In IPv4 networking, routable (public) IP addresses are globally unique and can be routed across the internet, while non-routable (private) addresses defined in RFC 1918 are reserved for internal networks:
// Common private IP ranges in CIDR notation
PRIVATE_RANGES = [
"10.0.0.0/8", // 16,777,216 addresses
"172.16.0.0/12", // 1,048,576 addresses
"192.168.0.0/16" // 65,536 addresses
]
Private IPs are ideal for:
- Local area networks (LANs)
- Virtual private clouds (VPCs)
- Development/testing environments
Example Python code to check if an IP is private:
import ipaddress
def is_private(ip):
try:
return ipaddress.ip_address(ip).is_private
except ValueError:
return False
print(is_private("192.168.1.1")) # True
print(is_private("8.8.8.8")) # False
Routable addresses are required for:
- Internet-facing servers
- VPN endpoints
- Direct peer-to-peer communication
Here's how to validate public IPs in Node.js:
const net = require('net');
const ipaddr = require('ipaddr.js');
function isPublicIP(ip) {
if (!net.isIP(ip)) return false;
const addr = ipaddr.parse(ip);
return !addr.range().match(['private', 'loopback']);
}
console.log(isPublicIP("172.16.0.1")); // false
console.log(isPublicIP("142.250.190.46")); // true (Google)
Network Address Translation (NAT) enables private networks to access the internet using a single public IP. This Python example shows basic NAT concepts:
# Simplified NAT table simulation
nat_table = {}
def add_nat_mapping(internal_ip, external_ip, port):
nat_table[(internal_ip, port)] = external_ip
def translate_packet(src_ip, src_port):
return nat_table.get((src_ip, src_port), src_ip)
Be aware of these edge cases:
- Carrier-grade NAT (CGNAT) uses 100.64.0.0/10
- APIPA addresses (169.254.0.0/16) for link-local
- The deprecated Class E space (240.0.0.0/4)
Example C++ code to detect special ranges:
#include <iostream>
#include <string>
#include <regex>
bool isSpecialRange(const std::string& ip) {
std::regex cgnat("^100\\.(6[4-9]|[7-9]\\d|1[0-1]\\d|12[0-7])\\.");
std::regex apipa("^169\\.254\\.");
return std::regex_search(ip, cgnat) ||
std::regex_search(ip, apipa);
}
Routable IP addresses (public IPs) are globally unique addresses assigned by IANA and routed across the internet. Non-routable addresses (private IPs) defined in RFC 1918 are reserved for internal networks and cannot be routed on the public internet.
Public IPs are mandatory for:
- Internet-facing servers (web, mail, DNS)
- Direct peer-to-peer communication
- Services requiring global accessibility
# Example of a public IP configuration for a web server
server {
listen 203.0.113.45:80;
server_name example.com;
...
}
Non-routable addresses excel in:
- Internal network infrastructure
- NAT environments
- Development/testing environments
# Typical home router NAT configuration
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1
ip address 203.0.113.45 255.255.255.240
ip nat outside
The 169.254.0.0/16 range (APIPA) provides automatic configuration when DHCP fails:
# Python example checking for link-local address
import socket
def is_link_local(ip):
octets = list(map(int, ip.split('.')))
return octets[0] == 169 and octets[1] == 254
Always validate IP ranges in your code:
// Java method to check if IP is in private range
public boolean isPrivateIP(String ip) {
return ip.startsWith("10.") ||
ip.startsWith("192.168.") ||
ip.matches("^172\\.(1[6-9]|2[0-9]|3[0-1])\\..*");
}
Modern cloud platforms often use RFC 1918 space with overlay networking:
# AWS VPC CIDR block declaration (CloudFormation)
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
Never expose private IP ranges to the internet. Always use:
- Proper NAT configuration
- Security groups/firewalls
- VPN for remote access
# Iptables rule to drop private IP sources from WAN
iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP