Loading learning content...
When the architects of the Internet first designed IPv4 in 1981, they allocated approximately 4.3 billion unique addresses—a number that seemed impossibly vast at the time. Personal computers were rare luxuries, and the notion that billions of devices would one day require network connectivity was beyond imagination. By the early 1990s, however, the explosive growth of corporate networks and the nascent commercial Internet made it alarmingly clear that this address space would be exhausted far sooner than anyone had anticipated.
Private address ranges emerged as a critical solution to this impending crisis. Rather than requiring every networked device on Earth to possess a globally unique IP address, network architects realized that devices within private networks—those that didn't need direct, bidirectional Internet connectivity—could safely reuse the same address blocks across millions of independent organizations. This insight fundamentally changed how networks are designed and deployed.
By the end of this page, you will possess comprehensive knowledge of the three RFC 1918 private address ranges, understand why each range was chosen with its specific size, recognize the technical constraints governing private address usage, and be able to design efficient private addressing schemes for organizations of any scale.
In February 1996, the Internet Engineering Task Force (IETF) published RFC 1918, titled "Address Allocation for Private Internets". This document formalized the concept of private address space and defined three specific blocks of IPv4 addresses that would be reserved exclusively for internal network use. These addresses would never be routed on the public Internet, creating a clear boundary between internal and external network spaces.
The authors of RFC 1918—Yakov Rekhter, Robert Moskowitz, Daniel Karrenberg, Geert Jan de Groot, and Eliot Lear—understood that their specification would influence network design for decades. Their choices balanced several competing concerns:
RFC 1918 wasn't the first attempt to address IP exhaustion. Earlier proposals included aggressive reclamation of unused address space from early allocations (like the /8 blocks assigned to organizations in the 1980s) and various forms of address sharing. However, RFC 1918's approach proved most practical because it required no changes to existing Internet infrastructure—only discipline from network administrators.
The RFC established a fundamental principle that continues to guide network design today:
Hosts within enterprises that use [private] IP addresses... can communicate with all other hosts inside the enterprise, but not with hosts outside the enterprise.
This seemingly simple statement encapsulates the entire philosophy of private addressing: create isolated address domains that can function independently, connecting to the broader Internet only through carefully controlled translation mechanisms.
RFC 1918 defines three distinct private address ranges, each carved from one of the original classful address classes. This design was intentional—it provided administrators with options suitable for organizations of different scales while maintaining compatibility with existing network equipment that still operated in classful terms.
| Address Block | CIDR Notation | Address Range | Number of Addresses | Original Class |
|---|---|---|---|---|
| 10.0.0.0/8 | 10.0.0.0 – 10.255.255.255 | 10.x.x.x | 16,777,216 | Class A |
| 172.16.0.0/12 | 172.16.0.0 – 172.31.255.255 | 172.16.x.x – 172.31.x.x | 1,048,576 | Class B |
| 192.168.0.0/16 | 192.168.0.0 – 192.168.255.255 | 192.168.x.x | 65,536 | Class C |
Understanding the size hierarchy:
The three blocks form a geometric progression of sizes, each roughly 16 times smaller than the previous. This wasn't accidental—it reflects the anticipated needs of different organization types:
This tiered approach has proven remarkably prescient. Forty years later, these ranges continue to serve their intended purposes across billions of networks worldwide.
Think of the three ranges as T-shirt sizes: 10.x.x.x is 'extra-large' (enterprise-scale), 172.16-31.x.x is 'medium' (corporate-scale), and 192.168.x.x is 'small' (home/SMB-scale). While any organization can use any range, choosing appropriately simplifies network design and documentation.
The 10.0.0.0/8 private address block is carved from the Class A address space, providing a single contiguous region containing over 16 million usable addresses. This makes it the largest private address block and the preferred choice for major enterprises, cloud providers, and organizations with complex hierarchical network architectures.
Technical specification:
Network: 10.0.0.0
Broadcast: 10.255.255.255
Subnet Mask: 255.0.0.0 (/8)
Host Range: 10.0.0.1 – 10.255.255.254
Total Hosts: 16,777,214 (2²⁴ - 2)
Why 10.x.x.x specifically?
The choice of the 10.0.0.0/8 block reflects both pragmatic and historical factors. In the early Internet, certain Class A blocks were assigned to organizations that used them only partially—or not at all. The 10.0.0.0/8 block was among those reclaimed and repurposed for private use. Its position at the beginning of the address space also made it memorable and easy to recognize at a glance.
