to some sort of old standard.
[#addrone]: .1

A common use is for this address to be a gateway: an interface on the network which traffic may be sent to in order to have such traffic go to a wider area network (a corporate WAN and/or an even larger network: the Internet).

As a special note for IPv6, a proposal was for fec0:0:0:ffff::1 to be one of the “well-known” (site-local) IPv6 DNS server addresses.

To learn more about implementing this technology, check out routing traffic.

[#addrtwo]: .2

Alternate/redundant gateway/firewall.

As a special note for IPv6, a proposal was for fec0:0:0:ffff::2 to be one of the “well-known” (site-local) IPv6 DNS server addresses.

[#addrthre]: .3

Another alternate gateway/redundant firewall. Three addresses may seem to be reserving an excessive amount of addresses if there is no realistic plan to actually be using this many addresses. However, there is such a plan: CARP implementations may commonly use three addresses. If CARP is something that will be implemented immediately, reserving such addresses may be worthwhile. If not, it may still be useful to have the addresses reserved in case CARP, or anything similar enough to it, might be implemented someday down the road.

As a special note for IPv6, a proposal was for fec0:0:0:ffff::3 to be one of the “well-known” (site-local) IPv6 DNS server addresses.

[#addrfour]: .4
Name services (Primary DNS server)
[#addrfive]: .5
Name services (Secondary DNS server)
[#addrsix]: .6
Name services (Tertiary DNS server). Alternatively: If this is used for an automatic addressing server, then .7 could be the broadcast address of the IPv4 /29 (or IPv6 /125) then the three critical services of automatic addressing, network routing/firewalling, and name resolution may all have a presence within the first /29.)
[#addrsevn]: .7
Reserved. One option could be a fourth nameserver in case future plans involve load balancing between a pair of a pair of DNS servers. Another option may be a broadcast address for an IPv4 /29 (or IPv6 /125) subnet.
[#addrate]: .8
Automatic addressing (IPv4) (DHCP)
[#addrnine]: .9
Automatic addressing (IPv4) (DHCP)
[#addrten]: .10
Automatic addressing (IPv6) (DHCPv6)
.11
Automatic addressing (IPv6) (DHCPv6)
.12
Local time synchronization server (meant to share time with the public)
.13
Redundant: Local time synchronization server (meant to share time with the public)
[#sysadrfe]: An older plan for the remaining addresses in the first IPv4 /27 / IPv6 /123 (an eighth of an octet)

Here are some details about an older layout, with a bit less redundancy and no addresses reserved for NTP or logging. This simpler plan involves reserving fewer addresses, allowing for more addresses to be used for other purposes.

