In the Internet addressing architecture, a private network is a network that uses private IP address space. Both, the IPv4 and the IPv6 specifications define private addressing ranges. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Private IP address spaces were originally defined in an effort to delay IPv4 address exhaustion.
Private network addresses are not allocated to any specific organization and anyone may use these addresses without approval from a regional Internet registry. However, IP packets addressed from them cannot be routed through the public Internet.
|RFC1918 name||IP address range||number of addresses||largest CIDR block (subnet mask)||host id size||mask bits||classful description[Note 1]|
|24-bit block||10.0.0.0 - 10.255.255.255||16777216||10.0.0.0/8 (255.0.0.0)||24 bits||8 bits||single class A network|
|20-bit block||172.16.0.0 - 172.31.255.255||1048576||172.16.0.0/12 (255.240.0.0)||20 bits||12 bits||16 contiguous class B networks|
|16-bit block||192.168.0.0 - 192.168.255.255||65536||192.168.0.0/16 (255.255.0.0)||16 bits||16 bits||256 contiguous class C networks|
Although the standard for class A and class B networks specify 8- and 12-bit masks respectively, it is common to assign other masks internally, resulting in much more limited address spaces (e.g. 10.0.0.0/24, resulting in a 256-hosts subnet).
This address block should not be used on private networks or on the public Internet: it is intended only for use within carrier networks. The size of the address block (222, approximately 4 million, addresses) was selected to be large enough to uniquely number all customer access devices for all of a single operator's points of presence in a large metropolitan area such as Tokyo.
The address block fc00::/7 is reserved by IANA for Unique Local Addresses (ULA). They are unicast addresses, but contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently local in usage, the IPv6 address scope of unique local addresses is global.
The first block defined is fd00::/8, designed for /48 routing blocks, in which users can create multiple subnets, as needed.
|RFC 4193 Block||Prefix/L||Global ID (random)||Subnet ID||Number of addresses in subnet|
|48 bits||16 bits||64 bits|
|Prefix/L||Global ID (random)||Subnet ID||Interface ID||Address||Subnet|
A former standard proposed the use of site-local addresses in the fec0::/10 block, but because of scalability concerns and poor definition of what constitutes a site, its use has been deprecated since September 2004.
Another type of private networking uses the link-local address range. The validity of link-local addresses is limited to a single link; e.g. to all computers connected to a switch, or to one wireless network. Hosts on different sides of a network bridge are also on the same link, whereas hosts on different sides of a network router are on different links.
In IPv4, link-local addresses are codified in RFC 6890 and RFC 3927. Their utility is in zero configuration networking when Dynamic Host Configuration Protocol (DHCP) services are not available and manual configuration by a network administrator is not desirable. The block 169.254.0.0/16 was allocated for this purpose. If a host on an IEEE 802 (Ethernet) network cannot obtain a network address via DHCP, an address from 169.254.1.0 to 169.254.254.255[Note 2] may be assigned pseudorandomly. The standard prescribes that address collisions must be handled gracefully.
In IPv6, the block fe80::/10 is reserved for IP address autoconfiguration. The implementation of these link-local addresses is mandatory, as various functions of the IPv6 protocol depend on them.
The most common use of private addresses is in residential IPv4 networks, since most Internet service providers (ISPs) allocate only a single publicly routable IPv4 address to each residential customer, but many homes have more than one computer or other Internet connected device, such as smartphones. In this situation, a network address translator (NAT/PAT) gateway is usually used to provide Internet connectivity to multiple hosts.
Private addresses are also commonly used in corporate networks, which for security reasons, are not connected directly to the Internet. Often a proxy, SOCKS gateway, or similar devices are used to provide restricted Internet access to network-internal users.
In both cases, private addresses are often seen as enhancing network security for the internal network, since it is difficult for an Internet (external) host to connect directly to an internal system.
It is common for packets originating in private address spaces to be misrouted onto the Internet. Private networks often do not properly configure DNS services for addresses used internally and attempt reverse DNS lookups for these addresses, causing extra traffic to the Internet root nameservers. The AS112 project attempted to mitigate this load by providing special blackhole anycast nameservers for private address ranges which only return negative result codes (not found) for these queries.
Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by misconfiguration, or from malicious traffic using a spoofed source address. Less commonly, ISP edge routers drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.
Since the private IPv4 address space is relatively small, many private IPv4 networks unavoidably use the same address ranges and hence the same addresses. This can create a problem when merging such networks, as multiple devices are likely to have the same address. In this case, networks or hosts must be renumbered, often a time-consuming task, or a network address translator must be placed between the networks to translate or masquerade the duplicate addresses.
For IPv6, RFC 4193 defines unique local addresses, providing an extremely large private address space from which each organisation can randomly or pseudo-randomly allocate its own 40-bit prefix, each of which allows 65536 organisational subnets. With space for about one trillion (1012) prefixes, it is extremely unlikely that two network prefixes in use by different organisations are the same, provided each of them was allocated randomly, as specified in the standard. When two such private IPv6 networks are connected or merged, the risk of an address conflict is therefore virtually absent.
Despite official warnings, historically some organizations have used other parts of the reserved IP addresses for their internal networks.
Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your Digital Marketing and Technology knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.Visit defaultLogic's partner sites below: