The 10 Reserved IP Ranges Every Network Engineer Should Know
Most IP (Internet Protocol) addresses are ordinary. Somewhere on the internet, a computer has been assigned that address, and with a bit of routing, you can send a packet to it. A small slice of the global address space works differently. Those ranges are set aside for special purposes by the Internet Assigned Numbers Authority, known as IANA, which is the organization that coordinates the global pool of IP addresses. Some reserved ranges are for internal networks. Some are used for diagnostics. Some are even set aside so writers can include IP addresses in tutorials without embarrassing a real customer.
If you work with networks, you will run into every one of these ranges eventually, and confusing them is a classic way to create a weird bug that takes a week to track down. This guide walks through the ten reserved ranges you're most likely to encounter. For each one, you'll see what the range is, what it's used for, and the sort of situation in which you'd see it in the wild.
1. 10.0.0.0/8: Private Use (RFC 1918)
The biggest slice of private address space. RFC 1918 is the 1996 document from the IETF (Internet Engineering Task Force), the standards body that publishes the specifications the internet runs on, that set aside three IPv4 (Internet Protocol version 4) ranges for use inside private networks. The 10.0.0.0/8 block contains about 16.8 million addresses, and most large organizations build their internal networks on top of it because it gives them room to grow without ever running out.
You will never see a 10.x.x.x address on the public internet unless somebody has misconfigured something badly. Home routers usually don't use it, but corporate networks, cloud virtual networks, and data centers lean on it heavily.
2. 172.16.0.0/12: Private Use (RFC 1918)
The middle child of the three RFC 1918 ranges. A /12 covers 172.16.0.0 through 172.31.255.255, which works out to roughly one million addresses. It tends to be the least used of the three, partly because its boundaries feel unintuitive. Why 172.16 through 172.31 specifically? Because the original designers needed 12 network bits, and sixteen consecutive /16 blocks starting at 172.16 happened to fit the math.
Some organizations reach for this range as a second-tier allocation when 10.0.0.0/8 is already in play elsewhere, or when they want to keep different parts of the business clearly separated at a glance.
3. 192.168.0.0/16: Private Use (RFC 1918)
The smallest and most famous of the three. This range holds about 65,000 addresses and lives in nearly every home network in the world. If you've ever typed 192.168.1.1 into a browser to access a Wi-Fi router, you've used it.
It's popular in small networks because it's easy to remember and because most consumer routers default to handing out addresses inside it. The downside for larger organizations is that a /16 is actually pretty small in modern terms, so anyone building out a real network usually moves up to the 10.0.0.0/8 space as soon as they outgrow one floor of one office.
4. 100.64.0.0/10: Carrier-Grade NAT
If you've ever seen an address in the 100.64 through 100.127 range and wondered what was going on, this is the explanation. Carrier-Grade NAT (written CGN or CGNAT, and referring to Network Address Translation applied at the provider level) is a technique used by internet service providers (ISPs) to share a single public IP address among many customers. When the world started running out of IPv4 addresses, ISPs needed a block that wouldn't collide with any private network a customer might already be running, so the IETF set aside 100.64.0.0/10 specifically for this use, defined in RFC 6598.
You're most likely to see these addresses on a mobile hotspot, a rural broadband connection, or certain large apartment-building networks. They sit in an in-between status, neither fully private like RFC 1918 space nor fully public like a normal internet IP, which can confuse first-time troubleshooters when their router shows a 100.x.x.x "public" address that still can't be reached from the outside world.
5. 127.0.0.0/8: Loopback
Loopback is how a machine talks to itself. The address 127.0.0.1, usually called localhost, is one almost every developer has used: you run a web server on your laptop, visit 127.0.0.1:8080 in a browser, and the request never leaves the machine. The entire 127.0.0.0/8 block is reserved for this purpose by RFC 1122, even though in practice most of us only ever use 127.0.0.1.
It's worth pausing on the scale here. Reserving a whole /8 for loopback means 16.8 million IPv4 addresses are permanently spoken for by a single job. That decision was made in the early days of the internet, when address space felt infinite. With hindsight, it looks a bit extravagant.
6. 169.254.0.0/16: Link-Local (APIPA)
When a device can't reach a DHCP (Dynamic Host Configuration Protocol) server, the system that normally hands out IP addresses to devices on a network, it falls back to assigning itself an address from this range. On Windows, this behavior is called APIPA (Automatic Private IP Addressing). On Linux and macOS, it's just referred to as "link-local" and is defined in RFC 3927.
If you see a 169.254 address on your laptop, it almost always means something is broken. Either the DHCP server isn't responding, or the network connection isn't delivering DHCP traffic to begin with. The range is called "link-local" because these addresses only work on the local network segment, called the "link," and are never routed anywhere else.
