IPv4 Addressing Explained: Classes, Ranges, Private & Public IPs

Introduction

Every device on a network needs an address. An IP address is like a digital home address: it tells routers where to deliver packets, just like a postal address tells couriers where to deliver packages.

We have two major versions: IPv4 and IPv6. IPv6 is the newer, bigger system, but IPv4 is still everywhere in home Wi-Fi routers, enterprise networks, cloud VPCs, and security policies. This article is a complete, plain-English guide to IPv4 addressing: how it’s structured, classes and ranges, public vs private, network and broadcast addresses, subnetting, CIDR, VLSM, and more. We’ll also add a short IPv6 primer at the end.

What Is an IPv4 Address?

• Size: 32 bits (binary digits).
• Format: 4 groups of 8 bits (called octets), shown in decimal, separated by dots.
  Example: 192.168.1.25
• Binary vs decimal:
  192.168.1.25 → binary is 11000000.10101000.00000001.00011001
• Total addresses: 2³² = 4,294,967,296 possible combinations.(RFC 5735)

Network part vs Host part

An IPv4 address is split into:

• Network ID (prefix): identifies the subnet.
• Host ID: identifies a device inside that subnet.

The split is defined by a subnet mask (e.g., 255.255.255.0) or CIDR prefix (e.g., /24).

Quick History: IPv4 Classes (Classful Addressing)

Early IP used fixed “classes” to decide how many network vs host bits you had.

> Today we use CIDR (Classless Inter-Domain Routing), which ignores these old class boundaries and is far more flexible. But you’ll still hear “Class C-like /24” in conversation.

Subnet Mask, CIDR, and Wildcard Mask (Quick Cheat Sheet)

• Subnet Mask: tells which bits are network vs host.
  Examples:
  255.0.0.0 (/8), 255.255.0.0 (/16), 255.255.255.0 (/24)
• CIDR Notation: /N where N = number of network bits.
  /24 means 24 bits for network, 8 bits for hosts.
• Wildcard Mask (ACLs, some firewall vendors): inverse of subnet mask.
  Example: mask 255.255.255.0 → wildcard 0.0.0.255.

Common mappings:

*Usable = total addresses minus network and broadcast.
†/31 (RFC 3021): both addresses are usable on point-to-point links; no broadcast.

Formula:
– Total addresses = 2^(32 – prefix)
– Usable hosts (normal subnets) = 2^(32 – prefix) – 2

Network Address, Broadcast Address, and Usable Host Range

• Network Address: first IP in the subnet (all host bits = 0).
• Broadcast Address: last IP in the subnet (all host bits = 1).
• Usable Host Range: everything between those two.

How to find them (two easy methods)

Method A — “Block size” method (fast):

1. Identify the first non-255 octet in the mask.
2. Block size = 256 – that octet.
3. Find which block your IP falls into.

Method B — Binary AND (precise):
– Network = IP AND Subnet Mask
– Broadcast = Network OR (inverse of mask)

Examples

1) 192.168.5.130/25
– Mask: 255.255.255.128 → block size in 4th octet = 256 – 128 = 128
– Blocks: .0–.127, .128–.255 → 130 falls in second block
– Network: 192.168.5.128
– Broadcast: 192.168.5.255
– Usable: 192.168.5.129 – 192.168.5.254

2) 10.23.45.200/27
– Mask: 255.255.255.224 → block size = 256 – 224 = 32
– 4th octet blocks: 0–31, 32–63, 64–95, 96–127, 128–159, 160–191, 192–223, 224–255
– 200 sits in 192–223
– Network: 10.23.45.192
– Broadcast: 10.23.45.223
– Usable: 10.23.45.193 – 10.23.45.222

3) 172.20.14.89/20
– Mask: 255.255.240.0 → the 3rd octet has block size 256 – 240 = 16
– 3rd octet blocks: 0–15, 16–31, 32–47, ...
– 14 falls in 0–15 block
– Network: 172.20.0.0
– Broadcast: 172.20.15.255
– Usable: 172.20.0.1 – 172.20.15.254

Public vs Private IP Addresses

Private IP (RFC 1918) — used inside local networks; not routable on the public internet

• 10.0.0.0/8 → 10.0.0.0 – 10.255.255.255
• 172.16.0.0/12 → 172.16.0.0 – 172.31.255.255
• 192.168.0.0/16 → 192.168.0.0 – 192.168.255.255

Your laptop/phone usually gets one of these from your Wi-Fi router.(RFC 1918)

Public IP — globally unique on the internet

Everything not reserved (private/special) is public and routable. Your ISP assigns a public IP to your router (or your cloud provider assigns one to your VM/load balancer).

