Home / server / Questions / 684157
In Process
Dan
Asked: 2015-04-21 10:25:11 +0800 CST

Should I use link-local addresses where a non-routable, internal IP address is required?

  • 772

I have a network appliance which contains some load balancing features - in my design, these features are only for use internally within the appliance. Nothing should EVER speak to them externally and, additionally, the client is low on IP addresses in the devices IP range.

Would it be acceptable to use the Link-Local range for these features? For example, 169.254.1.1.

NB: The device in question won't allow loopback IP's to be used for these features.

networking

3 Answers

  1. No, RFC3927 prohibits manual assignment of addresses within this block.

    You should instead use addresses form the blocks provided by RFC1918, 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16. These addresses may be freely used, provided routes are not advertised to the internet. Remember to select a subnet that is not otherwise in use in your environment.

    • 6

  2. The details of RFC3927 seem to think this is not strictly correct.

    Yes, go head. The reasons why this is prohibited aren't going to come into play. It's far better than other common situations, such as commandeering 1.1.1.0/24.

    If you want to play nice, you could use either 169.254.0.0/24 or 169.254.255.0/24.

    2.1. Link-Local Address Selection

    When a host wishes to configure an IPv4 Link-Local address, it selects an address using a pseudo-random number generator with a uniform distribution in the range from 169.254.1.0 to 169.254.254.255 inclusive.

    The IPv4 prefix 169.254/16 is registered with the IANA for this purpose. The first 256 and last 256 addresses in the 169.254/16 prefix are reserved for future use and MUST NOT be selected by a host using this dynamic configuration mechanism.

    • 4

  3. To answer your question, no you should not. RFC3927 in Section 1.6 prohibits this type of use.

    Specifically, the last paragraph of this section says this:

    Administrators wishing to configure their own local addresses (using manual configuration, a DHCP server, or any other mechanism not described in this document) should use one of the existing private address prefixes [RFC1918], not the 169.254/16 prefix.

    This rules out the whole /16 for this type of use so you need to look into a different alternative.

    My first suggestion would be to use a loopback interface. Loopback interfaces are perfect for communication between services within the same host that do not require access outside that host. They are used in this way by a number of services, for management interfaces, testing and other purposes.

    You mentioned in your comments/edits that the appliance will not let you do this. You don't mention the vendor/model or code versions, so my first recommendation is that you contact the vendor. If this is truly a valid use of the device, they may be willing to adjust their code to allow the use of a loopback interface; they simply may not have considered this use case when writing code to validate IP addresses. Or they may tell you why this is a bad idea and why it should be done another way.

    If a loopback interface is truly out of the question, then you should use RFC1918 address space for this purpose. Make sure you work with any relevant IT staff is selecting the IP range to utilize to avoid any other unforeseen problems on the network.

    • 3