The bits that are ignored can take on any value, and the result is that a range of networks are assumed. If one or more of the networks in that range are not part of the CIDR block (e.g., that network address is being used by somebody else), it is still advertised as part of the range of addresses in that block. 268 CHAPTER 6 Addressing and Routing Architecture 1 1 0 0 0 0 0 0 0 1 0 1 1 1 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Network Address (Decimal) 192 92 240 0 Network Address (Binary) Result: One Network 23 1 Bit Ignored Result: Two Networks (Can Be 0 or 1) (192.92.240.0 and 192.92.241.0) 2 Bits Ignored (Can Be 00, 01,10, or 11) Result: Four Networks (192.92.240.0, 192.92.241.0, 192.92.242.0, 192.92.243.0) 22 24 (Natural Mask) FIGURE 6.11 The Address Prefix Size Determines the CIDR Block Size For example, the advertisement 200.1.128.017 is equivalent to a range of 27 or 128 networks, from 200.1.128.0 to 200.1.255.0. If one of these addresses, say 200.1.200.024, is already allocated to another customer, it is still included in the advertisement 200.1.128.017. Does this mean that advertisements cannot have any such “holes” in them? No. Fortunately, this method still works. As discussed at the beginning of this chapter, routers choose the best match for a destination. Given a number of routes (in the router’s forwarding table) that would work, the router chooses the one that is the longest match to the destination address of the packet. If the single network 200.1.200.024, which is in the CIDR block advertisement 200.1.128.017, is owned by somebody else, packets with a destination address of 200.1.200.024 are forwarded to the 200.1.200.0 network, as it is a better (longer) match than 200.1.128.017. 6.3.5 Private Addressing and NAT Private IP addresses are those that cannot be advertised and forwarded by network devices in the public domain. This was originally established to help with address space depletion in the Internet, for if networks that would normally be allocated public address space instead use private address space, those public addresses would remain available. The IETF has defined (in RFC 1918) three blocks of private address space: 10.0.0.0 through 10.255.255.255 (108 prefix) 172.16.0.0 through 172.31.255.255 (172.1612 prefix) 192.168.0.0 through 192.168.255.255 (192.16816 prefix) Routing Mechanisms 269 There is a side benefit of using private addresses. It turns out that because these addresses are not advertised and forwarded in the Internet, they have an additional degree of security. What is needed for private addressing to work, however, is a mechanism to translate addresses from the private address space to the public address space. Network address translation (NAT) is such a mechanism. NAT maps IP addresses between public and private spaces. In translating between public and private address spaces, NAT creates bindings between addresses.