Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

What’s a Private IP Address?

Private IP addresses are defined in RFC 1918 (a very readable RFC, for my money, and quite short to boot).

The RFC defines three ranges: ->  ( – an A class network in oldspeak) -> ( ->  ( – a B class network)

There’s another common group of IP addresses that could be considered private, and they’re used by IP autoconfiguration – the 169.254 series of “Link Local” addresses (RFC 3330 mentions them – essentially, what you end up with when a DHCP client cannot find a DHCP server, on Windows OSs since Win98).

So what makes an IP address private? Most importantly, that the Internet won’t route those IP addresses.

That doesn’t mean that you can’t route them within your own environment; you’re quite welcome to configure routers to do whatever you’d like them to do internally.

But by RFC-driven convention, if an IP packet with a source or destination address from one of the above ranges actually ends up on the Internet trying to traverse Internet routers, odds are good that the packet will either get discarded or lost:

  • discarded – because that’s what Internet routers are meant to do
  • lost – because the router might have its own personal idea of where those ranges live – and chances are, it’s not your network!

On the Internet, every routable IP address needs to be unique, and it also needs to belong somewhere.

Private IP address ranges belong to nobody (or if you’re a crazy liberal type, perhaps “everybody”), so the routing tables on the backbone and ISP routers that work to push all the other real IP addresses around the Net don’t know where to push private addresses. It’s possible that every single network on the Internet also uses private addresses internally! So, they get upset and ignore them.

This is where NAT comes in to the equation for most people, but that’s another topic for another day. The real short version: NAT hacks all the packets from internal clients so that they appear to originate on the “public” network, using a “real” IP address that is routable, and maintains the mapping between internal and external clients.