2.5 Private Addressing and NAT
2.5.1 Private IP addresses (RFC 1918)

Because TCP/IP is the world's dominant routed protocol, most network applications and operating systems offer extensive support for it. Thus, many designers build their networks around TCP/IP-even if they do not require Internet connectivity. As you already know, Internet hosts require a globally unique IP addresses. However, private hosts that are not connected to the Internet can use any valid address, as long as it is unique within the private network.

Because many private networks exist alongside public nets, grabbing "just any address" is strongly discouraged. RFC 1918 sets aside three blocks of IP addresses (i.e., a Class A, a Class B, and a Class C range) for private, internal use. Addresses in this range will not be routed on the Internet backbone (see Figure ). Internet routers immediately discard private addresses.

If you are addressing a nonpublic intranet, a test lab, or a home network, these private addresses can be used instead of globally unique addresses. Global addresses must be obtained from a provider or a registry at some expense.

RFC 1918 addresses have found a home in production networks as well. Earlier in this chapter, you saw the advantages of using VLSM to address the point-to-point WAN links in an internetwork. Recall that with VLSM, you were able to further subnet one of the subnets left in a Class C network's address space. Although this solution was better than wasting an entire 30-host subnet on each two-host WAN link, it still costs one subnet that could have been used for future growth. A less wasteful solution is to address the WAN links using private network numbers. In Figure , the WAN links are addressed using subnets from the private address space, 10.0.0.0 /8.

How can these routers use private addresses if LAN users at site A, B, C, and D expect to access the Internet? End users at these sites should have no problem because they use globally unique addresses from the 207.21.24.0 network. The routers use their serial interfaces with private addresses merely to forward traffic and exchange routing information. Upstream providers and Internet routers see only the source and destination IP addresses in the packet; they do not care if the packet traveled through links with private addresses at some point. In fact, many providers use RFC 1918 network numbers in the core of their network to avoid depleting their supply of globally unique addresses.

One trade-off of using private numbers on WAN links is that these serial interfaces cannot be the original source of traffic bound for the Internet or the final destination of traffic from the Internet. Routers do not normally spend time surfing the web, so this limitation typically becomes an issue only when troubleshooting with ICMP, using SNMP, or connecting remotely with Telnet over the Internet. In those cases, the router can be addressed only by its globally unique LAN interfaces.

The following sections discuss implementation of a private addresses scheme, including the pitfalls of discontiguous subnets and the advantages of Network Address Translation (NAT).