Understanding Public and Private IP Addresses

Private IP Addresses

The network standard RFC 1918 defines reserved IPv4 subnets for use only in private networks (Table RFC 1918 Private IP Address Space). RFC 4193 defines Unique Local Addresses (ULA) for IPv6 (Table RFC 4193 Unique Local Address Space). In most environments, a private IP subnet from RFC 1918 is chosen and used on all internal network devices. The devices are then connected to the Internet through a firewall or router implementing Network Address Translation (NAT) software, such as pfSense. IPv6 is fully routed from the internal network without NAT by Global Unicast Addresses (GUA). NAT will be explained further in Network Address Translation.

RFC 1918 Private IP Address Space
CIDR Range IP Address Range
10.0.0.0/8 10.0.0.0 - 10.255.255.255
172.16.0.0/12 172.16.0.0 - 172.31.255.255
192.168.0.0/16 192.168.0.0 - 192.168.255.255
RFC 4193 Unique Local Address Space
Prefix IP Address Range
fc00::/7 fc00:: - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

A complete list of special-use IPv4 networks may be found in RFC 3330. There are private IPv4 addresses, such as 1.0.0.0/8 and 2.0.0.0/8, that have since been allocated to the dwindling IPv4 pool. Use of these addresses are problematic and not recommended. Also, avoid using 169.254.0.0/16, which according to RFC 3927 is reserved for “Link-Local” auto configuration . It should not be assigned by DHCP or set manually and routers will not allow packets from that subnet to traverse outside a specific broadcast domain. There is sufficient address space set aside by RFC 1918, so there is no need to deviate from the list shown in Table RFC 1918 Private IP Address Space. Improper addressing will result in network failure and should be corrected.

Public IP Addresses

With the exception of the largest networks, public IP addresses are assigned by Internet Service Providers. Networks requiring hundreds or thousands of public IP addresses commonly have address space assigned directly from their Regional Internet Registry (RIR). An RIR is an organization that oversees allocation and registration of public IP addresses in a designated regions of the world.

Most residential Internet connections are assigned a single public IPv4 address. Most business class connections are assigned multiple public IP addresses. A single public IP address is adequate in many circumstances and can be used in conjunction with NAT to connect hundreds of privately addressed systems to the Internet. This book will assist in determining the number of public IP addresses required.

Most IPv6 deployments will give the end user at least a /64 prefix network to use as a routed internal network. For each site, this is roughly 2 64 IPv6 addresses, or 18 quintillion addresses, fully routed from the Internet with no need for NAT.

Reserved and Documentation Addresses

In addition to blocks defined in RFC 1918, RFC 5735 describes blocks reserved for other special purposes such as documentation, testing, and benchmarking. RFC 6598 updates RFC 5735 and defines address space for Carrier-grade NAT as well. These special networks include:

RFC 5735 Reserved Address Space
CIDR Range Purpose
192.0.2.0/24 Documentation and example code
198.51.100.0/24 Documentation and example code
203.0.113.0/24 Documentation and example code
198.18.0.0/25 Benchmarking network devices
100.64.0.0/10 Carrier-grade NAT space

Throughout the book, we use examples with addresses from the above documentation ranges as well as RFC 1918 networks since they are more familiar to users.

Some find these addresses tempting to use for VPNs or even local networks. We cannot recommend using them for anything other than their intended purposes, but they are much less likely to be seen “in the wild” than RFC 1918 networks.