In
Internet networking, a private network is a
computer network
A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...
that uses a private
address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.
For software programs to save and retrieve st ...
of
IP address
An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es. These addresses are commonly used for
local area network
A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network (WAN) not only covers a larger ...
s (LANs) in residential, office, and enterprise environments. Both the
IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
and the
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
specifications define private IP address ranges.
Private network addresses are not allocated to any specific organization. Anyone may use these addresses without approval from
regional or local Internet registries. Private IP address spaces were originally defined to assist in delaying
IPv4 address exhaustion
IPv4 address exhaustion is the depletion of the pool of unallocated IPv4 addresses. Because the original Internet architecture had fewer than 4.3 billion addresses available, depletion has been anticipated since the late 1980s, when the Interne ...
.
IP packets originating from or addressed to a private IP address cannot be routed through the public
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
.
Private IPv4 addresses
The
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
(IETF) has directed the
Internet Assigned Numbers Authority
The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Interne ...
(IANA) to
reserve
Reserve or reserves may refer to:
Places
* Reserve, Kansas, a US city
* Reserve, Louisiana, a census-designated place in St. John the Baptist Parish
* Reserve, Montana, a census-designated place in Sheridan County
* Reserve, New Mexico, a US vi ...
the following IPv4 address ranges for private networks:
In practice, it is common to subdivide these ranges into smaller subnets.
Dedicated space for carrier-grade NAT deployment
In April 2012, IANA allocated the block ''100.64.0.0/10'' (100.64.0.0 to 100.127.255.255, netmask 255.192.0.0) for use in
carrier-grade NAT
Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is a type of Network address translation (NAT) for use in IPv4 network design. With CGNAT, end sites, in particular residential networks, are configured with private network a ...
scenarios.
This address block should not be used on private networks or on the public Internet. The size of the address block (2
22, approximately 4 million addresses) was selected to be large enough to uniquely number all customer access devices for all of a single operator's
points of presence
A point of presence (PoP) is an artificial demarcation point or network interface point between communicating entities. A common example is an ISP point of presence, the local access point that allows users to connect to the Internet with their ...
in a large metropolitan area such as
Tokyo
Tokyo (; ja, 東京, , ), officially the Tokyo Metropolis ( ja, 東京都, label=none, ), is the capital and largest city of Japan. Formerly known as Edo, its metropolitan area () is the most populous in the world, with an estimated 37.468 ...
.
[
]
Private IPv6 addresses
The concept of private networks has been extended in the next generation of the Internet Protocol
The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IP h ...
, IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, and special address blocks are reserved.
The address block is reserved by IANA for Unique Local Addresses (ULA). They are unicast
Unicast is data transmission from a single sender (red) to a single receiver (green). Other devices on the network (yellow) do not participate in the communication.
In computer networking, unicast is a one-to-one transmission from one point in ...
addresses, but contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently ''local'' in usage, the IPv6 address scope of unique local addresses is global.
The first block defined is , designed for /48 routing blocks, in which users can create multiple subnets, as needed.
Examples:
A former standard proposed the use of ''site-local'' addresses in the block, but because of scalability concerns and poor definition of what constitutes a ''site'', its use has been deprecated since September 2004.
Link-local addresses
Another type of private networking uses the link-local address range. The validity of link-local addresses is limited to a single link; e.g. to all computers connected to a switch
In electrical engineering, a switch is an electrical component that can disconnect or connect the conducting path in an electrical circuit, interrupting the electric current or diverting it from one conductor to another. The most common type of ...
, or to one wireless network
A wireless network is a computer network that uses wireless data connections between network nodes.
Wireless networking is a method by which homes, telecommunications networks and business installations avoid the costly process of introducing ...
. Hosts on different sides of a network bridge
A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging. Bridging is distinct from routing. Routing allows ...
are also on the same link, whereas hosts on different sides of a network router
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is i ...
are on different links.
IPv4
In IPv4, link-local addresses are codified in RFC 6890 and RFC 3927. Their utility is in zero-configuration networking
Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manu ...
when Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a cli ...
(DHCP) services are not available and manual configuration by a network administrator is not desirable. The block was allocated for this purpose. If a host on an IEEE 802 (Ethernet
Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...
) network cannot obtain a network address via DHCP, an address from to may be assigned pseudorandom
A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process.
Background
The generation of random numbers has many uses, such as for rand ...
ly. The standard prescribes that address collisions must be handled gracefully.
IPv6
In IPv6, the block is reserved for IP address autoconfiguration.[ Updated by RFC 5952, RFC 6052, RFC 7136, RFC 7346, RFC 7371, RFC 8064.]
