Identifying the Differences Between Public and Private Networks
IP addressing involves many considerations, not least important of which is public and private networks. A public network is a network to which anyone can connect. The best, and perhaps only pure, example of such a network is the Internet. A private network is any network to which access is restricted. A corporate network or a school network would be considered a private network.
The main difference between public and private networks, apart from the fact that access to a private network is tightly controlled and access to a public network is not, is that the addressing of devices on a public network must be considered carefully, whereas addressing on a private network has a little more latitude.
As we have already discussed, in order for hosts on a network to communicate by using TCP/IP, they must have unique addresses. The address defines the logical network each host belongs to and the host's address on that network. On a private internetwork with, say, three logical networks and 100 nodes on each network, addressing is not a particularly complex task. On a network on the scale of the Internet, however, addressing is very complex.
Each device on the Internet must be assigned a unique address, often referred to as a registered address, in light of the fact that it is assigned to a specific party. If two devices have the same address, chances are that neither will be able to communicate. Therefore, the assignment of addresses is carefully controlled by various organizations. Originally, the organization responsible for address assignments was the IANA, but it has since devolved some of the addressing responsibility to other organizations. Around the world, three organizations shoulder the responsibility for assigning IP addresses. In the Americas and parts of the Caribbean, address assignments are the responsibility of the American Registry for Internet Numbers (ARIN); in the Asia Pacific region, it is the Asia Pacific Network Information Centre (APNIC); and in Europe, the Middle East, and parts of Africa, it is Réseaux IP Européens Network Coordination Centre (RIPE NCC).
NOTE
IPv4 Assignments You can view the IP address range assignments for IPv4 at www.iana.org/assignments/ipv4-address-space.
Between them, these organizations ensure that there are no IP address space conflicts and that the assignment of addresses is carefully managed.
If you are connecting a system to the Internet, you need to get a valid registered IP address from one of these organizations. Alternatively, you can obtain an address from an ISP. Because of the nature of their business, ISPs have large blocks of IP addresses that they can then use to assign to their clients. If you need a registered IP address, getting one from an ISP will almost certainly be a simpler process than going through a regional numbers authority. In fact, getting a number from an ISP is the way most people get addresses. Some ISPs' plans actually include blocks of registered IP addresses, working on the principle that businesses are going to want some kind of permanent presence on the Internet. Of course, if you discontinue your service with the ISP, you will no longer be able to use the IP address the ISP provided.
Private Address Ranges
To provide flexibility in addressing and to prevent an incorrectly configured network from polluting the Internet, certain address ranges are set aside for private use. These address ranges are called private ranges because they are designated for use only on private networks. These addresses are special because Internet routers are configured to ignore any packets they see that use these addresses. This means that if a network “leaks” onto the Internet, it won't make it any further than the first router it encounters.
Three ranges are defined in RFC 1918, one each from Classes A, B, and C. You can use whichever range you want, although the Class A and Class B address ranges offer more addressing options than does Class C. The address ranges are defined in Table 6.12.
| Class | Address Range | Default Subnet Mask |
|---|---|---|
| A | 10.0.0.0–10.255.255.255 | 255.0.0.0 |
| B | 172.16.0.0–172.31.255.255 | 255.255.0.0 |
| C | 192.168.0.0–192.168.255.255 | 255.255.255.0 |
As you can see, the ranges offer a myriad of addressing possibilities. Even the Class C range offers 254 networks, with 254 nodes on each network, which is more than sufficient for the majority of network installations.
There is no requirement to use these addresses. In fact, many organizations choose not to use them and instead use an addressing scheme of another range. Such a strategy is fine if there is no chance the data from the network will find its way on to a public network. Given that the private ranges are created for this very reason and are flexible in terms of accommodating addresses, there is no reason not to use them.
Practical Uses of Public and Private IP Addressing
Having established the purpose of both public and private networks, and of public and private IP addressing, we can now look at how these fit into a practical scenario. It is common practice for a company to have only a handful of registered IP addresses and to configure the internal, private, network by using one of the private addressing schemes. Figure 6.12 shows the most basic example of this.
Figure 6.12. A basic example of public and private network address assignments.
The network in Figure 6.12 could provide Internet access to clients through the proxy server system. The external interface of the proxy server would have a registered IP address, and all the systems on the internal network would use one of the private ranges.
In this example, the external interface of the proxy server could use an ISP-assigned DHCP address. But what if the company wanted to have the same address all the time for a Web server or a Web access gateway for its email system? Then you would need to consider how you would assign IP addresses to the systems so that they could be accessed by an outside source.