What are non-routable IP addresses?

Non-routable IP addresses, also called private IP addresses, are a group of IP addresses set aside for networks that operate internally, as they never travel over the public internet. They form the foundation of how everyday devices communicate behind the scenes, from laptops and printers to smart TVs and internal servers.

This guide explains how they differ from routable IPs, breaks down the non-routable address ranges, and shows you the practical ways you can use them in real network setups.

Routable vs. non-routable IPs

Non-routable IPs are one of the two main types of IP addresses. The other category is routable, or public, IP addresses.

Unlike non-routable IPs, routable IP addresses are the addresses that can move across the wider internet. They come from globally unique address space, which means no two networks advertise the same routable IP address on the public internet at the same time. However, many devices or even users can share a single routable IP through technologies like Network Address Translation (NAT) and carrier-grade NAT.

When you browse a website or use an online service, this public, routable IP is the address the outside world sees and uses to send information back to you.

Types of non-routable IPs

Non-routable IP addresses come in several forms, each designed to operate only within local or limited network environments:

• Private IP addresses: Reserved for devices inside home, office, and enterprise networks where communication stays local and doesn’t require a public-facing address.
• Loopback addresses: Let a device route traffic back to itself for testing and internal operations.
• Link-local addresses: Allow nearby devices to communicate on the same network segment when no router or Dynamic Host Configuration Protocol (DHCP) server is available.
• Multicast addresses: Used to deliver a single data stream to multiple devices at once within a controlled network scope. Only certain multicast ranges (such as 224.0.0.0/24) are non-routable and restricted to the local network segment; others may be routable within broader network scopes.
• Documentation and test addresses: Set aside for examples, training, and testing so they never conflict with real systems online.
• Shared address space (carrier-grade NAT): Used by internet service providers (ISPs) to manage large numbers of customers behind NAT. These addresses function like private IPs but on the provider’s side rather than inside your home network.
• Reserved and experimental addresses: Set aside for future use and not routed on the public internet today. They’re kept out of normal traffic so they don’t interfere with real systems.

Pros and cons of non-routable IPs

Non-routable IP addresses come with several advantages that make them the backbone of home and office networking, but they also have a few limitations worth keeping in mind.

Pros

• Improve security by default: Devices using non-routable IPs aren’t reachable from the public internet unless you explicitly configure access. This helps shield internal systems from unsolicited traffic and external scans.
• Flexible and easy to use: Non-routable ranges allow organizations of any size to design internal addressing schemes without needing approval from an ISP or registry.
• Conserves public IP space: Non-routable ranges let countless private networks reuse the same addresses. This reduces the number of public IPs needed and helps stretch IPv4’s limited supply.
• Supports specialized local functions: Some non-routable ranges exist for unique purposes, like loopback for testing, providing useful capabilities that don’t require internet access.
• Limit the spread of internal problems: Because the traffic stays local, misconfigured services or noisy devices are less likely to affect systems outside the network.

Cons

• Potential for overlap between networks: Because everyone can use the same ranges, merging networks (for example, during a company merger or when connecting two sites) can lead to address conflicts unless planned carefully.
• Adds complexity for inbound access: Allowing external devices to connect to something inside the network often requires extra configuration, such as firewalls and port forwarding.

Non-routable IP address ranges

Non-routable addresses are assigned to specific, reserved blocks in the address space. These ranges are fixed, well-defined, and used exclusively for their intended role.

RFC 1918 defined ranges for private IPs

The most widely used non-routable blocks are the private IPv4 ranges. These were set aside so internal networks of any size could assign addresses freely without affecting the public internet. The three RFC 1918 ranges are:

• 10.0.0.0–10.255.255.255: This range is the largest private block, offering over 16 million addresses. It’s ideal for large organizations, data centers, cloud environments, or any network that needs extensive subdivision and room to grow.
• 172.16.0.0–172.31.255.255: This mid-sized block contains about 1 million addresses. It’s commonly used by companies that are bigger than a small office but don’t need the enormous space of the 10.x.x.x range.
• 192.168.0.0–192.168.255.255: This segment is the smallest block, with roughly 65,000 addresses. It’s perfect for home routers and small office networks, which is why addresses like 192.168.0.1 and 192.168.1.1 are so familiar.

These different sizes give networks the flexibility to choose a range that matches their scale, whether it’s a handful of devices in a home, hundreds in a business, or thousands spread across a large enterprise.

You’ll often see these written with a slash and a number at the end, like /8, /12, or /16. This is called Classless Inter-Domain Routing (CDR) notation, which is simply a shorthand that tells you how big a network block is. The number after the slash shows how many bits of the address are fixed for the network, and the remaining bits are available for devices. Fewer fixed bits means a larger range of possible addresses.