NAT in one minute

NAT (Network Address Translation) lets multiple private devices share one public IP.
– SNAT (Source NAT)/PAT: many private hosts → one public IP using different ports.
– DNAT/Port-forwarding: make a private server reachable from the internet.

Reserved & Special IPv4 Ranges You Should Know

• Loopback: 127.0.0.0/8 (e.g., 127.0.0.1) → local testing on your own machine.
• Link-local/APIPA: 169.254.0.0/16 → auto-assigned when DHCP fails (commonly .1.0–.254.255 used).
• Carrier-Grade NAT (CGNAT): 100.64.0.0/10 → used by ISPs internally. Not the same as RFC1918, not publicly routable.
• Documentation/Test networks:
  – 192.0.2.0/24 (TEST-NET-1)
  – 198.51.100.0/24 (TEST-NET-2)
  – 203.0.113.0/24 (TEST-NET-3)
• Benchmark testing: 198.18.0.0/15
• IANA special: 192.0.0.0/24 (various protocol uses)
• Default/unspecified: 0.0.0.0 (also used as 0.0.0.0/0 for “default route”)
• Limited broadcast: 255.255.255.255
• Multicast: 224.0.0.0/4
  – Local-subnet multicast control: 224.0.0.0/24 (e.g., OSPF 224.0.0.5)
  – Administratively scoped: 239.0.0.0/8
• Directed broadcast: the broadcast of a specific subnet (e.g., 192.168.1.255 for /24). Often blocked by default on routers/firewalls due to amplification attacks.

Subnetting Basics (with a clean example)

Why subnet?
To split a big network into smaller, efficient segments: improve performance, contain broadcast domains, and apply security policies.

Example: split 192.168.1.0/24 into two equal subnets
– Need ~126 hosts each → choose /25 (gives 126 usable hosts)
– Subnet-A:
  – Network: 192.168.1.0
  – Broadcast: 192.168.1.127
  – Usable: 192.168.1.1 – 192.168.1.126
– Subnet-B:
  – Network: 192.168.1.128
  – Broadcast: 192.168.1.255
  – Usable: 192.168.1.129 – 192.168.1.254

General steps you’ll use daily:

1. Convert desired host count → minimum prefix: find the smallest 2^(host bits) – 2 ≥ hosts.
2. Use block size method to find network/broadcast for any given IP.

CIDR (Classless Inter-Domain Routing)

CIDR removed the old class boundaries and allowed arbitrary prefixes like /13, /20, /26, etc. This:

• Slowed IPv4 exhaustion (more efficient allocations).
• Simplified route tables using route aggregation/summarization.

Example (worked): 192.168.1.0/26
– Mask: 255.255.255.192
– Addresses per subnet: 2^(32–26) = 64 → usable hosts = 64 – 2 = 62
– Subnets inside /24:
  – 192.168.1.0/26 → usable .1–.62 (broadcast .63)
  – 192.168.1.64/26 → usable .65–.126 (broadcast .127)
  – 192.168.1.128/26 → usable .129–.190 (broadcast .191)
  – 192.168.1.192/26 → usable .193–.254 (broadcast .255)

Route summarization example:
10.20.0.0/16, 10.21.0.0/16, 10.22.0.0/16, 10.23.0.0/16 can be summarized as 10.20.0.0/14.

VLSM (Variable Length Subnet Masking)

Goal: Assign different-sized subnets to match real needs (no waste).

Scenario: You have 192.168.10.0/24 and need these subnets:

• Dept A: 100 hosts
• Dept B: 50 hosts
• Dept C: 25 hosts
• Dept D: 10 hosts

Step 1 — Sort by size (largest first): 100, 50, 25, 10
Step 2 — Pick the smallest prefix that fits each:
– 100 hosts → /25 (126 usable)
– 50 hosts → /26 (62 usable)
– 25 hosts → /27 (30 usable)
– 10 hosts → /28 (14 usable)

Step 3 — Carve from the base block without overlaps:
– Start block: 192.168.10.0/24

1) Dept A (/25):
– Network: 192.168.10.0
– Broadcast: 192.168.10.127
– Usable: 192.168.10.1 – 192.168.10.126

2) Dept B (/26): (next free chunk begins at .128)
– Network: 192.168.10.128
– Broadcast: 192.168.10.191
– Usable: 192.168.10.129 – 192.168.10.190

3) Dept C (/27): (next free chunk begins at .192)
– Network: 192.168.10.192
– Broadcast: 192.168.10.223
– Usable: 192.168.10.193 – 192.168.10.222

4) Dept D (/28): (next free chunk begins at .224)
– Network: 192.168.10.224
– Broadcast: 192.168.10.239
– Usable: 192.168.10.225 – 192.168.10.238

Leftover: 192.168.10.240/28 (free for future use)

That’s VLSM: largest to smallest, tight fits, no overlaps.