.14
Authentication (e.g. primary LDAP server)
.15
Authentication (e.g. backup LDAP server)
.16
Authentication (e.g. failover to become a working LDAP server)
.17
Authentication (different type, e.g. for VPN and/or wireless)
.18
Authentication (different type, e.g. for wireless and/or VPN)
.19
File Sharing (public shares/downloading)
.20
More file sharing (private shares/uploading)
.21
Main web server (possibly a reverse proxy, as noted by Calomel's Apache Proxy guide or Calomel's pound page or Option 3 from Calomel's Nginx guide).
.22
Web content server number one
.23
Web content server number two
.24
Reserved for more web content servers
.25
E-Mail server (incoming)
.26
Unknown, probably will be used for E-Mail
.27
E-Mail server (outgoing). For another alternative address to be an MX server, see notes by .75 in the exhaustive plan.
.28
Log Server
.29
Another log server
.30
No particular purpose
.31
Unusable. Reserved for purpose of being a broadcast address of this /27 (netmask 255.255.255.224) subnet.
[#sysadrfh]: A more exhaustive plan
.14
Local time synchronization server (private use)
.15
Reserved/Expansion. Could be a broadcast ID for a /28, or else perhaps duplicate .14.
.16
Reserved for expansion: Could be a network ID of a /28
.17
Address used for internal E-Mail checking using preferred technologies (IMAP/SSL)
.18
Address used for internal E-Mail checking using preferred technologies (IMAP/SSL)
.19
Reserved for expansion of other E-Mail checking technologies. Could also be used as a broadcast ID of an IPv4 /30
.20
Reserved for expansion of other E-Mail checking technologies. Could also be used as a network ID of a /30
.21
POP3 (primary)
.22
POP3 (secondary)
.23
Reserved for expansion. Could also be a broadcast ID of a /28.
.24
Unknown: Reserved for expansion. Could be a network ID for an IPv4 /29 or an IPv6 /125 containing mail servers that interact with the public Internet
.25
Incoming E-Mail MX #1 (SMTP). (This was rather intentionally placed at the IPv4 /29 with the first usable address of .25.)
.26
Incoming E-Mail MX #2
.27
Reserved for expansion: Could be a broadcast ID of an IPv4 /30 (or MX #3). For another alternative, see notes by .75 for handling submission.
.28
Reserved for expansion: Could be a network ID of an IPv4 /30 (or MX #4)
.29
May be used if there is a dedicated machine for handling E-Mail that will be going out to the Internet
.30
Redundancy: May be used if there is a dedicated machine for handling E-Mail that will be going out to the Internet
.31
Reserved for expansion. Could be a broadcast ID of a an IPv4 /27, which includes also being able to be a broadcast ID of an IPv4 /29 (perhaps dedicated to mail, including SMTP at .25 which was intentionally selected to match the port number). .25-.30 are the publicly facing mail servers.
.32
Reserved for expansion. Could be a network ID of a IPv4 /27.
.33
Authentication (e.g. primary LDAP server)
.34
Authentication (e.g. backup LDAP server)
.35
Authentication (e.g. failover to become a working LDAP server)
.36
Authentication (different type, e.g. for VPN and/or wireless)
.37
Authentication (different type, e.g. for wireless and/or VPN)
.38
Authentication (different type, e.g. RADIUS/firewalls/etc.)
.39
Authentication (different type, e.g. RADIUS/firewalls/etc.)
.40
Primary log server for general devices/messages
.41
Backup log server: general devices/messages
.42
Syslog
.43
Syslog
.44
Specialized Logging (e.g. logs from a network infrastructure device)
.45
Redundant for specialized logging (e.g. logs from a firewall device)
.46
Unknown: Reserved for expansion
.47
Unknown: Reserved for expansion. Could be a broadcast for an IPv4 /27.
.48
Unknown: Reserved for expansion. Could be a network ID for an IPv4 /28. (More specifically, it could also be a network ID for an IPv4 /28 which is dedicated to file servers as well as share re-distributors that can write to the file shares.)
.49
A primary file server, only accessible by authorized addresses
.50
A secondary file server, only accessible by authorized addresses
.51
A tertiary file server, only accessible by authorized addresses
.52
Fourth file server, only accessible by authorized addresses
.53
Authoritative DNS server, if not handled by the same software as the DNS resolver at .4
(This was previously marked as “File sharing: This machine tests credentials with SMB protocol and can upload to a file server”. However, that has since been moved to .57.)
.54
Authoritative DNS server, if not handled by the same software as the DNS resolver at .5
Reserved for possible use related to DNS.
(This was previously marked as “Redundant File sharing: This machine tests credentials with SMB protocol and can upload to a file server”. However, that has since been moved to .58.)
.55
Reserved for possible use related to DNS.
(This was previously marked as “File sharing: This machine tests credentials with NFS support and can upload to a file server”. However, that has since been moved to .59.)
.56
Reserved for possible use related to DNS.
(This was previously marked as “Redundant sharing: This machine tests credentials with NFS support and can upload to a file server”. However, that has since been moved to .60.)
.57
File sharing: This machine tests credentials with SMB protocol and can upload to a file server (This was previously marked as: “Reserved to expand file sharing option: file sharing with ability to write to the file server(s) with AFS. However, such notation has since been moved to .63)
.58
Redundant File sharing: This machine tests credentials with SMB protocol and can upload to a file server (This was previously marked as “Reserved for redundant file sharing option: file sharing with ability to write to the file server(s) with AFS. However, such notation has since been moved to .63)
.59
File sharing: This machine tests credentials with NFS support and can upload to a file server.
(This was previously marked as “Reserved to expand file sharing option: file sharing with ability to write to the file server(s) using SFTP/SCP/“SSH-tunnelled” solution(s)”, however, that has since been moved to .61.)
.60
Redundant sharing: This machine tests credentials with NFS support and can upload to a file server
(This was previously marked as “Reserved to expand file sharing option: file sharing with ability to write to the file server(s) using SFTP/SCP/“SSH-tunnelled” solution(s)”, however, that has since been moved to .62.)
.61
Reserved to expand file sharing option: file sharing with ability to write to the file server(s) using SFTP/SCP/“SSH-tunnelled” solution(s)
(This was previously marked as “Reserved to expand file sharing option: file sharing with ability to write to the file server(s)”.)
.62
Reserved to expand file sharing option: file sharing with ability to write to the file server(s) using SFTP/SCP/“SSH-tunnelled solution(s)
(This was previously marked as “Reserved to expand file sharing option: file sharing with ability to write to the file server(s)”)
.63
Reserved for expansion. May be used as a broadcast IP for an IPv4 /26. Or, could be used to expand file sharing option: file sharing with ability to write to the file server(s). (The AFS protocol could be used here.)
.64
Reserved for expansion. May be used as an Network ID for an IPv4 /26. Or, could be used to expand file sharing option: file sharing with ability to write to the file server(s). (The AFS protocol could be used here.)
.65
File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares use the SMB protocol.
.66
Redundancy: File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares use the SMB protocol.
.67
File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares use the NFS protocol.
.68
Redundancy: File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares use the NFS protocol.
.69
File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares use the AFS protocol.
.70
Redundancy: File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares use the AFS protocol.
.71
File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares using SFTP/SCP/“SSH-tunnelled” solution.
.72
Redundancy: File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares using SFTP/SCP/“SSH-tunnelled” solution.
.73
File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares using another file sharing protocol.
.74
Redundancy: File sharing: (Re-)distributing shares. (Any machine can connect to this as long as correct credentials are provided). Provided shares using another file sharing protocol.
.75

Reserved for expansion: Could be a broadcast ID of an IPv4 /30 if desired. This could also be a sensible number for a submission server, since 75 is 587 minus 512. (That calculation includes the number 587, which IANA has TCP port 587 reserved for the E-Mail submission protocol. The calculation also includes 512, which is the size of a /23 network. There is nothing special about the size of a /23 network, but the number 512 may be one that experienced computer experts find to be rather familiar, and therefore relatively easy to remember.) (For other servers related to E-Mail, see 25 and later.)

