Share via

You have just started as a server administrator for a small organization with a single location. The organization is using the 131.107.88.0/24 address range for the internal network. Is this a concern?

Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,756 Reputation points Microsoft Vendor
2020-08-11T04:54:16.577+00:00

Dear genius. You have just started as a server administrator for a small organization with a single location. The organization is using the 131.107.88.0/24 address range for the internal network. Is this a concern?

Original Case Link:
https://social.technet.microsoft.com/Forums/en-US/2e2fbeec-c7cc-44db-a90b-87551b5781b4/ipv4?forum=winserveripamdhcpdns

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,040 questions
0 comments
Accepted answer
  1. Sunny Qi 11,051 Reputation points Microsoft Vendor
    2020-08-11T05:01:17.043+00:00

    Hi,

    Thanks for posting here.

    As we all know, the 131.108.88.0/24 address range is a public address range. If machines assigned with these IP do not need connect to the internet, then these IP address can be used for internal network. If these machines need to connect to the Internet, then it is not recommended to use an external range on your internal network.

    The use of a public range inside a private network is not a good design. While it will work, you will definately encounter issues if your internal users attempt to connect to an external resource such as a webserver on the internet within that range. For example, let's say Google's webpage resolved to 128.1.1.1. When an internal user attempts to connect to that page, the DNS client will first attempt to resolve the host name. When the computer receives the DNS information, since the destination IP address is (from the computer's perspective) on the same network segment, the computer will NOT send the packet to the default gateway. Instead, it will simply send out an ARP request for that IP. If there is a computer with that IP on the local segment, it will respond. Your computer will then attempt to connect to that other computer in the same segment to access the web page. Of course, the web page will not appear for the user.

    The use of a public range inside your network does not automatically mean that packets will be able to get into your network. For one, that IP range has not been assigned by your ISP to you so packets destined for that range would not reach your router. However, a spoofed address can make its way in, assuming that you do not have a Firewall that checks for that. In any case, its not a good design and it is not recommended to use an external range on your internal network.

    Please kindly refer to the following article for more information about Private and Public IP Addresses:
    https://wiki.teltonika-networks.com/view/Private_and_Public_IP_Addresses
    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope my answer will help you!

    ---Please Accept as answer if the reply is useful---

    Best Regards,
    Sunny

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.