Appended is a proposal on address allocation for private
internets. It was drafted by myself and Bob Moskowitz (Chrysler Corp.).
Yakov & Bob.
P.S. The proposal incorporates comments that we received from
several people. The Acknowledgement section will be added to reflect
Address Allocation for Private Internets
Hosts within sites that use IP can be partitioned into
- hosts that do not require Internet access
- hosts that need access to a limited set of Internet
services (e.g. E-mail, FTP, netnews, remote login) which
can be handled by application layer relays
- hosts that need unlimited access (provided via IP
connectivity) to the Internet
Hosts within the first category may use IP addresses that are
unambiguous within a site, but may be ambiguous within the Internet.
For many hosts in the second category an unrestricted Internet
access (provided via IP connectivity) may be more than just
unnecessary -- it may be undesirable for privacy/security reasons.
Just like hosts within the first category, such hosts may use IP
addresses that are unambiguous within a site, but may be ambiguous
within the Internet.
Only hosts in the last category require IP addresses that are
unambiguous within the Internet.
It is common for organizations to build private internets which
have little or no hosts falling into the third category. Even if an
organization has a mixed category of hosts, in many cases within
the organization hosts in the first and the second category are
interconnected in such a way as to disable their IP level
connectivity to the Internet, and hosts in the third category
are segregated into a separate segment(s) of topology (separate
Link Layer subnetwork). Only these segments need to have IP level
connectivity to the Internet. Even if the hosts in the third category
are not segregated into a separate physical segment of topology,
such hosts can be segregated on a common (with the hosts in the first or
the second category) physical segment of topology by assigning two
distinct subnetwork numbers to the segment.
To conserve IP network address space utilization for the public
Internet, hosts within private internets that fall into the
first or the second category may take their addresses out of
the specific IP address block to be used exclusively by such
The size of the block is expected to be sufficient to accommodate
most or all of the practical situations. The reserved block consists
of three sub-blocks: a single Class A network number (X), 8 contiguous
Class B network numbers (from Y to Z), and 255 contiguous Class C
network number (from W to V).
For sites with fewer than 1,000 hosts we suggest to use addresses
out of the sub-block of Class C network numbers. For sites with more
than 10,000 hosts we suggest to use addresses out of the Class A
network number. For all other sites we suggest to use addresses out of
the sub-block of Class B network numbers. Of course, it is also possible
for a site to use addresses out of more than one sub-block
(using a mix of Class A, B, and C network numbers)
An organization that uses addresses out of the pool allocated
for private networks can be more liberal in terms of address
space utilization, as compared to the address space utilization
of the Internet-visible address space. Thus, rather than using
variable-length subnettting, a site may use fixed-length subnetting.
In many cases use of Class C network numbers may be helpful to avoid
dealing with IP subnetting altogether.
The reserved IP address block will not be routed in the Internet.
Routers in the Internet are expected to be configured to
reject (filter out) Network Layer Reachability Information
associated with the destinations identified by the address block.
If a router receives such information the rejection shall not
be treated as a routing protocol error.
Since within a single internet IP addresses have to be
unambigous, assigning IP addresses out of the block allocated
for private internets has the following implications:
- when a host that is taken its IP address from the block moves
from the first or the second category into the third one,
the host has to change its IP address.
- if several previously unconnected sites (several private internets)
that have hosts numbered out of the block decide to interconnect
(merge their internets into a single internet), this may
require changing addresses of the hosts.
Since the IP addresses within the block will not be routed in
the Internet, a host that takes its IP address from the
block will be unreachable (at the network layer) from any host
in the Internet. That offers additional firewall protection.
With the proposed scheme many large corporate sites can use a
relatively small block of addresses from the global IP address space.
That would benefit the Internet by conserving the use of IP