Hierarchical allocation example:
Consider a multinational corporation with presence in North America, Europe, and Asia-Pacific. A well-structured 10.x.x.x allocation might look like:
| Region | Allocation | Available Addresses |
|---|---|---|
| North America | 10.0.0.0/10 | 4,194,304 |
| Europe | 10.64.0.0/10 | 4,194,304 |
| Asia-Pacific | 10.128.0.0/10 | 4,194,304 |
| Global Services | 10.192.0.0/10 | 4,194,304 |
Within each regional allocation, further subdivision creates country-level, office-level, and department-level subnets. This hierarchical structure enables efficient routing—traffic destined for European offices never pollutes North American routing tables.
While 10.x.x.x provides abundant addresses, poor planning can still create problems. Organizations that allocate /24s liberally often find themselves unable to summarize routes efficiently, leading to bloated routing tables and management overhead. Always plan for growth using hierarchical CIDR allocation from the start.
The 172.16.0.0/12 private address block occupies a portion of the Class B address space, spanning from 172.16.0.0 through 172.31.255.255. With approximately one million addresses, it sits between the massive 10.x.x.x block and the more modest 192.168.x.x range, making it ideal for mid-to-large organizations that need significant addressing capacity without the full scale of the Class A block.
Technical specification:
Network: 172.16.0.0
Broadcast: 172.31.255.255
Subnet Mask: 255.240.0.0 (/12)
Host Range: 172.16.0.1 – 172.31.255.254
Total Hosts: 1,048,574 (2²⁰ - 2)
The unusual boundary:
Notice that this block doesn't encompass all of 172.x.x.x—only the range from 172.16 through 172.31. This is a common source of confusion for network administrators. Addresses like 172.1.x.x, 172.15.x.x, or 172.32.x.x are NOT private addresses; they are publicly routable IP addresses assigned to various organizations worldwide.
The /12 prefix means the first 12 bits are fixed (172.16 in binary is 10101100.0001xxxx), leaving 20 bits for host addressing. This explains both the 172.16-31 range and the ~1 million address capacity.
A surprisingly common error is assuming all 172.x.x.x addresses are private. Using 172.0.0.0 – 172.15.255.255 or 172.32.0.0 – 172.255.255.255 in internal networks WILL cause connectivity problems when those addresses need to reach their legitimate public owners. Always verify addresses fall within 172.16-31 before using them privately.
Binary breakdown for the /12 boundary:
172.16.0.0 in binary: 10101100.00010000.00000000.00000000
172.31.255.255: 10101100.00011111.11111111.11111111
172.32.0.0: 10101100.00100000.00000000.00000000 (NOT private!)
Fixed bits (12): 10101100.0001
Variable bits (20): xxxx.xxxxxxxx.xxxxxxxx
Understanding this binary structure helps network administrators avoid the common 172.x.x.x confusion and plan subnets accurately within the legitimate private range.
The 192.168.0.0/16 private address block is arguably the most recognized IP range in the world. It appears as the default configuration on virtually every home router, small office network device, and consumer IoT equipment manufactured in the last three decades. With 65,534 usable addresses, it's the smallest of the three private blocks but more than sufficient for small-to-medium deployments.
Technical specification:
Network: 192.168.0.0
Broadcast: 192.168.255.255
Subnet Mask: 255.255.0.0 (/16)
Host Range: 192.168.0.1 – 192.168.255.254
Total Hosts: 65,534 (2¹⁶ - 2)
Ubiquitous default configurations:
Most consumer equipment ships with predictable 192.168.x.x defaults:
| Device Type | Common Default Gateway | Common Subnet |
|---|---|---|
| Home routers | 192.168.0.1 or 192.168.1.1 | 192.168.0.0/24 or 192.168.1.0/24 |
| Access points | 192.168.0.254 | 192.168.0.0/24 |
| NAS devices | DHCP or 192.168.1.100 | Per network |
| Smart home hubs | 192.168.0.x | Per network |
| Printers | DHCP or 192.168.1.x | Per network |
Some administrators change their internal addressing from 192.168.x.x to less common ranges, believing it provides security benefits. This 'security through obscurity' offers minimal protection—any attacker with network access will quickly discover actual addressing through ARP scans or DHCP observation. Focus on proper network segmentation and access controls instead.
The 256-subnet structure:
The 192.168.0.0/16 block naturally divides into 256 Class C-sized subnets:
| Subnet | Network Address | Broadcast | Usable Hosts |
|---|---|---|---|
| 1 | 192.168.0.0/24 | 192.168.0.255 | 254 |
| 2 | 192.168.1.0/24 | 192.168.1.255 | 254 |
| 3 | 192.168.2.0/24 | 192.168.2.255 | 254 |
| ... | ... | ... | ... |
| 256 | 192.168.255.0/24 | 192.168.255.255 | 254 |
This structure makes 192.168.x.x ideal for organizations needing simple, isolated networks—each department or location can occupy its own /24 with no overlap.
