Private network: Information from Answers.com

1 Reserved private IPv4 address space
2 Link-local addresses
3 Private IPv6 networks
4 Private use of other reserved addresses
5 RFC References
6 References
7 External links

In Internet Protocol terminology, a private network is typically a network that uses private IP address space, following the standards set by RFC 1918 and RFC 4193. These addresses are common in home and office local area networks (LANs), as globally routable addresses are scarce, expensive to obtain, or their use is not necessary. Private IP address spaces were originally defined in efforts to delay IPv4 address exhaustion, but they are also a feature of the next generation Internet Protocol, IPv6.

These addresses are private because they are not globally delegated, meaning they aren't allocated to a specific organization. Anyone can use these addresses without approval from a regional Internet registry (RIR). Consequently, they are not routable within the public Internet. If such a private network needs to connect to the Internet, it must use either a network address translator (NAT) gateway, or a proxy server.

The most common use of these addresses is in home networks, since most Internet service providers (ISPs) only allocate a single IP address to each residential customer, but many homes have more than one networked device (for example, several computers and a printer). In this situation, a NAT gateway is usually used to enable Internet connectivity to multiple hosts. They are also commonly used in corporate networks, which for security reasons, are not connected directly to the Internet. Often a proxy, SOCKS gateway, or similar devices, are used to provide restricted Internet access to internal users. In both cases, private addresses are seen as adding security to the internal network, since it's impossible for an Internet host to connect directly to an internal system.

Because many private networks use the same private IP address space, a common problem occurs when merging such networks: the collision of address space, resulting in duplication of addresses on multiple devices. In this case, networks must renumber, often a difficult and time-consuming task, or a NAT router must be placed between the networks to masquerade the duplicated addresses.

It is not uncommon for packets originating in private address spaces to leak onto the Internet. Poorly configured private networks often attempt reverse DNS lookups for these addresses, causing extra load on the Internet root nameservers. The AS112 project attempted to mitigate this load by providing special "blackhole" anycast nameservers for private addresses which only return "not found" answers for these queries. Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by accident, or from malicious traffic using a spoofed source address. Less commonly, ISP edge routers will drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.

Reserved private IPv4 address space

The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks, as published in RFC 1918:

RFC1918 name	IP address range	number of addresses	classful description	largest CIDR block (subnet mask)	host id size
24-bit block	10.0.0.0 – 10.255.255.255	16,777,216	single class A	10.0.0.0/8 (255.0.0.0)	24 bits
20-bit block	172.16.0.0 – 172.31.255.255	1,048,576	16 contiguous class Bs	172.16.0.0/12 (255.240.0.0)	20 bits
16-bit block	192.168.0.0 – 192.168.255.255	65,536	256 contiguous class Cs	192.168.0.0/16 (255.255.0.0)	16 bits

Note that classful addressing is obsolete and no longer used on the Internet. For example, while 10.0.0.0/8 was a single class A network, it is not uncommon for organizations to divide it into smaller /16 or /24 networks.

Link-local addresses

Main article: Zero configuration networking

A second set of private networks is the link-local address range codified in RFC 3330 and RFC 3927. The intention behind these RFCs is to provide an IP address (and by implication, network connectivity) without a DHCP server being available and without having to configure a network address manually. The network 169.254/16 has been reserved for this purpose. Within this address range, the networks 169.254.0.0/24 and 169.254.255.0/24 have been set aside for future use.

If a host on an IEEE 802 (ethernet) network cannot obtain a network address via DHCP, an address from 169.254.0.0 to 169.254.255.255 is assigned pseudorandomly. The standard prescribes that address collisions must be handled gracefully.

Link-local addresses have even more restrictive rules than the private network addresses defined in RFC 1918: packets to or from link-local addresses must not be allowed to pass through a router at all (RFC 3927, section 7).

Private IPv6 networks

The concept of private networks and special address reservation for such networks has been carried over to the next generation of the Internet Protocol, IPv6.

The address block fc00::/7 has been reserved by IANA as described in RFC 4193. These addresses are called Unique Local Addresses (ULA). They are defined as being unicast in character and contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently local in usage, the IPv6 address scope of unique local addresses is global (cf. IPv6, section "Address Scopes").

A former standard proposed the use of so-called "site-local" addresses in the fec0::/10 range, but due to major concerns about scalability and the poor definition of what constitutes a site, its use has been deprecated since September 2004 by RFC 3879.

Private use of other reserved addresses

Several other address ranges, in addition to the official private ranges, are reserved for other or future uses, including 1.0.0.0/8 and 2.0.0.0/8^[1]. Though discouraged, some enterprises have begun to use this address space internally for interconnecting private networks to eliminate the chance of address conflicts when using standards-based private ranges.^{[citation needed]}

IANA has stated that it will, eventually, allocate these ranges to the Regional Internet Registries and thus significant addressing problems might be encountered in the future due to non-standard use of reserved blocks.

RFC References

RFC 1918 – "Address Allocation for Private Internets"
RFC 2036 – ""Observations on the use of Components of the Class A Address Space within the Internet."
RFC 2050 – ""Internet Registry IP Allocation Guidelines""
RFC 2101 – ""IPv4 Address Behaviour Today.""
RFC 2663 – ""IP Network Address Translator (NAT) Terminology and Considerations."
RFC 3022 – ""Traditional IP Network Address Translator (Traditional NAT)""
RFC 3330 – ""Special-Use IPv4 Addresses. IANA. September 2002::
RFC 3879 – "Deprecating Site Local Addresses"
RFC 3927 – "Dynamic Configuration of IPv4 Link-Local Addresses"
RFC 4193 – "Unique Local IPv6 Unicast Addresses"

References

^ Internet Protocol v4 Address Space

External links

Generator for RFC 4193 Addresses (source code available from same page)

This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

Donate to Wikimedia

	Firewall (intelligence)
	Extranet Access Client (technology)
	public Internet (technology)

	Disadvantages of virtual private networks? Read answer...
	What is the difference between a public network and a private network? Read answer...
	If a network is using private IP addresses how can the computers on that network access the Internet? Read answer...

	A private network inside a company?
	What are some advantages of private networks?
	How do you keep my network of hotmail in private?

Private network

Contents