Private and Public IPv4 Addresses

Recall from Chapter 1 that the IP address space is divided into public and private spaces. Private addresses are reserved IP addresses that are to be used only internally within a company's network, not on the Internet. Private addresses must therefore be mapped to a company's external registered address when sending anything on the Internet. Public IP addresses are provided for external communication. Figure 6-1 illustrates the use of private and public addresses in a network.

IP Addressing in the

Figure 6-1 Private and Public Addresses Can Be Used in a Network

Figure 6-1 Private and Public Addresses Can Be Used in a Network

RFC 1918, Address Allocation for Private Internets, defines the private IP addresses as follows:

The remaining addresses are public addresses.

Private Versus Public Address Selection Criteria

Very few public IP addresses are currently available, so Internet service providers (ISPs) can assign only a subset of Class C addresses to their customers. Therefore, in most cases, the number of public IP addresses assigned to an organization is inadequate for addressing their entire network.

The solution to this problem is to use private IP addresses within a network and to translate these private addresses to public addresses when Internet connectivity is required. When selecting addresses, the network designer should consider the following questions:

■ Are private, public, or both IP address types required?

■ How many end systems need only access to the public network? This is the number of end systems that need a limited set of external services (such as e-mail, file transfer, or web browsing) but do not need unrestricted external access. These end systems do not have to be visible to the public network.

■ How many end systems must have access to and be visible to the public network? This is the number of Internet connections and various servers that must be visible to the public network (such as public servers and servers used for e-commerce, such as web servers, database servers, and application servers) and defines the number of required public IP addresses. These end systems require globally unambiguous IP addresses.

■ Where will the boundaries between the private and public IP addresses be, and how will they be implemented?

Interconnecting Private and Public Addresses

According to its needs, an organization can use both public and private addresses. A router or firewall acts as the interface between the network's private and public sections.

When private addresses are used for addressing in a network and this network must be connected to the Internet, Network Address Translation (NAT) or Port Address Translation (PAT) must be used to translate from private to public addresses and vice versa. NAT or PAT is required if accessibility to the public Internet or public visibility is required.

Static NAT is a one-to-one mapping of an unregistered IP address to a registered IP address. Dynamic NAT maps an unregistered IP address to a registered IP address from a group of registered IP addresses. NAT overloading, or PAT, is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different port numbers. As shown in Figure 6-2, NAT or PAT can be used to translate the following:

■ One private address to one public address: Used in cases when servers on the internal network with private IP addresses must be visible from the public network. The translation from the server's private IP address to the public IP address is defined statically.

■ Many private addresses to one public address: Used for end systems that require access to the public network but do not have to be visible to the outside world.

■ Combination: It is common to see a combination of the previous two techniques deployed throughout networks.

Figure 6-2 Private to Public Address Translation


Many to One

One to One

One to One

Private—Public Visibility Needed

Private—Access to Public Network

Private—Public Visibility Needed

No Translation


No Translation

NOTE As mentioned, the addresses typically used on internal networks are private addresses, and they are translated to public addresses. However, NAT and PAT can be used to translate between any two addresses.

For additional details about NAT and PAT, see Appendix D, "Network Address Translation."

Guidelines for the Use of Private and Public Addresses in an Enterprise Network

As shown in Figure 6-3, the typical enterprise network uses both private and public IP addresses.

Private IP addresses are used throughout the Enterprise Campus, Enterprise Branch, and

Enterprise Teleworker modules. The following modules include public addresses:

■ The Internet Connectivity module, where public IP addresses are used for Internet connections and publicly accessible servers.

■ The E-commerce module, where public IP addresses are used for the database, application, and web servers.

■ The Remote Access and virtual private network (VPN) module, the Enterprise Data Center module, and the WAN and metropolitan-area network (MAN) and Site-to-Site VPN module, where public IP addresses are used for certain connections.

Figure 6-3 Private and Public IP Addresses Are Used in the Enterprise Network

Enterprise Campus

Server Farm

Enterprise Edge

Enterprise Campus

Building Access

& £


Building Distribution


Campus Core


Server Farm


Was this article helpful?

0 0
Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook

Post a comment