The implementation of these link-local addresses is mandatory, as various functions of the IPv6 protocol depend on them.[ Updated by RFC 7527.]
Loopback interface
A special case of private link-local addresses is the loopback interface
Loopback (also written loop-back) is the routing of electronic signals or digital data streams back to their source without intentional processing or modification. It is primarily a means of testing the communications infrastructure.
There are m ...
. These addresses are private and link-local by definition, since packets never leave the host device.
IPv4 reserves the entire class A address block for use as private loopback addresses. IPv6 reserves the single address .
Common uses
Private addresses are commonly used in residential IPv4 networks. Most Internet service provider
An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
s (ISPs) allocate only a single publicly routable
Routing is the process of selecting a path for traffic in a network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched telephone ne ...
IPv4 address to each residential customer, but many homes have more than one computer
A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
, smartphone
A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
, or other Internet-connected device. In this situation, a network address translator (NAT/PAT) gateway is usually used to provide Internet connectivity to multiple hosts.
Private addresses are also commonly used in corporate networks which, for security reasons, are not connected directly to the Internet. Often a proxy, SOCKS
A sock is a piece of clothing worn on the feet and often covering the ankle or some part of the calf. Some types of shoes or boots are typically worn over socks. In ancient times, socks were made from leather or matted animal hair. In the late ...
gateway, or similar devices are used to provide restricted Internet access to network-internal users. 24-bit block private addresses are also commonly used in the North Korea
North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korea, Korean Peninsula and shares borders with China and Russia to the north, at the Yalu River, Y ...
n Kwangmyong network.
In both cases, private addresses are often seen as enhancing network security
Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
for the internal network, since use of private addresses internally makes it difficult for an Internet (external) host to initiate a connection to an internal system.
Misrouting
It is common for packets originating in private address spaces to be misrouted onto the Internet. Private networks often do not properly configure DNS services for addresses used internally and attempt reverse DNS lookup
In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup o ...
s for these addresses, causing extra traffic to the Internet root nameservers
A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers fo ...
. The AS112
Blackhole DNS servers are Domain Name System (DNS) servers that return a "nonexistent address" answer to reverse DNS lookups for addresses reserved for private use.
Background
There are several ranges of network addresses reserved for use on priva ...
project attempted to mitigate this load by providing special ''blackhole'' anycast
Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sen ...
nameservers for private address ranges which only return negative result codes (''not found'') for these queries.
Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by misconfiguration, or from malicious traffic using a spoofed source address. Less commonly, ISP edge routers drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.
Merging private networks
Since the private IPv4 address space is relatively small, many private IPv4 networks unavoidably use the same address ranges. This can create a problem when merging such networks, as some addresses may be duplicated for multiple devices. In this case, networks or hosts must be renumbered, often a time-consuming task, or a network address translator must be placed between the networks to translate or masquerade one of the address ranges.
IPv6 defines unique local addresses in RFC 4193, providing a very large private address space from which each organization can randomly or pseudo-randomly allocate a 40-bit prefix, each of which allows 65536 organizational subnets. With space for about one trillion (1012) prefixes, it is unlikely that two network prefixes in use by different organizations are the same, provided each of them was selected randomly, as specified in the standard. When two such private IPv6 networks are connected or merged, the risk of an address conflict is therefore virtually absent.
Private use of other reserved addresses
Despite official warnings, historically some organizations have used other parts of the reserved IP addresses for their internal networks.
RFC documents
* – ''Address Allocation for Private Internets''
* – ''Observations on the use of Components of the Class A Address Space within the Internet''
* – ''The Internet Number Registry System''
* – ''IPv4 Address Behaviour Today''
* – ''IP Network Address Translator (NAT) Terminology and Considerations''
* – ''Traditional IP Network Address Translator (Traditional NAT)''
* – ''Special-Use IPv4 Addresses'' (superseded)
* – ''Deprecating Site Local Addresses''
* – ''Dynamic Configuration of IPv4 Link-Local Addresses''
* – ''Unique Local IPv6 Unicast Addresses''
* – ''Special-Use IPv4 Addresses'' (superseded)
* – ''Reserved IPv4 Prefix for Shared Address Space''
* – ''Special-Purpose IP Address Registries''
See also
* Heartbeat network In computer science, a heartbeat is a periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a computer system. Heartbeat mechanism is one of the common techniques in mission critical syste ...
* Intranet
* Localhost
In computer networking, localhost is a hostname that refers to the current device used to access it. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses a ...
* Virtual private network
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
Notes
References
{{DEFAULTSORT:Private Network
Internet architecture
IP addresses