a proposal

yakov at watson.ibm.com yakov at watson.ibm.com
Fri Jan 28 18:09:27 UTC 1994


Folks,
Appended is a proposal on address allocation for private
internets. It was drafted by myself and Bob Moskowitz (Chrysler Corp.).
Yakov & Bob.
P.S. The proposal incorporates comments that we received from
several people. The Acknowledgement section will be added to reflect
their contributions.
--------------------------------cut here--------------------------------



    Address Allocation for Private Internets


  Hosts within sites that use IP can be partitioned into
  three categories:

    - hosts that do not require Internet access

    - hosts that need access to a limited set of Internet
      services (e.g. E-mail, FTP, netnews, remote login) which
      can be handled by application layer relays

    - hosts that need unlimited access (provided via IP
      connectivity) to the Internet

  Hosts within the first category may use IP addresses that are
  unambiguous  within a site, but may be ambiguous within the Internet.

  For many hosts in the second category an unrestricted Internet
  access (provided via IP connectivity) may be more than just
  unnecessary -- it may be undesirable for privacy/security reasons.
  Just like hosts within the first category, such hosts may use IP
  addresses that are unambiguous within a site, but may be ambiguous
  within the Internet.

  Only hosts in the last category require IP addresses that are
  unambiguous within the Internet.

  It is common for organizations to build private internets which
  have little or no hosts falling into the third category. Even if an
  organization has a mixed category of hosts, in many cases within
  the organization hosts in the first and the second category are
  interconnected in such a way as to disable their IP level
  connectivity to the Internet, and  hosts in the third category
  are segregated into a separate segment(s) of topology (separate
  Link Layer subnetwork). Only these segments need to have IP level
  connectivity to the Internet. Even if the hosts in the third category
  are not segregated into a separate physical segment of topology,
  such hosts can be segregated on a common (with the hosts in the first or
  the second category) physical segment of topology by assigning two
  distinct subnetwork numbers to the segment.

  To conserve IP network address space utilization for the public
  Internet, hosts within private internets that fall into the
  first or the second category may take their addresses out of
  the specific IP address block to be used exclusively by such
  hosts.

  The size of the block is expected to be sufficient to accommodate
  most or all of the practical situations. The reserved block consists
  of three sub-blocks: a single Class A network number (X), 8 contiguous
  Class B network numbers (from Y to Z), and 255 contiguous Class C
  network number (from W to V).

  For sites with fewer than 1,000 hosts we suggest to use addresses
  out of the sub-block of Class C network numbers. For sites with more
  than 10,000 hosts we suggest to use addresses out of the Class A
  network number. For all other sites we suggest to use addresses out of
  the sub-block of Class B network numbers. Of course, it is also possible
  for a site to use addresses out of more than one sub-block
  (using a mix of Class A, B, and C network numbers)

  An organization that uses addresses out of the pool allocated
  for private networks can be more liberal in terms of address
  space utilization, as compared to the address space utilization
  of the Internet-visible address space. Thus, rather than using
  variable-length subnettting, a site may use fixed-length subnetting.
  In many cases use of Class C network numbers may be helpful to avoid
  dealing with IP subnetting altogether.

  The reserved IP address block will not be routed in the Internet.
  Routers in the Internet are expected to be configured to
  reject (filter out) Network Layer Reachability Information
  associated with the destinations identified by the address block.
  If a router receives such information the rejection shall not
  be treated as a routing protocol error.

  Since within a single internet IP addresses have to be
  unambigous, assigning IP addresses out of the block allocated
  for private internets has the following implications:

    - when a host that is taken its IP address from the block moves
      from the first or the second category into the third one,
      the host has to change its IP address.

    - if several previously unconnected sites (several private internets)
      that have hosts numbered out of the block decide to interconnect
      (merge their internets into a single internet), this may
      require changing addresses of the hosts.

  Since the IP addresses within the block will not be routed in
  the Internet, a host that takes its IP address from the
  block will be unreachable (at the network layer) from any host
  in the Internet.  That offers additional firewall protection.

  With the proposed scheme many large corporate sites can use a
  relatively small block of addresses from the global IP address space.
  That would benefit the Internet by conserving the use of IP
  address space.





More information about the NANOG mailing list