Reserved IP Blocks Explained: Private, CGNAT, and Loopback
Understand the most common reserved IP ranges (RFC1918 private IPs, CGNAT, loopback, link-local, and documentation ranges) and why they exist.
Not every IP address is meant to be routed across the public internet. Large blocks are reserved for private networking, local testing, documentation, carrier translation, multicast, and other special purposes. Learning the reserved ranges saves time in troubleshooting because it lets you answer one of the first network questions quickly: is this address supposed to be public at all, or is it only meaningful inside a specific scope?

What reserved IP blocks actually are
Reserved IP blocks are address ranges that standards bodies and internet registries set aside for specific uses instead of normal public routing. Some are meant for local use only, such as the familiar private RFC 1918 ranges. Some are for documentation examples, so tutorials can show realistic addresses without pointing at real systems. Others exist because networking needs special behaviors like loopback, link-local configuration, carrier-grade NAT, multicast, or benchmarking.
The key idea is scope. An address can be perfectly valid inside one scope and meaningless or unroutable in another. A home router can use192.168.1.1 all day long, but that address should not appear on the open internet as your public identity. Once you learn the most common reserved ranges, many "why is this not working?" questions become easier immediately.
How to recognize what kind of address you have
The first step is simply to compare the address against known special ranges. On Windows you can inspect local interface addresses with:
ipconfig
route print
ping 127.0.0.1On Linux or macOS, the equivalents are usually:
ip addr
ip route
ping 127.0.0.1If the address belongs to a private, link-local, loopback, or CGNAT block, that already explains a lot. If it is a public-looking address, use our IP Address Lookup and ASN Lookup to see who owns it and where it sits in real routing context.
The most important reserved IPv4 ranges
- 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16: the private RFC 1918 ranges used inside homes, offices, labs, and VPNs.
- 100.64.0.0/10: shared address space for carrier-grade NAT, commonly seen when an ISP places subscribers behind a translation layer.
- 127.0.0.0/8: loopback, with
127.0.0.1as the classic localhost address for testing services on the local machine. - 169.254.0.0/16: IPv4 link-local addresses, often appearing when DHCP failed and a device self-assigned an APIPA address.
- 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24: documentation ranges from RFC 5737, intended for examples and guides.
- 198.18.0.0/15: benchmarking and inter-network device testing space, not for normal public use.
- 224.0.0.0/4: multicast space used for one-to-many traffic patterns and protocol discovery.
Two special values people overlook: 0.0.0.0 and broadcast
Not every important special-use address lives in a huge reserved block. The value 0.0.0.0 is often used to mean "unspecified" or "all interfaces," depending on context. You will see it in routing tables, service bindings, and startup states before a real address has been assigned.
Broadcast values matter too. In older IPv4 discussion you may see255.255.255.255 for limited broadcast, and subnet-specific broadcasts also exist within local networks. These are not ordinary host identities, which is why they should be read differently from a routable device address in logs or troubleshooting output.
Private addresses and why they exist
Private ranges are the reason millions of home networks can all use addresses like 192.168.0.1 without conflicting with one another. Inside a LAN, the router only needs the addresses to be unique within that private scope. When those devices access the internet, the router or firewall performs NAT so the outside world sees the public address instead.
That means a private IP tells you something about local topology, but not public identity. Seeing 192.168.1.20 in a screenshot does not tell you where on the internet that device lives. It only tells you the device is inside a local private network. If you want a clear comparison, read Public vs Private IP Addresses.
CGNAT ranges are special because they look routable to users
Carrier-grade NAT deserves separate attention because it confuses many users. The block 100.64.0.0/10 is not ordinary public space you control, but it may look unfamiliar enough that people assume it is a public address. In reality, ISPs use it to share a smaller pool of real public IPv4 addresses across many customers.
This matters for gaming, self-hosting, camera access, and port forwarding. If your WAN-side address falls in the CGNAT range, you likely do not have a directly reachable public IPv4 address even though the router still shows something that looks "outside" your private LAN. That is why our CGNAT IP Address Range and Port Forwarding Not Working Under CGNAT articles are so relevant in troubleshooting.
Loopback, link-local, and documentation blocks solve different problems
- Loopback is for talking to the local host itself. When you ping
127.0.0.1, you are testing the local TCP/IP stack, not the network cable or the router. - Link-local is a fallback for local communication when DHCP or normal addressing is missing. It is often a symptom of a broken network path rather than a solution.
- Documentation space is for safe examples. If you see
198.51.100.25in a guide, it should be read as "this is a placeholder," not "this is a live host."
IPv6 has special-use ranges too
Even though this article focuses on the most commonly encountered IPv4 blocks, the same idea exists in IPv6. Link-local addresses under fe80::/10 are only valid on the local segment. Unique local addresses under fc00::/7 serve a private-network role similar in spirit to RFC 1918 space. Loopback still exists as ::1. So "special use" is not a historical IPv4 oddity; it is a normal part of how IP networking is organized across both protocol versions.
That matters when modern systems prefer IPv6 automatically. A user may think they are only dealing with ordinary private IPv4, while the host is also carrying IPv6 link-local or ULA addresses that affect discovery, routing, and troubleshooting.
Where reserved blocks matter in practice
- Home network troubleshooting. Knowing private vs public ranges helps you understand whether a device is visible only locally or actually reachable from outside.
- Router and firewall setup. NAT, port forwarding, and VPN configuration all depend on whether the relevant address is private, CGNAT, or truly public.
- Reading logs. If an application log shows
127.0.0.1or169.254.x.x, that tells a very different story from a cloud-hosted public IP. - Documentation and training. Reserved documentation ranges prevent examples from accidentally exposing or targeting real infrastructure.