Finding Network/Broadcast/Host Range — More Practice

Try these mentally using the block size approach:

1) 172.16.200.77/23
– Mask: 255.255.254.0 → 3rd octet block = 256 – 254 = 2
– Blocks: ... 198–199, 200–201, 202–203, ...
– 200 → block 200–201
– Network: 172.16.200.0
– Broadcast: 172.16.201.255
– Usable: 172.16.200.1 – 172.16.201.254

2) 10.0.12.9/20
– Mask: 255.255.240.0 → 3rd octet block = 16
– 12 → block 0–15
– Network: 10.0.0.0
– Broadcast: 10.0.15.255
– Usable: 10.0.0.1 – 10.0.15.254

3) 192.168.100.71/30
– Mask: 255.255.255.252 → 4-octet block = 4
– 4th octet 71 → block 68–71
– Network: 192.168.100.68
– Broadcast: 192.168.100.71
– Usable: 192.168.100.69 – 192.168.100.70 (classic P2P)

DHCP, Static IPs, and How Devices Get Addresses

• DHCP (Dynamic Host Configuration Protocol): the most common way. A DHCP server leases IPs to clients and tells them gateway, DNS, etc.
• Static (manual) assignment: used for servers, printers, firewalls, infrastructure where predictability matters.
• DHCP reservations: mix of both—DHCP gives a fixed IP to a specific MAC.

Tip: In RFC1918 networks, keep static infrastructure out of your DHCP pool (or reserve them) to avoid conflicts.

Security Notes for Firewalls & Admins

• Block directed broadcasts to prevent smurf-style amplification.
• Filter spoofed private or special ranges on WAN interfaces (BCP 38 style egress/ingress filtering).
• Be aware of CGNAT (100.64.0.0/10) when troubleshooting inbound access or geolocation issues.
• Understand /31 behavior on P2P links to avoid “missing broadcast” confusion—it’s expected.
• For ACLs/policies, learn both subnet masks and wildcard masks (vendors vary).

IPv4 Limitations (Why IPv6 exists)

• Only ~4.3 billion addresses → exhausted.
• Workarounds like NAT keep IPv4 alive, but add complexity (e.g., double-NAT, hair-pinning).
• IPv6 is the long-term answer (128-bit space, simpler header, built-in autoconfig). See the primer below.

Quick IPv6 Primer (just enough context)

We’ll publish a full IPv6 article later; here’s a crisp preview:

• Size: 128 bits (enormous space).
• Format: hexadecimal, colon-separated (e.g., 2001:db8:85a3::8a2e:370:7334).
• Major types:
  – Global Unicast: 2000::/3 (public on the internet)
  – Link-local: fe80::/10 (auto, not routed)
  – Unique Local (private-like): fc00::/7 (commonly fdxx::/8)
  – Multicast: ff00::/8
• No NAT needed in the traditional IPv4 sense (though NPTv6 exists).
• Stateless autoconfiguration (SLAAC) and DHCPv6 are common ways to assign addresses.
• Dual-stack (IPv4+IPv6) is normal during transition.(RFC 4291)

Quick Reference Tables

A) Private, CGNAT, and Special Ranges

B) Popular CIDR to Hosts (usable)

*Special case: both addresses usable on point-to-point links.

FAQ (fast answers you’ll need on the job)

Q1. Can a network or broadcast address be assigned to a host?
No (except special cases like /31 where broadcast doesn’t exist).

Q2. Is 172.20.5.10 private?
Yes—172.16.0.0 – 172.31.255.255 is private.

Q3. Why can’t I reach my device at 169.254.x.x across the network?
That’s link-local (APIPA). It only works on the same local link; routing is not expected.

Q4. Why is my public IP different from my computer’s IP?
Your device has a private IP; the router does NAT to a public IP.

Q5. When should I use /31 vs /30?
Use /31 on router-to-router point-to-point links (saves addresses). Use /30 if your platform/tools require a broadcast address or you need two hosts plus broadcast.

Summary

You now have the full picture of IPv4 addressing:

• 32-bit addresses split into network and host by a mask/prefix.
• Old classes exist historically; modern networks use CIDR.
• You can quickly find network, broadcast, and host ranges using the block-size trick.
• Know your private, public, CGNAT, and special ranges.
• Use VLSM to allocate different subnet sizes efficiently.
• IPv4 has limits; IPv6 is the future, but IPv4 mastery remains essential for firewalling and troubleshooting.

Sameer

Cybersecurity blogger with a focus on firewalls, network security, and tech trends making security simple for everyone, from IT pros to curious minds.