An Overview of Public Vs. Private IPv4 addresses,
Intro:
- How
they Public & Private IPv4
addresses work,
- Why Public
& Private IPv4 addresses exist,
- How
Public & Private IPv4 addresses
fit into modern cloud networking (especially AWS/Azure/GCP
VPCs).
Breadown
- IPv4 Addressing Fundamentals,
- Private vs. Public IPv4 – Core Difference,
- RFC 1918 – Private IP Ranges,
- Public IPs – Internet Routable Space,
- NAT (Network Address Translation),
- Cloud Networking Example (AWS),
- Advanced Topics,
- Visual Summary,
- Key Takeaways.
1. IPv4 Addressing
Fundamentals
- IPv4 addresses are 32-bit numbers, written as four octets (e.g., 192.168.1.10), each ranging from 0–255.
- IPv4 addresses identify devices
on a network and allow them to
communicate.
Each address has:
- A network portion (identifies subnet)
- A host portion (identifies device within that subnet)
Example:
192.168.1.10/24
→ Network: 192.168.1.0, Host Range: 192.168.1.1–192.168.1.254.
2. Private vs. Public IPv4 –
Core Difference
|
Aspect |
Private IP |
Public IP |
|
Definition |
Used inside private networks
(LANs, VPCs, on-premises). Not
routable over the internet. |
Used to communicate over the
internet. Routable globally. |
|
Visibility |
Only visible within the internal
network. |
Visible across the global
internet. |
|
Example Range (RFC
1918) |
-
10.0.0.0
– 10.255.255.255 (10/8) |
Any IPv4 address not in the
private/reserved ranges (e.g., 8.8.8.8, 52.95.245.0). |
|
Routability |
Not routable on the public
internet. Must go through NAT to reach outside. |
Routable directly on the internet. |
|
Typical Usage |
Internal systems, backend servers,
databases, private subnets, on-prem resources. |
Web servers, public APIs, load
balancers, internet gateways. |
|
Security |
Provides isolation by design. |
Requires proper firewalling and
security controls (e.g., Security
Groups, NACLs). |
3. RFC 1918 – Private IP
Ranges
|
Network |
CIDR |
Total Addresses |
Common Usage |
|
10.0.0.0 – 10.255.255.255 |
/8 |
~16.7 million |
Large enterprise or VPC-level
addressing |
|
172.16.0.0 – 172.31.255.255 |
/12 |
~1 million |
Medium-sized networks |
|
192.168.0.0 – 192.168.255.255 |
/16 |
~65,536 |
Home and small office networks |
4. Public IPs – Internet
Routable Space
- Public IP addresses are assigned by Internet Assigned Number Authority (IANA) and distributed by Regional Internet Registries (RIRs) like ARIN, RIPE, APNIC.
- Public
IP addresses are globally
unique and must be managed
carefully to avoid conflicts.
Example Public IPs:
- Google DNS → 8.8.8.8
- AWS EC2 Instance (Elastic IP) → 54.213.12.34
- CloudFront Edge → 13.224.0.0/15
5. NAT (Network Address Translation)
Since IPv4 address space is limited (~4.3 billion total addresses), NAT allows multiple private IPs to share a single public IP.
Types:
- SNAT (Source NAT) → private → public (outbound)
- DNAT (Destination NAT) → public → private (inbound)
- PAT (Port Address Translation) → many private IPs use one public IP via unique ports
Cloud Example:
- AWS NAT Gateway enables private subnet instances to reach the internet without exposing themselves.
6. Cloud Networking Example (AWS)
VPC Example:
|
Subnet Type |
CIDR |
Example IP |
Internet Access |
Notes |
|
Public Subnet |
10.0.1.0/24. |
EC2 = 10.0.1.10 (private) + 3.85.120.42 (public EIP) |
Yes, via IGW |
Used
for web servers |
|
Private Subnet |
10.0.2.0/24. |
EC2 = 10.0.2.5 |
Outbound via NAT Gateway only |
Used
for databases, backend apps |
Flow Example:
- Private instance (10.0.2.5) → NAT Gateway → Internet (via
54.x.x.x).
- Public instance (10.0.1.10 + EIP 3.x.x.x) ↔ Direct internet access.
7. Advanced Topics
- Elastic IPs
- Static public IPs in AWS assigned to EC2, Load Balancers, or NAT Gateways.
- PrivateLink / VPC Peering
- Enables private connectivity between VPCs or services without using public IPs.
- Hybrid Cloud
- Private IPs used in VPN or Direct Connect linking on-prem networks to cloud VPCs.
- IPv4 Exhaustion
- IPv4 addresses are scarce → IPv6 adoption (128-bit addresses) provides a nearly unlimited pool.
8. Visual Summary
Key Takeaways
- Public IPs = Internet-facing, globally unique.
- Private IPs = Internal, non-routable outside the network.
- NAT bridges the gap between private and public addressing.
- VPC design uses a mix of both for security and functionality.
- IPv6 will eventually reduce dependence on NAT and IPv4 scarcity.
No comments:
Post a Comment