|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Private network |
|
In Internet terminology, a private network is typically a network that uses private IP address space, following the standards set by RFC 1918 and RFC 4193. Computers may be assigned addresses from these address spaces when it is necessary for them to communicate with other computing devices on an internal (not public) IP network.
Private networks are quite common in home and office local area network (LAN) designs, as many organizations do not see a need for globally unique IP addresses for every computer, printer and other devices that an organization might use. Private IP addresses were originally created due to the shortage of publicly registered IP addresses created by the IPv4 standard, but are also a feature of the next generation Internet Protocol, IPv6.
Routers on the Internet should be configured to discard any packets containing private IP addresses in the IP header. This isolation gives private networks a basic form of security as it is not usually possible for hosts on the public Internet to establish a connection directly to a machine using these addresses. As connections cannot be made between different private networks via public routing, multiple organizations can use the same private address range without risking communication conflicts (traffic accidentally reaching a third party which is using the same IP address space).
If a device on a private network needs to communicate with other networks, a "mediating gateway" is needed to ensure that the outside network is presented with an address that is publicly reachable. This gateway is typically a network address translation (NAT) device or a proxy server. Public Internet Routers by default will not forward packets with private addresses.
This can cause problems, however, when organizations try to connect networks that both use private address spaces. There is the potential for clashes and routing problems if both networks use the same IP addresses for their private networks, or rely on NAT to connect them through the Internet.
The IANA private Internet IPv4 addresses are:
| Name | IP address range | number of addresses | classful description | largest CIDR block (subnet) | defined in |
|---|---|---|---|---|---|
| 24-bit block | 10.0.0.0 – 10.255.255.255 | 16,777,216 | single class A, 256 contiguous class Bs | 10.0.0.0/8 (255.0.0.0) | RFC 1597 (obsolete), RFC 1918 |
| 20-bit block | 172.16.0.0 – 172.31.255.255 | 1,048,576 | 16 contiguous class Bs | 172.16.0.0/12 (255.240.0.0) | |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 65,536 | single class B, 256 contiguous class Cs | 192.168.0.0/16 (255.255.0.0) |
To reduce load on the root nameservers caused by reverse DNS lookups for these IP addresses, a system of "black-hole" nameservers is provided by anycast network AS112.
A second set of private networks is the link-local address range codified in RFC 3330 and RFC 3927. The intention behind these RFCs is to provide an IP address (and by implication, network connectivity) without a DHCP server being available and without having to configure a network address manually. The network 169.254/16 has been reserved for this purpose. Within this address range, the networks 169.254.0.0/24 and 169.254.255.255/24 have been set aside for future use.
If a host on an IEEE 802 (ethernet) network cannot obtain a network address via DHCP, an address from 169.254.0.0 to 169.254.255.255 is assigned pseudorandomly. The standard prescribes that address collisions must be handled gracefully.
Link-local addresses have even more restrictive rules than the private network addresses defined in RFC 1918: packets to or from link-local addresses must not be allowed to pass through a router at all (RFC 3927, section 7).
The concept of private networks and special addresses for such networks has been carried over to the next generation of the Internet Protocol, IPv6.
The address block fc00::/7 has been reserved by IANA as described in RFC 4193. These addresses are called "Unique Local Addresses" (ULA). They are defined as being unicast in character and contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently local in usage, the IPv6 address scope of unique local addresses is global (cf. IPv6, section "Address Scopes").
A former standard proposed the use of so-called "site-local" addresses in the fec0::/10 range, but due to major concerns about scalability and the poor definition of what constitutes a site, its use has been deprecated since September 2004 by RFC 3879.
The IANA has reserved several address ranges, including 1.0.0.0 - 2.255.255.2551. In recent years, large companies have begun to use this address space internally; though discouraged, it appears to have become an accepted practice among larger companies to use these reserved address spaces when connecting two private networks, to eliminate any chance of address conflicts.
Fonality uses both 1.0.30.1/24 and 2.0.30.1/24 to establish a tunnel between their PBX's and their servers. Hamachi uses 5.0.0.0/8 within their VPN service over UDP (they only use that address for the VPN Service and not transport across routers, 5.0.0.0/8 is not routable across any Internet router). Meraki uses 5.0.0.0/8 and 6.0.0.0/8 with their mesh routers.citation needed
 |
 |
 |
 |
 |
 |
 |
 |