Why are home networks prefixed with 192.168?

Why are home networks prefixed with 192.168 ?

Why those numbers?

For some historical reasons?


Solution 1:

The short answer

An Internet spec called RFC 1918 reserved a few blocks of addresses for "private" networks, which is what you should use when you don't have enough public, routable IP addresses to go around. 192.168/16 was one of those blocks.

The long answer (and then some)

Back in the good old days, everything on the Internet got its own public, routable, "real" IP address that almost never needed to change. It was awesome because anytime you wanted to run some cool new app that implemented some new protocol, or set up your own server at home that was reachable anywhere, you could just run the software and not worry about network address translation (NAT) port forwarding/mapping or ALGs or DMZs or trigger ports or hairpinning. The engineers writing the software also didn't have to become experts in NAT traversal issues just to make their cool idea work out.

But the Internet Assigned Numbers Authority started worrying that they would run out of addresses too quickly, so they made it harder for ISPs to get addresses. So ISPs made it harder for customers to get addresses. By the time home broadband and home networks really started catching on, it had become common practice to give each household just a single public IP address (and even that's about to go away soon). So if you wanted to get more than one machine in your household onto the Internet, you had to run a NAT gateway that fakes like all the machines on your home network are actually sharing the same single public IP address. But all those other machines on your home network needed their own private IP addresses to use to talk to the NAT gateway, and an earlier Internet Engineering Task Force specification called RFC 1918 had defined a few blocks of IP addresses that could be used for private networks like that:

10/8 (10.0.0.0 through 10.255.255.255)
172.16/12 (172.16.0.0 through 172.31.255.255)
192.168/16 (192.168.0.0 through 192.168.255.255)

NAT actually breaks a very important Internet design principle called End to End. Hopefully we'll be able to get back to uninhibited End-to-End connectivity as we move to IPv6. IPv6 has an address space so big we ought never be able to run out, so we should never need NATs on IPv6. It'll hopefully re-open the door to a lot of innovative protocols that are a bit hard to write when all of the machines that would like to use the protocols are behind arbitrary numbers of differently-implemented NATs that manage to break things in lots of different, often subtle ways.

Solution 2:

It is a private block of IPs that aren't allowed to be routed on the public Internet and are reserved for internal use to be NATed to the outside world. The document that defines this is RFC 1918, which is enforced by IANA.

The blocks of private-use IPv4 addresses are:

 10.0.0.0 /8     (any address beginning with 10.x.x.x)
 192.168.0.0 /16 (any address beginning with 192.168.x.x)
 172.16.0.0 /12  (any address beginning with 172.16.x.x through 172.31.x.x)

Solution 3:

the short answer is, really, we don't know.

having special range(s) of addresses available for local networks is a useful idea, obviously.

and rfc 1918 may have specified them, but didn't explain why those particular ranges of addresses were assigned, rather than any other. (i.e. 192.168.x.y is not inherently different than 193.169.x.y, except that it is agreed by convention to be used as "private". it could just as easily have been any range of addresses.)

0.x.y.z or 255.x.y.z might have been more obvious choices, but may not have been available. so we're left using a random bunch of meaningless numbers.

Solution 4:

Each computer in a network has an address to identify itself. In a network someone assigns an address to each computer making sure that there are no duplicates. Internets are inter connected networks. When two networks want to be connected the identifying addresses need to be unique across both of the networks now. If you have a network, an internet or any collection of these you may use whatever scheme you want for assigning the addresses. But, if you want to connect these to THE Internet you will need to only use addresses for your machines that are not being used by the others in the rest of the Internet. There exist ways to get address for this purpose.

The reason 192.168 exists is so that you do not need to ask someone else for an address. You can pick ones that start with 192.168 and there will be not conflict with any one else because those addresses may only used in your network(s) and are not used by some outside your network to reference your machines. They also may use the 192.168 addresses for machine inside there network that you will not be able to see so they will not conflict with your 192.168 addresses.

This speaks to question where the 192.168 came from but not why they are used for home computers that ARE connected to the Internet. There became a shortage of addresses to hand out for computers on the Internet. So, rather than permanently assigning an address to each computer a temporary address was assigned by your ISP while your modem was connected and they used the number for some one else when you would disconnect. This way a number could be shared by dozens of customers.

When homes starting having multiple computers such that they became their own networks rather just a computer on the ISP's network the 192.168 scheme was used for the home networks and the ISP, hardware and software handled all of the magic to convert your internal not Internet accessible address, 192.168, into one that is shared by all of the computers in your home network. They all look like one just computer to the outside networks.

Solution 5:

As noted 198.168.0.0/16 is a private address range. This range is typically used for small networks, so it has become the default for home routers to use. As discussed below, this provides a measure of security.

169.254.0.0/16 has been set aside for self-configured addresses. These are used by zeroconf and bonjour to configure an address when an address is not otherwise available. Systems using these addresses may still have access to the Internet if they can discover a proxy in this address range.

While end-to-end is a good design principle, it can be a bad security principle. In the old days, the system administrators worked in a web of trust, and there was little concern for viruses, worms, and the like. Times have changed.

In practice, most networks consist of a large number of machines that should never be directly accessible from the Internet, and a few which need to be. By placing those machines which do not need to be addressable from the Internet on a private network address, they are automatically secured from the internet. Many organizations have moved most machines from public to private addresses even when they have the public addresses available.

Machines with addresses on a private address need to have assistance to access the Internet. Home routers provide NAT (network address translation) to map the machine to a valid Internet address. They may provide a firewall to limit which ports on the Internet can be accessed, and may also allow a machine to be designated a DMZ server.

Larger organizations will have mail servers and web proxies in a DMZ (demilitarized zone) which has limited access into the organization's network. These machines may have a valid Internet address or may use NAT to access the network. NAT may also be used to allow machines on private addresses access to some or all services on the Internet. In any case, they will likely use one or more firewalls to separate the Internet, DMX, and internal network.