1

When it comes to local networks, you have the freedom to use any IP address you want for your network since it doesn't need to communicate on the internet with other devices. However, the RFC specified a range for private IP addresses (such as 10.x.x.x and 192.168.0-255.x). Why a range would be needed if the communication outside the local network uses a public IP address?. If I had a router with an interface g0/0 connected to the local network with the IP address 192.168.0.1 or 244.18.42.9, it doesn't make a difference because NAT will translate the IP addresses to a public address that will be the representative of the local network no matter what private IP address it has.

Strategist
  • 23
  • 1
  • 5
  • It doesn't help that much since NAT is not included in the best answer. My question is about NAT more than just the private and public IP addresses. – Strategist Apr 06 '21 at 09:03
  • You (mainly) NAT beween private address space and public address space where a private address has no meaning. I'm not sure if I understand your question correctly. – Zac67 Apr 06 '21 at 09:16
  • I just don't understand the use of private addresses range when NAT can translate any private IP address to the public IP address used on the internet. The private IP address has no importance outside the local network then why would it need a range? what is the purpose if it'ss not used by other IP addresses outside the network to communicate? – Strategist Apr 06 '21 at 09:26
  • 1
    If you use a public IP address inside your local network, requests to that address won't be routed to the Internet any more, rendering any service on it inaccessible. Private addresses are meaningless for devices *outside* your network but vital for devices *inside* your network. – Zac67 Apr 06 '21 at 09:33
  • This looks like a duplicate of the question ["Usage of 192.168.xxx, 172.xxx and 10.xxx in private networks"](https://networkengineering.stackexchange.com/questions/64679/usage-of-192-168-xxx-172-xxx-and-10-xxx-in-private-networks/64680#comment115254_64680). Comments there point out problems when non-reserved addresses were used in real life: [Hamachi using 5.0.0.0/8 and 25.0.0.0/8](https://en.wikipedia.org/wiki/LogMeIn_Hamachi#Addressing), and [misc. private use of 1.0.0.0/8](https://blog.cloudflare.com/fixing-reachability-to-1-1-1-1-globally/). – Gordon Davisson Apr 07 '21 at 18:56

2 Answers2

5

RFC 1918 provides address ranges that you can safely use within a private network without any danger that these same addresses might be used on the public Internet.

Any node within your network needs to be able to address any destination it requires. If your local network uses the same address range (subnet) that some public servers do (e.g 244.18.42.0/24), that address range would be attempted to be sent to internally, without ever reaching the actually intended destination. As a result, such a server (e.g. 244.18.42.73) cannot be connected to from your network.

If your network doesn't connect to the Internet or doesn't require any services from it, then you could of course use any address/subnet you like. That however would effectively prevent your network to be easily connected to the Internet at a later time (been there, seen that, not recommended).

Since there's sufficient address range in RFC 1918 spaces for pretty much anything there's no good reason to do ignore proper private address allocation.

