Deano’s answer to: “Will different computer users inside one company (i.e. at one building location) normally share the same IP address?”

The short answer: No. All IP addresses for individual computers must be unique to allow for proper/intended network function.

The more complicated truth: Most users inside a company have “multiple IP addresses” – one local/internal IP address associated with their computer, and one or more external IP addresses, which map back to the local address via a process called Network Address Translation (NAT), and pass actual Internet traffic back and forth.

(Image snuck safely out of http://qwikstep.eu/search/get-ex…)

These external IPs exist, and continue to be used for several reasons:

  • The IPv4 address space, which most Internet ready devices still use is comparatively small, so assigning unique IPs worldwide to all Internet-capable devices is simply no longer possible[*]. The “new” address space, known as IPv6, has been in development for several hundred years, and will be rolled out “any day now” to consumers and business.
  • Because of this, companies use routers to translate between internal and external IP addresses, even on a one-to-many basis. While it is unlikely that a large company will use a single external IP for a given building/campus, it’s possible that whatever your internal IP address, external traffic to your single computer may hop between external IPs over time, or based on the service(s) you use.
  • Internal IP addresses also give you a nearly-unlimited and “free” supply (okay, a mere 18 million or so usable) of addresses, that you can organize as you wish. While most home Internet users are at least somewhat familiar with the “192.168.0.0/16” network, the other private address spaces are “172.16.0.0/12”, or my personal favorite, the “10.0.0.0/8”[“]. By contrast, external “Internet IPs” are usually leased through a hosting provider, and more IPs = larger monthly bill.
  • Most companies (or at least their ISPs) use firewalls and other security measures to protect from both external attack, and various kinds of internal tampering/espionage. These firewalls typically sit between the internal and external address spaces, and monitor traffic for suspicious behavior, blocking known exploits and recording log data to help forensically source unknown attack vectors after the fact.

Long story short – Yes, in many cases, everyone in a single location of a given company will share one external IP address, making it difficult to associate IP traffic to a specific user within the company[†]. For this reason, marketers, website administrators, hackers, and security and support companies will typically try to use other means (transparent GIFs, cookies, user registrations, “MAC IDs”, etc) to identify individuals as distinct from their associates within the company.

[* Actually, back in the day I worked at several companies and universities that used a public network address for all their Internetworked machines (often numbering in the hundreds or less)… It wasn’t until the advent of students needing their own IPs that most universities switched over. ]

[“ For more on the private network address space, check out the great Wikipedia entry here: http://en.wikipedia.org/wiki/Pri… ]

[† Depending on the purpose of your question and individual network configuration, that could be a very good/anonymizing, or a very bad/incriminating thing. Best to just start deleting the wikileaks porn now, just in case…]

This answer originally appeared on Quora: Will different computer users inside one company (i.e. at one building location) normally share the same IP address?

Deano’s answer to: “How are IP addresses mapped to location?”

At the top of the Internet addressing food chain, the Internet Assigned Numbers Authority (IANA) keeps track of IP addresses assigned across the globe, and meted out through the various Regional Internet Registries (RIRs).

(Photo courtesy Cisco Systems)

Internet Service Providers (ISPs) are the ones who assign IP addresses to a given customer, in a given place.

For smaller ISPs, their total service area is very geo-specific to a given city/county, which means that all of their IP address pool, purchased and assigned from an upstream “backbone provider” (also an ISP in most cases), will also be specific to that location/area.

Larger ISPs, which are more likely to “own their own backbone”, purchase their IP address space from one or more RIRs or National Internet Registries (NIRs) and could centrally manage their entire IP address space from a single location… But they too choose to sub-divide their address pool into smaller, localized service areas. This serves several purposes:

  • It enables the ISP techs to associate issues with an IP address to a physical service map in case an on-site tech need be assigned,
  • distributes the number of points of failure, and works in concert with their Disaster Recovery and Redundancy plans to ensure outages are localized as much as possible, and
  • it allows the ISP to easily absorb smaller, more local ISPs through acquisition in a smoother manner (making these customers part of a new – if redundant – local service area, rather than adding them to some larger base of users, and confusing them with existing service plans/infrastructure.

IP address geo-mapping companies simply take the information on file with ISPs, NIRs, RIRs, and the IANA; they then create mappings between IP addresses and country/state/city/neighborhood/node locations.

This information used to be highly erratic and outdated, especially once one went “below country level”. These days, however, everyone along the IP assignment chain understands the value in having accurate IP maps in place, even down the the individual node level (at least, this is true in developed countries) – and as such, this information tends to be updated exclusively electronically, from the on-site technician on up the chain.

As a result, you’re now easier to track, service, and yes, even prosecute based on your IP address alone. Thank heavens for the neighbor’s unprotected WiFi!

Answer originally appeared on Quora: How are IP addresses mapped to location?