Editing Private network

{{short description|Network using private IP addresses}}

In [[IP network|Internet network]]ing, a '''private network''' is a [[computer network]] that uses a private [[address space]] of [[IP address]]es. These addresses are commonly used for [[local area network]]s (LANs) in residential, office, and enterprise environments. Both the [[IPv4]] and the [[IPv6]] specifications define '''private IP address''' ranges.{{Ref RFC|1918}}{{Ref RFC|4193}}

Most [[Internet service provider]]s (ISPs) allocate only a single publicly [[routable]] IPv4 address to each residential customer, but many homes have more than one [[computer]], [[smartphone]], or other Internet-connected device. In this situation, a [[network address translator]] (NAT/PAT) gateway is usually used to provide Internet connectivity to multiple hosts. Private addresses are also commonly used in [[corporate network]]s which, for security reasons, are not connected directly to the [[Internet]].  Often a [[Proxy server|proxy]], [[SOCKS]] gateway, or similar devices are used to provide restricted Internet access to network-internal users. 

Private network addresses are not allocated to any specific organization. Anyone may use these addresses without approval from [[regional Internet registry|regional or local Internet registries]]. [[Private IP]] address spaces were originally defined to assist in delaying [[IPv4 address exhaustion]]. [[Network packet|IP packet]]s originating from or addressed to a private IP address cannot be routed through the public Internet.

Private addresses are often seen as enhancing [[network security]] for the internal network since use of private addresses internally makes it difficult for an external host to initiate a connection to an internal system.

==Private IPv4 addresses==
The [[Internet Engineering Task Force]] (IETF) has directed the [[Internet Assigned Numbers Authority]] (IANA) to [[Reserved IP addresses|reserve]] the following IPv4 address ranges for private networks:<ref name=rfc1918 />{{Rp|page=4}}
{{Table alignment}}
{| class="wikitable sortable col1left col7left defaultright"
! RFC 1918 name !! IP address range !! Number of addresses
! Largest [[CIDR]] block (subnet mask) || Host ID size || Mask bits
! ''[[Classful]]'' description{{refn|group="Note"|[[Classful addressing]] is obsolete and has not been used in the Internet since the implementation of [[Classless Inter-Domain Routing]] (CIDR), starting in 1993.  For example, while {{IPaddr|10.0.0.0|8}} was a single class A network, it is common for organizations to divide it into smaller {{IPaddr||16}} or {{IPaddr||24}} networks. Contrary to a common misconception, a {{IPaddr||16}} [[subnet]] of a class A network is not referred to as a class B network. Likewise, a {{IPaddr||24}} subnet of a class A or B network is not referred to as a class C network.  The class is determined by the first three bits of the prefix.<ref>{{cite book|last=Forouzan|first=Behrouz|title=Data Communications and Networking|year=2013|publisher=McGraw Hill|location= New York|isbn= 978-0-07-337622-6|pages= 530–31}}</ref>}}
|-
| 24-bit block || 10.0.0.0 – 10.255.255.255 ||{{gaps|16|777|216}} || 10.0.0.0/8 (255.0.0.0) || 24&nbsp;bits || 8&nbsp;bits || single class A network
|-
| 20-bit block || 172.16.0.0 – 172.31.255.255 || {{gaps|1|048|576}} || 172.16.0.0/12 (255.240.0.0) || 20&nbsp;bits || 12&nbsp;bits || 16 contiguous class B networks
|-
| 16-bit block || 192.168.0.0 – 192.168.255.255 || {{gaps|65|536}} || 192.168.0.0/16 (255.255.0.0) || 16&nbsp;bits || 16&nbsp;bits || 256 contiguous class C networks
|}

In practice, it is common to subdivide these ranges into smaller [[subnet]]s.

