Internet Protocol, or IP, is the network-layer protocol that gives packets source and destination addresses and lets routers move those packets across interconnected networks. IP is the reason a device on one local network can communicate with a server, cloud application, phone, sensor, router, or service on another network. Ethernet, Wi-Fi, fiber, cellular, satellite, and serial links can all carry IP packets; IP provides the common addressing and routing model above those different media.
The original version in broad use is IPv4, specified in RFC 791. IPv6, specified in RFC 8200, is the newer Internet Protocol version with a much larger address space and a different header design. Both remain important in 2026. IPv4 is still widely deployed and often extended through private addressing and NAT. IPv6 continues to grow across mobile networks, broadband access, cloud platforms, content providers, and modern enterprise designs.
The 2001 Privacy Context
The earlier article on this page focused on RFC 3041, an IPv6 privacy-extension proposal intended to make it harder to track users through stable interface identifiers. That concern was real. Stateless IPv6 address autoconfiguration originally made it easy for an interface identifier to remain stable across networks, which could let observers correlate activity over time.
RFC 3041 was later obsoleted by newer work, and RFC 8981 now specifies temporary address extensions for IPv6 stateless address autoconfiguration. The idea remains the same: hosts can generate temporary randomized IPv6 addresses for outbound connections so a device is less easily tracked by a stable interface identifier. Privacy addressing is not complete anonymity, but it reduces one important form of passive tracking.
What IP Does
IP provides a best-effort packet delivery service. "Best effort" means IP does not guarantee delivery, order, uniqueness, latency, or bandwidth. It tries to forward each packet toward the destination using routing tables and packet headers. Reliability, ordering, encryption, sessions, and application semantics are handled by other protocols such as TCP, QUIC, TLS, DNS, HTTP, and application-layer systems.
Core IP responsibilities include:
- Addressing: identifying packet sources and destinations.
- Routing: allowing routers to choose next hops toward a destination prefix.
- Encapsulation: carrying transport-layer payloads such as TCP, UDP, ICMP, GRE, or other protocols.
- Packet lifetime: using TTL in IPv4 or hop limit in IPv6 so packets do not loop forever.
- Fragmentation behavior: handling packets that are too large for a path, though the details differ sharply between IPv4 and IPv6.
IPv4
IPv4 uses 32-bit addresses, usually written in dotted decimal form such as 192.0.2.10. The original IPv4 design assumed a much smaller Internet. Over time, classless inter-domain routing, private address space, NAT, DHCP, route aggregation, and address conservation extended IPv4's useful life far beyond early expectations.
IPv4 remains operationally important because so much equipment, software, documentation, and troubleshooting practice still depends on it. But IPv4 scarcity created complexity. Private RFC 1918 addressing and NAT are routine in homes and enterprises, while public IPv4 addresses are expensive and carefully managed. IPv6 was created largely to remove that address-space constraint and simplify end-to-end addressing at Internet scale.
IPv6
IPv6 uses 128-bit addresses, usually written in hexadecimal groups separated by colons. Its larger address space supports more direct addressing, hierarchical allocation, and simpler growth for mobile, cloud, IoT, broadband, and enterprise networks. IPv6 also changes packet handling: routers do not fragment IPv6 packets in transit, and extension headers provide a structured way to carry optional information.
IPv6 is not simply "IPv4 with longer addresses." It uses Neighbor Discovery instead of ARP, relies heavily on ICMPv6, supports stateless address autoconfiguration, and requires careful firewall, DNS, monitoring, and security-policy treatment. A network is not fully dual-stack just because hosts have IPv6 addresses; operations, logging, routing, ACLs, and incident response must handle IPv6 with the same rigor as IPv4.
ICMP, ARP, And Neighbor Discovery
IP depends on supporting protocols. ICMP for IPv4, specified in RFC 792, carries control and error messages such as echo requests, unreachable messages, and fragmentation-needed indications. ICMPv6, specified in RFC 4443, is even more central to IPv6 because it also supports Neighbor Discovery behavior through related IPv6 specifications.
ARP maps IPv4 addresses to link-layer addresses on local networks. IPv6 replaces ARP with Neighbor Discovery, which uses ICMPv6 messages to discover link-layer addresses, routers, prefixes, and reachability. Blocking all ICMP or ICMPv6 is a common mistake; it can break path MTU discovery, diagnostics, neighbor discovery, and normal network behavior.
Routing
Routers forward packets based on destination prefixes. Inside organizations, routing protocols such as OSPF, IS-IS, EIGRP, and BGP may distribute reachability information. Across the Internet, BGP connects autonomous systems and determines how prefixes are announced, selected, and reached.
IP routing works by aggregation. A router does not need a route to every device; it needs routes to prefixes. Good addressing plans make routing tables smaller, policies clearer, and troubleshooting easier. Poor addressing plans produce route leaks, over-specific prefixes, tangled ACLs, and brittle migrations.
Fragmentation And MTU
Maximum transmission unit, or MTU, defines the largest packet a link can carry without fragmentation. IPv4 routers may fragment packets, though fragmentation is often undesirable and sometimes blocked. IPv6 routers do not fragment transit packets; hosts are expected to use path MTU discovery and send packets sized for the path.
MTU problems are common in tunnels, VPNs, PPPoE, cloud networks, overlays, and security devices. Symptoms can be strange: small pings work, some websites load, but large transfers, TLS sessions, or VPN applications stall. Good IP operations include testing path MTU and allowing the ICMP messages needed for discovery.
NAT And Private Addressing
Network Address Translation became common with IPv4 because public addresses were scarce. NAT lets many private hosts share one or more public IPv4 addresses. It also hides internal addressing, but it is not a security policy by itself. Firewalls, identity, segmentation, logging, and application controls still matter.
IPv6 generally does not require NAT for address conservation. That does not mean IPv6 hosts should be exposed without policy. IPv6 networks still need firewalls, routing controls, prefix management, address planning, monitoring, and least-privilege access. The security goal is not to recreate IPv4 NAT habits; it is to enforce explicit policy on a larger address space.
Privacy And Tracking
IP addresses are necessary for communication, but they can reveal information about network location, provider, organization, and sometimes device or subscriber behavior over time. IPv6 privacy extensions reduce tracking through stable interface identifiers. Operating systems may use temporary addresses for outbound connections and stable private addresses for local network behavior.
Privacy extensions do not hide a user from the destination service, provider, local network operator, or other layers of fingerprinting. DNS, cookies, TLS fingerprints, account logins, application telemetry, browser behavior, and device identifiers can still reveal identity. IP privacy is one part of a larger privacy design.
Operational Guidance
For modern IP networks, useful practices include:
- Maintain IPv4 and IPv6 address plans with ownership, purpose, and aggregation boundaries.
- Monitor both protocol versions for routing, firewall, DNS, DHCP, SLAAC, and security behavior.
- Allow necessary ICMP and ICMPv6 while filtering abusive traffic thoughtfully.
- Test MTU and path MTU discovery through VPNs, tunnels, cloud links, and PPPoE access.
- Use DNS names, certificates, and service discovery rather than hard-coding addresses into applications.
- Log NAT translations and IPv6 address assignments where incident response requires attribution.
- Apply the same patching, firewall, segmentation, and monitoring standards to IPv6 as to IPv4.
- Plan for coexistence, because dual-stack environments can last for many years.
IP's power is its simplicity: it gives packets addresses and lets networks forward them. The complexity comes from scale, policy, security, privacy, and operations. In 2026, understanding IP means understanding both IPv4's long legacy and IPv6's growing role, along with the control protocols and design habits that keep packet delivery reliable enough for everything built above it.