IP addresses identify devices on a network, allowing them to communicate, manage traffic, and ensure each device has a unique address. Based on their accessibility and routing scope, they are classified into two types: Public and Private IPs. But why do we have this classification?
In this post, we’ll understand the differences between public and private IPs, and more importantly we’ll understand what problems we’re trying to solve with this classification
IPv4 provides 2^32 ≈ 4.3 billion addresses. Even though this number might seem very large, the reality is that, 32 bits are not enough to provide a unique IP to every computer, phone, VM, container, IoT device. By the mid-90s it became clear that the IPv4 address exhaustion was inevitable and that IPv4, with its original design was not scalable.
These addresses are assigned by the network router, the network administrator or a DHCP server in your network to your particular host or service.
In this post, we’ll understand the differences between public and private IPs, and more importantly we’ll understand what problems we’re trying to solve with this classification
Why?
This classification solves two different problems:- IPs exhaustion
- Security
IPs exhaustion
The Internet was originally designed with a simple assumption: Every host would have a globally unique IP addressand could communicate directly with any other host. This worked in the early days because the Internet was small and IPv4 (32-bit) addressing seemed “large enough”.IPv4 provides 2^32 ≈ 4.3 billion addresses. Even though this number might seem very large, the reality is that, 32 bits are not enough to provide a unique IP to every computer, phone, VM, container, IoT device. By the mid-90s it became clear that the IPv4 address exhaustion was inevitable and that IPv4, with its original design was not scalable.
Security
As we mentioned before, in a network communication, as in any other type of communication, we need a way to uniquely identify sender and receiver. Within a network that unique name is the IP. However, if we only used one type of IPs then every device globally would have a unique IP. That, apart from the IP exhaustion we just explained, would come with also with security considerations because:- Every network and device would be routable and reachable from the internet
- A routable IP means it can be discoverable, scannable and attackable
How this classification solves these problems?
Now, once we know why having only one type of IP is not a good idea, let’s dive deeper and understand what this classification is about - what a private and a public IP are, what their differences are and how they solve these two problems.Public IPs
Public IPs are globally unique and therefore routable. When we provide a public IP to a host or service, only that IP or service will have that IP anywhere in the whole internet, that makes it discoverable and hence routable.Public IPs are assigned by an ISP (Internet Services Provider) or Cloud Provider and follow strict rules set by Regional Internet Registries (RIRs) like ARIN and RIPE NCC. Every ISP or cloud provider has a limited number of public IPs that only them can manage and assigned to their hosts (customers) in their network. This is how no two devices on the internet can have the same public IP at the same time.
For that reason, public IPs have limited availability and usually takes extra cost from the ISPs or cloud providers.
Public IP Addresses can be traced back to the Internet Service Provider that can easily trace the geographical location. This might reveal the location very easily to advertisers, hackers, etc. This accessibility also comes with risks like unauthorized access and DDoS attacks
Private IPs
Private IP addresses are reserved ranges defined by RFC 1918 and cannot be routed on the Internet. These ranges are reserved by the Internet Assigned Numbers Authority (IANA) and are the following:Class A: 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
Class B: 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
Class C: 192.168.0.0– 192.168.255.255 (192.168.0.0/16)When an internet router gets a packet with an IP of these ranges as source or destination it drops that packet. That’s why we say they cannot be routed on the internet.
In this way, devices communicate with one another on the same network without connecting to the entire Internet.
This means, these addresses cannot be seen on the Internet, unlike the public IP address. For that reason, we can use, or better say, reuse these IP ranges on every private network. This is why my wifi network at home can be 192.168.1.0/24 and so can yours. And this is how the concept of Private network arises.
Having these two separate types of IPs creates two types of networks. One public network, the internet, where we have globally unique IPs and packets can be routed across any host with one of these IPs and private networks, which don’t have unique IPs and therefore can only work locally. Private networks can be interconnected via routers, keeping the same concept of having a unique (in this case private IP) but hosts in these networks cannot be exposed directly to the internet, because internet routers would drop their packets.
So then, how can I connect a private host, device or service to the internet? How can my host, that has a private IP exchange packets with the outside network? This is when NAT comes into the equation. NAT combines multiple private IPs into one public IP, making better use of the limited IPv4 address space and solving the problem of IPs exhaustion in IPv4.