Private IP Address

In Internet networking, a private network is a computer network that uses a private address space of IP addresses. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Both the IPv4 and the IPv6 specifications define private IP address ranges.

Private network addresses are not allocated to any specific organization. Anyone may use these addresses without approval from regional or local Internet registries. Private IP address spaces were originally defined to assist in delaying IPv4 address exhaustion. IP packets originating from or addressed to a private IP address cannot be routed through the public Internet.

Private IPv4 addresses

The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks:

In practice, it is common to subdivide these ranges into smaller subnets.

Dedicated space for carrier-grade NAT deployment

In April 2012, IANA allocated the block ''100.64.0.0/10'' (100.64.0.0 to 100.127.255.255, netmask 255.192.0.0) for use in carrier-grade NAT scenarios.

This address block should not be used on private networks or on the public Internet. The size of the address block (2²², approximately 4 million addresses) was selected to be large enough to uniquely number all customer access devices for all of a single operator's points of presence in a large metropolitan area such as Tokyo.

Private IPv6 addresses

The concept of private networks has been extended in the next generation of the Internet Protocol, IPv6, and special address blocks are reserved.

The address block is reserved by IANA for Unique Local Addresses (ULA). They are unicast addresses, but contain a 40-bit random number in the routing prefix to prevent collisions when two private networks are interconnected. Despite being inherently ''local'' in usage, the IPv6 address scope of unique local addresses is global.

The first block defined is , designed for /48 routing blocks, in which users can create multiple subnets, as needed.

Examples:

A former standard proposed the use of ''site-local'' addresses in the block, but because of scalability concerns and poor definition of what constitutes a ''site'', its use has been deprecated since September 2004.

Link-local addresses

Another type of private networking uses the link-local address range. The validity of link-local addresses is limited to a single link; e.g. to all computers connected to a switch, or to one wireless network. Hosts on different sides of a network bridge are also on the same link, whereas hosts on different sides of a network router are on different links.

IPv4

In IPv4, link-local addresses are codified in RFC 6890 and RFC 3927. Their utility is in zero-configuration networking when Dynamic Host Configuration Protocol (DHCP) services are not available and manual configuration by a network administrator is not desirable. The block was allocated for this purpose. If a host on an IEEE 802 (Ethernet) network cannot obtain a network address via DHCP, an address from to may be assigned pseudorandomly. The standard prescribes that address collisions must be handled gracefully.

IPv6

In IPv6, the block is reserved for IP address autoconfiguration. Updated by RFC 5952, RFC 6052, RFC 7136, RFC 7346, RFC 7371, RFC 8064.
The implementation of these link-local addresses is mandatory, as various functions of the IPv6 protocol depend on them. Updated by RFC 7527.

Loopback interface

A special case of private link-local addresses is the loopback interface. These addresses are private and link-local by definition, since packets never leave the host device.

IPv4 reserves the entire class A address block for use as private loopback addresses. IPv6 reserves the single address .

Common uses

Private addresses are commonly used in residential IPv4 networks. Most Internet service providers (ISPs) allocate only a single publicly routable IPv4 address to each residential customer, but many homes have more than one computer, smartphone, or other Internet-connected device. In this situation, a network address translator (NAT/PAT) gateway is usually used to provide Internet connectivity to multiple hosts.

Private addresses are also commonly used in corporate networks which, for security reasons, are not connected directly to the Internet. Often a proxy, SOCKS gateway, or similar devices are used to provide restricted Internet access to network-internal users. 24-bit block private addresses are also commonly used in the North Korean Kwangmyong network.

In both cases, private addresses are often seen as enhancing network security for the internal network, since use of private addresses internally makes it difficult for an Internet (external) host to initiate a connection to an internal system.

Misrouting

It is common for packets originating in private address spaces to be misrouted onto the Internet. Private networks often do not properly configure DNS services for addresses used internally and attempt reverse DNS lookups for these addresses, causing extra traffic to the Internet root nameservers. The AS112 project attempted to mitigate this load by providing special ''blackhole'' anycast nameservers for private address ranges which only return negative result codes (''not found'') for these queries.

Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by misconfiguration, or from malicious traffic using a spoofed source address. Less commonly, ISP edge routers drop such egress traffic from customers,