Private IP Ranges & RFC 1918
A complete reference to private IP address ranges, their intended uses, and how they interact with NAT, routing, and network design.
The Three Private Ranges
RFC 1918 defines three IPv4 address blocks reserved for private networks. These addresses are not routable on the public internet.
| Range | CIDR | Addresses | Typical Use |
|---|---|---|---|
| 10.0.0.0 — 10.255.255.255 | 10.0.0.0/8 | 16,777,216 | Enterprise, cloud VPCs |
| 172.16.0.0 — 172.31.255.255 | 172.16.0.0/12 | 1,048,576 | Medium organizations |
| 192.168.0.0 — 192.168.255.255 | 192.168.0.0/16 | 65,536 | Home networks, small offices |
Other Special-Use Ranges
Beyond RFC 1918, several other ranges have special purposes:
| Range | Purpose | RFC |
|---|---|---|
| 127.0.0.0/8 | Loopback (localhost) | RFC 1122 |
| 169.254.0.0/16 | Link-local (APIPA) | RFC 3927 |
| 100.64.0.0/10 | Carrier-grade NAT (CGNAT) | RFC 6598 |
| 192.0.2.0/24 | Documentation examples (TEST-NET-1) | RFC 5737 |
| 198.51.100.0/24 | Documentation examples (TEST-NET-2) | RFC 5737 |
| 203.0.113.0/24 | Documentation examples (TEST-NET-3) | RFC 5737 |
How Private IPs Work with NAT
Devices with private addresses cannot communicate directly with the internet. NAT (Network Address Translation) on your router translates private addresses to a shared public IP:
Private: 192.168.1.100:54321
→ NAT translates to →
Public: 203.0.113.5:60123
→ Internet
This is why your home devices all share one public IP when viewed from outside.
Choosing a Private Range
Home network: Use 192.168.x.0/24. Simple, familiar, and more than enough for most homes.
Small office: Use 10.x.x.0/24 subnets. The /8 block gives you room to grow without renumbering.
Enterprise / VPN: Use 10.x.x.x with careful subnet planning. Avoid 192.168.0.0/24 and 192.168.1.0/24 — these conflict with almost every home router, causing VPN routing issues.
Docker / Kubernetes: Typically use 172.17.0.0/16 (Docker default) or 10.x.x.x for pod networks. Verify no overlap with your corporate VPN ranges.
Common Mistakes
- Overlapping VPN ranges — If your home and office both use 192.168.1.0/24, VPN routing will break.
- Using too large a subnet — A /8 on a flat network creates broadcast storms. Subnet appropriately.
- Forgetting CGNAT — If your WAN IP starts with 100.64-100.127, you are behind CGNAT, not on a private LAN.