Private Address Spaces


After the Internet became commercialized, its popularity soared. More importantly, so did the popularity of TCP/IP and its addressing architecture and space. Seemingly overnight, software engineers embraced the TCP/IP communications protocol suite and it became the de facto standard for networked communications between applications. As a direct result of this trend, many organizations began implementing TCP/IP to support their base of applications even though they might not have needed or wanted access to the Internet. Implementing TCP/IP absolutely requires that you also implement the Internet's addressing scheme, regardless of whether you intend to actually use the Internet.

In March 1994, the IETF released RFC 1597. This document acknowledged that many organizations were using TCP/IP and IP addresses but remained isolated from the Internet. This was perfectly acceptable in the days before commercialization, because the installed base of TCP/IP networks was relatively low. But the commercialization of the Internet threatened to rapidly deplete the IP address space.

The theory behind RFC 1597 (and its update in RFC 1918) was that a block of addresses could be reserved for use in private networks. This afforded a legitimate mechanism for networks that needed IP for application support but did not want or need to access the Internet. Such a mechanism would serve a twofold purpose.

First, it would mitigate the demand for new IP addresses. This would help make the remaining address blocks last a little longer. The downside is that these addresses cannot be routed over the Internet.

Second, this approach would help keep down the swelling of the Internet's routing tables. Reserved address blocks cannot be routed through the Internet and are limited to local use.

NOTE

The addresses reserved in RFC 1918 are sometimes called nonroutable addresses because they cannot be routed across the Internet. However, that does not mean that they can't be routed! Quite the contrary: Many a private IP WAN has been built successfully using these so-called nonroutable addresses. The reserved addresses can be routedjust not across the Internet.


The Mathematics of Private Addressing

One very common misperception about RFCs 1597 and 1918 is that these documents reserved an entire Class A, an entire Class B, and an entire Class C network address space. People who think this either don't really understand the IP address architecture or haven't read the RFCs. Probably both. Table 7-1 lists the address blocks that were reserved in RFC 1597 (and reinforced in the updated RFC 1918, which is still Internet Best Current Practice #5) for use solely in private networks.

Table 7-1. RFCs 1597 and 1918 Private Address Spaces

Network Address Size in Bits

Base Address

Terminal Address

/8

10.0.0.0

10.255.255.255

/12

172.16.0.0

172.31.255.255

/16

192.168.0.0

192.168.255.255


A quick glance at Table 7-1 should demonstrate that entire blocks of Class A, B, and C network address space are indeed not reserved! In fact, if you read those RFCs, you'll see that only the address block taken from the Class A space matches the classical boundary for that address. Thus, the space reserved from the Class A address space by RFC 1918 is, in fact, an entire Class A address space. 8 of its address bits are used for network identification. That leaves 24 bits for host addresses. For this reason, the RFC refers to this reserved address block as the 24-bit address. This is in stark contrast to the popular convention of explicitly identifying the number of bits in a network address.

The others don't follow the classical boundaries so neatly. The address block reserved by RFC 1918 within the Class B address range, for example, is actually a block of 16 numerically contiguous Class B spaces. If you plotted this out in a binary string, you would see that the Class B RFC 1597 space offers 20 bits for host addresses (rather than just 16, as is found in a Class B network). Thus, in the RFC, this address type is called the 20-bit address. As I mentioned before, this is very confusing and is contrary to the established conventions.

Table 7-2 shows you the binary and decimal limits of this reserved address space. The network mask is indicated in bold so that you can more easily see that this network block uses 12 bits.

Table 7-2. Mathematical Limits of the 172.16 Reserved Space
 

Decimal

Binary

Base address

172.16.0.0

10101100.00010000.00000000.00000000

Terminal address

172.31.255.255

10101100.00011111.11111111.11111111


The Class C network space is equal in size to a set of 255 numerically contiguous Class C network addresses. If you think about this, and visualize it in binary, you will realize that this reserved address space offers 16 bits of host addresses. Thus, the block reserved from the Class C address space is identical in size to a Class B network block. Table 7-3 shows the actual reserved range of addresses. Again, for your visual reference, the bits used to identify the network are indicated in bold. The other bits are used for host addressing.

Table 7-3. Mathematical Limits of the 192.168 Reserved Space
 

Decimal

Binary

Base address

192.168.0.0

11000000.10101000.00000000.00000000

Terminal address

192.168.255.255

11000000.10101000.11111111.11111111


Benefits and Drawbacks of Private Addressing

Having waded through the mathematics of reserved private address blocks, it's probably appropriate to look at some of the operational impacts of private addressing. In other words, let's look at the benefits and limitations of this tool.

Benefits

The greatest benefit of using private address space is that the global Internet address space is conserved for use where it is really needed. Although this is a noble goal, the benefits are distributed externally: The organization implementing private addressing is helping the Internet community at large, but not necessarily itself, in the processat least, not if this were the only benefit.

One other benefit, perhaps the most compelling of all, is that you don't need permission to use these addresses. They were created explicitly to be unique per network but nonunique globally. As you saw earlier in this chapter, one of the more effective ways that IANA's pool of available addresses was protected was by rationing them carefully. Gone are the days when address blocks were handed out to anyone who asked. With the introduction of RFC 1466, a stringent standard of justification was imposed on anyone asking for address space. Even service providers had to pass stringent criteria to justify being assigned more address space. So, here was the classic carrot and stick: Use the RFC 1597/1918 addresses hassle-free, or butt heads with the Keeper of Unassigned Addresses in an almost-always-futile attempt to procure your own addresses.

Another, more-subtle reason to use private addressing is that the network becomes inherently more secure. Because private address spaces are not valid routes across the Internet, a network that used them couldn't be hacked via the Internet. Of course, such a network would have a difficult time communicating with the Internet if it had those addresses in the first place, but hopefully you get my point.

Drawbacks

The drawbacks of using the private address space reserved in RFC 1918 are relatively easy to enumerate. There's exactly one. That first, last, and only drawback is that these addresses cannot be routed across the Internet. But they can be routed internally within a private network. You're probably thinking that this isn't a flaw; it's a feature. And you're right. But this becomes a problem if your requirements change after you implement RFC 1918 addresses. For example, if you suddenly find that your users require connectivity to, or accessibility from, the Internet, this limitation can become quite problematic. Quite literally, if you try to connect to the Internet using RFC 1918 addresses, you won't be able to communicate at all. The ISP you are connecting to won't recognize your address space (identified in each of your IP packets via the source address field) as routable, so no inbound packets will be able to reach you. That includes packets generated in response to your queries!

That's not to say that using RFC 1918 addresses is risky. In fact, if you have no plans to connect to the Net, RFC 1918 is perfect for you.

When requirements change like that, you aren't necessarily facing an address migration. This is where NAT can be extremely useful.




IP Addressing Fundamentals
IP Addressing Fundamentals
ISBN: 1587050676
EAN: 2147483647
Year: 2002
Pages: 118
Authors: Mark Sportack

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net