• Choose a category
• All
• Classic-Fiction

Only ISPs who allocate significant amounts of address space per year are eligible to apply to ARIN for IP address space. All other sites must apply to their ISP.

Only network numbers are formally assigned; sites must define their own host numbers to form complete IP addresses. You can subdivide the address space given to you however you like.

Administratively, ICANN (the Internet Corporation for Assigned Names and Numbers) has delegated blocks of addresses to three regional Internet registries, and these regional authorities are responsible for doling out subblocks to ISPs within their regions (see Table 13.6). These ISPs in turn divide up their blocks and hand out pieces to individual clients. Only large ISPs should ever have to deal directly with one of the ICANN-sponsored address registries.

Table 13.6 Regional IP address registries

The delegation from ICANN to ARIN, RIPE, and APNIC and then on to national or regional ISPs has allowed for further aggregation in the backbone routing tables. ISP customers who have been allocated address space within the ISP’s block do not need individual routing entries on the backbone. A single entry for the aggregated block that points to the ISP suffices.

Originally, address space was not very fairly allocated. The U.S. government reserved about half the address space for itself and gave relatively small blocks to Europe and Asia. But Europe and Asia managed their address space much more wisely than we did in the United States. The address space map at

http://www.caida.org/outreach/resources/learn/ipv4space

illustrates this fact quite effectively, showing the IP address space as a whole, the portions that have been allocated, the portions that are routed (and therefore reachable), and the addresses for which traffic has been observed at a couple of major exchange points in the United States.

Private addresses and NAT

Another temporary solution to address space depletion is the use of private IP address spaces, described in RFC1918. In the CIDR era, sites normally obtain their IP addresses from their Internet service provider. If a site wants to change ISPs, it may be held for ransom by the cost of renumbering its networks. The ISP gave it the address space as long as it was a customer. If the site now wants to choose a different ISP, it will have to convince the old ISP to let it have the addresses and also convince the new ISP to make the routing work correctly to the new location with the old addresses. Typically, ISPs don’t want to bother with these issues and will require customers to renumber.

One alternative to using ISP-assigned addresses is to use private addresses that are never shown to your ISP. RFC1918 sets aside one class A network, 16 class B networks, and 256 class C networks that will never be globally allocated and can be used internally by any site. The catch is that packets bearing those addresses must never be allowed to sneak out onto the Internet. You should filter them at your border router just to make sure. If some packets slip by, you should track down the misconfigurations that allowed them to escape.

Table 13.7 shows the network numbers reserved for private addressing. (The “CIDR range” column shows the range for each class in the more compact CIDR notation; it does not add any additional information.)

Table 13.7 IP addresses reserved for private use

Sites can choose from this set the size of network that best fits their organization.

To allow hosts that use these private addresses to talk to the Internet, the site’s border router runs a system called NAT (Network Address Translation). NAT intercepts packets addressed with these internal-only addresses and rewrites their source addresses, using a real external IP address and perhaps a different source port number. It also maintains a table of the mappings it has made between internal and external address/source-port pairs so that the translation can be performed in reverse when answering packets arrive from