Private addresses operate under specific technical constraints that every network administrator must understand. These constraints exist to maintain the integrity of both private networks and the public Internet.
When establishing site-to-site VPNs or cloud connectivity, overlapping private address ranges create serious problems. If your on-premises network uses 10.0.0.0/8 and your AWS VPC also uses 10.0.0.0/8, routing becomes ambiguous and broken. Always document private address usage and plan for future connectivity requirements.
Practical implications table:
| Scenario | Private Address Behavior | Required Solution |
|---|---|---|
| Web browsing | Cannot route directly | Source NAT to public IP |
| Hosting web server | Cannot receive Internet traffic | Port forwarding or public IP |
| VPN to partner | May conflict with partner's range | Address translation or re-IP |
| Cloud migration | May conflict with cloud defaults | CIDR planning before migration |
| Email sending | Blocked by anti-spam systems | SMTP relay through public IP |
While RFC 1918 defines the three primary private address ranges, several additional address blocks serve special purposes and are also non-routable on the public Internet. Understanding these prevents addressing conflicts and confusion.
| Address Block | Purpose | Defined In | Common Use |
|---|---|---|---|
| 127.0.0.0/8 | Loopback | RFC 1122 | Local testing, inter-process communication |
| 169.254.0.0/16 | Link-Local | RFC 3927 | Automatic configuration when DHCP fails |
| 100.64.0.0/10 | Carrier-Grade NAT | RFC 6598 | ISP internal NAT addressing |
| 192.0.0.0/24 | IETF Protocol Assignments | RFC 6890 | Special protocol testing |
| 192.0.2.0/24 | Documentation (TEST-NET-1) | RFC 5737 | Examples in documentation |
| 198.51.100.0/24 | Documentation (TEST-NET-2) | RFC 5737 | Examples in documentation |
| 203.0.113.0/24 | Documentation (TEST-NET-3) | RFC 5737 | Examples in documentation |
| 240.0.0.0/4 | Reserved/Future Use | RFC 1112 | Historically reserved, now experimental |
The 100.64.0.0/10 block (RFC 6598) deserves special attention. As IPv4 exhaustion intensified, ISPs began deploying large-scale NAT—translating multiple customers' private addresses through a shared pool of public IPs. The 100.64.x.x range provides addressing space for these intermediate networks, sitting between customer equipment and ISP public infrastructure.
Link-Local addresses (169.254.x.x):
When a device is configured for DHCP but cannot reach a DHCP server, modern operating systems assign a link-local address from the 169.254.0.0/16 range using a process called Automatic Private IP Addressing (APIPA) on Windows or zeroconf on Unix systems.
The device:
Link-local addresses enable basic local communication (file sharing, printing) even when infrastructure fails, but they cannot communicate outside the local network segment.
Effective private address design requires balancing current needs against future growth, merger scenarios, and cloud integration requirements. The following principles guide enterprise-grade implementations.
When designing private addressing today, assume future cloud connectivity. AWS, Azure, and GCP all default to 10.x.x.x VPCs. If your on-premises network also uses 10.0.0.0/16, you'll face conflicts when establishing hybrid connectivity. Consider using non-overlapping ranges like 10.100.0.0/16 or 172.16.0.0/12 to ensure compatibility.
Example enterprise allocation:
Enterprise: Acme Corporation
Primary Range: 10.0.0.0/8
10.0.0.0/10 → North America
10.0.0.0/12 → United States
10.0.0.0/16 → East Region
10.1.0.0/16 → West Region
10.16.0.0/12 → Canada
10.16.0.0/16 → Eastern Canada
10.17.0.0/16 → Western Canada
10.64.0.0/10 → Europe
10.64.0.0/12 → Western Europe
10.80.0.0/12 → Eastern Europe
10.128.0.0/10 → Asia-Pacific
10.192.0.0/10 → Reserved for Cloud/Future
This structure enables route summarization at each hierarchical level while providing clear organizational visibility.
Private address ranges form the foundation of internal network addressing, enabling billions of devices to communicate within organizations without consuming scarce public IPv4 addresses. Let's consolidate the essential knowledge:
What's next:
With a thorough understanding of private address ranges, we now turn to their counterpart: public IP addresses. The next page examines how public addresses are allocated, managed, and distributed across the global Internet infrastructure—essential knowledge for understanding how private and public addressing work together.
You now possess comprehensive knowledge of RFC 1918 private address ranges, their technical specifications, and best practices for their deployment. This foundation is essential for understanding NAT, network design, and the transition to IPv6 covered in subsequent pages.