Operational CIDRs for Service Tunnel

IP ranges used by Service Tunnel

  • Updated on Apr 25, 2022
  • 7 minutes to read
  • Contributors

This article describes features that are only available in the Banyan Enterprise edition.

Overview

Service Tunnel creates additional network interfaces to enable VPN functionality. The network interfaces are assigned IP addresses based on specific CIDR ranges. The CIDR ranges chosen reflect the CGNAT address space; they do not interfere with other address spaces that could be available in a customer environment. More information on the CGNAT address space can be found here.

Service Tunnel CIDR Ranges

In the Command Center, navigate to Settings. Under Network Settings, select Service Tunnel. Here, you’ll see the pre-selected CIDR ranges. There should be four CIDR ranges represented on this page, as follows:

Access_tier_enduser_device: this is the CIDR range used for a network interface that hosts Service Tunnel on an Access Tier. The network interface on the Access Tier that uses this CIDR range is wg0.

Access_tier_satellite: this is the CIDR range used for a network interface that hosts Service Tunnel on an Access Tier. The network interface on the Access Tier that uses this CIDR range is wg1.

Enduser_device: this is the CIDR range used for a network interface that provides Service Tunnel on an end-user device. The network interface on the device that uses this CIDR range is one of the following:

  • Windows - wg0
  • Linux - wg0
  • MacOS - utun11

Satellite: this is the CIDR range used for a network interface that hosts the Connector. The network interface on the Connector that uses this CIDR range is wg0.

Scenario Used For Parameter CIDR Range IPs Total Addresses
Connector-Access Tier tunnels access_tier_satellite 100.120.0.0/16 100.120.0.0 - 100.120.255.255 65,536
Connector-Access Tier tunnels satellite 100.100.0.0/16 100.100.0.0 - 100.100.255.255 65,536
         
EndUser-Access Tier tunnels access_tier_enduser_device 100.110.0.0/16 100.110.0.0 - 100.110.255.255 65,536
EndUser-Access Tier tunnels enduser_device 100.64.0.0/11 100.64.0.0 - 100.95.255.255 2,097,152

If your organization requires changes to these CIDR ranges, please contact support.