In Internet Protocol terminology, a private network is typically a network that uses private IP address space, following the standards set by RFC 1918 and RFC 4193. These addresses are common in home and office local area networks (LANs), as globally routable addresses are scarce, expensive to obtain, or their use is not necessary. Private IP address spaces were originally defined in efforts to delay IPv4 address exhaustion, but they are also a feature of the next generation Internet Protocol, IPv6.

These addresses are private because they are not globally delegated, meaning they aren't allocated to a specific organization. Anyone can use these addresses without approval from a regional Internet registry (RIR). Consequently, they are not routable within the public Internet. If such a private network needs to connect to the Internet, it must use either a network address translator (NAT) gateway, or a proxy server.

The most common use of these addresses is in home networks, since most Internet service providers (ISPs) only allocate a single IP address to each residential customer, but many homes have more than one networked device (for example, several computers and a printer). In this situation, a NAT gateway is usually used to enable Internet connectivity to multiple hosts. They are also commonly used in corporate networks, which for security reasons, are not connected directly to the Internet. Often a proxy, SOCKS gateway, or similar devices, are used to provide restricted Internet access to internal users. In both cases, private addresses are seen as adding security to the internal network, since it's impossible for an Internet host to connect directly to an internal system.

Because many private networks use the same private IP address space, a common problem occurs when merging such networks: the collision of address space, resulting in duplication of addresses on multiple devices. In this case, networks must renumber, often a difficult and time-consuming task, or a NAT router must be placed between the networks to masquerade the duplicated addresses.

It is not uncommon for packets originating in private address spaces to leak onto the Internet. Poorly configured private networks often attempt reverse DNS lookups for these addresses, causing extra load on the Internet root nameservers. The AS112 project attempted to mitigate this load by providing special "blackhole" anycast nameservers for private addresses which only return "not found" answers for these queries. Organizational edge routers are usually configured to drop ingress IP traffic for these networks, which can occur either by accident, or from malicious traffic using a spoofed source address. Less commonly, ISP edge routers will drop such egress traffic from customers, which reduces the impact to the Internet of such misconfigured or malicious hosts on the customer's network.

Community content is available under CC-BY-SA unless otherwise noted.