So when you see something like 10.0.0.0/8, it means 8 bits are reserved for defining the network and 24 bits remain for devices. This adds up to over 16 million possible addresses.

Other IPv4 non-routable ranges

Beyond the private ranges, here are the rest of the reserved blocks that don’t appear on the public internet:

• 127.0.0.0–127.255.255.255: The loopback block, reserved entirely for traffic a device sends to itself.
• 169.254.0.0–169.254.255.255: The link-local block, used for address assignment on a local segment when no configured address is available.
• 192.0.2.0–192.0.2.255: TEST-NET-1, a documentation-only range used in examples and training material.
• 198.51.100.0–198.51.100.255: TEST-NET-2, another documentation range kept separate from real public routes.
• 203.0.113.0–203.0.113.255: TEST-NET-3, a third range reserved for examples and demonstrations.
• 198.18.0.0–198.19.255.255: A block set aside for network equipment benchmarking in controlled environments.
• 100.64.0.0–100.127.255.255: The shared address space used inside service provider networks, separate from customer-facing public traffic.
• 240.0.0.0–255.255.255.254: A large reserved block kept out of general use and not routed on the public internet.
• 255.255.255.255: A special broadcast address used to reach all devices on the local network segment.
• 224.0.0.0–224.0.0.255: A portion of the multicast space reserved for local network control and restricted to the local segment.

IPv4 non-routable address classes

Before modern subnetting and CIDR became the standard way to describe networks, IPv4 blocks were grouped into IP classes. These classes defined how large each block was and how many devices it could support. Even though the class system isn’t used in networking today, it’s still a helpful way to understand the shape of the three private ranges.

• Class A reserved: Addresses like 10.0.0.0 to 10.255.255.255. Used in very large networks, they allow many devices to connect.
• Class B reserved: Addresses from 172.16.0.0 to 172.31.255.255. Suited for medium-sized networks, they handle a moderate number of devices.
• Class C reserved: Addresses such as 192.168.0.0 to 192.168.255.255. Often found in home or small office networks, they support fewer devices.
• Class D addresses: 224.0.0.0 to 239.255.255.255. Reserved for multicast, they let one device send data to many devices at once.
• Class E addresses: 240.0.0.0 to 255.255.255.255. Intended for experiments and research, they aren’t used in everyday networks.

Are there non-routable IPs in IPv6?

Yes, IPv6 has its own version of internal-only addresses, but they work a bit differently from IPv4’s private ranges. IPv6 uses something called Unique Local Addresses (ULAs), defined in RFC 4193. They’re meant for internal communication within homes, offices, or organizations and aren’t routed on the public internet. Practically all of these addresses start with fd00::/8.

Note: You might see the broader prefix fc00::/7 mentioned in documentation, but in practice only the fd portion is used. The fc half was originally reserved for a global allocation system that was never implemented, so all locally created ULAs use fd00::/8 instead.

IPv6 also assigns every device a link-local address, which are technically non-routable IPs, in the fe80::/10 range. These are even more limited than ULAs: they only work on the local network segment and never pass through a router. Link-local addresses are used for things like device discovery and basic communication between directly connected machines.

Devices create these addresses automatically, and they’re used for communication on the same network segment. They’re important for basic IPv6 functions such as device discovery and local connectivity.

Together, ULAs and link-local addresses keep IPv6 traffic internal. They support stable, local communication without exposing devices or data to the wider internet.

Real-world applications of non-routable IPs

Non-routable IP addresses appear in all kinds of everyday setups, from home Wi-Fi to massive cloud infrastructure.

Home networking examples

Non-routable IPs show up constantly in home networks, keeping everyday devices connected without exposing them to the wider internet. Private addressing handles most household traffic, while other non-routable ranges support local functions behind the scenes.

• Wi-Fi devices: Phones, laptops, smart TVs, printers, and tablets use private IPs to communicate on the home network.
• Smart home devices: Internet of Things (IoT) devices like cameras, sensors, lights, and thermostats rely on private addresses to reach local hubs and controllers.
• Local apps and services: Computers and home servers make use of the loopback address (127.0.0.1) to run software and testing tasks internally.
• Fallback communication: Devices switch to link-local addresses if they can’t obtain one from the router, allowing basic local connectivity to continue.

Corporate and enterprise networks

Businesses rely on non-routable IPs to structure large internal networks across offices and data centers.

• Internal systems: Servers, printers, and internal applications run on private ranges so they’re not directly exposed to the internet.
• Remote access: When staff connect through a VPN, they’re placed inside the company’s private address space, letting them reach internal tools securely.
• Monitoring and diagnostics: Loopback addresses are used by monitoring agents and services so systems can check their own health reliably.
• Training and simulations: Documentation/test ranges (like 192.0.2.x) are commonly used in labs and learning environments so example networks don’t interfere with production traffic.

