What are these 100.x.y.z addresses?

Tailscale assigns each node on your network a unique 100.x.y.z address. This address stays stable for each node (a device or a server), which means it should not change, no matter where the device moves to in the physical world.

More specifically, we assign addresses in the subnet (from to This is called the “Carrier Grade NAT” (CGNAT) address space, reserved by RFC6598, IANA-Reserved IPv4 Prefix for Shared Address Space.

There are a few reasons to use this address space in particular:

  1. It doesn’t conflict with the commonly-used private addresses your network might already use (,, etc).

  2. The addresses are intended to be used for intermediate NATted traffic that is neither on your LAN nor on the public Internet. When a device on this network wants to reach the public Internet, they are expected to be NATted once more. This matches how Tailscale uses the addresses.

  3. The addresses are supposed to be used by Internet Service Providers (ISPs) rather than private networks. Philosophically, Tailscale is a service provider creating a shared network on top of the regular Internet. When packets leave the Tailscale network, different addresses are always used.

We are considering using other unused address ranges, including the otherwise wasted 0.x.y.z (where x.y.z != 0.0.0) subnet. So far, is unclear whether this will create problems with older operating systems.

Last updated