Address Allocation for Private Internets
| id | schema-atoms/rfc/rfc-1918 |
| authors | Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear |
| created | 2026-05-24 |
Address Allocation for Private Internets
RFC 1918 — Best Current Practice (BCP 5)
Published: February 1996
Authors: Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear
Obsoletes: RFC 1597, RFC 1627
Abstract
This document describes address allocation for private internets. The allocation permits full network layer connectivity among all hosts within an enterprise as well as connectivity among all public hosts of different enterprises. The cost of this is that outside connectivity is lost for the hosts with private addresses.
1. Introduction
With the rapid growth of the Internet, the pool of available IP addresses has become increasingly scarce. Many enterprises that operate networks do not actually require connectivity to the global Internet for all of their hosts. Such enterprises may use IP addresses from a reserved block without obtaining global uniqueness.
This document defines a set of address ranges that enterprises MAY use internally without coordination with IANA or an Internet registry. These addresses are not routable on the public Internet.
2. Motivation
With the implementation of classless inter-domain routing (CIDR), the Internet address space is used more efficiently. However, Internet-connected enterprises still consume globally unique address space even when global connectivity is not required for every host.
Hosts that do not require connectivity to the global Internet or to hosts in other enterprises may use IP addresses from the private address space defined below. This conserves the globally unique address space for hosts that do require such connectivity.
Because the private address space is not globally routable, packets addressed to these ranges MUST NOT be forwarded by Internet backbone routers. Enterprises using private addresses and requiring connectivity to the Internet MUST use a mechanism such as Network Address Translation (NAT) or application proxies at the boundary.
3. Private Address Space
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:
| Block | Range | Size |
|---|---|---|
10.0.0.0/8 |
10.0.0.0 – 10.255.255.255 | 16,777,216 addresses |
172.16.0.0/12 |
172.16.0.0 – 172.31.255.255 | 1,048,576 addresses |
192.168.0.0/16 |
192.168.0.0 – 192.168.255.255 | 65,536 addresses |
These are referred to as the 24-bit block, the 20-bit block, and the 16-bit block respectively.
An enterprise that decides to use IP addresses out of the address space defined in this document can do so without any coordination with IANA or an Internet registry. The address space can thus be used by many enterprises. Addresses within this private address space will only be unique within the enterprise, or the set of enterprises which choose to cooperate over this space so they may communicate with each other in their own private internet.
Any enterprise that needs globally unique address space is required to obtain such addresses from an Internet registry.
4. Recommended Practice
Enterprises that need to isolate their networks from external networks SHOULD deploy private addressing using the address blocks defined above.
Hosts within enterprises that use private IP addresses can access the Internet either through application-layer gateways or through address translators. The latter approach allows many hosts with private addresses to share a smaller number of globally unique IP addresses.
Internet routers MUST NOT forward packets with private source or destination addresses:
10.0.0.0/8172.16.0.0/12192.168.0.0/16
Route information about private networks MUST NOT be propagated on inter-enterprise links. Routers in networks not using private address space MUST be configured to reject routing information about private networks from external sources.
Private addresses MUST NOT appear in the Domain Name System (DNS) in a way that could allow them to be resolved by outside parties.
5. Security Considerations
Filtering of private address space by Internet routers provides a degree of defense in depth. Because these addresses are not globally routable, they cannot be the source of spoofed packets that appear to originate from a legitimate public Internet host.
However, using private addresses does not provide security on its own. Enterprises using private address space still require proper firewalls, access controls, and security policies. Private addressing is a tool for address conservation and isolation, not a security mechanism.
References
- RFC 1466 — Gerich, E., "Guidelines for Management of IP Address Space", May 1993.
- RFC 1597 — Rekhter et al., "Address Allocation for Private Internets", March 1994. (Obsoleted by this document.)
- RFC 1627 — Lear et al., "Network 10 Considered Harmful", July 1994. (Obsoleted by this document.)
atom.toml
# atom.toml — RFC 1918: Address Allocation for Private Internets
id = "schema-atoms/rfc/rfc-1918"
version = "1.0.0"
content_hash = ""
lifecycle = "draft"
created_at = "2026-05-24T00:00:00Z"
[rfc]
rfc_number = 1918
title = "Address Allocation for Private Internets"
authors = ["Y. Rekhter", "B. Moskowitz", "D. Karrenberg", "G. J. de Groot", "E. Lear"]
published_date = "1996-02"
status = "BCP"
obsoletes = ["RFC 1597", "RFC 1627"]
asset = "rfc1918.md"
asset_source = "rfc1918.txt"
[protocol]
provenance = "https://www.rfc-editor.org/rfc/rfc1918 — RFC 1918, February 1996, Rekhter et al."
license = "IETF Trust"