1 Private Networks

A private network is designed for use inside an organization. It allows access to shared resources and, at the same time, provides privacy. Before we discuss some aspects of these networks, let us define two commonly used, related terms: intranet and extranet.

Intranet

An intranet is a private network (LAN) that uses the Internet model. How-ever, access to the network is limited to the users inside the organization. The network uses application programs defined for the global Internet, such as HTTP, and may have Web servers, print servers, file servers, and so on.

Extranet

An extranet is the same as an intranet with one major difference: Some resources may be accessed by specific groups of users outside the organization under the control of the network administrator. For example, an organization may allow authorized customers access to product specifications, availability, and online ordering. A university or a college can allow distance learning student’s access to the computer lab after passwords have been checked.

Addressing

A private network that uses the Internet model must use IP addresses. Three choices are available:

 

    1. The network can apply for a set of addresses from the Internet authorities and use them without being connected to the Internet. This strategy has an advantage. If in the future the organization decides to be connected to the Internet, it can do so with relative ease. However, there is also a disadvantage: The address space is wasted in the meantime.

 

    1. The network can use any set of addresses without registering with the Internet authorities. Because the network is isolated, the addresses do not have to be unique. However, this strategy has a serious drawback: Users might mistakenly confuse the addresses as part of the global Internet.

 

To overcome the problems associated with the first and second strategies, the Internet authorities have reserved three sets of addresses, shown in Table.

     Prefix

Range

Total

10/8

10.0.0.0 to 10.255.255.255

224

172.16/ 12

172.16.0.0 to 172.31.255.255

220

192.168/ 16

192.168.0.0 to 192.168.255.255

216

Any organization can use an address out of this set without permission from the Internet authorities. Everybody knows that these reserved addresses are for private networks. They are unique inside the organization, but they are not unique globally. No router will forward a packet that has one of these addresses as the destination address.

Achieving Privacy

To achieve privacy, organizations can use one of three strategies: private networks, hybrid networks, and virtual private networks.

Private Networks An organization that needs privacy when routing information inside the organization can use a private network as discussed previously. A small organiza­tion with one single site can use an isolated LAN. People inside the organization can send data to one another that totally remain inside the organization, secure from outsiders. A larger organization with several sites can create a private internet. The LANs at different sites can be connected to each other by using routers and leased lines. In other words, an internet can be made out of private LANs and private WANs. Figure shows such a situation for an organization with two sites. The LANs are connected to each other by routers and one leased line.

In this situation, the organization has created a private internet that is totally isolated from the global Internet. For end-to-end communication between stations at different sites, the organization can use the Internet model. However, there is no need for the organization to apply for IP addresses with the Internet authorities. It can use private IP addresses. The organization can use any IP class and assign network and host addresses internally. Because the internet is private, duplication of addresses by another organization in the global Internet is not a problem.

How Private Network Addresses Work?

For example, if I had 6 computers that I wanted to network, I might number them from 172.16.0.1 up to 172.16.0.6 and this would still leave over a million more addresses that I could use if I were to buy some more computers or if I was networking a large office and needed lots and lots of addresses.

These blocks of addresses can be used by anyone, anywhere - even if your neighbor is using the exact same addresses this won't cause a problem. This is possible because these addresses are known as "non-Routable addresses" and the devices on the internet that move data from one place to another are specially programmed to recognize these addresses. These devices (known as routers) will recognize that these are private addresses belonging to your network and will never forward your traffic onto the Internet so for your connection to work; you will always require at least one real address from the general pool so that your home router can perform what is known as "Network Address Translation".

NAT is a process where your router changes your private IP Address into a public one so that it can send your traffic over the Internet, keeping track of the changes in the process. When the information comes back to your router, it reverses the change back from a real IP Address into a private one and forwards the traffic back to your computer.

Private addresses and NAT is what makes your home router work and by using them, anyone is able to connect as many computer's as they wish to the Internet without having to worry about running out of addresses and this gives everyone many more years until all the available addresses are used up.