2.5 Private Addressing and NAT  
  2.5.1 Private IP addresses (RFC 1918)  
Because TCP/IP is the dominant routed protocol in the world, most network applications and operating systems offer extensive support for it. Therefore, many designers build their networks around TCP/IP, even if they do not require Internet connectivity. Internet hosts require globally unique IP addresses. However, private hosts that are not connected to the Internet can use any valid address, as long as it is unique within the private network.

Because many private networks exist alongside public networks, just grabbing any address is strongly discouraged.  RFC 1918 sets aside three blocks of IP addresses for all of the following:

  • A private or internal use
  • A Class A range
  • A Class B range
  • A Class C range

Addresses in this range will not be routed on the Internet backbone. Internet routers immediately discard private addresses.

If addressing any of the following, these private addresses can be used instead of globally unique addresses:

  • A nonpublic intranet
  • A test lab
  • A home network

Global addresses must be obtained from a provider or a registry at some expense.

RFC 1918 addresses have found a home in production networks as well. Earlier in this module, the advantages of using VLSM to address the point-to-point WAN links in an internetwork were seen. Recall that with VLSM, there was the ability to further subnet one of the subnets left in the address space of a Class C network. Although this solution was better than wasting an entire 30 host subnet on each two host WAN link, it still costs one subnet that could have been used for future growth. A less wasteful solution is to address the WAN links using private network numbers. The WAN links are addressed using subnets from the private address space, 10.0.0.0/8.

How can these routers use private addresses if LAN users at site A, B, C, and D expect to access the Internet? End users at these sites should have no problem because they use globally unique addresses from the 207.21.24.0 network. The routers use their serial interfaces with private addresses merely to forward traffic and exchange routing information. Upstream providers and Internet routers see only the source and destination IP addresses in the packet. Upstream providers do not care if the packet traveled through links with private addresses at some point. In fact, many providers use RFC 1918 network numbers in the core of their network to avoid depleting their supply of globally unique addresses.

There is one trade-off when using private numbers on WAN links. The serial interfaces cannot be the original source of traffic bound for the Internet or the final destination of traffic from the Internet. Routers do not normally spend time surfing the web. Therefore, this limitation typically becomes an issue only when troubleshooting with Internet Control Message Protocol (ICMP), using Simple Network Management Protocol (SNMP), or connecting remotely with Telnet over the Internet. In those cases, the router can be addressed only by its globally unique LAN interfaces.

The following sections discuss implementation of a private addresses scheme, including the pitfalls of discontiguous subnets and the advantages of Network Address Translation (NAT).

 

Web Links

Address Allocation for Private Internets

http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html