Stupid conceptual question about private networks and routing

jscimeca715

I believe that my question is rooted in the fact that I'm not thinking on a big enough scale. If you are using private networks (i.e. 192.168.1.0, 192..168.2.0) for your company how does the Cisco router know to route those packets? The standards say that private networks are not internet routable. If I'm on subnet 192.168.1.0 and need to send to a host on 192.168.2.0 why is the router allowed to do that? Does this make sense? How does the router know what "internet routable," is? Writing this question and reading it back makes me feel incredibly stupid but it's something that has been bugging me.

networker050184

The router has no concept of private addressing. The internet will route private addressing also but its filtered manually. Its all ones and zeros to the router.

xwesleyxwillisx

The IANA designates the 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8 blocks for private use only. What this means is these "private networks" will never be assigned. Because of this, you should never see traffic sourced from any of these addresses. As networker said, they are filtered out.

In addition, there are other unallocated (but not private, could be allocated in the future) blocks that are also filtered and should not be seen on the Internet.

I think your problem is indeed "thinking too small". To get a better idea of what we're talking about, read up on the IANA...

Specifically, here is a (maybe not current) list of IPv4 addresses:

IANA IPv4 Address Space Registry

sandman748

jscimeca715 wrote: »

I believe that my question is rooted in the fact that I'm not thinking on a big enough scale. If you are using private networks (i.e. 192.168.1.0, 192..168.2.0) for your company how does the Cisco router know to route those packets? The standards say that private networks are not internet routable. If I'm on subnet 192.168.1.0 and need to send to a host on 192.168.2.0 why is the router allowed to do that? Does this make sense? How does the router know what "internet routable," is? Writing this question and reading it back makes me feel incredibly stupid but it's something that has been bugging me.

Private addressing only becomes an issue if you are trying to route outside of your local network. The only reason private addresses aren't routable over the internet is that several companies are all using the same private addresses. This is not a factor in your local network.

It's much like your personal routers at home. All your computers are using local private IP addresses (e.g. 192.168.1.101). Your router has a local and a global ip address(e.g. 64.24.13.129). The global one is the one you're getting from your ISP.

When one of your computers sends a packet to the internet, your router will convert the computer's local IP address to the router's global one so that it can be sent out. So instead of seeing 192.168.1.101, internet routers will see 64.24.13.129 and can route to and from your router.

Look up NAT (Network Address Translation), its basically what makes private addressing work.

Forsaken_GA

there have been instances of RFC1918 addresses leaking out into the public internet, but that will usually get you depeered until you fix your stuff. The majority of network operators also have filters in place so that they simply won't accept those routes when they're announced from outside their own AS. Once you start studying BGP and route filtering, it'll make a little more sense.

mzinz

Like mentioned above, the router has no concept of "private" or "public" addresses.

If you try to send private traffic to your ISP, it would be filtered out via ACL. They just don't accept traffic which was sourced from a private network.

jscimeca715

So, if I have two branch offices that I want to connect without using public IP's would it be more efficient to use a Frame Relay service? Two cable connections and a VPN? Any thoughts on this?

/usr

It depends on what you mean by more efficient and what your goals are. If you just want connectivity as cheaply as possible, a VPN would be much cheaper than Frame Relay. They'll both accomplish the goal of connecting the offices, but you're still technically using a static IP for cable VPN, you're just not using it in your addressing scheme.

I'm not sure what the real question was here...

jscimeca715

/usr wrote: »

It depends on what you mean by more efficient and what your goals are. If you just want connectivity as cheaply as possible, a VPN would be much cheaper than Frame Relay. They'll both accomplish the goal of connecting the offices, but you're still technically using a static IP for cable VPN, you're just not using it in your addressing scheme.

I'm not sure what the real question was here...

However, if I use Frame Relay I can keep it within the private network I've been using correct? I'll still need a public IP address at both offices to get internet...or can I use NAT at only one? OMG...there's blood coming out of my ears!!!!!! Hits keyboard....head explodes.

dtlokee

VPN - virtual private network. In short what the VPN does when it sends the packets from your private network across the internet is to add a new header with the public ip addresses of the VPN endpoints (routers/firewalls/VPN concentrators or whatever you are using). This prevents the routers on the internet from seeing the private addresses inside the new outer header, when the packet reaches the destination VPN device the header is stripped off and the inner private address is now again available for routing in the remote site.

thenjduke

Look at Nat and also look at Rip if you are routing to only internal network.

Neeko

jscimeca715 wrote: »

However, if I use Frame Relay I can keep it within the private network I've been using correct? I'll still need a public IP address at both offices to get internet...or can I use NAT at only one? OMG...there's blood coming out of my ears!!!!!! Hits keyboard....head explodes.

I know what it's like, things just get tangled sometimes. I suggest you slow down a bit, stop thinking about too much at once, especially frame relay, VPNs etc.

Just get your head clear on private and public addressing, IP routing and NAT, Then work from there. The picture is too big to digest in one hit, break it down and it will become clearer.

jscimeca715

Neeko wrote: »

I know what it's like, things just get tangled sometimes. I suggest you slow down a bit, stop thinking about too much at once, especially frame relay, VPNs etc.

Just get your head clear on private and public addressing, IP routing and NAT, Then work from there. The picture is too big to digest in one hit, break it down and it will become clearer.

I understand all of that stuff that you mentioned and have decided that the big picture it TOO big. Sometimes you get off on a tangent studying (me for ICND2) and with all this knowledge you have you think....man....maybe I can diagram the whole Internet!