Should I use link-local addresses where a non-routable, internal IP address is required?

networking

Solution 1:

No, RFC3927 prohibits manual assignment of addresses within this block.

You should instead use addresses form the blocks provided by RFC1918, 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16. These addresses may be freely used, provided routes are not advertised to the internet. Remember to select a subnet that is not otherwise in use in your environment.

Solution 2:

The details of RFC3927 seem to think this is not strictly correct.

Yes, go head. The reasons why this is prohibited aren't going to come into play. It's far better than other common situations, such as commandeering 1.1.1.0/24.

If you want to play nice, you could use either 169.254.0.0/24 or 169.254.255.0/24.

2.1. Link-Local Address Selection

When a host wishes to configure an IPv4 Link-Local address, it selects an address using a pseudo-random number generator with a uniform distribution in the range from 169.254.1.0 to 169.254.254.255 inclusive.

The IPv4 prefix 169.254/16 is registered with the IANA for this purpose. The first 256 and last 256 addresses in the 169.254/16 prefix are reserved for future use and MUST NOT be selected by a host using this dynamic configuration mechanism.

Solution 3:

To answer your question, no you should not. RFC3927 in Section 1.6 prohibits this type of use.

Specifically, the last paragraph of this section says this:

Administrators wishing to configure their own local addresses (using manual configuration, a DHCP server, or any other mechanism not described in this document) should use one of the existing private address prefixes [RFC1918], not the 169.254/16 prefix.

This rules out the whole /16 for this type of use so you need to look into a different alternative.

My first suggestion would be to use a loopback interface. Loopback interfaces are perfect for communication between services within the same host that do not require access outside that host. They are used in this way by a number of services, for management interfaces, testing and other purposes.

You mentioned in your comments/edits that the appliance will not let you do this. You don't mention the vendor/model or code versions, so my first recommendation is that you contact the vendor. If this is truly a valid use of the device, they may be willing to adjust their code to allow the use of a loopback interface; they simply may not have considered this use case when writing code to validate IP addresses. Or they may tell you why this is a bad idea and why it should be done another way.

If a loopback interface is truly out of the question, then you should use RFC1918 address space for this purpose. Make sure you work with any relevant IT staff is selecting the IP range to utilize to avoid any other unforeseen problems on the network.

Related

does adding heaps of drives to a raid 0 increase performance?
Reverse DNS is not a valid hostname [closed]
Redundant web servers - 1 public addres
How to design/ensure high-availability of web servers?
WordPress site user-login: 404 page not found
How to enable SOCKS5 for Squid proxy?
What is the bracket wrapped colon notation in Nginx server blocks?
Setting up a server at home for backup purposes a bad idea?
Server 2008 R2 to Server 2016 options
blank page example.com/phpmyadmin with errors in browser's console
(A Windows guy asks) Measuring Disk Latency on Linux: Do I bother?
Word or phrase for a gentle or kind act by a gruff person?