Understanding Public and Private IP Addresses¶

Private IP Addresses¶

The network standard RFC 1918 defines reserved IPv4 subnets for use only in private networks (Table RFC 1918 Private IP Address Space). RFC 4193 defines Unique Local Addresses (ULA) for IPv6 (Table RFC 4193 Unique Local Address Space). In most environments, a private IP subnet from RFC 1918 is chosen and used on all internal network devices. The devices are then connected to the Internet through a firewall or router implementing Network Address Translation (NAT) software, such as pfSense® software. IPv6 is fully routed from the internal network without NAT by Global Unicast Addresses (GUA). NAT will be explained further in Network Address Translation.

RFC 1918 Private IP Address Space¶
CIDR Range	IP Address Range
10.0.0.0/8	10.0.0.0 - 10.255.255.255
172.16.0.0/12	172.16.0.0 - 172.31.255.255
192.168.0.0/16	192.168.0.0 - 192.168.255.255

RFC 4193 Unique Local Address Space¶
Prefix	IP Address Range
fc00::/7	fc00:: - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

A complete list of special-use IPv4 networks may be found in RFC 3330. There are private IPv4 addresses, such as 1.0.0.0/8 and 2.0.0.0/8, that have since been allocated to the dwindling IPv4 pool. Use of these addresses are problematic and not recommended. Also, avoid using 169.254.0.0/16, which according to RFC 3927 is reserved for “Link-Local” auto configuration . It should not be assigned by DHCP or set manually and routers will not allow packets from that subnet to traverse outside a specific broadcast domain. There is sufficient address space set aside by RFC 1918, so there is no need to deviate from the list shown in Table RFC 1918 Private IP Address Space. Improper addressing will result in network failure and should be corrected.

Public IP Addresses¶

With the exception of the largest networks, public IP addresses are assigned by Internet Service Providers. Networks requiring hundreds or thousands of public IP addresses commonly have address space assigned directly from their Regional Internet Registry (RIR). An RIR is an organization that oversees allocation and registration of public IP addresses in a designated regions of the world.

Most residential Internet connections are assigned a single public IPv4 address. Most business class connections are assigned multiple public IP addresses. A single public IP address is adequate in many circumstances and can be used in conjunction with NAT to connect hundreds of privately addressed systems to the Internet. This documentation will assist in determining the number of public IP addresses required.

Most IPv6 deployments will give the end user at least a /64 prefix network to use as a routed internal network. For each site, this is roughly 2 ⁶⁴ IPv6 addresses, or 18 quintillion addresses, fully routed from the Internet with no need for NAT.

Reserved and Documentation Addresses¶

In addition to blocks defined in RFC 1918, RFC 6890 describes blocks reserved for other special purposes such as documentation, testing, and benchmarking, including address space for Carrier-grade NAT allocated in RFC 6598. These special networks include:

RFC 6890 IPv4 Reserved Address Space¶
CIDR Range	Purpose
192.0.2.0/24	Documentation and example code
198.51.100.0/24	Documentation and example code
203.0.113.0/24	Documentation and example code
198.18.0.0/25	Benchmarking network devices
169.254.0.0/16	Link Local
100.64.0.0/10	Carrier-grade NAT space
192.0.0.0/24	IETF Protocol Assignments
192.0.0.0/29	DS-Lite
192.88.99.0/24	6to4 Relay Anycast
240.0.0.0/4	Reserved