private network
   HOME

TheInfoList



OR:

In Internet networking, a private network is a
computer network A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...
that uses a private address space of
IP address An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
es. These addresses are commonly used for
local area network A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, campus, or building, and has its network equipment and interconnects locally managed. LANs facilitate the distribution of da ...
s (LANs) in residential, office, and enterprise environments. Both the
IPv4 Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. ...
and the
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
specifications define private IP address ranges. Most
Internet service provider An Internet service provider (ISP) is an organization that provides a myriad of services related to accessing, using, managing, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, no ...
s (ISPs) allocate only a single publicly routable IPv4 address to each residential customer, but many homes have more than one
computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...
,
smartphone A smartphone is a mobile phone with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, email, and social media, as well as multi ...
, or other Internet-connected device. In this situation, a network address translator (NAT/PAT) gateway is usually used to provide Internet connectivity to multiple hosts. Private addresses are also commonly used in corporate networks which, for security reasons, are not connected directly to the
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
. Often a proxy,
SOCKS A sock is a piece of clothing worn on the feet and often covering the ankle or some part of the Calf (leg), calf. Some types of shoes or boots are typically worn over socks. In ancient times, socks were made from leather or matted animal hair. ...
gateway, or similar devices are used to provide restricted Internet access to network-internal users. Private network addresses are not allocated to any specific organization. Anyone may use these addresses without approval from regional or local Internet registries. Private IP address spaces were originally defined to assist in delaying IPv4 address exhaustion. IP packets originating from or addressed to a private IP address cannot be routed through the public Internet. Private addresses are often seen as enhancing network security for the internal network since use of private addresses internally makes it difficult for an external host to initiate a connection to an internal system.


Private IPv4 addresses

The
Internet Engineering Task Force The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
(IETF) has directed the
Internet Assigned Numbers Authority The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, Autonomous system (Internet), autonomous system number allocation, DNS root zone, root zone management in the Domain Name Syste ...
(IANA) to reserve the following IPv4 address ranges for private networks: In practice, it is common to subdivide these ranges into smaller subnets.


Dedicated space for carrier-grade NAT deployment

In April 2012, IANA allocated the block of IPv4 addresses specifically for use in carrier-grade NAT scenarios. This address block should not be used on private networks or on the public Internet. The size of the address block was selected to be large enough to uniquely number all customer access devices for all of a single operator's points of presence in a large metropolitan area such as
Tokyo Tokyo, officially the Tokyo Metropolis, is the capital of Japan, capital and List of cities in Japan, most populous city in Japan. With a population of over 14 million in the city proper in 2023, it is List of largest cities, one of the most ...
.


Private IPv6 addresses

The concept of private networks has been extended in the next generation of the
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP ...
,
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, and special address blocks are reserved. The address block is reserved by IANA for unique local addresses (ULAs). They are unicast addresses, but contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently ''local'' in usage, the IPv6 address scope of unique local addresses is global. The first block defined is , designed for routing blocks, in which users can create multiple subnets, as needed. Examples: A former standard proposed the use of ''site-local'' addresses in the block, but because of scalability concerns and poor definition of what constitutes a ''site'', its use has been deprecated since September 2004.


Link-local addresses

Another type of private networking uses the link-local address range. The validity of link-local addresses is limited to a single link; e.g. to all computers connected to a
switch In electrical engineering, a switch is an electrical component that can disconnect or connect the conducting path in an electrical circuit, interrupting the electric current or diverting it from one conductor to another. The most common type o ...
, or to one
wireless network A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking allows homes, telecommunications networks, and business installations to avoid the costly process of introducing cables int ...
. Hosts on different sides of a
network bridge A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging. Bridging is distinct from routing. Routing allows mu ...
are also on the same link, whereas hosts on different sides of a network router are on different links.


IPv4

In
IPv4 Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. ...
, the utility of link-local addresses is in zero-configuration networking when
Dynamic Host Configuration Protocol The Dynamic Host Configuration Protocol (DHCP) is a network protocol, network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the netw ...
(DHCP) services are not available and manual configuration by a network administrator is not desirable. The block was allocated for this purpose. If a host on an IEEE 802 (
Ethernet Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...
) network cannot obtain a network address via DHCP, an address from to may be assigned pseudorandomly. The standard prescribes that address collisions must be handled gracefully.


IPv6

In
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
, the block is reserved for IP address autoconfiguration. The implementation of these link-local addresses is mandatory, as various functions of the IPv6 protocol depend on them.


Loopback interface

A special case of private link-local addresses is the loopback interface. These addresses are private and link-local by definition since packets never leave the host device. IPv4 reserves the entire class A address block for use as private loopback addresses. IPv6 reserves the single address . Some are advocating reducing to .


Misrouting

It is common for packets originating in private address spaces to be misrouted onto the Internet. Private networks often do not properly configure DNS services for addresses used internally and attempt reverse DNS lookups for these addresses, causing extra traffic to the Internet root nameservers. The AS112 project attempted to mitigate this load by providing special ''black hole'' anycast nameservers for private address ranges which only return negative result codes (''not found'') for these queries. Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by misconfiguration or from malicious traffic using a spoofed source address. Less commonly, ISP edge routers drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.


Merging private networks

Since the private IPv4 address space is relatively small, many private IPv4 networks unavoidably use the same address ranges. This can create a problem when merging such networks, as some addresses may be duplicated for multiple devices. In this case, networks or hosts must be renumbered, often a time-consuming task or a network address translator must be placed between the networks to translate or masquerade one of the address ranges. IPv6 defines unique local addresses, providing a very large private address space from which each organization can randomly or pseudo-randomly allocate a 40-bit prefix, each of which allows 65536 organizational subnets. With space for about one trillion (1012) prefixes, it is unlikely that two network prefixes in use by different organizations would be the same, provided each of them was selected randomly, as specified in the standard. When two such private IPv6 networks are connected or merged, the risk of an address conflict is therefore virtually absent.


RFC documents

* – ''Address Allocation for Private Internets'' * – ''Observations on the use of Components of the Class A Address Space within the Internet'' * – ''The Internet Number Registry System'' * – ''IPv4 Address Behaviour Today'' * – ''IP Network Address Translator (NAT) Terminology and Considerations'' * – ''Traditional IP Network Address Translator (Traditional NAT)'' * – ''Special-Use IPv4 Addresses'' (superseded) * – ''Deprecating Site Local Addresses'' * – ''Dynamic Configuration of IPv4 Link-Local Addresses'' * – ''Unique Local IPv6 Unicast Addresses'' * – ''Special-Use IPv4 Addresses'' (superseded) * – ''Reserved IPv4 Prefix for Shared Address Space'' * – ''Special-Purpose IP Address Registries''


See also

* Heartbeat network *
Intranet An intranet is a computer network for sharing information, easier communication, collaboration tools, operational systems, and other computing services within an organization, usually to the exclusion of access by outsiders. The term is used in ...
*
Localhost In computer networking, localhost is a hostname that refers to the current computer used to access it. The name ''localhost'' is reserved for loopback purposes. It is used to access the network services that are running on the host via t ...
* Reserved IP addresses * *
Virtual private network Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not con ...


Notes


References

{{DEFAULTSORT:Private Network Internet architecture IP addresses