Private network: Difference between revisions
IPV6 will obsolete private networks |
RevRagnarok (talk | contribs) added a bunch of IPv6 stuff. |
||
| Line 1: | Line 1: | ||
{{TOCright}} |
|||
In [[Internet]] terminology, a '''private network''' is a network that uses |
In [[Internet]] terminology, a '''private network''' is a network that uses RFC 1918 [[IP address]] space. Computers may be allocated addresses from this address space when it is necessary for them to communicate with other computing devices on an internal (non-Internet) network but not directly with the Internet. |
||
Private networks are becoming quite common in office [[local area network]] (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every [[computer workstation|computer]], [[computer printer|printer]] and other device that the organizations use. Another reason for the extensive use of private IP addresses is the shortage of publicly |
Private networks are becoming quite common in office [[local area network]] (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every [[computer workstation|computer]], [[computer printer|printer]] and other device that the organizations use. Another reason for the extensive use of private IP addresses is the shortage of publicly registered IP addresses. [[IPv6]] was created to alleviate this shortage, but is yet to be in widespread use. |
||
[[Router]]s on the Internet are (normally) configured to discard any traffic using private IP addresses. This isolation gives private networks a basic form of security as it is not usually possible for the outside world to establish a connection directly to a machine using these addresses. As connections cannot be made between different private networks via the internet, different organizations can use the same private address range without risking address conflicts (communications accidentally reaching third party which is using the same IP address). |
[[Router]]s on the Internet are (normally) configured to discard any traffic using private IP addresses. This isolation gives private networks a basic form of security as it is not usually possible for the outside world to establish a connection directly to a machine using these addresses. As connections cannot be made between different private networks via the internet, different organizations can use the same private address range without risking address conflicts (communications accidentally reaching third party which is using the same IP address). |
||
If a device on a private network needs to communicate with other networks it is necessary for a "''mediating gateway''" to ensure that the outside network is presented with an address that is "real" (or publicly reachable) so that [[router]]s allow the communication. Typically this gateway will be a [[ |
If a device on a private network needs to communicate with other networks it is necessary for a "''mediating gateway''" to ensure that the outside network is presented with an address that is "real" (or publicly reachable) so that [[router]]s allow the communication. Typically this gateway will be a [[network address translation]] (NAT) device or a [[Proxy Server|proxy server]]. |
||
This can cause problems, however, when organizations try to connect networks that both use private address spaces. There is the potential for clashes and routing problems if both networks use the same IP addresses for their private networks, or rely on NAT to connect them through the Internet. |
This can cause problems, however, when organizations try to connect networks that both use private address spaces. There is the potential for clashes and routing problems if both networks use the same IP addresses for their private networks, or rely on NAT to connect them through the Internet. |
||
| Line 22: | Line 23: | ||
|} |
|} |
||
| ⚫ | |||
RFC 1597 was the original specification but is now for historical purposes only and is now superseded by RFC 1918. |
|||
| ⚫ | |||
IPv6 will eliminate private networks because it will provide enough unique IP addresses, thus rendering "private network" IPs unnecessary as well as unsupported. IPV6 does not include private network features such as NAT. |
|||
==Link-local addresses ([[Zeroconf]])== |
==Link-local addresses ([[Zeroconf]])== |
||
| Line 35: | Line 32: | ||
Link-local addresses have even more restrictive rules than the private network addresses defined in RFC 1918: packets to or from link-local addresses must not be allowed to pass through a router at all (RFC 3927, section 7). |
Link-local addresses have even more restrictive rules than the private network addresses defined in RFC 1918: packets to or from link-local addresses must not be allowed to pass through a router at all (RFC 3927, section 7). |
||
==Private networks and IPv6== |
|||
IPv6 will eliminate private networks because it will provide enough unique IP addresses for everyone to have plenty, thus rendering "private network" addresses unnecessary as well as unsupported. IPv6 does not include private network features such as NAT. IPv6 does allow IPs to be non-routed for security, but there are no "special" IPs that everyone will use for "private networks." If a network engineer requires a private network, they will just configure their routers to not route a subset of their public IPs. The details of this are still being worked out, but the process is far enough along to confidently say that there will be no "private network" IPs. There was going to be "site local" addresses (similar to private networks) but it has been removed with RFC 3879. |
|||
==See also== |
==See also== |
||
| Line 41: | Line 41: | ||
==External links== |
==External links== |
||
* RFC 1918 – "Address Allocation for Private Internets" |
* RFC 1918 – ''"Address Allocation for Private Internets"'' |
||
* RFC |
* RFC 3879 – ''"Deprecating Site Local Addresses"'' |
||
* RFC 3927 – ''"Dynamic Configuration of IPv4 Link-Local Addresses"'' |
|||
[[Category:Internet architecture]] |
[[Category:Internet architecture]] |
||
Revision as of 15:21, 3 February 2007
In Internet terminology, a private network is a network that uses RFC 1918 IP address space. Computers may be allocated addresses from this address space when it is necessary for them to communicate with other computing devices on an internal (non-Internet) network but not directly with the Internet.