7. 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24: Documentation (TEST-NET-1/2/3)
Three small ranges set aside for one specific purpose: writing documentation, tutorials, and example configurations. When a networking author needs to show a command with a real-looking IP address, using an actual public IP would be a problem, because that address belongs to somebody. So the IETF reserved three /24 blocks in RFC 5737, named TEST-NET-1, TEST-NET-2, and TEST-NET-3, specifically for use in examples.
If you see 192.0.2.5, 198.51.100.22, or 203.0.113.77 in a Cisco manual, a blog post, or an RFC, it's a placeholder rather than a real address. Each of the three blocks holds 256 addresses, which gives authors plenty of room to build out multi-host examples without stepping on any real network. Using TEST-NET addresses in your own documentation is a small kindness to the rest of the internet, and it's the easiest way to avoid the awkward conversation that starts with "I got an email from someone whose server appears in our runbook."
8. 224.0.0.0/4: Multicast
Most IP traffic is either unicast, which is one device talking to one other device, or broadcast, which is one device shouting at everyone on the same network segment. Multicast sits between the two. One device can send a single packet that reaches a specific group of interested listeners, no more and no fewer. The entire range from 224.0.0.0 through 239.255.255.255 is set aside for multicast group addresses by RFC 5771.
You'll find multicast quietly at work in routing protocols like OSPF (Open Shortest Path First), in video streaming to groups of subscribers, and in service discovery protocols like mDNS (multicast DNS, used by Apple's Bonjour and Google Cast). Individual devices don't own these addresses. Instead, groups of devices tune into them, a little like radio stations.
9. 240.0.0.0/4: Reserved for Future Use (former Class E)
Back in the early days of IP addressing, the address space was split into classes: A, B, C, D, and E. Class E, covering 240.0.0.0 through 255.255.255.254, was held in reserve for "experimental" future use. That future never really arrived in any widespread way, and decades later the block still sits idle.
Proposals have surfaced over the years to reclaim this space and hand out those addresses, given how scarce IPv4 has become. Most operating systems and routers, however, still refuse to route traffic to it. If you pick an address in this range and try to use it on a real network, almost nothing will work. It's the attic space of the IPv4 world, full of old furniture and hard to actually use.
10. 2001:db8::/32: IPv6 Documentation
The IPv6 (Internet Protocol version 6) equivalent of the TEST-NET ranges. IPv6 is the newer version of the Internet Protocol designed to replace IPv4 eventually, and it uses much longer addresses written in hexadecimal, like 2001:db8:abcd::1. The block 2001:db8::/32 is reserved for documentation and examples by RFC 3849.
It's a vast amount of address space, enough that any textbook, blog post, or certification exam that needs to illustrate something with an IPv6 address can draw from this pool freely. If you see an address starting with 2001:db8, it's a hypothetical example rather than a real assignment.
Quick reference table
| Range | Name | Purpose | Defining RFC |
|---|---|---|---|
10.0.0.0/8 | Private Use | Large internal networks | RFC 1918 |
172.16.0.0/12 | Private Use | Mid-size internal networks | RFC 1918 |
192.168.0.0/16 | Private Use | Home and small office networks | RFC 1918 |
100.64.0.0/10 | Carrier-Grade NAT | Shared ISP addressing | RFC 6598 |
127.0.0.0/8 | Loopback | Machine-to-self traffic | RFC 1122 |
169.254.0.0/16 | Link-Local (APIPA) | DHCP fallback, segment-local only | RFC 3927 |
192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 | TEST-NET-1/2/3 | Documentation and examples | RFC 5737 |
224.0.0.0/4 | Multicast | Group communication | RFC 5771 |
240.0.0.0/4 | Reserved (former Class E) | Unused, historical reservation | RFC 1112 |
2001:db8::/32 | IPv6 Documentation | Documentation and examples | RFC 3849 |
These ten ranges show up everywhere in networking work. When you're designing a new network, you want to pick private addresses from RFC 1918 space that won't collide with anything upstream. When you're troubleshooting a broken laptop, seeing a 169.254 address tells you what's wrong before you've run a single test. And when you're writing runbooks or example configurations, reaching for the TEST-NET ranges instead of inventing addresses prevents the awkward moment when someone notices you've documented an example using a real customer's IP.
A good IPAM (IP Address Management) tool understands all of these boundaries already, so it won't let you accidentally assign a host to the loopback block or hand out multicast addresses to laptops. Reserved address space has boring names and obscure RFC numbers, but it quietly shapes almost every decision you make about IP addressing, whether you realize it or not. The sooner these ten ranges feel familiar, the fewer strange bugs you'll chase down the road.