.76
Reserved for expansion: Could be a Network ID of an IPv4 /30
.77
File sharing/broadcasting (e.g. Bittorrent and similar technologies)
.78
File sharing/broadcasting (e.g. Bittorrent and similar technologies)
.79
Reserved for expansion: Could be a broadcast ID of an IPv4 /28 (or an IPv6 /124) network that started with .0
.80
Reserved for expansion. (Yeah, it would have been sensible to put a web server here, since 80 is the well known web server port. But rather, this can be a network ID for an IPv4 /28 or IPv6 /124 block that deals with web servers.) If using this as a network ID isn't desirable: This could also be used as a reverse proxy address of a machine listening to incoming connections.
.81
Primary web server. This may be: Main web server (possibly a reverse proxy, as noted by Calomel's Apache Proxy guide or Calomel's pound page )
.82
Reserved for possible future web-related use (perhaps somehow being redundant with the reverse proxy)
.83
Reserved for web content server.
.84
Reserved for web content server.
.85
Reserved for web content server.
.86
Redundancy: Reserved for web content server. (See .87.)
.87
Reserved for web content server. e.g. news_server.domain.lan from Calomel's Apachy Proxy guide
.88
Reserved for more web content server. (Could also be a network ID of an IPv4 /29.)
.89
Web content server number one (lots of traffic types). e.g. webserver_one.domain.lan from Calomel's pound page
.90
Web content server number two (lots of traffic types). e.g. webserver_two.domain.lan from Calomel's Apache Proxy guide
.91
Reserved for more web content servers, such as high bandwidth downloads for the general public. e.g. free_one.domain.lan from Calomel's Apache proxy guide
.92
Reserved for more web content servers, such as high bandwidth downloads for the general public. e.g. free_two.domain.lan from Calomel's Apache proxy guide
.93
Reserved for more web content servers. e.g. paid_one.domain.lan from Calomel's Apache Proxy guide
.94
Reserved for more web content servers. e.g. paid_two.domain.lan from Calomel's Apache Proxy guide
.95
Reserved for Expansion. Could also be the broadcast ID for an IPv4 /27 that starts at .64 and is related to file sharing (including web content), or perhaps simply a web-related /28 that starts with .80.
.96
Reserved for expansion: Could be a network ID of an IPv4 /27
.97
File sharing with the Internet. e.g. FTP
.98 - .126
Reserved for future expansion
.127
Reserved for future expansion. Could be a broadcast ID an IPv4 /25
.128

(This documentation is, by including a reference to .128, covering one additional address beyond what would be covered by the first 128 addresses that go from .0 to .127.)

Reserved for future expansion. Could be a network ID for an IPv4 /25.

Note that even though the more exhaustive plan covers possible uses for most addresses up through at least .97, addresses have not been reserved for some things such as redundant FTP servers, backup servers, print servers and printers. Many organizations may have about one printer per fifteen to fourty staff members. All of these things just mentioned would be most sensible to use static or reserved addresses.

Then, of course, there's the computers used by end users. No addresses have yet been reserved for them. (Fortunately, at least half of the addresses haven't been allocated yet.)

Design notes

Common network design has routers at low-numbered addresses. (Routers used to be at high-numbered addresses, traditionally. However, at some point, that tradition changed. That's rather a good thing: the low number of .1 is more likely to be found there, whereas attempts to use the final numbers of a subnet would be more affected by the size of a subnet.)

Then, name resolution servers are commonly found on low-numbered addresses.

Finally, automatic address assignment (DHCP/IPv4) is the last of the super-critical services typically needed for basic network functionality on simple networks.

For the older plan for the remaining addresses in the first IPv4 /27 / IPv6 /123 (an eighth of an octet), file sharing was intended to be near .21, which could be sensible for FTP.

For the newer plan, .16/29 (ending in .31) was intended to be related to E-Mail. That address range contains .25 (which is sensible for SMTP).

For the newer plan, .53 and nearby addresses (up through .56, which is the network ID of a different /29) are related to DNS; other addresses in .48/28 (ending in .63) and .64/27 (ending in .95) are all somewhat related to the idea of sharing files. That address range contains .80, which originally seemed sensible for HTTP. As it turns out, using .80 is an idea that might be less great because .80 could be the network ID of an IPv4 /28. Still, despite IANA's reservations of service ports having reservations for TCP port numbers 82-87 having other official purposes, such TCP port numbers are probably often actually used as additional TCP ports for HTTP traffic. So, numbers near 80 seemed appropriate for file transfer protocols.