1.7 Describe the need for private IPv4 addressing
I touched on IP addresses earlier but now it’s time to go into more detail. Remember that an IPv4 address looks like this: 192.168.222.234? I mentioned that we have three classes of IP addresses (A, B, and C). I also mentioned that the range of IP addresses is from 0.0.0.0 to 255.255.255.255.
How many IP addresses are there in the whole range? 4,294,967,296. When we consider that many of those IP addresses are used as broadcast addresses or the network name, there are much less available to be assigned to end user device. Are there enough IP addresses to go around if you consider that each person probably has a work computer, a home computer, a cell phone, and that there are many other servers and internet of things devices running in the background? Of course not.
IPv4 addresses are scarce because there are more devices than IP addresses, and because in the early days of the internet, organizations were assigned large blocks of addresses. Nobody thought that the internet would grow to be as big as it is today. For example, the US Department of Defense owns about 5% of the IPv4 addresses (addresses that start in 6, 7, 11, 21, 22, 26, 28, 29, 30, 33, 55, 214, and 215).
How did we solve the IP address scarcity problem?
- We used Classless Interdomain Routing (CIRD) to let customers have a portion of an IP network instead of the whole thing.
- We started working on IPv6 (we will talk about IPv6 in the next chapter) – a new version of IP that offers more addresses.
- We invented NAT to allow us to use private IP addresses in the internal network
There are public networks and private networks. You can’t use an IP address in a public network unless it is assigned to you. IP addresses are assigned by the American Registry for Internet Numbers or ARIN.
But ARIN left three sets of IP addresses – three networks – open for anybody to use on their internal network. These are known as private IP networks.
There are three sets of private IP networks.
- 10.0.0.0 to 10.255.255.255 is the largest private network, with a range of 16,581,375 possible addresses. This type of network is known as a class A network.
- 172.16.0.0 to 172.16.255.255 is the second largest private network, with a range of 65,025 possible addresses. This type of network is known as a class B network.
- 192.168.0.0 to 192.168.0.255, is the smallest private network, with a range of 256 addresses. This type of network is known as a class C network.
ARIN assigns blocks of IP addresses to each major ISP and to larger organizations. These larger ISPs sub assign blocks of their IP addresses to smaller ISPs, who assign even smaller blocks of their IP addresses to their customers.
Most of the IP address space is public. In theory, any device with a public IP can reach any other device with a public IP (unless a firewall blocks it).
Let’s go back to my example office. Our ISP assigned us one public address: 220.127.116.11.
If you have an office or internal network, you can set up an internal addressing scheme by choosing one of the above three ranges. In my example office, I chose the range 192.168.0.0 to 192.168.0.255. What range should we choose?
If we have a small network, we should choose a small range. Smaller network equipment (such as in a home or small business) might not be able to handle a larger range of IP addresses.
If our business was so large as to require multiple locations, we could choose the range 10.0.0.0 to 10.255.255.255 and then subdivide it further so that each location receives a block (a subnet) from our range. For example, one location receives the range 10.0.0.0 to 10.0.255.255, and the second location receives the range 10.1.0.0 to 10.1.255.255, etc. It might look like the drawing below
This would require us to implement a Wide Area Network or point-to-point VPN. The WAN allows us to configure the routers so that all the computers in all our offices think that they are on the same network.
In the IPv6 world, fc00::/7 is the only private range of IP addresses. It is better written as fc00:0000:0000:0000:0000:0000:0000:0000 to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff.
How did I get from fc00::/7 to all of that gibberish? We’ll find out later. But the point is, the IPv6 range is massive. There is no need for each private network to have the same address as any other private network.
If we connect two private IPv4 networks together, we will probably find some IP address conflicts. We might find that two devices have the same IP address, and one of them will have to change. But if we mash two private IPv6 networks together, we probably won’t have any conflicts, because each private IPv6 address is randomly generated.
The private IP address space helped us in three ways
- Routers don’t have to worry about the private IP addresses, so they won’t keep track of routes involving private IP addresses. That means that each router has less routes to keep track of.
- The entire world doesn’t need as many IP addresses because of NAT.
- We stop using other people’s public IP addresses in our private networks. Before ARIN created the three private IP address ranges, people were using public IP addresses inside their private networks.
For example, I might create a private network using the IP address space 18.104.22.168 to 22.214.171.124. This would work in theory because devices don’t attempt to verify that their IP addresses belong to a private network. But if my network ever connects to the internet, and another device on the internet uses the same IP address as me, I won’t be able to access it. Why? My computer assumes that 126.96.36.199 to 188.8.131.52 is a local network and therefore won’t pass any traffic addressed in that range to the router.