DevOps

IP Addressing

IP addressing is how devices are identified on a network. An IP address can identify a single host, while a network address identifies the network itself. Understanding the difference is important for routing, subnetting, firewalls, and troubleshooting connectivity issues.

What is an IP address?

An IP address is a logical address assigned to a device so it can send and receive packets over a network.

There are two main versions:

  • IPv4: 32-bit address, such as 192.168.1.10
  • IPv6: 128-bit address, such as 2001:db8::10

An IP address usually belongs to one of these scopes:

  • Private IP: Used inside local networks and not directly routable on the public Internet.
  • Public IP: Used on the Internet and routable across the wider network.

What is a network address?

A network address represents the subnet itself, not an individual device. It is the first address in a subnet and is found by applying the subnet mask to an IP address.

For example:

  • IP address: 192.168.1.34
  • Subnet mask: 255.255.255.0
  • CIDR notation: 192.168.1.34/24
  • Network address: 192.168.1.0

In this subnet:

  • 192.168.1.0 is the network address
  • 192.168.1.255 is the broadcast address
  • 192.168.1.1 to 192.168.1.254 are usable host addresses

The network address is used by routers and hosts to determine whether a destination is on the same local network or must be reached through a gateway.

Subnet masks and CIDR

A subnet mask defines which part of an IP address belongs to the network and which part belongs to the host.

Examples:

  • 255.255.255.0 means the first 24 bits are the network portion
  • This is commonly written as /24
  • 10.0.0.15/8 belongs to the network 10.0.0.0/8
  • 172.16.5.20/16 belongs to the network 172.16.0.0/16

CIDR notation is the standard way to describe subnets because it is shorter and clearer than dotted subnet masks.

Private IP addresses

Private IPv4 ranges are reserved for internal networks:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

These addresses are commonly used in homes, offices, cloud VPCs, and Kubernetes clusters. They are not directly reachable from the Internet.

Examples:

  • A laptop might have 192.168.1.20
  • A pod or VM inside a private network might have 10.0.2.15

Because private addresses are reused everywhere, they are only meaningful inside their own network context.

Public IP addresses

A public IP address is globally routable on the Internet. It is the address other systems see when traffic leaves your network.

Public IPs are typically assigned to:

  • Home routers by an ISP
  • Cloud load balancers
  • Virtual machines
  • Firewalls, proxies, and VPN gateways

Examples:

  • A web server on the Internet may have a public IP such as 203.0.113.10
  • A home network may have many private devices behind one public IP

Public IP vs private IP

Type Scope Routable on Internet Example
Private IP Local or internal network No 192.168.1.20
Public IP Global Internet Yes 203.0.113.10

The most common mistake is assuming the IP shown on your laptop is the same IP the Internet sees. In many networks, your device has a private IP, while the router or gateway uses a different public IP externally.

NAT and why public IPs are shared

Most private networks use NAT (Network Address Translation). NAT allows many private devices to share one public IP address.

Why NAT is needed

NAT became necessary mainly because there are not enough public IPv4 addresses for every device in the world to have its own Internet-routable address.

Without NAT:

  • Every laptop, phone, server, camera, and IoT device would need a unique public IPv4 address
  • IPv4 address exhaustion would become unmanageable even faster
  • Home and office networks would be much harder to operate at scale

NAT helps solve this by letting an internal network use private IP addresses locally, while only the gateway or edge router needs a public IP address externally.

NAT is also useful operationally because it:

  • Reduces the number of public IPv4 addresses an organization needs
  • Makes it easier to renumber internal networks without changing the public-facing address
  • Hides internal addressing from the public Internet

That said, NAT is not a security feature by itself. It can reduce direct inbound exposure, but proper security still depends on firewalls, access controls, and network policy.

Example:

  • Laptop: 192.168.1.20
  • Phone: 192.168.1.21
  • Router public IP: 198.51.100.25

When either device sends traffic to the Internet, the router rewrites the source address so the traffic appears to come from 198.51.100.25. Replies come back to the router, which maps them to the correct internal device.

This is why:

  • Devices on your LAN usually do not have public IPs
  • Inbound Internet access often requires port forwarding, a reverse proxy, or a load balancer
  • Multiple users can appear to external services as the same public IP

How routing uses the network address

When a host wants to reach another IP, it checks whether the destination is inside its own subnet.

If it is:

  • The host sends traffic directly on the local network
  • It may use ARP in IPv4 to find the destination MAC address

If it is not:

  • The host sends the packet to its default gateway
  • The router forwards it toward the destination network

So the network address is fundamental to deciding where packets go.

How to find your local IP and network

On Linux, the ip command is the usual tool.

  • Show all addresses:
bash
ip addr
  • Show routing table:
bash
ip route
  • Show only IPv4 addresses:
bash
ip -4 addr

Example output:

bash
192.168.1.34/24

From this, you can infer:

  • Host IP: 192.168.1.34
  • Subnet: /24
  • Network address: 192.168.1.0

How to find your public IP

Your public IP is usually learned from an external service, your cloud provider, or your edge device.

Examples:

bash
curl ifconfig.me
curl ipinfo.io/ip

In cloud environments, the public IP may also be visible in:

  • The VM or instance metadata
  • The load balancer configuration
  • The Kubernetes service EXTERNAL-IP
  • The firewall or NAT gateway configuration

Common troubleshooting ideas

  • If two hosts cannot talk, first verify their IP addresses, subnet masks, and default gateways.
  • If a service is reachable internally but not from the Internet, check NAT, firewall rules, and whether a public IP is actually assigned.
  • If DNS resolves correctly but the connection still fails, confirm the destination public IP is listening and routable.
  • If two networks use overlapping private ranges such as 10.0.0.0/8, routing and VPN connectivity can become difficult.

Summary

  • An IP address identifies a host or interface.
  • A network address identifies the subnet.
  • A private IP works inside local networks.
  • A public IP is globally routable on the Internet.
  • NAT commonly lets many private devices share one public IP.

These concepts are small on paper, but they explain a huge amount of real-world network behavior.