가상화 대역에 대한 표준

AWS 를 운영하다보면 VPC 를 생성하고 가상화 대역을 입력하게된다. 

보통 Default 로 10.0.0.0/16 이렇게 하기도하며, 172.16.0.0/20, 192.168.0.0/24 이렇게 표현을 하기도한다.

위의 10, 172,16 , 192.168 이놈들은 어디서 나온것일까???

우리에게는 RFC1918 이라는 근거가 있다.

https://tools.ietf.org/html/rfc1918

. Private Address Space

   The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

   We will refer to the first block as "24-bit block", the second as
   "20-bit block", and to the third as "16-bit" block. Note that (in
   pre-CIDR notation) the first block is nothing but a single class A
   network number, while the second block is a set of 16 contiguous
   class B network numbers, and third block is a set of 256 contiguous
   class C network numbers.

   An enterprise that decides to use IP addresses out of the address
   space defined in this document can do so without any coordination
   with IANA or an Internet registry. The address space can thus be used
   by many enterprises. Addresses within this private address space will
   only be unique within the enterprise, or the set of enterprises which
   choose to cooperate over this space so they may communicate with each
   other in their own private internet.

   As before, any enterprise that needs globally unique address space is
   required to obtain such addresses from an Internet registry. An
   enterprise that requests IP addresses for its external connectivity
   will never be assigned addresses from the blocks defined above.

   In order to use private address space, an enterprise needs to
   determine which hosts do not need to have network layer connectivity
   outside the enterprise in the foreseeable future and thus could be
   classified as private. Such hosts will use the private address space
   defined above.  Private hosts can communicate with all other hosts
   inside the enterprise, both public and private. However, they cannot
   have IP connectivity to any host outside of the enterprise. While not
   having external (outside of the enterprise) IP connectivity private
   hosts can still have access to external services via mediating
   gateways (e.g., application layer gateways).

   All other hosts will be public and will use globally unique address
   space assigned by an Internet Registry. Public hosts can communicate
   with other hosts inside the enterprise both public and private and
   can have IP connectivity to public hosts outside the enterprise.
   Public hosts do not have connectivity to private hosts of other
   enterprises.

자 위의 내용이 있다. 

그중에서 우리가 주목할것은 위의 3라인이다. 

물론 가상화 대역이기에 우리가 공인 IP대역으로 사용중인 기타 대역을 써도 내부 통신은 가능하다. 하지만 Public 네트워크와 동시에 사용하게되면 얼마나 햇갈리고, 관리상에도 어려움이 있을까?? 라는 고민은 해봐야 한다고 본다. 

왠만하면 가상화 대역은 위의 RFC1918 규약을 지키도록 하자