Nota: Este artículo fue publicado originalmente en 2011 and has been updated with additional context on modern networking practices. The RFC 1918 address ranges themselves have not changed.

Introducción

Private network segments are IP address ranges reserved for use within internal networks that are not directly routable on the public internet. Defined by RFC 1918 (published in 1996), these address spaces allow organizations of any size to build internal networks without consuming globally unique public IP addresses.

Understanding private IP ranges is fundamental knowledge for network administrators, system administrators, and anyone working with routing tables, firewalls, VPNs, or cloud infrastructure. This guide provides a complete reference for private network addressing, including CIDR notation, subnet masks, and practical guidance for choosing the right range.

RFC 1918 Private Address Ranges

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks for private network use:

RangeCIDR NotationSubnet MaskAvailable AddressesClass
10.0.0.0 — 10.255.255.25510.0.0.0/8255.0.0.016,777,214Class A
172.16.0.0 — 172.31.255.255172.16.0.0/12255.240.0.01,048,574Class B
192.168.0.0 — 192.168.255.255192.168.0.0/16255.255.0.065,534Class C

Importante: The “Available Addresses” count excludes the network address and broadcast address for each range.

Understanding CIDR Notation and Subnet Masks

CIDR (Classless Inter-Domain Routing) notation uses a slash followed by a number to indicate how many bits of the IP address are used for the network portion. The remaining bits are available for host addresses.

Subnet Mask Reference Table

Address ClassSubnet Mask in BinaryCIDR PrefixDecimal Equivalent
Class A11111111 00000000 00000000 00000000/8255.0.0.0
Class B11111111 11111111 00000000 00000000/16255.255.0.0
Class C11111111 11111111 11111111 00000000/24255.255.255.0

Common Subnet Sizes

Here is a quick reference for the most commonly used subnet sizes within private ranges:

CIDRSubnet MaskUsable HostsTypical Use
/8255.0.0.016,777,214Large enterprise network
/16255.255.0.065,534Campus or datacenter segment
/20255.255.240.04,094Large VLAN or cloud VPC subnet
/24255.255.255.0254Standard office LAN segment
/28255.255.255.24014Small DMZ or management subnet
/30255.255.255.2522Point-to-point router link
/32255.255.255.2551Loopback or host route

Choosing the Right Private Range

10.0.0.0/8 — Best for Large Networks

The 10.x.x.x range provides the most addresses and is the preferred choice for:

  • Enterprise networks with thousands of hosts
  • Cloud providers (AWS, Azure, and GCP VPCs commonly default to 10.x.x.x)
  • Networks requiring extensive subnetting
  • Data center environments

Example subnetting scheme:

10.1.0.0/16   -- Production environment
10.2.0.0/16   -- Development environment
10.3.0.0/16   -- Staging environment
10.10.0.0/16  -- Management network

172.16.0.0/12 — Best for Medium Networks

The 172.16.x.x through 172.31.x.x range is well suited for:

  • Medium-sized businesses
  • Secondary network ranges (when 10.x.x.x is already in use)
  • Docker default bridge networks (Docker uses 172.17.0.0/16 by default)
  • Environments requiring separation from 10.x.x.x ranges used by VPN partners

192.168.0.0/16 — Best for Small Networks

The 192.168.x.x range is most commonly used in:

  • Home networks (most consumer routers default to 192.168.0.x or 192.168.1.x)
  • Small office / home office (SOHO) environments
  • Lab and testing environments
  • Individual VLAN segments within larger networks

How Private Addressing Works with NAT

Private IP addresses cannot be routed on the public internet. To allow devices on a private network to access external resources, Network Address Translation (NAT) is used. NAT translates private addresses to a public IP address at the network edge (typically the router or firewall).

The basic flow is:

  1. A device with private IP 192.168.1.100 sends a request to a public website
  2. The router replaces the source address with its public IP (e.g., 203.0.113.5) and records the mapping
  3. The response from the internet arrives at the router’s public IP
  4. The router translates the destination back to 192.168.1.100 and forwards it internally

Common NAT types include:

  • SNAT (Source NAT) — translates the source address of outbound packets
  • DNAT (Destination NAT) — translates the destination address of inbound packets (used for port forwarding)
  • PAT (Port Address Translation) — maps multiple private addresses to a single public IP using different port numbers (the most common form in home and small office routers)

Verifying Your Network Configuración

On Windows

ipconfig /all

On Linux / macOS

ip addr show        # Linux
ifconfig             # macOS / older Linux

Checking the Routing Table

# Linux
ip route show

# Windows
route print

# macOS
netstat -rn

Solución de Problemas Tips

  • Overlapping subnets — If you are merging networks or setting up a VPN and both sides use the same private range, you will experience routing conflicts. Plan your IP addressing to avoid overlap, or use NAT on both ends to remap addresses.
  • Incorrect subnet mask — An overly broad or narrow subnet mask will cause devices to either see too many or too few neighbors on the local network. Verify the mask matches your intended subnet size.
  • DHCP exhaustion — If you are running out of addresses in a /24 subnet (254 hosts), either expand the subnet or create additional VLANs with their own subnets.
  • Cloud VPC CIDR conflicts — When peering VPCs or connecting cloud networks to on-premises, ensure CIDR blocks do not overlap.

Resumen

The three RFC 1918 private address ranges — 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 — are the foundation of virtually every internal network. Choosing the right range and subnet size depends on the scale of your network, future growth plans, and integration requirements with VPNs or cloud providers. Proper planning of your IP addressing scheme avoids costly renumbering projects and routing conflicts down the road.

Artículos Relacionados