When architecting a large-scale distributed system, every single independent component—whether it is an API Gateway, a microservice container, a Redis cache node, or a primary SQL database—needs a way to locate and talk to other resources.
At the Internet Layer (Layer 3) of the network stack, this tracking identity is the IP Address (Internet Protocol Address). An IP address is a logical address assigned to a network interface, providing a unique identity within a specific routing scope.
1. IPv4 vs. IPv6: Architectural Evolution
Distributed systems are built across two versions of the Internet Protocol, with IPv4 remaining the standard default assumption for most system design interviews.
A. IPv4 (The Standard Baseline)
Structure: Uses 32-bit numeric addresses, represented as four decimal octets separated by dots (e.g., 192.168.1.1).
Capacity: Offers roughly 4.3 billion (2³²) total addresses.
The Constraint: The internet ran out of unallocated IPv4 spaces years ago due to the explosion of cloud environments, mobile smartphones, and IoT hardware. To stay viable, architectures rely heavily on routing workarounds like NAT.
B. IPv6 (The Modern Highway)
Structure: Uses 128-bit alphanumeric addresses written in hexadecimal notation and grouped by colons (e.g., 2001:db8::1).
Capacity: Offers a virtually infinite address pool (2¹²⁸ or 340 undecillion addresses).
HLD Impact: Mention IPv6 in your interview when discussing global mobile app networks, dual-stack public endpoints, or massively scaled container environments where you want to completely eliminate NAT-induced network lag.
2. Public vs. Private IP Addresses
IP addresses are cleanly separated into two functional zones to maintain security and order across the internet.
Public IP Addresses
Globally routable across the public internet. They are strictly coordinated by Regional Internet Registries (RIRs) so that no two machines on earth accidentally share the same public address.
Your public load balancers require these to listen to global user traffic.
Private IP Addresses
Non-routable across the public internet. They work exclusively inside a closed local network.
Multiple unrelated companies can use the exact same private address blocks inside their own isolated offices or data centers safely.
The RFC 1918 Private Address Standard
| Private Address Range | CIDR Block | Total Capacity | Standard Industry Placement |
|---|---|---|---|
| 10.0.0.0 to 10.255.255.255 | 10.0.0.0/8 | 16,777,216 | Default choice for Cloud VPCs and massive enterprise deployments |
| 172.16.0.0 to 172.31.255.255 | 172.16.0.0/12 | 1,048,576 | Container network bridges, virtual environments, and mid-tier platforms |
| 192.168.0.0 to 192.168.255.255 | 192.168.0.0/16 | 65,536 | Local office spaces, home routers, and bare-metal testing labs |
3. Subnetting and CIDR (Classless Inter-Domain Routing)
Early internet networking used an inefficient system called Classful Addressing (Class A, B, C), which assigned rigid, fixed-size network blocks.
Modern cloud systems rely entirely on CIDR notation to divide network blocks dynamically.
CIDR notation appends a suffix (prefix length) to an IP address to state exactly how many leading bits identify the immutable network route, leaving the rest free for host machines.
Example
192.168.1.0/24
├── Immutable Network Bits: The first 24 bits (192.168.1)
└── Usable Host Bits: The remaining 8 bits (0 to 255)
In a traditional IPv4 /24 subnet containing 256 total addresses, only 254 are usable for actual hosts.
This is because:
The first address (.0) is reserved as the Network Address to identify the subnet route itself.
The final address (.255) is reserved as the Broadcast Address to message all local nodes simultaneously.
Cloud Provider Note
Enterprise platforms like AWS or GCP reserve an additional 3 addresses (usually the gateway, DNS, and fallback addresses) inside every subnet, reducing the number of usable host addresses even further.
Common CIDR Blocks in High-Level Architecture
/16 (65,536 Addresses)
Used as the standard allocation size when provisioning a brand-new cloud Virtual Private Cloud (VPC).
/24 (256 Addresses)
The standard selection for localized application subnets or microservice cluster segments.
/32 (1 Address)
Specifies one exact IP address.
Heavily used to write strict firewall security rules.
Example:
Allow SSH access exclusively from IP 203.0.113.10/32.
4. Subnet Architectural Layout Inside a VPC
When blueprinting a scalable multi-tier infrastructure, you never lump your machines into a single giant network range.
You segment them into distinct subnets to build strong security rings.
Example Layout
Your VPC Core (e.g., 10.0.0.0/16)
├── Public Subnet (/20) → Houses public Load Balancers and NAT Gateways
├── Private Subnet (/20) → Houses application workers and container pools (No direct internet)
└── Data Subnet (/20) → Houses primary databases and Redis caches (Deeply isolated)
5. How Layer 3 Routing and NAT Work
Every IP packet generated by an application carries two vital markers:
Source IP
Destination IP
When a client sends an HTTP API call to a backend service, routers along the path do not need to calculate the entire end-to-end journey from scratch.
Each router simply inspects the packet's destination IP, matches it against its local Routing Table, and passes the packet to the immediate next hop.
Network Address Translation (NAT)
Because private IP addresses cannot travel over the public internet, a machine sitting inside a private cloud subnet cannot download a third-party software patch directly.
It requires a NAT Gateway.
Egress Request
The private application server (10.0.16.5) sends a packet intended for a public service (198.51.100.20).
The Translation
The packet hits the local NAT Gateway sitting on the boundary of the public subnet.
The NAT gateway intercepts the packet, wipes the private source IP, and overwrites it with its own public IP (203.0.113.5).
It records this swap inside an internal state tracking table.
The Return Hop
When the public service answers, it addresses its response back to the public NAT IP (203.0.113.5).
The NAT gateway reads its translation table, swaps the destination address back to the private application IP (10.0.16.5), and delivers it cleanly inside the network.
Summary
An IP address serves as the foundational logical identity at Layer 3, guiding routing decisions across distributed environments.
IPv4 relies on 32-bit addresses and requires engineering configurations like NAT to survive scarcity, while IPv6 opens up an expansive 128-bit routing landscape.
CIDR notation dictates network sizes precisely, helping engineers split up cloud architectures into manageable host limits.
Production systems use network address translation to isolate backend servers inside non-routable private subnets while still permitting essential outward-facing communication.