skip to content

IT Help and Support

University Information Services

This page describes the three types of IPv4 and IPv6 address ranges used on the University Data Network (UDN) for connecting the University, its Constituent Colleges and other affiliated organisations, including:

If you have specific queries about this list, or how it should be interpreted, please contact Network Support with your requirement.  In particular, see the note below regarding IP address-based access control (e.g. for e-journals or other protected resources).

Public IP addresses

The following is a list of public (globally-routable) IP addresses used by the University and affiliated institutions on the UDN when they make connections out onto the public internet:

Protocol Range Status Managing authority
IPv4 "Inside" Computer Laboratory (
IP Register ( Department of Engineering IP Register MRC - Cognition and Brain Sciences Unit (MRC CBU)* IP Register MRC - Cognition and Brain Sciences Unit (MRC CBU)* "Outside" IP Register IP Register
IPv6 2001:630:210::/44** "Inside" IP Register

* These ranges are used exclusively by Medical Research Council units but, as stated above, the MRC also uses some addresses in other ranges above.

** The University is migrating from the 2001:630:210::/44 block to 2a05:b400::/32.

Address blocks in the public ranges are allocated by the managing authority shown above.  Hosts must be registered in the University IP Register database (or the appropriate institution) with hostnames ending in

The two IPv4 "outside" blocks are ones which are earmarked for use by connections which should be regarded as "outside" the University (such as web search spidering systems).

UDN-wide private addresses

Within the UDN, private (RFC1918) IPv4 addresses are used to alleviate the shortage in availability of public (internet-routable) addresses.  These addresses are known as UDN-wide private addresses and have the following properties:

  • Within the UDN, these addresses are routed between institutions, just like public addresses, without needing translation and function equivalently to public addresses.
  • When connections are made to hosts outside the UDN, the source address is adjusted to an address in the UDN public ranges by the Network Address Translation (NAT) service. To the internal host, they appear to have normal outbound connectivity to the internet, without the need for any special configuration, such as proxy servers.
  • Direct inbound connections to hosts on these addresses is not possible because they do not have globally-reachable addresses of their own. As such, they are usually useful only for client-only hosts (such as end user computers) or servers which only need to be accessed from inside the UDN.  Firewalls or routers can be configured to provide a DNAT (Destination NAT) to permit this, if required, but it is often better to use a public address in the first place.

These properties make UDN-wide private addresses ideal for client-only devices, such as end-user devices, including those on the University Wireless Service (captive portal [UniOfCam] and eduroam).

The ranges currently in use are:

Range Comments / use Institutional allocations.  Changed status from Reserved in September 2015. Institutional allocations, including University Telephone Network Management networks used by the UDN, University Wireless, etc.

Note the 172.x.x.x ranges amount to all of the RFC1918 block except, or alternatively all addresses from to inclusive.

Address blocks in the UDN-wide private ranges are allocated by IP Register; hosts must be registered in the IP Register database with hostnames ending in

Institutions using RFC1918 addresses should choose addresses from the institution-private ranges, rather than ones in the above list, to avoid clashes, resulting in difficulty reaching other hosts on the UDN.

For IPv6, the UDN does not currently make use of private (ULA - Unique Local AddressesRFC4193) as it is felt that there is sufficient capacity in the public ranges for use by internal services.  This policy may be changed in future, if the situation changes.

Institution private addresses

Some RFC1918 addresses are reserved for use internally by institutions - these are known as institution private addresses.  These ranges will never be used by the UDN and are safe to use for purely internal purposes.  As they are not routed by the UDN, they must be NATd before they leave the institutional network and exit onto it, if traffic from them is to be routed outside; to avoid double-NAT this should be to a public IP address.

Note that the range only includes the lower half of the RFC1918 block: is assigned as UDN-wide private addresses.

Institutions are free to allocate and use addresses in this range without needing to notify IP Register.  It is recommended that hosts in the institution private range are allocated hostnames in a local, private DNS with a domain ending (note the transposition of 'private' and 'inst', compared with UDN-wide private addresses).

Reserved private addresses

There are currently no ranges specified by RFC1918 which are not allocated on the UDN.  Previously, was reserved and was not used on the UDN, but this was reassigned to UDN-wide private in September 2015.

Note when using IP address-based access control

It is important to note that hosts using UDN addresses do not necessarily belong to, and/or are used by a member of, the University nor one of its Constituent Colleges.  For example, note that the following users are all connected to the network and may use any of the addresses in the above blocks may be used by:

  • Academic visitors - e.g. eduroam visitors, visiting staff on college or departmental connections
  • Non-academic visitors, such as conference guests
  • Temporary contractors
  • Institutions who are associated with the University and have been provided with a connection to the University network, and on through Janet, but are not legally part of the University (such as MRC units, Theological institutions, affiliated organisations)

In addition to this, the addresses used on the network may change, be added to or relinquished.  Also, users are making increasing use of connections which will be outside the UDN (such as via domestic or mobile technologies).

It is strongly recommended that IP addresses are NOT used as a method of access control to internal or external services.  Unentitled visitors or associate users may be permitted and entitled users on different addresses may be denied access incorrectly.

Last updated: 27th November 2019

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Your University GoogleDrive: 20GB quota limit from December 2022

19 January 2022

Google is replacing its G Suite for Education model licensing model in October 2022. As a result, there will be a new limit of 20GB on personal GoogleDrive spaces provided with G Suite@Cambridge accounts. If your GoogleDrive usage exceeds 20GB after 1 December 2022, your University account GoogleDrive will become read-only until your usage is brought below 20GB.

Moodle offline for upgrade during 06:00–12:00 on Tuesday 11 January

10 January 2022

Moodle will be unavailable from 06:00 to 12:00 on Tuesday 11 January while we upgrade it to version 3.9. During the upgrade, you won’t be able to view or upload sessions on Panopto because access is managed via your Moodle login. Assessment Moodle, ICE Moodle and Clinical School Moodle users will be unaffected. An outline...

HEAT authentication method changing to Azure on 13 January

7 January 2022

We're changing the authentication method for the IT service management system, HEAT, to Microsoft Azure on Thursday 13 January 2022. What is changing? You should continue to use the same URL for accessing HEAT: However, the 'Sign in' screen you'll be directed to will look slightly different,...