Reserved IPv4 addresses

IPv4 addresses range from 0.0.0.0 to 255.255.255.255. That gives us 4,228,250,625 different combinations. In an earlier post, I explained that they are divided into five different classes, ranging from class A to class E. Classes D and E are reserved. That leaves us with a range of 0.0.0.0 to 223.255.255.255, or 3,697,646,625 combinations. Because of all the devices that use the Internet nowadays, the concept of NAT and PAT saved us from running out of IP addresses about 15+ years ago. Even though the range 0.0.0.0 to 223.255.255.255 covers classes A, B, and C, the addresses that can be used is still less than 3,697,646,625. There is the issue of the broadcast address and the network address on every subnet. There is also the issue of a few ranges that are reserved for other things.

Loopback

If you have done anything with IP, you probably already heard of a loopback address.  A loopback address is in a range of addresses used to test out the TCP/IP protocol stack on a local host.  This was an especially big issue back in the day when Operating Systems did not come with TCP/IP and technicians wanted a way to test if the protocol was installed correctly on a computer.  Loopback addresses are still used extensively today.  If there is a piece of software that is written to retrieve resources on the host it is installed on by using the host’s IP address, the software can use a loopback address in order for the host to refer to itself.  That way, the software does not need to know the local host’s assigned IP address.  Any IP address that begins with 127 is a loopback address, although the address 127.0.0.1 is the most common.

Private Addresses

If you have read any of my previous posts with IPv4, you know that any device that wants to connect to the Internet needs its own unique IP address, just like everyone needs a unique phone number for every phone line.  However, NAT and PAT came along to change the rules a little and reduce a LAN (your internal network) to only needing one public address, while giving you free reign to all the private internal addresses inside your network.  Back in the day, this was not the case.  If you owned five computers that you want Internet access, you would need to get five IP addresses from your ISP.  But, what if you had computers that will only use networking inside your local area network and do not need Internet access?  In order to address this problem, private addresses were introduced.  Private Addresses are reserved addresses that are to be used inside a local private network on machines that do not need public access.  They range from 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.  Any machine using one of these IP addresses can communicate amongst themselves, but not outside the bounds of the internal network.

From the get go, private addresses also offer security to machines that use them.  What if a user gets a Trojan, which in turn e-mails the hacker that the IP address of the user’s computer is 192.168.1.1?  The hacker is clever enough to get complete control over the user’s machine by using the IP address.  However, there is a problem.  How is the hacker able to route data packets to the address 192.168.1.1?  No layer 3 device that an ISP uses know where this IP address is located.  Not only that, there are probably 10 million other machines out there that uses 192.168.1.1 as well.  It would be like running your own internal mail delivery system in your building.  Any envelope that is labeled ‘Alpha Dog’ goes to Sheryl Smalls, and every envelope labeled ‘The Big Kahuna’ goes to Mr. B upstairs.  That is great and cute and all, but don’t expect the post office to know what to do with one of those envelopes if you were to put it in one of their drop boxes.

However, we live in a different world.  We now have NAT and PAT.  We do not need to register every IP address we use with the ISP.  So, who cares about reserved private addresses nowadays?  Well, anybody and everybody.  Using private addresses gives you the exact same protection that it gave people in the old horse ‘n buggy days; the pre-1990s.  Not only that, but say you want to get cute and use the IP addressing scheme 200.200.100.0 with a subnet mask of 255.255.255.0 for your internal network.  Computer A uses 200.200.100.3 while Computer B uses 200.200.100.5.  Now, the user at Computer A decides to go to www.wearetheworldevenme.com.  Computer A does a DNS lookup and determines that in order to go to www.wearetheworldevenme.com, it needs to send its data packets to 200.200.100.5… uh oh.  Computer B uses 200.200.100.5.  Where will Computer A’s packets be sent?  I’ll give you a hint: not to www.wearetheworldevenme.com.  Since in my example both computers are on the same subnet, Computer A will send its packets to Computer B directly without using the gateway.  If they were on different subnets in the internal network, the internal routers will still send the packets to a machine inside the internal network instead of sending it outside the network.  Moral of the story: USE IP ADDRESSES IN THE PRIVATE ADDRESS RANGES IN YOUR INTERNAL NETWORK!!!

