If IP addresses are unique, why is it so many routers have the address 192.168.1.1?
An IP address is not necessarily an "identity on the internet", it is just a unique address assigned to a specific network card on an IP network. The internet is one big network, and so anything on it (that has an IP address) has a unique address, and so the IP address can be considered its identity.
Your router is on the internet, and so it has an IP address unique to it.
Anything on the inside of your network is not on the internet, it is on your LAN, an entirely separate network, with its own address space. Anything on your LAN must have a unique (within the LAN) IP address to participate properly with your local network.
Anyone else who has a LAN is also not part of the internet, and not part of your network, and so can use the same addresses you do.
In order for your LAN devices to talk to the internet, their outgoing traffic has the source address changed to match that of the internet IP address of the router. The router keeps track of this, and makes sure any response traffic gets sent to the right internal machine. This is called Network Address Translation.
Imagine that your router at home has the address 192.168.1.1
and your PC has the address 192.168.1.100
. Then another router at your friend's house also has the address 192.168.1.1
and his PC has the address 192.168.1.100
.
Addresses that begin with 10
, 172.16 - 172.31
or 192.168
are referred to as private range addresses (class A, B and C). These addresses are used in a limited area of the Internet, namely within your own local network (LAN) at home which you have control over. They don't need to be registered. Internet service providers usually use different address range, and the addresses they use are registered with an Internet authority.
In the example above your public address might be 109.240.120.13
and your friends public address might be 83.42.112.110
. These are the addresses that you and your friend use on the Internet, and they are unique.
Well, that's an interesting thing indeed. Let's go back from the 192.168.x.y for a while and back to the time when internet was mostly used by universities and institutes. There were unique ip addresses, like you said an "indentity". If you were the network admin of a university and though, "well, i think we should be part of the internet" then you could order some at the IANA (https://www.iana.org/). For example, a class-B-network, that means you get an address range like 34.172.0.0 to 34.172.255.255. Now you could assign them as you wished to the computers at your university and they could take part on the internet, everything was fine.
More and more people got access to the internet, for example some businesses. ISPs (internet service providers) came up. They buy a certain range of IPs and sell them to other people. Not long time ago, the common approach if you wanted your business to be connected to the internet was: "i need 20 ips for the marketing, 50 for r&d and 40 for the production, so let's order 110 ips". And this yet worked fine.
Okay, now let's say you have 4 computers at home. They create a small LocalAreaNetwork, a LAN. This is your personel network, and they are not yet connected to the internet whichs means they don't need world-wide unique addresses but local, unique addresses. There is a certain ip range for this purpose, and 192.168.x.y is commonly used for this. This means: In your own private network every pc has a local unique IP address. They now can communicate with each other, no problems. But now you'd like them to be connected to the internet. If we do it as described above, we would go to our ISP and order 4 world-wide unique IPs. Okay. But we have already our LAN and every computer there has its own local ip already. It would not be nice to change all these to world-wide ones. So there's a nice technique called "NAT", which means NetworkAddressTranslation. Every computer keeps his local ip. And in your router (which commonly also implements a NAT) you assign each local ip to a global ip in a NAT table. Now what is going on here? If PC1 with 192.168.0.101 would like to connect to google.com, it sends a request to its main gateway ("routing" is the keyword here, but i'll not explain this here) to be connected to that server. (Your router is connected to your local network with its LAN ip on the one side and to the internet with your 4 global IPs on the other side) Of course google.com is in the WAN, the internet. So the NAT now does the following: It takes the local ip and translates it to a global ip as once assinged in the NAT table. The translation could be like "192.168.0.101 <-> 33.134.10.51". So a request from 33.134.10.51 is sent to google.com. The answer comes back to 33.134.10.51 (to the NAT) and is translated back to 192.168.0.101 and thus sent to your computer. So now all your computers have local and a global IP (but this one is only stored in the NAT and used for world-wide communication).
But with more and more people getting internet access, the pool of free IPs decreased rapidely. There were too many computers for too less IPs. So what can we do? The answer is PAT (port and network translation). It works like an extended NAT. Nowadays, you go to your ISP and order one IP address, eg 90.80.70.10. You have your small LAN at home with 4 PCs. They all got their unique LAN address. Now the magic happens: Your router (with the NAT / PAT in it) is as before connected to the LAN, but to the WAN not longer with 4, but with only this one IP address.
You must know that most communication protocols nowadays use IPs and ports. A connection between a computer and a webserver over TCP ip is like the following: PC1:12345 -> Webserver:80 Webserver:80 -> PC1:12345
PC1:12346 -> Webserver2:80 Webserver2:80 -> PC1:12346 Note that through the use of ports two different connections can be managed (PC1 is connected to webserver one with port 12345 and to webserver2 with port 12346).
So now what happens in your network? Your pc sends a request like 192.168.0.101:12345 -> google.com:80. The NAT/PAT translates this to 90.80.70.10:10001 -> google.com:80. It saves the translation (192.168.0.101:12345 <-> 90.80.70.10:10001) in its memory. The answer comes back: google.com:80 -> 90.80.70.10:10001. The NAT knows how to translate this back and the packet google.com:80 -> 192.168.0.101:12345 comes to your computer. Works fine. But the interesting thing is: You have a second computer: 192.168.0.102. With this, you also like to connect to google. The process again is 192.168.0.102:12345 -> google.com:80 which is translated by the NAT/PAT now to 90.80.70.10:10002 -> google.com:80. This translation is also saved, note that another port was used so the NAT can distinguish the answers: google.com:80 -> 90.80.70.10:10002 goes back to google.com:80 -> 192.168.0.102:12345 and to your second PC.
To conclude, with this technique you can have a huge number of PC in your local network with 192.168.x.y - they can communicate in this LAN normally - and one external global unique IP used for the outer side of your router. And all of your PCs can communicate with the internet because their requests are seperately translated to different ports on the outer router side so the answer can be tranlated back.
I hope this helped you, feel free to ask more! :) This theme is indeed very interesting!
RFC 1918 defines 3 ranges of IP addresses that are "private", for use internally within any given organization. These ranges are 10.0.0.0/8, 172.16.0.0/16, and 192.168.0.0/16.
You will note that while many routers use these address ranges for their internal LAN networks, the router WAN interface is assigned a unique publically-routable IP address. when users of the internal network access the internet, they masquerade as the router's public address, using NAT.
Every IP Address is accompanied with the subnet mask. This subnetmask determines how large your network is from ranges you can access
to ranges you can't access
.
Basically, the subnetmask in a home situation is 255.255.255.0 which means that with a 192.168.0.1-255 network, the first numbers must always be the same in order to access that portion of the network. So 192.168.0.1 can see 192.168.0.2 but not 192.168.1.1 because the 3rd octed of the subnetmask is 255, not anything else.
So your computer can only access addresses of 192.168.0.x
Your router is also in this range, so your computer can access this address as well. Your router however makes a 2nd connection through your modem to the internet, and gets an IP address from the internet, for example: 123.45.67.89 with subnetmask 255.255.254.0 which places your internet connection inside a group of computers on the internet. Your internet provider has a router just like you have at home (well they have more, but thats not the point) which connects their internet selection with hubs, and through hubs, the whole internet eventually reaches eachother.
So long story short, by how the subnetmask is set, it determines what you can access, but changing your subnetmask to 0.0.0.0 does not mean you can reach the internet without needing an internet provider. But given that this is an advanced topic, I tried to keep it as simple as possible.