Understanding Public and Private IP Addresses¶
Private IP Addresses¶
The network standard RFC 1918 defines reserved IPv4 subnets for use only in private networks (Table RFC 1918 Private IP Address Space). RFC 4193 defines Unique Local Addresses (ULA) for IPv6 (Table RFC 4193 Unique Local Address Space). In most environments, a private IP subnet from RFC 1918 is chosen and used on all internal network devices. The devices are then connected to the Internet through a firewall or router implementing Network Address Translation (NAT) software, such as pfSense. IPv6 is fully routed from the internal network without NAT by Global Unicast Addresses (GUA). NAT will be explained further in Network Address Translation.
|CIDR Range||IP Address Range|
|10.0.0.0/8||10.0.0.0 - 10.255.255.255|
|172.16.0.0/12||172.16.0.0 - 172.31.255.255|
|192.168.0.0/16||192.168.0.0 - 192.168.255.255|
|Prefix||IP Address Range|
|fc00::/7||fc00:: - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff|
A complete list of special-use IPv4 networks may be found in RFC 3330. There are private IPv4 addresses, such as 184.108.40.206/8 and 220.127.116.11/8, that have since been allocated to the dwindling IPv4 pool. Use of these addresses are problematic and not recommended. Also, avoid using 169.254.0.0/16, which according to RFC 3927 is reserved for “Link-Local” auto configuration . It should not be assigned by DHCP or set manually and routers will not allow packets from that subnet to traverse outside a specific broadcast domain. There is sufficient address space set aside by RFC 1918, so there is no need to deviate from the list shown in Table RFC 1918 Private IP Address Space. Improper addressing will result in network failure and should be corrected.
Public IP Addresses¶
With the exception of the largest networks, public IP addresses are assigned by Internet Service Providers. Networks requiring hundreds or thousands of public IP addresses commonly have address space assigned directly from their Regional Internet Registry (RIR). An RIR is an organization that oversees allocation and registration of public IP addresses in a designated regions of the world.
Most residential Internet connections are assigned a single public IPv4 address. Most business class connections are assigned multiple public IP addresses. A single public IP address is adequate in many circumstances and can be used in conjunction with NAT to connect hundreds of privately addressed systems to the Internet. This book will assist in determining the number of public IP addresses required.
Most IPv6 deployments will give the end user at least a /64 prefix network to use as a routed internal network. For each site, this is roughly 2 64 IPv6 addresses, or 18 quintillion addresses, fully routed from the Internet with no need for NAT.
Reserved and Documentation Addresses¶
In addition to blocks defined in RFC 1918, RFC 5735 describes blocks reserved for other special purposes such as documentation, testing, and benchmarking. RFC 6598 updates RFC 5735 and defines address space for Carrier-grade NAT as well. These special networks include:
|192.0.2.0/24||Documentation and example code|
|198.51.100.0/24||Documentation and example code|
|203.0.113.0/24||Documentation and example code|
|198.18.0.0/25||Benchmarking network devices|
|100.64.0.0/10||Carrier-grade NAT space|
Throughout the book, we use examples with addresses from the above documentation ranges as well as RFC 1918 networks since they are more familiar to users.
Some find these addresses tempting to use for VPNs or even local networks. We cannot recommend using them for anything other than their intended purposes, but they are much less likely to be seen “in the wild” than RFC 1918 networks.