- Security review. Distinguishing local-only addresses from internet-routable ones helps you prioritize exposure correctly.
- Abuse and fraud analysis. Shared address space, private ranges, and CGNAT all change how confidently you can associate activity with one subscriber or device.
Common mistakes and edge cases
- Assuming every unfamiliar address is public. Many troubleshooting errors start because a user sees a non-RFC 1918 range and assumes it must be globally routable.
- Confusing the router's WAN address with true public reachability. Under CGNAT, the router has an ISP-facing address that is still not directly yours on the public internet.
- Using real IPs in examples and screenshots. Documentation ranges exist so guides can stay realistic without accidentally naming a real server or customer.
- Treating 169.254.x.x as internet access. Link-local addressing often means the opposite: DHCP failed and the device never got normal upstream configuration.
- Forgetting IPv6 has its own special scopes. The same idea exists in IPv6 with unique local and link-local addressing, so "special use" is not only an IPv4 concept.
- Expecting multicast addresses to behave like host addresses. Multicast space is for group communication patterns, not ordinary device identity.
Useful IP Trackers tools for interpreting address ranges
- IP Address Lookup helps you confirm whether an address is truly public and what outside services see as your current identity.
- ASN Lookup shows which network is announcing a public block, which is useful when the address is not obviously reserved.
- WHOIS / RDAP Lookup adds registration context around a public prefix.
- Reverse DNS Lookup can reveal whether a public IP belongs to an ISP pool, cloud provider, or other managed infrastructure.
- Proxy Check helps classify whether the visible public IP looks like a VPN, proxy, or hosting environment rather than a normal consumer ISP address.
Why 192.168.x.x became the "home network" default everyone recognizes
RFC 1918 defines three private ranges of very different sizes, and all three are equally legal to use, but the world overwhelmingly settled on 192.168.x.x for home networks. The reason is historical accident plus consumer router defaults. Linksys, Netgear, TP-Link, D-Link, and most other consumer router brands shipped their first products with 192.168.0.1 or192.168.1.1 as the default gateway. Once those defaults reached tens of millions of homes, every other consumer router maker copied the same convention to avoid confusing customers.
The other two ranges have different practical uses. The10.0.0.0/8 block (16 million addresses) is the standard for medium-to-large corporate networks because it gives plenty of room for hundreds of subnets without renumbering. The172.16.0.0/12 block (1 million addresses) is less commonly seen by ordinary users but is used by some VPN clients, some Docker default networks, and some enterprise setups looking to avoid collision with the more popular ranges.
The full IANA special-purpose registry has more than you think
IANA maintains the authoritative list of special-purpose IPv4 and IPv6 ranges, and the IPv4 side currently contains over 25 entries — well beyond the famous private and loopback blocks. A few that are worth knowing because they show up in real logs and tools:
- 192.0.0.0/24: reserved for IETF protocol assignments, used by some tunneling and protocol experiments.
- 192.88.99.0/24: formerly used for 6to4 anycast relays, the old IPv6-over-IPv4 transition mechanism. The mechanism itself was deprecated in 2015, but you may still see the range referenced in older networking documentation.
- 240.0.0.0/4:the entire upper quarter of the IPv4 address space, marked "reserved for future use" since the 1980s. Periodically there are discussions about reclaiming it to extend IPv4's life, but it has never happened because too many old devices treat it as invalid.
- 233.252.0.0/24: a small piece of multicast space set aside for documentation examples, analogous to the IPv4 documentation ranges.
The point is not to memorize all of them. The point is to know that if you see an address that does not look like a normal public IP, the IANA special-purpose registry is the authoritative place to check what it means before you assume it is a typo or an error.
Why bogon filtering is a thing, and why it sometimes goes wrong
Network operators often configure their routers to drop traffic with source IPs in obviously invalid ranges — private RFC 1918 addresses, loopback, link-local, documentation ranges. These are called "bogon" filters and they exist to block spoofed traffic and misconfigured devices from leaking onto the public internet. A packet showing up at an ISP's border router claiming to be from 192.168.1.5 on the public side is nonsense and should be dropped.
The catch is that bogon lists need to be updated as IANA allocates previously unused ranges. There have been real cases — notably IPv4 ranges in the 100.x.x.x and 23.x.x.x space — where blocks were unreachable for some users for years after assignment because old bogon filters had never been updated to remove them. If a website works for everyone except a specific ISP, an out-of-date bogon filter on that ISP's border router is one of the more obscure but real possibilities.
Frequently asked questions
Is 192.168.x.x a real IP address? Yes, but only within a private local network. It is not supposed to identify your connection globally on the public internet.
What does 100.64.x.x mean? It usually means you are in carrier-grade NAT shared space controlled by the ISP, not using a directly assigned public IPv4 address.
Why do tutorials use 203.0.113.x and similar ranges? Because those blocks are reserved for documentation, so examples stay realistic without pointing to real users or servers.
Does 127.0.0.1 mean I am connected to the internet? No. It only means the local TCP/IP stack can talk to itself.
Is 169.254.x.x normal on a working home network? It is more often a sign that DHCP failed and the device self-assigned a link-local address.
Can I port-forward through CGNAT? Usually not in the normal direct way. You typically need a public IP, IPv6, a VPN with port forwarding, or another relay approach.
Continue with Public vs Private IP Addresses, CIDR Explained, CGNAT IP Address Range, and What Is My IP Address?
Primary sources
Standards, registries, and first-party references used to verify this guide:
- IPv4 Special-Purpose Address Registry - IANA. Current registry of reserved and special-purpose IPv4 blocks.
- IPv6 Special-Purpose Address Registry - IANA. Current registry of special-purpose IPv6 blocks.