Many departments choose to use NAT (network address translation) behind a departmental firewall. Network Administrators that use NAT usually assign IP addresses in the RFC-defined "private" address ranges (RFC 1918), which are:

• 10.0.0.0 through 10.255.255.255 (10.0.0.0/8)
• 172.16.0.0 through 172.31.255.255 (172.16.0.0/12)
• 192.168.0.0 through 192.168.255.255 (192.168.0.0/16)

Information and Educational Technology, and the TIF Client Support Issues Subcommittee agreed on the following guidelines for assignment of addresses behind NAT firewalls.

UC Davis Guidelines for Private IP Address Space

IET-Communication Resources (IET-CR) reserves the range 10.0.0/8 to use for management of the network. IET-CR will use 172.16.0.0/12 for all centrally managed services.

In the event that a department is using these ranges (10.0.0.0/8 or 172.16.0.0/12), and there is a conflict with a centrally managed service, the department should be prepared to re-address to resolve the conflict. IET-CR will be responsible for managing shared segments of this address space to ensure there are no conflicts within services they manage.

Departments should use 192.168.0.0/16 for NAT behind departmentally managed firewall services. Departments are responsible for resolving addressing conflicts that may arise (e.g. a department merger resulting in duplicate addresses once all devices are brought behind a combined firewall).

Departmental administrators should be prepared to re-address their networks in the event of joining or leaving a centrally managed service that requires sharing of the private address space.

Note that should a department NAT device experience a failure, the private address space cannot be routed within the UC Davis network. Departments that use public address space (e.g. 169.237.X.X) behind their NAT device can have this address space routed on the network should their NAT device experience an extended outage.

Please direct any questions about these guidelines to noc@ucdavis.edu .