1. Background

The University's reserves of IPv4 addresses are running low. At the current rate of assignment, approximately two years' supply remains.

  1. IPv6 is not going to save us - systems will require access to IPv4-only services for the foreseeable future.
  2. There is almost no possibility of acquiring additional IPv4 address space, certainly not without paying.
  3. We are unlikely to be able to recover significant amounts of address space from existing allocations - most cannot easily be relinquished.
  4. We cannot afford to run out entirely reserves must be retained for future expansion of the University
  5. Future IPv4 allocations must be limited to a maximum of 256 addresses (/24 subnets). An extremely strong justification must be required for any exception to this rule.
  6. The future is considerably more NAT. However this is implemented, it will bring its own challenges and incur significant (direct and indirect) costs for the University.

2. Policy

  1. NO further allocation of PUBLIC IPv4 subnets will be made to any Unit/Sub-unit 1 which already has an existing allocation.
  2. Any new Unit that joins the University will only be given a /24 allocation and will have to use RFC 1918 ranges of 192.168/16 &/or 10.128/9 2 internally to the Unit. Note: in addition existing users are encouraged, as opportunity permits, to migrate users onto the above two RFC 1918 ranges to avoid long term unexpected interaction with the other RFC 1918 ranges which may be used as part of the central NAT/PAT service if/when that is deployed.
  3. The existing policy RFC1918 Address Space Usage will now say use of the 172.16/12 range must be avoided3.
  4. This means that everyone will now have to use NAT/PAT to satisfy any requirements that do not fit into their existing allocation. All instances of NAT/PAT systems must comply with the Logging requirements to aid traceability as set out on the IT Services website.
  5. Centrally provided data centre server hosting. Where servers are provided on the data centre network the DC team will provide IP addresses. This does not apply for Campus Network connections where the Unit will provide addresses from their existing allocation.

3. Exceptions

  1. Temporary additional allocations These may be made available provided that over an agreed timescale, normally not exceeding 3 months, either the subnet itself or an equivalent subnet are returned back to the pool. Example: building move. Provide a new /24 to ease a move and then return either of the /24's (new or old one) back to the pool.
  2. Linknets4: we will allocate a public /30 (or a /29) for routing firewalls and VPN termination.
  3. Geographical exigencies. In these cases we would consider providing a linknet-type allocation.

Main outline agreed OUCS/SMG (04/12/12) & at NAG 23/01/2013.

Notes
1.
As defined by PRAS University organisation chart. We use the designation Unit to cover Sub-Unit where more appropriate. The exact boundary is ill defined. IT Services will endeavour to be as fair as practical to both the group directly concerned and the University as a whole.
2.
We are allowing only 10.128/9 because LIN already uses 10.0.0.0/12 & 10.16.0.0/12. This should avoid potential clashes when we start routing RFC 1918 in the core.
3.
Primarily the imminent large-scale projects eg Integrated Communications and the TONE Projects.
4.
Normally network addresses which are not destination addresses in and of themselves.