When you design distributed systems, IP addresses stop being a low-level networking detail and become a foundational building block. Before we can analyze how modern applications communicate, scale, and route traffic across the globe, we must understand the fundamental identity of every device on a network: the IP address.
Every request, service call, and database connection ultimately depends on systems being able to locate each other reliably. This article explores the architectural role of IP addresses, their various types, and how they impact scalable system design.
The Role of IP Addresses in System Design
Think about what happens when a request leaves a user’s machine. Before we can talk about routing, latency, or distributed communication, the network must have a way to identify where that request should go. That is the exact role of an Internet Protocol (IP) address.
An IP address functions as the identity layer of networking. Every device, server, database, load balancer, or microservice endpoint participating in network communication needs an address that other systems can reach. Without this unique identifier, data packets would have no destination, and the network would fail to deliver information correctly.
As systems grow, architects quickly realize that not all addresses serve the same purpose. Some facilitate communication inside private networks, while others expose services to the public internet. This distinction is critical for security, scalability, and infrastructure isolation.
Exploring the Core Options: IPv4 vs. IPv6
The internet has evolved from IPv4 to IPv6. This transition was not just a simple technical upgrade; it was a direct response to a massive global scaling problem.
What is IPv4?
IPv4 quietly powers almost everything on the internet today. Designers created it for a much smaller internet, yet it has scaled far beyond original expectations.
- The Constraint: The key architectural constraint of IPv4 is its address space. With a 32-bit address length, IPv4 can only generate roughly 4.3 billion unique addresses.
- The Format: It uses dotted-decimal notation (e.g.,
192.168.1.1), where each octet ranges from 0 to 255. - The Impact: As billions of smartphones, cloud servers, and IoT devices came online, the address space faced severe exhaustion. The industry had to introduce workarounds like Network Address Translation (NAT) to stretch the available pool. However, these workarounds add operational complexity, make troubleshooting harder, and blur end-to-end visibility.
What is IPv6?
IPv6 emerged because the internet was hitting a fundamental scalability limit. It rewrites the rules of global addressing to support next-generation growth.
- The Solution: IPv6 jumps from a 32-bit to a 128-bit address space. This expansion doesn’t just add more addresses; it effectively removes address scarcity as an architectural concern. Every single sensor, server, and container can now have a globally unique address.
- The Format: It uses hexadecimal colon-separated notation (e.g.,
2001:0db8:85a3::8a2e:0370:7334). - The Impact: IPv6 provides an architectural simplification by stripping away the need for complex address-sharing workarounds. It brings networking closer to true end-to-end connectivity, which is vital for modern cloud environments, mobile networks, and massive IoT ecosystems. Additionally, IPv6 includes built-in security features like native IPSec support.
At a Glance: Key Differences
| Feature | IPv4 | IPv6 |
| Address Length | 32-bit | 128-bit |
| Address Space | ~4.3 Billion | ~340 Undecillion ($3.4 X 1038) |
| Format Type | Dotted Decimal (192.168.1.1) | Hexadecimal Colon (2001:0db8::8a2e...) |
| NAT Requirement | Heavily Dependent | Generally Unnecessary |
| Built-in Security | Optional (IPSec added later) | Native (IPSec integrated) |
Network Segmentation: Public vs. Private IPs
One of the most important architectural patterns in system design is ensuring that not every machine is reachable from the internet. Production environments are deliberately designed so that the majority of backend infrastructure remains hidden.
[Public Internet]
│
▼ (Public IP)
┌──────────────┐
│ Load Balancer│
└──────┬───────┘
│
▼ (Private IP Range: 10.0.0.0/16)
┌─────────────────────────────────────────┐
│ Private VPC / Network Boundary │
│ │
│ ┌──────────────┐ ┌───────────────┐ │
│ │ App Server 1 │ ──►│ Database Core │ │
│ └──────────────┘ └───────────────┘ │
│ ┌──────────────┐ ┌───────────────┐ │
│ │ App Server 2 │ ──►│ Distributed │ │
│ └──────────────┘ │ Cache │ │
│ └───────────────┘ │
└─────────────────────────────────────────┘
Public IP Addresses
Public IPs represent the internet-facing layer of your system. They are globally unique across the entire internet and act as the entry points through which users, mobile apps, and external services reach your infrastructure. Because they are a finite resource, architects use them sparingly—typically assigning them only to external load balancers, API gateways, or reverse proxies.
