2.8. Identifying the Differences Between Public and Private Addressing Schemes

As we discussed earlier, one of the most important aspects of TCP/IP is that each client that is using it must have a unique IP address on the network on which they are using it. If the network is a small one that you control, then that may not be much of an issue, but the same rule holds true no matter how large the network gets. If you control all of the addresses on your own network (behind a firewall) and they do not come into contact with any of the Internet addresses, then you can decide which addressing scheme to use. You can use some addresses that are set aside for that purpose, or you can use your own scheme, but you should be aware of the risks associated with using your own scheme. If the addresses that you choose should conflict with any other addresses, then your communication and their communication will be affected adversely until the address conflicts are resolved.

As you can imagine, a network the size of the Internet can become very challenging in regard to making sure that all of the addresses are unique. For this reason, the assignment of addresses on the Internet is tightly controlled by organizations that were developed specifically for this purpose. These addresses are referred to as public or registered addresses.

2.8.1. Critical Information

In this section, we discuss the differences between public and private network addressing schemes. You should know what options you have in regard to your own private network addressing and the inherent risks associated with each option. In addition, you should know what a registered address is and how to obtain one.

2.8.1.1. Private IP Addressing

It's your network, so it only makes sense that you can use the IP addresses of your choice, right? Well, this is only partially true because you have to take into consideration what would happen if your network were to suddenly find itself on the Internet. If you always maintain your IP network behind a firewall, this will not be of concern, but if something went wrong with the fire-wall and your network was exposed to the Internet, then you could have IP addresses that conflict with those of another organization. The result would most likely be that neither you nor the other organization would be able to communicate effectively.

To prevent this scenario from occurring, private IP address ranges have been developed and defined by RFC 1918. These private IP address ranges are filtered by all of the routers that support the Internet, so if they leak out of your network they will immediately be filtered and will not affect communication or cause IP address conflicts. There is no law that says you have to use these private IP address ranges, but it is highly recommended and it only makes sense to use them.

Private IP address ranges are defined for Class A, B, and C addresses. Table 2.6 shows the private IP address ranges for each class. You should be familiar with these ranges for the real world as well as for the test. The table shows the default subnet mask, but you can subnet within these ranges as well.

2.8.1.2. IP Addressing

Unique IP address assignment on the Internet was originally the responsibility of the Internet Assigned Numbers Authority (IANA), but it has been handed over to other organizations that coordinate with one another to ensure that addresses are unique. The current three major organizations for the entire world are divided geographically as follows:

American Registry for Internet Numbers (ARIN)

Serves the North American continent and parts of the Caribbean

Asia Pacific Network Information Centre (APNIC)

Serves the Asia Pacific region

Reseaux IP Europeans Network Coordination Centre (RIPE NCC)

Serves Europe, the Middle East, and parts of Africa

Addresses that are assigned by these authorities are referred to as registered or public addresses. If you are connecting a computer to the Internet, then you must use an address that has been assigned by one of these authorities. Now, you may be thinking, "I'm connected to the Internet and I never contacted any of those organizations." That's probably because you use an address that is provided by your Internet service provider (ISP), who obtained the address from one of these authorities. ISPs have large blocks of IP addresses that they can assign to their clients, thereby giving them a valid and unique IP address to use on the Internet. Some large organizations still go through the process of registering for their own address blocks, but most organizations simply get whatever addresses they need from their ISP.

2.8.2. Exam Essentials

Describe the difference between a private IP address and a public IP address. Private IP addresses are used by an organization inside its firewall and are not exposed to the Internet, whereas pubic IP addresses are used on the Internet and therefore must be registered to assure their uniqueness.

Know the private IP address ranges. You should know the private IP address ranges for each class. Private IP address ranges are highly recommended because they are filtered on the Internet routers. There is no requirement or law that forces an organization to use these address ranges.

List the organizations that register public IP addresses. You should know the names of the three organizations that are responsible for dispensing unique IP addresses to organizations and to ISPs. In addition, you should know the area of the world for which each organization is responsible.

Explain the method that most people use to obtain access to the Internet. Most organizations and most users do not use the registry organizations to obtain an IP address, but instead use an ISP who has obtained the IP addresses for its clients. The ISP is then responsible for ensuring that each client is assigned a unique address.