Zac67
  • 81,287
  • 3
  • 67
  • 131
  • Then those private ranges are used to facilitate the connection to the internet? But the private IP will never be seen by other devices outside the local network since they will be translated with NAT to a public IP address given by the ISP right ? – Strategist Apr 06 '21 at 09:32
  • Yes, you do need some kind of addressing within your private network. No, when using NAT these private addresses aren't seen by anyone outside, but they're vital for your own network. – Zac67 Apr 06 '21 at 09:37
  • Sorry but I still can't understand how it's "vital" for my local network. What will be different between a local network using 192.168.0.0/24 address and another network using 24.51.64.0/24? No matter what happens within the network NAT will translate those addresses to the public address and send data to whoever it's supposed to be sent to without any difference and without the ISP or any other device thinking about whats the private IP address behind the public one . I just cam't find the impact of those private IP addresses in the overall picture of networking . – Strategist Apr 06 '21 at 09:40
  • Is your actual question "why do I need IP addresses within my local network?" or "why can't I use public IP addresses within my local network?" – Zac67 Apr 06 '21 at 09:43
  • The question is why do I need private IP addresses **ranges** in my local network if I can use any IP address I want? – Strategist Apr 06 '21 at 09:46
  • You require an address range/multiple addresses because a *network* consists of multiple nodes that can talk to each other. IP groups these networks into subnets which you can see as ranges. – Zac67 Apr 06 '21 at 09:50
  • 1
    @Strategist, "_What will be different between a local network using `192.168.0.0/24` address and another network using `24.51.64.0/24`?_" The difference is that if your network ever needs to use a service, e.g. web site, on the `24.51.64.0/24` network that you are using internally, then you could never get there because the traffic would never reach your router. Routers route traffic between networks. Your hosts would see the destination on the same network and try to communicate with the destination on your network, never sending the traffic to the router (which would ignore it anyway). – Ron Maupin Apr 06 '21 at 09:54
  • @RonMaupin But it won't even need to communicate directly with 24.51.64.0 because it's a private IP address it's not a public one.In your example of my internal network of 24.51.64.0 the hosts in this network will simply go through NAT to public address before they go out to the internet and they will have no problem with routing since the router will not search for 24.51.64.0 but instead it will look at the public IP address in the packet. I feel like there is some information that I'm missing or something I know but its incorrect.. well thanks anyway for your answers – Strategist Apr 06 '21 at 10:15
  • 1
    @Strategist, no, the hosts for that destination will never send the traffic to your router for NAT because they know the destination is on the same network as tey are. – Ron Maupin Apr 06 '21 at 10:17
  • @RonMaupin Are you saying that if the network was 192.168.1.0 the packets will be sent to the outside automatically since this IP address is within the range specified by RFC ? – Strategist Apr 06 '21 at 10:23
  • @Strategist That's not how it works. If you use 192.168.1.0/24 for your internal network, your hosts send packets to *other destinations* to their default gateway (which NATs them etc). However, if you use 24.51.64.0/24 for your internal network, packets to e,g, 24.51.64.1 are (attempted to be) delivered locally and *not* sent to the default gateway. – Zac67 Apr 06 '21 at 10:26
  • @Strategistn no, a host knows if the destination is on the same or different network by masking the destination address with its network mask. On the same network, it tries to directly communicate with the destination, but on a different network it sends the traffic to its configured gateway (router). IP has no distinction between private and public addresses. The ISPs have just agreed not to route packets with the RFC 1918 private addresses, but IP does not know the difference. – Ron Maupin Apr 06 '21 at 10:27
  • @Zac67 Default gateways are configured manually. If I have a local network with 24.51.64.0/24 and I configured the router interface connected to my local network like this : 24.51.64.1/24 and my host like this : 24.51.64.2/24 and configured the default gateway with the routers IP address, then packets will be sent to the default gateway and then its the router jobs to route packets and NAT based on it's configuration and routing table. And the same will be correct if I configured a network with 192.168.1.1 as a router interface and feault gateway and my machine with 192.168.1.2 – Strategist Apr 06 '21 at 10:36
  • What I'm trying to say is no matter what IP addresses I have internally as long as it's configured correctly (default gateway and NAT) it won't make a difference if the IP addresses I chose are from the range RFC specified. – Strategist Apr 06 '21 at 10:37
  • @Strategist The default gateway for end nodes is usually assigned by DHCP. If you use 24.51.64.0/24 for the local network, 24.51.64.2 would *never* send packets for e.g. 25.51.64.17 to the gateway but attempt to send it locally (ie. using ARP) which would then simply fail. – Zac67 Apr 06 '21 at 10:48
  • 3
    @Strategist, it seems you do not understand the way a LAN works. Yes, you can use any network in your LAN, but you could never connect to a host, server, service on the public Internet that has addressing in that network. Your traffic to such a destination would never leave your network. That is the entire point of private addressing. All the public addressing is unique, but there are not enough IPv4 addresses, so some were set aside to be used in private network, never to be seen on the public Internet. – Ron Maupin Apr 06 '21 at 10:49
2

Why do we need private addresses such as RFC1918?

Well, say for instance you configure your local network with your router interface 8.8.8.1/24. You configure your clients with DHCP of range 8.8.8.100-8.8.8.254.

Everything will work fine, your clients in your local network will be able to contact each other. You can even S-NAT these addresses to your WAN-interface IP.

The problem however, say one of your clients on your other LAN network (192.168.0.0/24) is using 8.8.8.8 as DNS (google DNS). Your router will always send that packet out of its own connected interface, because that will always be the shortest path.

Also your clients in 8.8.8.0/24 network itself will never forward packets to the router interface, as the clients will try to ARP for 8.8.8.8

This is one reason why you have a set of RFC1918 addresses to use on your local network. Because no one is supposed to own these on public routed Internet.

OlofL
  • 108
  • 4