Public vs. Private IP Addresses
September 15, 2023
IP addresses are identifiers. Devices use IP addresses to communicate with other devices. At first, each address was unique but clever engineers have added nuance. The internet is a network of networks. Often, the address announced to the internet hides a wealth of private addresses behind it. Those private addresses are only locally unique while the address that hides them is globally unique. In other words, many millions of networks can use the same private addresses. Specifically and only with one device. On a network like the internet, the address of a device is announced to the entire system so that anyone, anywhere can find and communicate with that location. Which means that an IP address used on the internet must be unique and known worldwide.
On a smaller network, the IP must be unique on the network in question. And therein lies the rub. There are multiple networks in the world and not all of them are directly connected.
The most widely understood network address is the “public” IP address. In this address, the unique identifier can be reached from anywhere on the internet because it has been published and is unique on the system.
A private IPv4 address is structurally identical to a unique, public address. But there are differences: it is unpublished in RIRs (the address books of the internet) and it is not unique to a single device. A private IP is often duplicated many times, used on many closed networks of various sizes. So, a single private IP likely exists in many millions of homes, cafes, and hotel lobbies around the world. For instance, your phone might have the IP 192.168.0.73. But there will be millions of other devices using the same address, simultaneously.
The advantage of a privately-used IP is that the same one can be deployed many times. It’s cheaper. It is unique only within the confines of its “private” network. Within that walled garden it identifies only one device. But to communicate more widely some intermediary is needed.
When a private IP address must communicate with the outside world via the internet (that is beyond a private, closed network) it does so using a Network Address Translator (NAT). This replaces the private IP address with its own public and unique address on outgoing packets. It rewrites the destination address on incoming packets to the private IP when it forwards them to your local, “private” device.
Unique Address Use
When the world had a limited number of internet-connected devices and a (seemingly) unlimited number of IPv4 addresses, public, unique addresses were used on just about everything connected to the network. This included:
- Desktop computers
- Printers, copiers, faxes and scanners
- Security cameras
- Data storage systems, and
- VoIP phones
The internet was still small, so there was no shortage of IPv4 addresses. If you already had a large block of them, you’d use them for anything that would communicate with something on a network.
When the looming shortage of addresses became clear, some more efficient use of the limited supply was needed. John Mayes and Brantley Coile developed a commercial Network Address Translator in 1995. This allowed multiple-use private IP addresses in wide network use. It had another advantage: when dumb devices are on the internet they can behave stupidly. So to speak.
As the internet boomed at the turn of the century, the risks associated with “internal” devices with full internet access became much greater. Even a relatively dumb device, like a camera, could give a miscreant access to your network. This increased the risk of data exfiltration, criminal spamming from your infrastructure, and simple malicious damage.
Using private IP addresses behind a NAT provides enough network security for many types of user. Organizations with more complex needs will need a more robust security approach. The IPAM (IP Address Management) system manages which addresses are used on a network and the NAT (Network Address Translator) provides an internet access gateway for the devices that need it. As a result, some private IP addresses are completely isolated and others are protected through the intermediary of the NAT.
In 2023 IPv4 addresses are at a premium. An old Class B address block (65,536 addresses) is worth as much as $3 million. So, replacing valuable unique addresses with something less costly will pay for itself and leave a lot left over.
To use IP addresses most efficiently, consider the following:
- Use private IPv4 addresses for all client devices, printers, and internal-only servers.
- Use a NAT or CG-NAT for those devices that need to access the internet.
- Use an audited license management server instead of tying licenses to unique IPv4 addresses.
- Use IPv6 addresses for all client devices, printers, and internal-only servers.
- Use dynamically scaled cloud services for external services, to minimize your use of IPv4.