Private network

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In Internet terminology a private network is typically a network that uses private IP address space, following the RFC 1918 standard. Computers may be allocated addresses from this address space when it is necessary for them to communicate with other computing devices on an Intranet network (internal private computer network that uses the Internet Protocol).

Private networks are quite common in home and office local area network (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every computer, printer and other devices that the organizations use. Private IP addresses were created due to the shortage of publicly registered IP addresses created by the IPv4 standard. One of the reasons IPv6 was created is to overcome this limitation of the IPv4 standard. However IPv6 still did not achieve a widespread use.

Routers on the Internet should be configured to discard any packets containing private IP addresses in the IP packet header. This isolation gives private networks a basic form of security as it is not usually possible for the outside world to establish a connection directly to a machine using these private addresses. As connections cannot be made between different private networks via the internet, different organizations can use the same private address range without risking address conflicts (communications accidents caused by reaching a third party using the same IP address).

If a device on a private network needs to communicate with other networks, a "mediating gateway" (in-between gateway) is needed to ensure that the outside network is presented with an address that is "real" (or publicly reachable) so that Internet routers allow the communication. This gateway is typically a NAT device or a proxy server. Public Internet Routers by default will not forward packets with RFC 1918 addresses. Unlike public Internet routers that need additional configuration to forward these packets, internal routers do not need any additional configuration to forward these packets.

This can cause problems, however, when organizations try to connect networks that both use the same private address spaces. There is a potential for clashes and routing problems if both networks use the same IP addresses for their private networks, or if both networks depend on NAT to connect them through the Internet.

Internet Assigned Numbers Authority (IANA) private addresses[change | edit source]

The Internet Assigned Numbers Authority (IANA) is the entity that manage global IP address allocation, DNS root zone management, media types, and other Internet protocol assignments. It is operated by ICANN.

For someone familiar with the boundaries of classful addressing, it is important to note that even though the RFC 1918 range of 172.16.0.0-172.31.255.255 falls in the traditional class B range, the block of addresses reserved is not a /16, but a /12. The same applies for the range of 192.168.0.0-192.168.255.255; this block is not a /24, but a /16. However, someone can still (and many individuals typically do) use addresses from these CIDR blocks and apply a subnet mask appropriate for the traditional classful boundary of the address.

The current IANA private internet (also called non-routable) addresses are:

Name IP address range number of addresses classful description largest CIDR block defined in
24-bit block 10.0.0.0 – 10.255.255.255 16,777,216 single class A, 256 contiguous class Bs 10.0.0.0/8 RFC 1597 (obsolete), RFC 1918
20-bit block 172.16.0.0 – 172.31.255.255 1,048,576 16 contiguous class Bs 172.16.0.0/12
16-bit block 192.168.0.0 – 192.168.255.255 65,536 single class B, 256 contiguous class Cs 192.168.0.0/16

To reduce the load on root nameservers caused by the reverse DNS lookups of these IP addresses, a system of "black-hole" nameservers is provided by anycast network AS112.

Related pages[change | edit source]