IANA

As the modern computer world evolves, consumers start to have the desire to set up their computers, peripherals and tech stuff by using one method only: Plug-n-Play.  Hence the saying; if it is not Plug-n-Play, throw it away!  Setting up an internal network at home is no exception.  Out-of-the-box, home routers and computers are pretty much ready to start playing with each other when turned on and little to no configuration.  This is all thanks to DHCP.  However, what if you want to setup a LAN at your house and don’t need Internet?  If this is the case, you can use just a workgroup switch without use of a router.  However, workgroup switches are layer 2 devices, so they do not look at IP addresses, hence they do not act as a DHCP server.  So, when you plug your computers into the switch, they wait for their anticipated assigned IP addresses.  It never comes.  What is a computer supposed to do?

Microsoft addresses this issue by using Microsoft Windows APIPA (Automatic Private IP Addressing) for their Operating System.  If the local DHCP server is down (or not existent,)  Windows by default will automatically assign itself a random IP address.  The IP address is chosen from a pool of addresses ranging from 169.254.0.0 to 169.254.255.255.  This range of IP addresses is called IANA (Internet Assigned Numbers Authority.) That way, any computer using the Microsoft Windows APIPA will be able to communicate with each other.  However, they will not have Internet access.

The four 0s and 255s

We are down to our last two reserved IP addresses.  The first one is 0.0.0.0.  0.0.0.0 is reserved for being an invalid IP address.  No device can use it.  When your device says that 0.0.0.0 is its IP address, it is telling you that it does not have one assigned to it.  0.0.0.0 is also used with specific programs that want to refer to the machine it is installed on.  0.0.0.0 is also used for a ‘default route’ or ‘default network.’  255.255.255.255 is used as a ‘default broadcast.’  Just like a broadcast address defined by an IP address and a subnet mask, the 255.255.255.255 sends a broadcast to all the devices on a subnet.

LAB

This lab was written for a Windows XP machine, but can be achieved on almost any operating system.  For XP: go to start->run, type ‘cmd’ and press ‘enter.’  Type in ‘ping 127.0.0.1′ and press enter.  You should see ‘reply from 127.0.0.1′ listed four times.  If you do not, there might be something wrong with your TCP/IP protocol stack.  Now, type in ‘ping 127.4.5.56′ and press enter.  You should see ‘reply from 127.0.0.1′ listed four times again.  Since any IP address that begins with 127 is considered a loopback address, Windows points any IP address that begin with 127 to 127.0.0.1.  That way, your computer only has to ‘listen’ on one loopback address.  If you want, go ahead and ping a few more addresses in the range 127.0.0.1 to 127.255.255.254.

Now, ping 127.0.0.0.  You should see ‘Destination specified is invalid’ four times.  Why is that?  Any IP address beginning with 127 is a loopback address.  In fact, an error message would pop up if you were to enter 127 in the first octet while assigning a static IP address.  Since this range is reserved and not used for assigning IP addresses, the subnet mask 255.0.0.0 is used with a loopback address.  Therefore, 127.0.0.0 will always be considered the network address of any loopback address and cannot ever be a valid IP address.  Try to ping your network address on your subnet.  If you do not know what it is, type in ‘ipconfig’ and press enter.  If your subnet mask is 255.255.255.0, your network address is the first three numbers of your IP address with a 0 as the last number (if you have IP=192.168.1.2 subnet mask=255.255.255.0, 192.168.1.0 is the network number.)  You get the same response.

Ping 127.255.255.255.  After a few moments, you will see ‘request timed out.’  127.255.255.255 is the broadcast address of that IP range, so your computer is trying to reach any other computer that will respond to the broadcast address on the 127.0.0.0 network.  Since its impossible to use any IP address in that range, your computer will not find anything.  If you ever want to get out of a ping, hold down the control key (Ctrl) and press ‘c’.

Now, type in ‘ping 0.0.0.0′ and press enter.  You should see ‘Destination specified is invalid’.  This is the IP address that cannot be used for anything.  It gets treated as though it is a network number.

Resources