Private IP address
Private IP addresses (abbreviated private IP ) are IP addresses that are not assigned by the IANA on the Internet. They have been left out of the public address space for private use, so that they can be used in local networks without additional administrative effort (registration of IP addresses) . When the IP addresses of the Internet Protocol v4 became scarce and a conscious saving of public IP addresses became necessary, it was all the more important to have private IP addresses available in local networks that can be used as often as desired or in any network can. (See also Port Address Translation and Network Address Translation )
functionality
Many computer networks require full connectivity on the inside at IP level , but only limited Internet access. If you assign a private IP address to each computer that is connected to such a computer network, the computer network forms an intranet that cannot be accessed from the Internet , since the Internet router ignores the private address ranges.
A gateway or router that is placed in this private network and also additionally has a public address on the Internet unless a private IP address on the private network can map for this private network Internet access manufacture. This can be done via a proxy or using NAT / PAT / masquerading .
Since the private address range used is only visible within the private network, its addresses can also be assigned in other private networks without the uniqueness of each IP address required by the Internet Protocol being lost; In every private network, only the local address assignment applies in the globally omitted address areas, if one has been configured at all.
The fact that the private IP addresses do not appear outside of one's own network means that the local IP addresses are concealed from the outside, as a result of which Internet access from the local network is anonymized to a certain extent. This also achieves a certain level of security, since external access to local computers is not initially possible.
Private IP addresses are not unique on the Internet, so that routing from one participant to another participant is not possible. For this reason, it is often falsely claimed that private IP addresses are not routable. However, this is a mistake, on the contrary, they are also routed, but only within a subscriber network (e.g. local network, tunnel networks of a provider, ...).
If, on the other hand, an administrator gives a computer in the local network an IP address that does not come from the private address areas reserved for this purpose, but from the public address area, no Internet computer can be reached from this public network. The uniqueness of the address assignment is then violated. Instead, the local computer with the same address is always accessed. From outside the local network, on the other hand, the computer set on the Internet can be accessed without any problems. Assigning a non-private address in a private network is therefore usually an error in its configuration.
Private address ranges
The IANA defined three private IP address ranges, which were documented in RFC 1597 in 1994 . These specifications were also retained in 1996 when RFC 1597 was replaced by RFC 1918 , which is still valid today. Each of the three areas is in a different class of the historical network class concept.
By means of subnetting , only part of a private address range can be used.
| Network address range | CIDR notation | Abbreviated CIDR notation | Number of addresses | Number of networks according to network class (historical) |
|---|---|---|---|---|
| 10.0.0.0 to 10.255.255.255 | 10.0.0.0/8 | 10/8 | 2 24 = 16,777,216 | Class A: 1 private network with 16,777,216 addresses;
10.0.0.0/8 |
| 172.16.0.0 through 172.31.255.255 | 172.16.0.0/12 | 172.16 / 12 | 2 20 = 1,048,576 | Class B: 16 private networks with 65,536 addresses each;
172.16.0.0/16 through 172.31.0.0/16 |
| 192.168.0.0 to 192.168.255.255 | 192.168.0.0/16 | 192.168 / 16 | 2 16 = 65,536 | Class C: 256 private networks with 256 addresses each;
192.168.0.0/24 to 192.168.255.0/24 |
Due to the lack of addresses and increasing conflicts in the above-mentioned IP address ranges, another area has been released for multiple use. This area 100.64.0.0/10 RFC 6598 is specifically intended for Internet Service Providers for use with CGNAT .
| Network address range | CIDR notation | Abbreviated CIDR notation | Number of addresses | Number of networks according to network class (historical) |
|---|---|---|---|---|
| 100.64.0.0 to 100.127.255.255 | 100.64.0.0/10 | 100.64 / 10 | 2 22 = 4,194,304 | - |
Link Local
Furthermore, the address space 169.254.0.0/16, which is marked as link local according to RFC 5735 , has a similar special position. With Zeroconf or Automatic Private IP Addressing (APIPA), end devices can automatically use an IP address from this range.
| Network address range | CIDR notation | Abbreviated CIDR notation | Number of addresses | Number of networks according to network class (historical) |
|---|---|---|---|---|
| 169.254.0.0 to 169.254.255.255 | 169.254.0.0/16 | 169.254 / 16 | 2 16 = 65,536 | Class B: 1 network with 65,536 addresses;
169.254.0.0/16 |
Address conflicts with VPN
The use of private address ranges regularly leads to problems when, for example, networks are coupled with one another via VPN and both locations use the same networks. Because only if the addresses assigned on both sides are different will no conflict arise. This can be counteracted in advance by carefully considering the private address areas of a company network and dividing them up in a sensible way, even with unconnected networks. Alternatively, Source NAT can be used to resolve the address conflict between the networks.
IPv6
The IPv6 counterpart is called Unique Local Addresses . Due to the larger address space, 40 bits of the network address are used as a randomly selected identifier. This is intended to increase the probability of the uniqueness of a private network in order to reduce address conflicts when private networks are merged.