enterprises or the Internet at large; hosts within
this category may use IP addresses that are
unambiguous within an enterprise, but may be
ambiguous between enterprises.
Category 2: hosts that need access to a limited set of outside
services (e.g., E-mail, FTP, netnews, remote login)
which can be handled by mediating gateways (e.g.,
application layer gateways). For many hosts in this
category an unrestricted external access (provided
RFC 1918 Address Allocation for Private Internets February 1996
via IP connectivity) may be unnecessary and even
undesirable for privacy/security reasons. Just like
hosts within the first category, such hosts may use
IP addresses that are unambiguous within an
enterprise, but may be ambiguous between
enterprises.
Category 3: hosts that need network layer access outside the
enterprise (provided via IP connectivity); hosts in
the last category require IP addresses that are
globally unambiguous.
We will refer to the hosts in the first and second categories as
"private". We will refer to the hosts in the third category as
"public".
Many applications require connectivity only within one enterprise and
do not need external (outside the enterprise) connectivity for the
majority of internal hosts. In larger enterprises it is often easy to
identify a substantial number of hosts using TCP/IP that do not need
network layer connectivity outside the enterprise.
Some examples, where external connectivity might not be required,
are:
- A large airport which has its arrival/departure displays
individually addressable via TCP/IP. It is very unlikely
that these displays need to be directly accessible from
other networks.
- Large organizations like banks and retail chains are
switching to TCP/IP for their internal communication. Large
numbers of local workstations like cash registers, money
machines, and equipment at clerical positions rarely need
to have such connectivity.
- For security reasons, many enterprises use application
layer gateways to connect their internal network to the
Internet. The internal network usually does not have
direct access to the Internet, thus only one or more
gateways are visible from the Internet. In this case, the
internal network can use non-unique IP network numbers.
- Interfaces of routers on an internal network usually do not
need to be directly accessible from outside the enterprise.
RFC 1918 Address Allocation for Private Internets February 1996
3. Private Address Space
The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
We will refer to the first block as "24-bit block", the second as
"20-bit block", and to the third as "16-bit" block. Note that (in
pre-CIDR notation) the first block is nothing but a single class A
network number, while the second block is a set of 16 contiguous
class B network numbers, and third block is a set of 256 contiguous
class C network numbers.
An enterprise that decides to use IP addresses out of the address
space defined in this document can do so without any coordination
with IANA or an Internet registry. The address space can thus be used
by many enterprises. Addresses within this private address space will
only be unique within the enterprise, or the set of enterprises which
choose to cooperate over this space so they may communicate with each
other in their own private internet.
As before, any enterprise that needs globally unique address space is
required to obtain such addresses from an Internet registry. An
=2= |
