Private network: Difference between revisions

Content deleted Content added

Inline

Revision as of 18:58, 23 March 2010

vbgdfg

@@ Line 1: / Line 1: @@
+ vbgdfg
-{{TOCright}}
-In the [[Internet]] addressing architecture, a '''private network''' is a network that uses private [[IP address]] space, following the standards set by RFC 1918 and RFC 4193.  These addresses are commonly used for home, office, and enterprise [[local area network]]s (LANs), when globally routable addresses are not mandatory, or are not available for the intended network applications. Private IP address spaces were originally defined in an effort to delay [[IPv4 address exhaustion]], but they are also a feature of the next generation [[Internet Protocol]], [[IPv6]].
-These addresses are characterized as private because they are not globally delegated, meaning they are not allocated to any specific organization, and IP packets addressed by them cannot be transmitted onto the public Internet. Anyone may use these addresses without approval from a [[regional Internet registry]] (RIR).  If such a private network needs to connect to the Internet, it must use either a [[network address translator]] (NAT) gateway, or a [[proxy server]].
-The most common use of these addresses is in residential networks, since most [[Internet service provider]]s (ISPs) only allocate a single routable IP address to each residential customer, but many homes have more than one networked device, for example, several computers and a video game console.  In this situation, a NAT gateway is usually used to enable Internet connectivity to multiple hosts. Private addresses are also commonly used in corporate networks, which for security reasons, are not connected directly to the Internet.  Often a proxy, [[SOCKS]] gateway, or similar devices, are used to provide restricted Internet access to network-internal users.  In both cases, private addresses are often seen as enhancing security for the internal network, since it is difficult for an Internet host to connect directly to an internal system.
-Because many private networks use the same private IP address space, a common problem occurs when merging such networks, the collision of address space, i.e. the duplication of addresses on multiple devices.  In this case, networks must be renumbered, often a time-consuming task, or a NAT router must be placed between the networks to masquerade the duplicated addresses.
-It is not uncommon for packets originating in private address spaces to ''leak'' onto the Internet.  Poorly configured private networks often attempt [[reverse DNS lookup]]s for these addresses, causing extra traffic to the Internet [[root nameservers]].  The [[AS112]] project attempted to mitigate this load by providing special ''blackhole'' [[anycast]] nameservers for private addresses which only return negative result codes (''not found'') for these queries.  Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by accident, or from malicious traffic using a spoofed source address.  Less commonly, ISP edge routers will drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.
-==Private IPv4 address spaces==
-The [[Internet Engineering Task Force]] (IETF) has directed the [[Internet Assigned Numbers Authority]] (IANA) to reserve the following IPv4 address ranges for private networks, as published in RFC 1918:
-{| class="wikitable"
-! RFC1918 name !! IP address range !! number of addresses
-! ''[[classful network|classful]]'' description !! largest [[Classless Inter-Domain Routing|CIDR]] block (subnet mask) || host id size
-|-
-| 24-bit block || 10.0.0.0 &ndash; 10.255.255.255 || 16,777,216 || single class A || 10.0.0.0/8 (255.0.0.0) || 24 bits
-|-
-| 20-bit block || 172.16.0.0 &ndash; 172.31.255.255 || 1,048,576 || 16 contiguous class Bs || 172.16.0.0/12 (255.240.0.0) || 20 bits
-|-
-| 16-bit block || 192.168.0.0 &ndash; 192.168.255.255 || 65,536 || 256 contiguous class Cs || 192.168.0.0/16 (255.255.0.0) || 16 bits
-|}
-[[Classful addressing]] is obsolete and has not been used in the Internet since the implementation of [[Classless Inter-Domain Routing]] (CIDR) starting in 1993.  For example, while 10.0.0.0/8 was a single class A network, it is common for organizations to divide it into smaller /16 or /24 networks.
-==Private IPv6 addresses==
-The concept of private networks and special address reservation for such networks has been carried over to the next generation of the [[Internet Protocol]], [[IPv6]].
-The address block <tt>fc00::/7</tt> has been reserved by IANA as described in RFC 4193. These addresses are called [[Unique Local Address]]es (ULA). They are defined as being [[unicast]] in character and contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently ''local'' in usage, the IPv6 address scope of unique local addresses is global (cf. [[IPv6 address]]es, section "IPv6 Address Scopes").
-A former standard proposed the use of so-called "site-local" addresses in the fec0::/10 range, but due to major concerns about scalability and the poor definition of what constitutes a ''site'', its use has been deprecated since September 2004 by RFC 3879.
-==Link-local addresses==
-{{main|Zero configuration networking}}
-{{also|Link-local address}}
-Another type of private networking uses the ''link-local address range'' codified in RFC 5735 and RFC 3927.  The utility of these addresses is in self-autoconfiguration by network devices when [[Dynamic Host Configuration Protocol]] (DHCP) services are not available and manual configuration by a network administrator is not desirable.
-In IPv4, the block 169.254/16 is reserved for this purpose, with the exception of the first and the last /24 subnet in the range. If a host on an IEEE 802 ([[ethernet]]) network cannot obtain a network address via DHCP, an address from 169.254.1.0 to 169.254.254.255 may be assigned [[pseudorandom]]ly. The standard prescribes that address collisions must be handled gracefully.
-The [[IPv6]] addressing architecture sets aside the block <tt>fe80::/10</tt> for IP address autoconfiguration.
-Link-local addresses have even more restrictive rules than the private network addresses defined in RFC 1918: packets to or from link-local addresses must not be allowed to pass through a router. (RFC 3927, [http://tools.ietf.org/html/rfc3927#section-7 section 7]).
-==Private use of other reserved addresses==
-Historically other address blocks than the private address ranges have been reserved for other potential future uses. Some organizations have used them for private networking applications despite official warnings of possible future address collisions.
-==RFC References==
-* RFC 1918 &ndash; ''"Address Allocation for Private Internets"''
-* RFC 2036 &ndash; ''"Observations on the use of Components of the Class A Address Space within the Internet"''
-* RFC 2050 &ndash; ''"Internet Registry IP Allocation Guidelines"''
-* RFC 2101 &ndash; ''"IPv4 Address Behaviour Today"''
-* RFC 2663 &ndash; ''"IP Network Address Translator (NAT) Terminology and Considerations"''
-* RFC 3022 &ndash; ''"Traditional IP Network Address Translator (Traditional NAT)"''
-* RFC 3330 &ndash; ''"Special-Use IPv4 Addresses"'' (superseded)
-* RFC 5735 &ndash; ''"Special-Use IPv4 Addresses"''
-* RFC 3879 &ndash; ''"Deprecating Site Local Addresses"''
-* RFC 3927 &ndash; ''"Dynamic Configuration of IPv4 Link-Local Addresses"''
-* RFC 4193 &ndash; ''"Unique Local IPv6 Unicast Addresses"''
-==References==
-{{reflist}}
-[[Category:Internet architecture]]
-[[Category:Network_addressing]]
-[[bg:Персонална мрежа]]
-[[de:Private IP-Adresse]]
-[[es:Red privada]]
-[[fr:RFC 1918]]
-[[it:Indirizzo IP privato]]
-[[ja:プライベートネットワーク]]
-[[nl:RFC 1918]]
-[[no:Private IP-adresser]]
-[[pt:Rede privada]]
-[[sr:Приватна мрежа]]