Reserved Network Ranges Beyond 192.168.x.x
June 2, 2026
Understanding which IP address ranges to use for private networks, documentation, and testing is critical for network engineers and system administrators. Using the wrong ranges can expose internal infrastructure, cause routing conflicts, or create VPN connectivity issues.
RFC 1918: Private IP Address Ranges
RFC 1918 defines three IP address blocks reserved for private networks that will never be routed on the public internet:
| Range | CIDR Notation | Number of Addresses | Typical Use Case |
|---|---|---|---|
| 10.0.0.0 - 10.255.255.255 | 10.0.0.0/8 | 16,777,216 | Large enterprises, data centers |
| 172.16.0.0 - 172.31.255.255 | 172.16.0.0/12 | 1,048,576 | Medium networks, Docker containers |
| 192.168.0.0 - 192.168.255.255 | 192.168.0.0/16 | 65,536 | Home networks, small offices |
When to Use RFC 1918 Ranges
Private networks - Any internal network that won't be directly exposed to the internet should use RFC 1918 addresses. This includes corporate LANs, home networks, VM networks, and container networks.
NAT environments - Networks behind Network Address Translation (NAT) devices use private addresses internally and share public IPs for internet access.
Lab and development - Test environments, development networks, and proof-of-concept setups benefit from using private ranges to avoid accidental internet exposure.
RFC 5737: Documentation IP Address Ranges
RFC 5737 defines three blocks specifically for use in documentation, examples, and educational materials:
| Range | CIDR Notation | Purpose |
|---|---|---|
| 192.0.2.0 - 192.0.2.255 | 192.0.2.0/24 | TEST-NET-1 |
| 198.51.100.0 - 198.51.100.255 | 198.51.100.0/24 | TEST-NET-2 |
| 203.0.113.0 - 203.0.113.255 | 203.0.113.0/24 | TEST-NET-3 |
When to Use RFC 5737 Ranges
Technical documentation - Blog posts, books, manuals, and tutorials should use TEST-NET addresses instead of real public IPs to avoid exposing infrastructure or creating security risks.
Code examples - Sample configurations, scripts, and application code should reference TEST-NET addresses rather than operational IPs that might be indexed by search engines.
Training materials - Educational content, certification courses, and workshops benefit from using standardized example addresses that won't conflict with real networks.
Why not use RFC 1918 for documentation? While RFC 1918 addresses work for examples, they can cause confusion when readers have those same ranges in their actual networks. TEST-NET ranges are guaranteed to be unused in production.
Avoiding Subnet Collisions
Subnet collisions occur when overlapping IP ranges exist across VPN connections, site-to-site links, or merged networks. This is one of the most common network integration problems.
High-Risk Ranges to Avoid
These ranges are heavily used by consumer and enterprise products and should generally be avoided for new network deployments:
| Range | CIDR | Common Vendor/Product |
|---|---|---|
| 192.168.0.0 - 192.168.0.255 | 192.168.0.0/24 | Netgear, TP-Link, D-Link routers |
| 192.168.1.0 - 192.168.1.255 | 192.168.1.0/24 | Linksys, ASUS, Belkin routers |
| 192.168.2.0 - 192.168.2.255 | 192.168.2.0/24 | Some Cisco small business |
| 10.0.0.0 - 10.0.0.255 | 10.0.0.0/24 | Apple Airport, Google WiFi |
| 10.0.1.0 - 10.0.1.255 | 10.0.1.0/24 | Apple Airport extended |
| 192.168.100.0 - 192.168.100.255 | 192.168.100.0/24 | ISP gateway devices |
| 172.16.0.0 - 172.16.255.255 | 172.16.0.0/16 | Docker default bridge |
| 172.17.0.0 - 172.17.255.255 | 172.17.0.0/16 | Docker overlay networks |
Recommended Ranges for New Networks
To minimize collision risk, consider these less commonly used ranges:
For small networks (< 250 hosts):
10.10.x.0/24- Good choice for branch offices10.20.x.0/24- Alternative for additional sites192.168.50.0/24through192.168.99.0/24- Less common than .0, .1, .2
For medium networks (250-4000 hosts):
10.100.0.0/16- Clean enterprise range172.20.0.0/16- Mid-range option172.24.0.0/16- Another good choice
For large networks (4000+ hosts):
10.50.0.0/16- Large corporate deployment10.128.0.0/12- Massive scale networks
VPN Considerations
When connecting remote networks over VPN, ensure no IP overlap exists:
# Example scenario - collision problem
Home network: 192.168.1.0/24
Corporate VPN: 192.168.1.0/24
Result: Routing chaos, split-brain DNS, unreachable hosts
# Solution - use distinct ranges
Home network: 192.168.50.0/24
Corporate VPN: 10.100.0.0/16
Result: Clean routing, no conflictsContainer and Virtualization Networks
Modern container platforms allocate IP ranges automatically. Understanding their defaults prevents unexpected conflicts:
Docker default ranges:
- Bridge network:
172.17.0.0/16 - User-defined bridges:
172.18.0.0/16and higher - Swarm ingress:
10.0.0.0/8subset
Kubernetes defaults:
- Pod network: Varies by CNI plugin (often
10.244.0.0/16) - Service network: Often
10.96.0.0/12
VMware defaults:
- NAT network:
172.16.0.0/24(configurable) - Host-only:
192.168.x.0/24(varies)
VirtualBox defaults:
- NAT network:
10.0.2.0/24 - Host-only:
192.168.56.0/24
Other Reserved Ranges
Beyond RFC 1918 and 5737, several other ranges have special purposes:
| Range | Purpose | Notes |
|---|---|---|
| 127.0.0.0/8 | Loopback | 127.0.0.1 is localhost |
| 169.254.0.0/16 | Link-local | Auto-assigned when DHCP fails |
| 224.0.0.0/4 | Multicast | Used for group communication |
| 240.0.0.0/4 | Reserved | Future use (historically Class E) |
| 0.0.0.0/8 | Current network | Special "this network" |
| 255.255.255.255/32 | Broadcast | Limited broadcast address |
Best Practices Summary
For documentation and examples:
- Use RFC 5737 TEST-NET ranges (prefer 203.0.113.0/24)
- Keep the last octet when replacing real IPs for readability
- Never publish real infrastructure IPs in public documentation
For private networks:
- Avoid common consumer ranges (192.168.0.0/24, 192.168.1.0/24, 10.0.0.0/24)
- Plan for future VPN and merger scenarios
- Document your IP allocation strategy
- Reserve ranges for growth before they're needed
For multi-site deployments:
- Use a centralized IP Address Management (IPAM) system
- Allocate unique /24 or larger blocks per site
- Maintain a network diagram showing all allocated ranges
- Check for conflicts before deploying new networks
For containers and virtualization:
- Understand your platform's default ranges
- Configure custom ranges if defaults conflict with existing infrastructure
- Isolate container networks from production networks when possible
Compliance and Security
Using proper IP ranges isn't just about avoiding technical problems. It has security and compliance implications:
Security benefits:
- Private IPs can't be directly accessed from the internet
- Reduces attack surface by requiring NAT traversal
- Makes network reconnaissance more difficult
Compliance considerations:
- PCI-DSS requires network segmentation (often using RFC 1918)
- HIPAA mandates logical network separation
- SOC 2 audits examine network architecture
Documentation risks:
- Publishing real IPs in tutorials creates reconnaissance opportunities
- Search engines index and archive technical documentation
- Old blog posts remain discoverable for years
By following RFC 1918 for private networks and RFC 5737 for documentation, you create more maintainable, secure, and interoperable network infrastructure while producing safer technical content.