Most IP addresses are public, in the sense that they can appear on the public Internet. However, a few IP addresses have been designated as private IP addresses. One private IP address range is 172.16.0.0 to 172.31.255.255. Private IP addresses can only appear within a firm. In Figure 6-21, internal hosts have private IP addresses except for those in the DMZ, which use public IP addresses. Explain this discrepancy if you can.
The discrepancy you are referring to is the use of private and public IP addresses within a network architecture. This difference arises due to the need for security and network organization.
In network design, a Demilitarized Zone (DMZ) is a separate network segment that is used to provide an additional layer of security. It acts as a buffer zone between the untrusted, external network (typically the Internet) and the trusted, internal network.
The DMZ segment is typically where servers that need to be accessible from the Internet are placed, such as web servers or email servers. These servers require public IP addresses so that they can be accessed from outside the network.
On the other hand, the internal network, where internal hosts reside, is considered a private space that is isolated from the Internet. Private IP addresses are used within this network, and they are not routable on the public Internet. These addresses are designated for use within private networks and are not unique globally.
The use of private IP addresses within the internal network provides several benefits. It allows for better organization and management of IP address space within the organization. It also helps to ensure security, as internal hosts are shielded from direct exposure to the Internet.
To summarize, the discrepancy between private and public IP addresses within the network architecture is intentional and serves the purpose of separating publicly accessible servers in the DMZ from the private internal network.