Private Internet Addresses
Private Internet network addressing at Stanford is defined by standards maintained by the Internet Engineering Task Force (IETF) and documented in RFC1918.
RFC1918 specifies the ability for Stanford University - and any other organization - to allocate IP addresses that permit full network connectivity between all hosts within the organization’s network using these addresses as well as any public Internet address allocated for use within the organization only. At Stanford, this means that hosts with RFC1918 addresses can connect to any public Stanford IP address, but not (directly) with any public IPs outside Stanford’s IP space.
Private address allocations at Stanford University must be locally unique within Stanford University networks but are not globally unique.
RFC1918 defines the following network address blocks as private (non-internet routable) addresses:
10.0.0.0/8 (10.0.0.0 – 10.255.255.255) 172.16.0.0/12 (172.16.0.0 – 172.31.255.255) 192.168.0.0/24 (192.168.0.0 – 192.168.255.255)
Stanford University networks do not currently have a support plan for Unique Local IPv6 Unicast Addresses defined by RFC4193 which can be considered IPv6 analogous to IPv4 private Internet network addressing.
Public Internet Addresses
Stanford University public Internet network addresses are blocks of addresses allocated by the American Registry for Internet Numbers (ARIN) that are globally unique. These addresses can provide full network connectivity between any hosts using public addresses globally. These addresses can also provide full network connectivity between hosts at Stanford University using public addresses and any hosts using private addresses at Stanford University only.
The Stanford University public Internet address blocks are:
IPv4:
68.65.160.0/20 (68.65.160.0 – 68.65.175.255) 128.12.0.0/16 (128.12.0.0 – 128.12.255.255) 171.64.0.0/14 (171.64.0.0 – 171.67.255.255) 204.63.224.0/21 (204.63.224.0 - 204.63.231.255)
IPv6:
2607:f6d0::/32 (2607:f6d0:0:0:0:0:0:0 - 2607:f6d0:ffff:ffff:ffff:ffff:ffff:ffff)
FQDN Firewall Policies
Fully Qualified Domain Names (FQDN) may be used for either inbound or outbound firewall policies but should only be used when static Internet addresses cannot be used. Stanford University firewalls have a limit in the number of FQDN address objects that can be configured. There will be a time lag of up to an hour between when a service has changed Internet addresses and the firewalls update their FQDN object Internet address mappings.