> what’s the purpose of private IP addresses.

Private addresses are used explicitly to share the public address space between devices, similar to how an apartment building squeezes more people into valuable real estate. The scale of the internet has _massively_ exceeded it’s original design, and there are finitely many IPv4 addresses to assign to machines that participate in the internet.

Your ISP owns a finite number of addresses. In the olden days, when your ISP sold all the IP address space they owned, they could buy a new block of IP addresses from the Regional Internet Registry (RIR) in their region.

APNIC (RIR serving Asia) ran out of address in 2011. RIPE (RIR serving Europe) ran out of addresses to give in 2012. ARIN (RIR serving North America) ran out of addresses to give in 2015.

Roughly speaking, there are no more IPv4 addresses left, and if you want a publicly routable address, you must obtain it on the open market from someone who is willing to sell their allocation. As a result, ISPs in some cases now arrange for even larger groups of customers to share a single address. This entire event is generally called [IPv4 address exhaustion](https://en.wikipedia.org/wiki/IPv4_address_exhaustion).

You should understand that there is a tremendous technical cost to this exhaustion. It [greatly hinders Peer-to-Peer communications](https://en.wikipedia.org/wiki/STUN). It [slows down the internet](https://blog.apnic.net/2023/01/06/bgp-in-2022-the-routing-table/). It [encourages abuse, and stymies the ability of service providers to combat that abuse](https://www.arin.net/blog/2022/11/17/ipxo-ip-address-abuse/). Private/Public addresses would likely not be used in IPv4 if it weren’t for the scarcity of addresses, and instead each device would only have a single “public” IPv4 address. The internet did operate this way at the beginning of its life, before it became apparent that address exhaustion would be a serious issue.

The next addressing scheme for the internet, IPv6, was created mostly to address this problem, but [deployment has been very slow](https://www.google.com/intl/en/ipv6/statistics.html) in part because IPv6 networks cannot conventionally connect with IPv4 networks, necessitating “dual-stack” deployments where every host participates in both a v4 and v6 network until the entire world can transition to v6. Still, some networks today are entirely IPv6, notably T-Mobile in the US. They use transitional technologies to allow customers to connect to IPv4 only services, and yes this does potentially introduce a new bottleneck and new latency into the system, along with all the old drawbacks of IPv4. You should prefer IPv6 connectivity when it is available.

IPv6 actually also includes private address ranges, but not for the purpose of sharing the (greatly expanded) public address space. IPv6 hosts are typically assigned one or more public “GUA” addresses, which are similar to public IPv4 addresses in addition to their private addresses.

A public IP address is accessible to anyone on the internet. This means that the network node (a router or switch, in terms of physical hardware) can be reached entirely by navigating through other public network nodes on the internet.

A private IP address is only accessible to someone in the private subnet that contains that IP address. This means that the network node can only be reached by first navigating to a node on the boundary of the private subnet, a gateway node. Private nodes only publish their IP addresses to these gateway nodes. The gateway node will selectively determine if it should route traffic the private nodes based on the origin of the request. A request originating from inside the private subnet will be routed. A request originating from outside will not. From the perspective of someone outside the private subnet, all of the private IP addresses in the subnet are inaccessible and invisible. Not even possible to tell if there’s something listening on that address or not.

Almost any router and managed switch is able to assign ip addresses to the devices that connect to it. These addresses are usually private.

In a simple office setup, for example, you have a router in order for the office to have internet. This router has a public ip handed to you from your isp and the whole office is visible to the outside world through this ip. I.e. no matter which employee connects to the outside world, the ip visible to the server is this one public ip. Each computer and other network connected device, also has an ip, hopefully a private one, which is issued by the router itself and is used to facilitate communication between the router and said device and maybe other devices connected to the network such as a printer or a nas.

If you imagine the internet as a big network, there are a bunch of smaller networks in there which are ‘black boxes’ and you have no idea what is going on inside of them. The small office in the example above, is one such small black box, where the outside world only knows about the one public ip, but no one knows if it is just one guy and a printer or a huge multi-floor enterprise with hundreds of devices and their respective private ips.

Tl:Dr you connect to any network, you (should) get an IP. If you are going through any type of router/switch, this ip usually is private and only known to other devices connected to said switch. The switch will have a public ip in order to speak to the outside world.