This document originally dates from 2002, when we started using CUDN-wide private RFC 1918 IP addresses.
The IP address allocation agencies have put in place policies to make good use of the comparatively small amount of IP address space that currently remains unallocated. This is in contrast to the previous more liberal policies. This new regime, coupled with the fact that the addresses administered by the Computing Service are becoming exhausted, is forcing the Computing Service to apply a more stringent regime to the use of IP addresses within the University. The current position is not as dire as it might have been as the Computer Laboratory have loaned a large chunk of their address space to the Computing Service. Nevertheless, it is still necessary to take measures such as those described below to economise on the use of address space.
The Service has been following various strategies to avoid running out of addresses:
Where feasible, it is using 'private addresses' for internal address allocations.
It is retrieving unused blocks of addresses from University institutions to which it has made earlier allocations.
It is allocating IPv4 addresses in typically much smaller blocks than before.
Requested action by institutions
The Computing Service seeks the cooperation of all institutions in the following.
Recovery of spare addresses
It is essential that all institutions to which the Computing Service has made IP address allocations review their use of those addresses, conducting garbage collection and compaction (i.e. changing addresses so that a contiguous set of addresses can be freed), and to return unused addresses to the Computing Service, in groups of contiguous addresses. This needs to be an ongoing activity and needs to be started as soon as possible. The Computing Service is able to provide information to institutions about which of the addresses used by the institution have been seen in use across the CUDN.
Use CUDN-wide private addresses for devices that are local to Cambridge
Where institutions use IP addresses allocated to them out of the University's global address range for devices that need to be visible across the University and Colleges but need not be visible outside Cambridge, they should consult Network Support (network-support@ucs.cam.ac.uk) with a view to using CUDN-wide private addresses as described in 'Cambridge IP address ranges'. The Computing Service's IP Register and DNS mechanisms are able to handle CUDN-wide private addresses. Additionally, CUDN-wide private addresses should be used by institutions without their own routing capability for devices that are local to the institution, such as printers, network hubs and switches. This substitution of CUDN-wide private addresses for global IP addresses is straightforward.
Institutions may also be able to economise on their use of global IP address by using CUDN-wide private addresses for computers whose internet access is always made via a proxy-server located in the University. In this context, institutions should consider carefully whether it is absolutely necessary to allocate a unique global IP address to every undergraduate machine. Moreover, institutions should note that certain network applications (e.g. streaming audio) might not function for computers using CUDN-wide private addresses.
Use 'institutional private addresses' for devices that are purely local
If an institution has its own routing capability (a router or routing firewall), it could use institutional private IP addresses, as described in 'Cambridge IP address ranges', for all those devices that need to be visible only within the institution (printers, hubs and switches are common examples).
Institutions might also consider using institutional private addresses, NAT and, possibly, DHCP for devices not requiring the unfettered use of the full range of internet protocols. This has been done by several Colleges for student connections - other colleges may wish to follow suit. However, it should be noted that the limitations of this approach may prove to be too restrictive and the requirements of firewalls and network address translation for logging use of dynamically allocated IP address too burdensome in practice. Before deciding to do this, institutions should contact Network Support for the latest information.
It is important that institutions do not use the other private address ranges (described in the 'Cambridge IP address ranges' document as "reserved" and "CUDN-wide private" addresses) for this purpose.
Institutions also need to be aware that use of private addresses, whether CUDN-wide or institutional private addresses, may need to be coordinated with other uses of private addresses by any networks directly connected to the institution's network. For example, such use might occur by a member of the institution connecting their home network to the institution's network.