Look at the virtual machines (VMs) supplied by pretty much any cloud vendor (HP CloudJoyentRackspace), and you will see IPv4 addresses that look like this: These endless pools of addresses starting with 10 are called private address spaces. All the big ISPs, telecoms companies decided to sidestep the IPv6 upgrade by using the private IPv4 address space workaround.

It’s been nearly two years since World IPv6 Launch Day (June 6, 2012), but IPv6 doesn’t seem to have made much of a dent on the cloud world. IPv6 addresses can be found — look at the interface of your new AWS EC2 VM, and you will see something that looks like this: fe80::2000:aff:fea7:f7c (read my IPv6 post for a breakdown of what that means).

IPv4 addresses are a scarce resource, so it seems a little crazy that all the big cloud vendors would prefer this protocol over IPv6, but they do. It’s worth knowing the difference between a private IPv4 address and a public IPv4 address.

How AWS assigns public and private addresses

Private IP addresses have been around for nearly two decades. The private address space workaround (the origin of all these 10 addresses) appeared in the 1990s, a few years before the upgrade to IPv6 idea. The IPv4 private space includes a few address ranges (network admins will know,, and well), but it’s the 10 range that is the most common in the cloud.

AWS reserves two addresses for a new EC2 machine. One IPv4 address is public and looks like this: Internet clients can use the public address to get to the services you offer; you can’t see it because it is hidden in the murky depths of Amazon’s networking. The other address is plumbed into the machine and is private and looks like this: This address will only work within the Amazon network; 10 addresses are not allowed on the internet.

A Network Address Translation (NAT) service sticks the two addresses together. Special translator computers sit at the edge of the Amazon network, rewriting the addresses of an endless stream of packets.