# Public vs Private IP Addresses ## Public IP Addresses A public IP address is an IP address that is globally unique and routable on the public internet. Every device that communicates directly on the internet must have a public IP address. These addresses are managed by the Internet Assigned Numbers Authority and regional internet registries, which allocate blocks of addresses to internet service providers. Service providers in turn assign individual public IP addresses to their customers. Because public IPv4 addresses are a limited and exhausted resource, they are assigned carefully. Public IP addresses allow servers, websites, and other internet-accessible services to be reached from anywhere on the internet. ## Private IP Addresses Private IP addresses are ranges of IPv4 addresses that are reserved for use within private networks and are not routable on the public internet. Any organization can use private IP addresses for their internal devices without registering them with any authority. Routers on the public internet are configured to drop packets destined for private IP address ranges. The three private address ranges defined in RFC 1918 are 10.0.0.0 to 10.255.255.255, which provides over 16 million addresses; 172.16.0.0 to 172.31.255.255, which provides over 1 million addresses; and 192.168.0.0 to 192.168.255.255, which provides 65,536 addresses. Home networks typically use addresses in the 192.168.0.0 range. Large enterprises often use the 10.0.0.0 range. ## Why Private Addresses Exist Private IP addresses were introduced for two main reasons. First, they conserve the limited supply of public IPv4 addresses. Instead of assigning a public IP address to every device in an organization, only the organization's border router needs a public IP address. All internal devices use private addresses. Second, private addresses provide a basic level of security by isolating internal devices from direct access from the internet. Devices with only a private IP address cannot receive unsolicited connections from the internet because their addresses are not reachable from outside. ## Network Address Translation Because private IP addresses are not routable on the internet, a mechanism is needed to allow devices with private addresses to communicate with the internet. This mechanism is Network Address Translation or NAT. The router that connects the private network to the internet replaces the private source IP address in outgoing packets with its own public IP address. When response packets arrive from the internet, the router uses its NAT table to translate the destination public IP address back to the correct private IP address and forwards the packet to the appropriate internal device. This allows many devices with private addresses to share a single public IP address. ## Determining if an Address is Public or Private To determine if an IPv4 address is private, check whether it falls within any of the three private ranges. If it begins with 10, it is private. If the first octet is 172 and the second octet is between 16 and 31, it is private. If the first two octets are 192.168, it is private. All other unicast addresses are public.