![]() ![]() |
2.5 | ![]() |
Private Addressing and NAT | |
2.5.1 | ![]() |
Private IP addresses (RFC 1918) |
Because TCP/IP is the dominant routed
protocol in the world, most network applications and operating systems
offer extensive support for it. Therefore, many designers build their
networks around TCP/IP, even if they do not require Internet
connectivity. Internet hosts require globally
unique IP addresses. However, private hosts that are not connected to
the Internet can use any valid address, as long as it is unique within
the private network.
Because many private networks exist alongside public networks, just grabbing any address is strongly discouraged. RFC 1918 sets aside three blocks of IP addresses for all of the following:
Addresses in this range will not be routed on
the Internet backbone.
If addressing any of the following, these private addresses can be used instead of globally unique addresses:
Global addresses must be obtained from a provider or a registry at some expense. RFC 1918 addresses have found a home in production networks as well. Earlier in this module, the advantages of using VLSM to address the point-to-point WAN links in an internetwork were seen. Recall that with VLSM, there was the ability to further subnet one of the subnets left in the address space of a Class C network. Although this solution was better than wasting an entire 30 host subnet on each two host WAN link, it still costs one subnet that could have been used for future growth. A less wasteful solution is to address the WAN links using private network numbers. The WAN links are addressed using subnets from the private address space, 10.0.0.0/8. How can these routers use private addresses if LAN users at site A, B, C, and D expect to access the Internet? End users at these sites should have no problem because they use globally unique addresses from the 207.21.24.0 network. The routers use their serial interfaces with private addresses merely to forward traffic and exchange routing information. Upstream providers and Internet routers see only the source and destination IP addresses in the packet. Upstream providers do not care if the packet traveled through links with private addresses at some point. In fact, many providers use RFC 1918 network numbers in the core of their network to avoid depleting their supply of globally unique addresses. There is one trade-off when using private numbers on WAN links. The serial interfaces cannot be the original source of traffic bound for the Internet or the final destination of traffic from the Internet. Routers do not normally spend time surfing the web. Therefore, this limitation typically becomes an issue only when troubleshooting with Internet Control Message Protocol (ICMP), using Simple Network Management Protocol (SNMP), or connecting remotely with Telnet over the Internet. In those cases, the router can be addressed only by its globally unique LAN interfaces. The following sections discuss implementation of a private addresses scheme, including the pitfalls of discontiguous subnets and the advantages of Network Address Translation (NAT).
|