ipv4_is_private()

Applies to: ✅ Azure Data ExplorerAzure MonitorMicrosoft Sentinel

Checks if the IPv4 string address belongs to a set of private network IPs.

Private network addresses were originally defined to help delay IPv4 address exhaustion. IP packets originating from or addressed to a private IP address can't be routed through the public internet.

Private IPv4 addresses

The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks:

IP address range Number of addresses Largest CIDR block (subnet mask)
10.0.0.0 - 10.255.255.255 16777216 10.0.0.0/8 (255.0.0.0)
172.16.0.0 - 172.31.255.255 1048576 172.16.0.0/12 (255.240.0.0)
192.168.0.0 - 192.168.255.255 65536 192.168.0.0/16 (255.255.0.0)
ipv4_is_private('192.168.1.1/24') == true
ipv4_is_private('10.1.2.3/24') == true
ipv4_is_private('202.1.2.3') == false
ipv4_is_private("127.0.0.1") == false

Syntax

ipv4_is_private(ip)

Learn more about syntax conventions.

Parameters

Name Type Required Description
ip string ✔️ An expression representing an IPv4 address. IPv4 strings can be masked using IP-prefix notation.

IP-prefix notation

IP-prefix notation (also known as CIDR notation) is a concise way of representing an IP address and its associated network mask. The format is <base IP>/<prefix length>, where the prefix length is the number of leading 1 bits in the netmask. The prefix length determines the range of IP addresses that belong to the network.

For IPv4, the prefix length is a number between 0 and 32. So the notation 192.168.2.0/24 represents the IP address 192.168.2.0 with a netmask of 255.255.255.0. This netmask has 24 leading 1 bits, or a prefix length of 24.

For IPv6, the prefix length is a number between 0 and 128. So the notation fe80::85d:e82c:9446:7994/120 represents the IP address fe80::85d:e82c:9446:7994 with a netmask of ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00. This netmask has 120 leading 1 bits, or a prefix length of 120.

Returns

  • true: If the IPv4 address belongs to any of the private network ranges.
  • false: Otherwise.
  • null: If parsing of the input as IPv4 address string wasn't successful.

Example: Check if IPv4 belongs to a private network

datatable(ip_string:string)
[
 '10.1.2.3',
 '192.168.1.1/24',
 '127.0.0.1',
]
| extend result = ipv4_is_private(ip_string)

Output

ip_string result
10.1.2.3 true
192.168.1.1/24 true
127.0.0.1 false