IP Address

What Is an IP Address?

Every device that communicates on a network needs an address, a way to be found. That's exactly what an IP (Internet Protocol) address is. Think of it like a postal address for your device. Without it, the internet has no idea where to deliver data.

But IP addresses are more than just identifiers. They encode location information, define network boundaries, and sit at the heart of how routing works. Let's break it down.

IPv4: The Classic Format

IPv4 addresses look like this: 192.168.1.1

They're 32-bit numbers, written as four groups of decimal values (0-255) separated by dots. Each group is called an octet. That gives us 2³² possible addresses, which is about 4.3 billion unique addresses.

Sounds like a lot until you realize there are over 8 billion people on earth, each with multiple devices. IPv4 ran out.

The Structure of an IPv4 Address

An IPv4 address has two parts:

• Network portion identifies the network the device is on
• Host portion identifies the specific device within that network

The split between these two parts is determined by the subnet mask (more on that below).

IPv6: The Fix for Running Out

IPv6 addresses look like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

They're 128-bit numbers, written as eight groups of four hexadecimal digits separated by colons. That gives us 2¹² possible addresses, a number so large it's often described as "one for every grain of sand on earth, many times over."

IPv6 also brings some improvements beyond just more addresses:

• No need for NAT (every device can have a real public IP)
• Better built-in security (IPSec is part of the spec)
• More efficient routing

IPv6 adoption has been slow but steady. Most modern systems support both, a setup called dual-stack.

Public vs Private IPs

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

algobase.dev

Private vs public IPs: your home devices get private IPs (192.168.x.x) that are invisible on the internet. Your router has one public IP that the internet sees. The router translates between them. Cloud servers need public IPs to be reachable; internal services use private IPs within a VPC.

1 / 10.5×1×2×3×Playground

Private vs public IP address space design

Not every IP address is visible on the internet. The internet authority (IANA) has reserved certain IP ranges for private networks; these are used inside homes, offices, and data centers, but they're never routed on the public internet.

Private IP ranges:

• 10.0.0.0 - 10.255.255.255 (10.x.x.x)
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255

If you've ever seen your home router give you a 192.168.1.x address, that's a private IP. Your router itself has a public IP that the internet sees.

Public IPs are globally unique and routable across the internet. Your cloud servers, websites, and APIs all need public IPs to be reachable.

Subnets and CIDR Notation

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

algobase.dev

VPC subnet design: in AWS/GCP/Azure you carve your private IP space (10.0.0.0/16) into subnets. Public subnets route to the internet via an Internet Gateway. Private subnets (app servers, databases) have no direct internet route; they can only receive traffic from other subnets in the VPC. This is how you isolate your database from internet-facing components using IP addressing alone.

1 / 10.5×1×2×3×Playground

VPC subnet design with public and private boundaries

A subnet is a subdivision of a network. Instead of one massive network with millions of devices, you break it into smaller, more manageable segments. Subnets help with:

• Security: isolate sensitive systems (like databases) from public-facing servers
• Performance: less broadcast traffic
• Organization: logical grouping of devices

CIDR (Classless Inter-Domain Routing) notation is the standard way to express a subnet. It looks like:

The /24 is the prefix length, which tells you how many bits of the address are the network portion. The remaining bits are for hosts.

• /24 has 24 bits for network, 8 bits for hosts, giving 254 usable hosts
• /16 has 16 bits for network, 16 bits for hosts, giving 65,534 usable hosts
• /32 has 32 bits for network, 0 bits for hosts, indicating a single host (used for a specific IP)

In AWS, when you create a VPC and choose 10.0.0.0/16, you're saying "I want a private network with the first 16 bits fixed, and the remaining 16 bits available for subnets and hosts."

NAT: Why Private IPs Can Talk to the Internet

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

algobase.dev

NAT (Network Address Translation): the mechanism that lets billions of devices share a small pool of public IPv4 addresses. Your laptop sends from 192.168.1.10:54231; the router rewrites the source to its public IP before forwarding. When the response comes back, the router checks its translation table and delivers to your laptop. The server only ever sees the public IP.

1 / 10.5×1×2×3×Playground

Network Address Translation (NAT) flow mapping private to public IPs

Here's a problem: your laptop has a private IP (192.168.1.10). You want to visit google.com. Google needs to know where to send the response, but your private IP isn't reachable from the internet.

Enter NAT (Network Address Translation).

Your router (or a cloud NAT gateway) translates your private IP to its public IP before sending traffic to the internet. When the response comes back, it translates it back to your private IP and delivers it to you.

How it works:

1. Your laptop sends a request from 192.168.1.10:54231
2. Your router rewrites the source to 203.0.113.5:54231 (its public IP)
3. Google responds to 203.0.113.5:54231
4. Your router knows that port 54231 belongs to your laptop and forwards the response

NAT is why billions of devices can share a relatively small pool of IPv4 addresses. It's a clever hack, but it's also why IPv6 was designed to eliminate the need for it entirely.

Loopback and Special Addresses

A few IPs you'll see often:

• 127.0.0.1 (or localhost) is the loopback address. Traffic sent here never leaves your machine. Useful for testing local servers.
• 0.0.0.0 means "all interfaces on this machine." When a server binds to 0.0.0.0:8080, it listens on every network interface.
• 255.255.255.255 is the broadcast address. Traffic sent here goes to every device on the local network.

IP Addresses in System Design

Understanding IP addressing helps you make better architectural decisions:

• VPC design: in AWS/GCP/Azure, you carve up IP space using CIDRs when building VPCs. Get this wrong early and it's painful to fix.
• Security groups and firewall rules: most firewall rules are IP-based. Knowing subnets helps you write precise rules (allow 10.0.1.0/24 instead of 0.0.0.0/0).
• Service discovery: microservices need to find each other. Whether through DNS or direct IP, understanding addressing helps you design resilient discovery mechanisms.
• DDoS mitigation: attackers come from IPs. Knowing how to block IP ranges (CIDR blocks) is a basic defense.

Summary

IP addresses are the fundamental addressing mechanism of the internet. IPv4 (32-bit, ~4.3B addresses) is the classic format, but it ran out; IPv6 (128-bit) is the long-term fix. Private IPs are used inside networks, public IPs are internet-routable, and NAT bridges the gap between them. CIDR notation lets you precisely define network ranges and subnets. As a system designer, you'll constantly work with IP addressing when building VPCs, configuring firewalls, and designing network topology; it's foundational knowledge that pays off everywhere.