Private network
In Internet terminology, a private network is a network that uses RFC 1918 IP address space. Computers may be allocated addresses from this address space when it is necessary for them to communicate with other computing devices on an internal (non-Internet) network but not directly with the Internet.
Private networks are becoming quite common in office local area network (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every computer, printer and other device that the organizations use. Another reason for the extensive use of private IP addresses is the shortage of publicly registerable IP addresses. IPv6 was created to alleviate this shortage, but is yet to be in widespread use.
Routers on the Internet are (normally) configured to discard any traffic using private IP addresses. This isolation gives private networks a basic form of security as it is not usually possible for the outside world to establish a connection directly to a machine using these addresses. As connections cannot be made between different private networks via the internet, different organizations can use the same private address range without risking address conflicts (communications accidentally reaching third party which is using the same IP address).
If a device on a private network needs to communicate with other networks it is necessary for a "mediating gateway" to ensure that the outside network is presented with an address that is "real" (or publicly-reachable) so that routers allow the communication. Typically this gateway will be a Network address translation (NAT) device or a proxy server.
This can cause problems, however, when organizations try to connect networks that both use private address spaces. There is the potential for clashes and routing problems if both networks use the same IP addresses for their private networks, or rely on NAT to connect them through the Internet.
The current private internet addresses are:
| Name | IP address range | number of IPs | classful description | largest CIDR block | defined in |
|---|---|---|---|---|---|
| 24-bit block | 10.0.0.0 – 10.255.255.255 | 16,777,216 | single class A | 10.0.0.0/8 | RFC 1597 (obsolete), RFC 1918 |
| 20-bit block | 172.16.0.0 – 172.31.255.255 | 1,048,576 | 16 contiguous class Bs | 172.16.0.0/12 | |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 65,536 | 256 contiguous class Cs | 192.168.0.0/16 | |
| 16-bit block | 169.254.0.0 – 169.254.255.255 | 65,536 | single class B | 169.254.0.0/16 | RFC 3330, RFC 3927 |
RFC 1597 was the original specification but is now for historical purposes only and is now superseded by RFC 1918.
To reduce load on the root nameservers caused by reverse DNS lookups for these IP addresses, a system of "black-hole" nameservers are provided by anycast network AS112. [1]
Link-local addresses
A second set of private network is the link-local address range codified in RFCs 3330 and 3927. The intention behind these RFCs is to provide an IP address (and by implication, network connectivity) without a DHCP server being available and without having to configure a network address manually. The subnet 169.254/16 has been reserved for this purpose.
If a network address cannot be obtained via DHCP, an address from 169.254.1.0 to 169.254.254.255 is assigned randomly. The standard prescribes that address collisions must be handled gracefully. Within the 169.254/16 address range, the subnets 169.254.0/24 and 169.254.255/24 have been set aside for future use.
As with the private network addresses defined in RFC 1918, packets from this subnet must not be routed to the internet at large.
See also
External links
- RFC 1918 – (html version): "Address Allocation for Private Internets"
- RFC 3927 – (html version): "Dynamic Configuration of IPv4 Link-Local Addresses"