Private IP Addresses
Private IPs solve internal communication needs. Inside a corporate data center, cloud Virtual Private Cloud (VPC), or Kubernetes cluster, thousands of machines must talk to one another without external exposure.
Architects place databases, caching layers, internal microservices, and message brokers inside private networks. These components communicate freely using private address spaces (such as the 10.x.x.x or 192.168.x.x ranges) while remaining completely invisible to outside threats.
Public IPs provide reachability, while private IPs provide isolation. Balancing both allows systems to maximize security without sacrificing accessibility.
Real-World Use-Case Scenarios
To see how these concepts function in production, let’s analyze how traffic flows through three critical systems: NAT, Load Balancers, and DNS.
Network Address Translation (NAT) in Action
Imagine an enterprise network with 5,000 internal developer machines. Assigning 5,000 public IPs is costly and insecure. Instead, the network administrator routes all outbound internet traffic through a NAT Gateway possessing a single public IP.
When an internal server (10.0.0.5) requests an external software dependency, the NAT gateway rewrites the packet headers, translating the private source IP into its public IP. When the response returns, the NAT gateway routes it back to the correct internal server. This enables massive address reuse and creates a natural firewall.
Traffic Distribution via Load Balancers
In a high-scale application, traffic management happens at different networking layers using IPs:
- Transport Layer: The load balancer routes traffic purely based on the incoming packet’s source/destination IP addresses and TCP/UDP ports, distributing requests efficiently without reading application data.
- Application Layer: The load balancer terminates the connection at its public IP, reads the HTTP headers or URLs, and routes the traffic to specific private backend IP pools depending on the requested service (e.g., sending
/api/checkoutto a specialized payment cluster).
Global Scale Name Resolution (DNS)
Users do not type IP addresses into their browsers; they type domain names like example.com. Distributed systems rely on a hierarchical Domain Name System (DNS) workflow to convert names into routing destinations:
- Client Query: The browser asks a local DNS resolver for the IP of
example.com. - Root & TLD Search: If not cached, the resolver queries the Root servers, which point to the
.comTop-Level Domain (TLD) server. - Authoritative Answer: The TLD server directs the resolver to the authoritative DNS server for
example.com, which returns the final public IP address. - Caching & Connection: The client caches this IP to reduce latency for future requests and initiates a direct connection.
System Design Interview Practice
Question 1: How does NAT specifically mitigate the IPv4 address shortage?
Answer: NAT allows an entire private network to share a single public IP address (or a small pool of them) for external communication. By multiplexing thousands of internal connections over distinct source ports on a single public IP, NAT allows organizations to scale their internal networks indefinitely using private address ranges without exhausting public internet space.
Question 2: Why should databases be restricted to private IPs?
Answer: Databases hold state and sensitive user information. Exposing them to a public IP means they can be directly targeted by malicious actors across the globe. By assigning them private IPs within an isolated VPC, they remain completely unreachable from the public internet, dramatically reducing the system’s attack surface.
Conclusion
- IPv4 vs. IPv6: IPv4 utilizes a constrained 32-bit space requiring workarounds, whereas IPv6 scales infinitely with a 128-bit architecture.
- Isolation Strategy: Modern infrastructure relies on public IPs for external entry points and private IPs to isolate backend applications, databases, and microservices.
- Traffic Management: Core systems like NAT gateways conserve addresses, load balancers optimize service delivery via IP routing, and DNS translates user intent into machine-readable network locations.
I like that you frame IP addresses as part of the system’s identity layer rather than just a networking concept, since it helps connect infrastructure fundamentals to higher-level architecture decisions. It would also be interesting to explore how service discovery and dynamic IPs in containerized environments change the way applications locate each other while keeping communication reliable.