RFC 1918 - IPv4 Private Address - Summary

RFC 1918 was written in 1996 and allocates several address blocks for use on private enterprises internets. The document was written as it became evidant that IPv4 address space was limited and would eventually be consumed. By allocating address space for public use and using NAT rules an entire organization comprised of thousands of computer systems could resied behind one or more public addresses. Prior to this RFC it was common for organizations to purchase large blocks of address space for private use. In some cases these systems may not ever communicate with the broader internet. Some examples of well known allocations are General Electric Company who owns 3.0.0.0/8, IBM who owns 9.0.0.0/8, and Hewlett-Packert Company who owns 15.0.0.0/8 and 16.0.0.0/8. For additional details on public address allocation visit the IANA. This RFC contains three catagories of computer system, Private Address Space allocations, the advantages to and disadvatages to using private address space, as well as some operational considerations.

Catagories

The RFC calls out three specific catagories of hosts within an enterprise. They are:

  • Hosts within the organization that wont communicate outside the organization
  • Hosts within the organization that need limited access to outside systems
  • Hosts that need network connectivity outside the organization.

The first and second group are considered "private" systems where as the third group are considered "public". The reason systems are grouped into three catagories is it helps facilitate address use within an organization and is a framework for where to use public address space versus private address space.

Private Address Ranges

The IANA reserved 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as private address blocks. Prior to Classless Interdomain Routing 10/8 is a single class A network. 172.16/12 is a set of 16 contiguous class B networks, and 192.168/16 is a group of 256 contigous class C networks. Since this address space has been reserved for private use organizations do not need to interact with the IANA when using the address space. Another important note is that all private address space is not routable on the public internet.

Advantages and Disadvantages

Advantages

  1. private address space usage will decrease the consumption of public addresses
  2. Enterprises have freedom to use a large number of private address space without interacting with the IANA
  3. Enterprises may used space that didn't belong to them on a system that initially didn't require public internet access. Then later that system to the public internet which results in abmigouse addressing and an inability to route to the various systems.

Disadvantages

  1. An enterprise should use either all public or all private addressing or internal routing can become a problem.
  2. As an enterprise moves towards private addressing there is a cost associated to re-addressing all the hosts and re-configuring applications
  3. When companies merge some or all one of the two networks will need to be re-numbered, however DHCP may help reduce the cost of renumbering systems depending on their use.
Operational Considerations

When working with private address space there are some considerations provided within this RFC relating to network design and operations. For example, when designing a network private address space can be designed first then where public internet access is required that segment can be designed to faciliate enterprise wide accedd. Also when interacting with the internet at large its important to remember to place a route filter on the enterprise router to prevent private addresses from being added to the route table and injected into the internet at large. Likewise when two organizations need to communicate they can coordinate their private address space usage such that they can communicate without traversing the public internet but instead be directly connected. The final major consideration related to how enterprise DNS services could become secure as they don't need to communicate with external DNS servers which prevents users on the public internet from accessing enterprise resources.