Jump to content

What is the point of private IP

shift8
By shift8
in Networking
 Share
Go to solution Solved by Alex Atkin UK,
28 minutes ago, shift8 said:

So my understanding is that you have a public IP and then each device on network has a private IP, and then also Mac address that is unique to each piece of hardware produced. 

 

If external traffic incoming and outgoing only used the public IP and port number, why do I even need private IP for single devices. Instead of having the routing table labeling packets to the correct private IP and port, just log them as Mac address as port.

 

Sorry if this is a dumb question but I'm not understanding why if every device has a unique hardware ID a private network needs to assign them all an entirly new set of ID that only the router and devices on that network can see. 

Because (as I understand it) IP networking was never really designed with the idea that you would connect a private network to a public one, NAT is a hack to make that work.

 

Back in the day, any client you wanted on the Internet would have its own public IP.  Then it was realised as more and more devices needed Internet access, this was no longer practical and also made security a nightmare.  Businesses with leased line would have dedicated firewalls to block incoming unsolicited traffic, then we migrated to actual NAT routers that could firewall and allow private IP addresses within the business, so free up IPv4 addresses.

 

IPv6 was designed differently to get around this, every IPv6 device should have a public IP address but your router will firewall the traffic so incoming connections are denied unless you specifically permit them.

Posted

So my understanding is that you have a public IP and then each device on network has a private IP, and then also Mac address that is unique to each piece of hardware produced. 

 

If external traffic incoming and outgoing only used the public IP and port number, why do I even need private IP for single devices. Instead of having the routing table labeling packets to the correct private IP and port, just log them as Mac address as port.

 

Sorry if this is a dumb question but I'm not understanding why if every device has a unique hardware ID a private network needs to assign them all an entirly new set of ID that only the router and devices on that network can see. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution
28 minutes ago, shift8 said:

So my understanding is that you have a public IP and then each device on network has a private IP, and then also Mac address that is unique to each piece of hardware produced. 

 

If external traffic incoming and outgoing only used the public IP and port number, why do I even need private IP for single devices. Instead of having the routing table labeling packets to the correct private IP and port, just log them as Mac address as port.

 

Sorry if this is a dumb question but I'm not understanding why if every device has a unique hardware ID a private network needs to assign them all an entirly new set of ID that only the router and devices on that network can see. 

Because (as I understand it) IP networking was never really designed with the idea that you would connect a private network to a public one, NAT is a hack to make that work.

 

Back in the day, any client you wanted on the Internet would have its own public IP.  Then it was realised as more and more devices needed Internet access, this was no longer practical and also made security a nightmare.  Businesses with leased line would have dedicated firewalls to block incoming unsolicited traffic, then we migrated to actual NAT routers that could firewall and allow private IP addresses within the business, so free up IPv4 addresses.

 

IPv6 was designed differently to get around this, every IPv6 device should have a public IP address but your router will firewall the traffic so incoming connections are denied unless you specifically permit them.

Router:  Intel N100 (pfSense) WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz)
WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz) Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~800Mbit down, 115Mbit up)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Because they're two different things. MAC addresses are physical addresses, used by network hardware to shuffle packets around. IP addresses are a logical construct for containing and directing traffic.

 

There are only 4,294,967,296 IPv4 addresses, including special-use addresses, loopback addresses, broadcast addresses, etc. Way back in the days of old, large chunks of IP addresses were sold off to large corporations or allocated to the military. This became a problem as the Internet gained popularity outside of universities and institutions; we were literally running out of IP addresses. NAT and private address space are a workaround to allow more than 4,294,967,296 devices to connect to the Internet.

 

To throw even more legacy cruft at you, some early networking standards don't use MAC addresses like Ethernet does, or don't care if multiple devices on the same network have identical MAC addresses (like Token Ring), but they can still carry TCP/IP.

I sold my soul for ProSupport.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 hours ago, Needfuldoer said:

Because they're two different things. MAC addresses are physical addresses, used by network hardware to shuffle packets around. IP addresses are a logical construct for containing and directing traffic.

 

There are only 4,294,967,296 IPv4 addresses, including special-use addresses, loopback addresses, broadcast addresses, etc. Way back in the days of old, large chunks of IP addresses were sold off to large corporations or allocated to the military. This became a problem as the Internet gained popularity outside of universities and institutions; we were literally running out of IP addresses. NAT and private address space are a workaround to allow more than 4,294,967,296 devices to connect to the Internet.

 

To throw even more legacy cruft at you, some early networking standards don't use MAC addresses like Ethernet does, or don't care if multiple devices on the same network have identical MAC addresses (like Token Ring), but they can still carry TCP/IP.

Adding to this:

MAC addresses are a layer 2 construct for getting packets on the same segment from point A to point B. Switches use MAC addresses to forward traffic (I won't talk about L3 switches which can do routing as well)

IP addresses are a layer 3 construct and get packets between different segments. Routers use IP addresses to forward traffic.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×