Internet-Legal versus Private Addressing

Although the pool of IP addresses is somewhat limited for now, there are no difficulties obtaining them. However, many organizations have already installed TCP/IP products on their internal networks without obtaining "legal" addresses from the proper sources. Sometimes this addresses come from example books or are simply picked at random (several firms use networks numbered "1.2.3" for example).

Unfortunately, these addresses are not legal, and will not be usable when these organizations attempt to connect to the Internet. These firms will either have to renumber their entire network to use Internet-legal addresses, or they will have to invest in an address translation gateway that re-writes out-bound IP packets so that they appear to be coming from an Internet-accessible host.

Even then, these firms will never ever be able to communicate with the site(s) that are the registered owners of the addresses in use, even if an address translation gateway is installed on the local network. For example, if you choose to use the Class A address block on your corporate network, then your users will never be able to access resources at Stanford University, which is the registered owner of that address block. Any attempt to connect to a host at 36.x.x.x would be interpreted by the local routers as a request for a local system. Those packets would never leave your local network.

Not all firms have the luxury of using Internet legal addresses on their hosts, for any number of reasons. There may be legacy applications that use hard-coded addresses, or there may be too many systems across an organization for a clean upgrade to be implemented cleanly.

If you do not wish to obtain Internet-legal addresses, then you should at least be aware that there are groups of "private" Internet addresses which can be used on internal networks by anyone. These address pools, set aside in RFC 1918, defines IP addresses that cannot be formally assigned to any organization, and can therefore be used by anyone on an internal-use- only basis. The Internet’s backbone routers are explicitly configured not to route packets with these addresses, meaning they are completely useless outside of an organization’s internal network. The address blocks available are listed below.

Figure B.3 "Private addresses" available for use.

Class Range of Addresses
A Any addresses in 10.x.x.x
B Any addresses in 172.16.x.x
C Networks 192.168.0.x through 192.168.255.x

Since these addresses can not be routed across the Internet, you must have an address translation gateway or firewall, or else you will not be able to communicate with any hosts on the Internet. While costly, these address translation devices are readily available from a number of vendors.

An important note here is that since nobody can use these addresses on the Internet, it is safe to assume that anybody who is using these addresses is also utilizing an IP gateway. Therefore, you will never see these addresses used as a destination on the Internet. However, if your organization establishes a private connection to a partner company who is also using these addresses, then you will encounter the same difficulties described above, and your firms will not be able to interconnect completely.

NOTE: It is always best to use formally-assigned, Internet-legal addresses whenever possible. If not possible, use one of the private address pools described above.

WARNING: You should absolutely not use random, self-assigned addresses if you can possibly avoid it.

Belgeci , 2280 belge yazmış

Cevap Gönderin