Oh, the joys of networking… A topic that very few people like and/or fully understand. So thought it was about time we covered some of these topics to help clarify common misunderstandings and to help people easily understand networking in general. For simplicity, I’m going to stick with IPv4 IP addresses for now and completely ignore IPv6 IP addresses. I’m also going to completely ignore the concept of CIDR blocks and address ranges within this blog posts to just purely focus on the core concepts.
What are Public and Private IP Addresses
Simply put, there is nothing really different, they are just an IP address, right? Well, kind of yes and no. It all comes down to routing, i.e. how your request from A ultimately reaches B. In simple terms, anything starting with any of the following numbers are classified as ‘Private’ IP addresses;
- 10.0.0.0/8 (10.x.x.x)
- 172.16.0.0/12 (172.16.x.x)
- 192.168.0.0/16 (192.168.x.x)
So thinking through the routing concept again of how you get from A to B. This depends on where A and B ultimately live. Remember, every IP address ultimately routes through to a physical server (i.e. computer) which lives somewhere in the real world – whether that is in your back bedroom or in an Amazon data centre somewhere in the world.
How does Routing Work for Private Address Ranges
So now we understand that an IP address starting with, 10., 172. Or 192. Is classified as a private address – what does this actually mean? As mentioned, ultimately an IP address routes through to a physical piece of computer equipment, so why do we care if an IP address is a public IP address (i.e. not starting with these numbers) or a private IP address? Well, it all comes down to routing, i.e. how the message gets from A to B.
For the purpose of this example, let’s keep things super simple. In the scenario whereby you have a personal home laptop or computer. You likely have a home router+modem that has been provided to you from your internet service provider (ISP), the people who provide the internet connection to your home.
To visualise this, if you open the web browser on your home computer and type the following into the address bar of your favourite browser (Chrome, right?), 220.127.116.11 – you’ll likely be presented with the administrator console for your router+modem that has been provided from your ISP. This allows you to login (likely with a super-secure username/password of admin/admin…) so you can then see all of the devices that are connected to your local network, aka. private network. You’ll likely see your laptops, computers, tablets, mobile phones, smart TVs and IoT devices all connected to your local network either via wired or wireless connections. Cool right?
Ok, so back to the point about routing and private VS public IP addresses.
Simply put, whenever a device that is on your local network attempts to connect to another device, your router decides where to … route … the connection to. For example, if you are on your local network and you are trying to access another device on the local network, the route that the connection from A to B (which often has many steps involved, not just the one) never actually leaves your premises to go the internet for help. Whereas if you were accessing a public IP address (aka. an IP address starting with anything other than the three mentioned) then your request would go out into the internet to find the physical computer hardware that is at this address.
The reality is for public IP addresses is that these are often a single IP address that can have thousands of virtual and/or physical machines sitting behind them, which is where NAT comes in – but we’ll ignore that for the purpose of simplicity. We’ll cover that another time. For the purpose of this blog post, we’ll assume that we’re just accessing different systems based purely on IP addresses and not friendly names such as server-x.contradodigital.com.
What About Modern Routing?
The reality is that with most modern routing this isn’t based on IP address alone, it’s often based on a combination of IP Address and Hostname (aka. the name you type into the browser). What this means is that whenever you type in a hostname into the browser, this ultimately resolves to an IP address that knows how to handle your request and ultimately get you to the destination physical/virtual computer that can serve you the information you need. Thankfully, you never need to worry about that as a user. But from a configuration perspective this is hugely important as if you are designing this setup, you need to be able to configure how to handle incoming requests. That is outside of the scope of this blog post though as this gets into the world of NAT, proxies and reverse-proxies.
Size of Private Networks
Things are a little more nuanced by the three core private IP ranges as they each support a different number of devices connected to that network. Remember, these rules were designed before IPv6 when there were much harder limits placed on networks.
- 10.0.0.0 – 10.255.255.255 supports a total of 16,777,216 addresses and is classed as a single class A network.
- 172.16.0.0 – 172.31.255.255 supports a total of 1,048,576 addresses and is classed as a 16 contiguous class Bs network.
- 192.168.0.0 – 192.168.255.255 supports a total of 65,536 addresses and is classed as a 256 contiguous class Cs.
In simple terms;
- Use 192 IP ranges whenever you have a small number of devices connected, i.e. a home environment
- Use 172 IP ranges whenever you have a medium number of devices connected, i.e. a small business and/or cloud environment that is regionalised. Notice how AWS uses the 172 ranges in EC2 instance hostnames
- Use 10 IP ranges whenever you want maximum control for how the maximum number of devices such as on private networks.
This helps you to determine which of the IP address ranges you are best to use. There are also considerations around network sizes and subnets but again, we’ll cover this in other blog posts.