==Dedicated space for carrier-grade NAT deployment==
{{main|IPv4 shared address space}}
In April 2012, IANA allocated the {{IPaddr|100.64.0.0|10}} block of IPv4 addresses specifically for use in [[carrier-grade NAT]] scenarios.{{Ref RFC|6598}}

{| class="wikitable"
! IP address range !! Number of addresses
! Largest [[CIDR]] block (subnet mask) || Host ID size || Mask bits
|-
| 100.64.0.0 – 100.127.255.255 || {{gaps|4|194|304}} || 100.64.0.0/10 (255.192.0.0) || 22 bits || 10 bits
|}

This address block should not be used on private networks or on the public Internet. The size of the address block was selected to be large enough to uniquely number all customer access devices for all of a single operator's [[points of presence]] in a large metropolitan area such as [[Tokyo]].<ref name=rfc6598/>

==Private IPv6 addresses==
{{Main article|Unique local address}}
The concept of private networks has been extended in the next generation of the [[Internet Protocol]], [[IPv6]], and special address blocks are reserved.

The address block {{IPaddr|fc00::|7}} is reserved by IANA for unique local addresses (ULAs).<ref name=rfc4193 /> They are [[unicast]] addresses, but contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently ''local'' in usage, the [[IPv6 address#Address scopes|IPv6 address scope]] of unique local addresses is global.

The first block defined is {{IPaddr|fd00::|8}}, designed for {{IPaddr||48}} routing blocks, in which users can create multiple subnets, as needed.

{| class="wikitable"
! RFC 4193 Block !! Prefix/L !! Global ID (random) !! Subnet ID !! Number of addresses in subnet
|-
|  
| colspan="2" | 48 bits
| 16 bits || 64 bits
|-
| fd00::/8 || fd || xx:xxxx:xxxx || yyyy || {{gaps|18|446|744|073|709|551|616}}
|}

Examples:
{| class="wikitable"
! Prefix/L !! Global ID (random) !! Subnet ID !! Interface ID !! Address !! Subnet
|-
| fd || xx:xxxx:xxxx || yyyy || zzzz:zzzz:zzzz:zzzz
| fdxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
| fdxx:xxxx:xxxx:yyyy::/64
|-
| fd || 12:3456:789a || 0001 || 0000:0000:0000:0001
| fd12:3456:789a:1::1
| fd12:3456:789a:1::/64
|}

A former standard proposed the use of ''site-local'' addresses in the {{IPaddr|fec0::|10}} block, but because of scalability concerns and poor definition of what constitutes a ''site'', its use has been deprecated since September 2004.{{Ref RFC|3879}}

==Link-local addresses==
{{main article|Link-local address}}

Another type of private networking uses the link-local address range. The validity of link-local addresses is limited to a single link; e.g. to all computers connected to a [[Network switch|switch]], or to one [[wireless network]]. Hosts on different sides of a [[network bridge]] are also on the same link, whereas hosts on different sides of a [[network router]] are on different links.

===IPv4===
In [[IPv4]], the utility of link-local addresses is in [[zero-configuration networking]] when [[Dynamic Host Configuration Protocol]] (DHCP) services are not available and manual configuration by a network administrator is not desirable. The block {{IPaddr|169.254.0.0|16}} was allocated for this purpose.{{Ref RFC|6890}}{{Ref RFC|3927}} If a host on an IEEE 802 ([[Ethernet]]) network cannot obtain a network address via DHCP, an address from {{IPaddr|169.254.1.0}} to {{IPaddr|169.254.254.255}}{{refn|group="Note"|The first and last {{IPaddr||24}} subranges of the subnet (addresses {{IPaddr|169.254.0.0}} through {{IPaddr|169.254.0.255}} and {{IPaddr|169.254.255.0}} through {{IPaddr|169.254.255.255}}) are reserved for future use.{{Ref RFC|3927|rsection=2.1}}}} may be assigned [[pseudorandom]]ly. The standard prescribes that address collisions must be handled gracefully.