Private networks are becoming quite common in office local area network (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every computer, printer and other device that the organizations use. Another reason for the extensive use of private IP addresses is the shortage of publicly registered IP addresses. IPv6 was created to alleviate this shortage, but is yet to be in widespread use.
Routers on the Internet are (normally) configured to discard any traffic using private IP addresses. This isolation gives private networks a basic form of security as it is not usually possible for the outside world to establish a connection directly to a machine using these addresses. As connections cannot be made between different private networks via the internet, different organizations can use the same private address range without risking address conflicts (communications accidentally reaching third party which is using the same IP address).
If a device on a private network needs to communicate with other networks it is necessary for a "mediating gateway" to ensure that the outside network is presented with an address that is "real" (or publicly reachable) so that routers allow the communication. Typically this gateway will be a network address translation (NAT) device or a proxy server.
This can cause problems, however, when organizations try to connect networks that both use private address spaces. There is the potential for clashes and routing problems if both networks use the same IP addresses for their private networks, or rely on NAT to connect them through the Internet.
The current private internet addresses are:
| Name | IP address range | number of IPs | classful description | largest CIDR block | defined in |
|---|---|---|---|---|---|
| 8-bit block | 10.0.0.0 – 10.255.255.255 | 16,777,216 | single class A | 10.0.0.0/8 | RFC 1597 (obsolete), RFC 1918 |
| 12-bit block | 172.16.0.0 – 172.31.255.255 | 1,048,576 | 16 contiguous class Bs | 172.16.0.0/12 | |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 65,536 | 256 contiguous class Cs | 192.168.0.0/16 |
To reduce load on the root nameservers caused by reverse DNS lookups for these IP addresses, a system of "black-hole" nameservers are provided by anycast network AS112. [1]
Link-local addresses (Zeroconf)
A second set of private networks is the link-local address range codified in RFC 3330 and RFC 3927. The intention behind these RFCs is to provide an IP address (and by implication, network connectivity) without a DHCP server being available and without having to configure a network address manually. The subnet 169.254/16 has been reserved for this purpose. Within this address range, the subnets 169.254.0/24 and 169.254.255/24 have been set aside for future use.
If a network address cannot be obtained via DHCP, an address from 169.254.1.0 to 169.254.254.255 is assigned randomly. The standard prescribes that address collisions must be handled gracefully.
Link-local addresses have even more restrictive rules than the private network addresses defined in RFC 1918: packets to or from link-local addresses must not be allowed to pass through a router at all (RFC 3927, section 7).
Private networks and IPv6
IPv6 will eliminate private networks because it will provide enough unique IP addresses for everyone to have plenty, thus rendering "private network" addresses unnecessary as well as unsupported. IPv6 does not include private network features such as NAT. IPv6 does allow IPs to be non-routed for security, but there are no "special" IPs that everyone will use for "private networks." If a network engineer requires a private network, they will just configure their routers to not route a subset of their public IPs. The details of this are still being worked out, but the process is far enough along to confidently say that there will be no "private network" IPs. There was going to be "site local" addresses (similar to private networks) but it has been removed with RFC 3879.
See also
External links
- RFC 1918 – "Address Allocation for Private Internets"
- RFC 3879 – "Deprecating Site Local Addresses"
- RFC 3927 – "Dynamic Configuration of IPv4 Link-Local Addresses"