Cloud and data center environments

Cloud platforms rely heavily on non-routable IPs for internal communication and platform-specific services. Here are some typical ways non-routable IP addresses support internal communication and services in cloud platforms and data centers:

• Virtual machine traffic: Private IPs let virtual machines communicate inside a data center without exposing internal systems publicly.
• Backend servers: Databases and internal APIs use non-routable addresses to stay isolated from the public-facing network.
• Storage networks: Storage area network (SAN) and network-attached storage (NAS) deployments use private IPs for high-speed data transfer between servers and storage systems.
• Load balancers: Internal load balancers use private addresses to distribute traffic between services before sending responses outward.
• Instance metadata services: Platforms like Amazon Web Services (AWS) allow each virtual machine to reach a link-local address (169.254.169.254) to access its configuration details without that service ever leaving the local network.

The role of NAT in using private IPs

Network Address Translation (NAT) plays a key part in helping devices that use private IP addresses get online. It's a feature built into most routers and firewalls that sit at the edge of a network.

Its role is simple: when a device using a private IP needs to reach the internet, NAT replaces that private address with the network’s public IP before the traffic leaves. The private address doesn’t appear on the internet itself, but the request still goes through, and the router keeps track of which internal device it belongs to so it can send the response back to the right place.

When responses come back, NAT keeps track of which device started each connection and forwards the data to the right place. This allows entire networks to share a single public IP while keeping all private addresses hidden from the internet.

Security and privacy implications

NAT offers helpful privacy and security benefits, but it also introduces some limits. The table below highlights the key pros and cons.

Private IPs and VPNs

Virtual private network (VPN) services use private IP addresses to create a separate internal network inside the encrypted tunnel that connects you to the VPN server. When you connect, your device is given an address that exists only within that VPN’s private space, allowing the VPN to manage your traffic without exposing anything about your real network.

Why VPNs rely on private IP ranges

A VPN server may handle hundreds or thousands of connected users, and it needs an internal address space large enough to identify each device. Private IP ranges are ideal for this because they’re reserved for internal networks, intended not to overlap with public internet space, and can be reused safely by every VPN provider. Once connected, all of your traffic is handled inside the VPN’s private network and sent out to the internet through the VPN server’s public IP address.

Benefits for security and privacy

Because your device communicates through a private address inside the VPN, websites and services only see the VPN server’s public IP address. That means your real location, home IP address, and local network structure stay hidden. Combined with the encrypted tunnel, this protects your traffic on public Wi-Fi and reduces the amount of personal data exposed online.

Common issues with non-routable IPs and how to fix them

Most real-world networking problems involving “non-routable” addresses actually come from private IP ranges, since they’re the ones used in home, office, and VPN setups. Other types of non-routable addresses, like loopback, link-local, and documentation ranges, have fixed roles and rarely cause issues in everyday networks. With that in mind, here are the situations people run into most often and how to fix them.

IP conflicts in home networks

An IP address conflict happens when two devices receive the same private IP address. This usually occurs when a router’s DHCP service hands out an address that a device was already using, or when a device has a manually assigned IP that overlaps with the range the router is managing. In both cases, the network ends up with two devices claiming the same address, which can cause dropouts, slow speeds, or a complete loss of connectivity.

How to fix it:

• Restart the router to force a fresh round of DHCP assignments.
• Expand the DHCP range if it’s too restrictive.
• Make sure any manually assigned IPs sit outside the DHCP pool.
• On stubborn devices, forget the network and reconnect.

VPN connection problems

VPN connection issues often happen when your home network and the VPN use the same private IP range. If both sides share identical subnets, like 10.0.0.0/8 or 192.168.1.0/24, your device can’t tell which network should handle the traffic. This leads to routing mistakes or full connection failures.

These problems can happen with corporate VPNs used for remote work or with personal VPN services. Common solutions include:

• Changing the IP range: Picking a less common subnet not used by the VPN provider, avoiding overlap and routing conflicts.
• Selecting a different server: If your corporate IT department offers alternative VPN servers that use different IP address ranges, switching to one that doesn't conflict with your home setup can also work.
• Firewalls or antivirus blocking VPN traffic: Personal or network firewalls may block the ports and protocols used by the VPN. You may need to adjust your firewall settings or antivirus program to allow the required VPN ports and protocols (e.g., UDP 500 and 4500 for IPsec, or 1194 for OpenVPN).

Misconfigured NAT settings

When NAT is misconfigured, translated traffic doesn’t flow correctly, and devices using private addresses can’t communicate as expected. This often shows up as peer-to-peer apps failing, services inside the network becoming unreachable, or certain devices not being able to establish outbound connections.

Resetting the router to default settings or disabling any custom forwarding rules can restore normal operation. In more advanced setups, checking the router’s logs can help confirm whether the translation process is failing.