===IPv6===
In [[IPv6]], the block {{IPaddr|fe80::|10}} is reserved for IP address autoconfiguration.{{Ref RFC|4291}}
The implementation of these link-local addresses is mandatory, as various functions of the IPv6 protocol depend on them.{{Ref RFC|4862}}

===Loopback interface===
A special case of private link-local addresses is the [[Loopback#Virtual loopback interface|loopback interface]]. These addresses are private and link-local by definition since packets never leave the host device.

IPv4 reserves the entire class A address block {{IPaddr|127.0.0.0|8}} for use as private loopback addresses. IPv6 reserves the single address {{IPaddr|::1}}.

Some are advocating reducing {{IPaddr|127.0.0.0|8}} to {{IPaddr|127.0.0.0|16}}.<ref>{{Cite IETF|draft=draft-schoen-intarea-unicast-127-06}}</ref>

==Misrouting==
It is common for packets originating in private address spaces to be misrouted onto the Internet.  Private networks often do not properly configure [[DNS]] services for addresses used internally and attempt [[reverse DNS lookup]]s for these addresses, causing extra traffic to the Internet [[root nameservers]].  The [[AS112]] project attempted to mitigate this load by providing special ''black hole'' [[anycast]] nameservers for private address ranges which only return negative result codes (''not found'') for these queries.

Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by misconfiguration or from malicious traffic using a spoofed source address.  Less commonly, ISP edge routers drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.

==Merging private networks==
Since the private IPv4 address space is relatively small, many private IPv4 networks unavoidably use the same address ranges. This can create a problem when merging such networks, as some addresses may be duplicated for multiple devices. In this case, networks or hosts must be renumbered, often a time-consuming task or a network address translator must be placed between the networks to translate or masquerade one of the address ranges.

IPv6 defines [[unique local address]]es,{{Ref RFC|4193}} providing a very large private address space from which each organization can randomly or pseudo-randomly allocate a 40-bit prefix, each of which allows 65536 organizational subnets. With space for about one trillion (10<sup>12</sup>) prefixes, it is unlikely that two network prefixes in use by different organizations would be the same, provided each of them was selected randomly, as specified in the standard. When two such private IPv6 networks are connected or merged, the risk of an address conflict is therefore virtually absent.

==RFC documents==
* {{IETF RFC|1918}} &ndash; ''Address Allocation for Private Internets''
* {{IETF RFC|2036}} &ndash; ''Observations on the use of Components of the Class A Address Space within the Internet''
* {{IETF RFC|7020}} &ndash; ''The Internet Number Registry System''
* {{IETF RFC|2101}} &ndash; ''IPv4 Address Behaviour Today''
* {{IETF RFC|2663}} &ndash; ''IP Network Address Translator (NAT) Terminology and Considerations''
* {{IETF RFC|3022}} &ndash; ''Traditional IP Network Address Translator (Traditional NAT)''
* {{IETF RFC|3330}} &ndash; ''Special-Use IPv4 Addresses'' (superseded)
* {{IETF RFC|3879}} &ndash; ''Deprecating Site Local Addresses''
* {{IETF RFC|3927}} &ndash; ''Dynamic Configuration of IPv4 Link-Local Addresses''
* {{IETF RFC|4193}} &ndash; ''Unique Local IPv6 Unicast Addresses''
* {{IETF RFC|5735}} &ndash; ''Special-Use IPv4 Addresses'' (superseded)
* {{IETF RFC|6598}} &ndash; ''Reserved IPv4 Prefix for Shared Address Space''
* {{IETF RFC|6890}} &ndash; ''Special-Purpose IP Address Registries''

==See also==
* [[Heartbeat network]]
* [[Intranet]]
* [[Localhost]]
* [[Reserved IP addresses]]
* {{slink|Top-level domain|Reserved domains}}
* [[Virtual private network]]

==Notes==
{{reflist|group=Note}}

==References==
{{reflist}}

{{DEFAULTSORT:Private Network}}
[[Category:Internet architecture]]
[[Category:IP addresses]]