Fun fact: Apple owns the entire 17.0.0.0/8 subnet.
I always thought it was kinda neat that Ford got the 19.0.0.0/8 block when they were neither a computer nor telco company.
I think several car companies got big allocations. I don't know if they still have them but it was very forward thinking it turns out, self driving cars are going to have to talk to each other
Ford isn't going to become an ISP for self-driving cars. Nobody's going to burn public IPs on individual cars, especially not IPv4 addresses.
True about the IPv4 addresses. However it won't be long until cars will all be connected to the Internet. If all cars were self driving and they all know where every car around it is and what it is doing then that makes self driving a lot easier
This doesn't require publicly routable IPs, and there would need to be some central coordination service.
Although the best way to go would be less cars, more trams and busses.
I work for a European car company that has a /16. Not as big but still pretty neat.
My university has a /16 block.
MIT used to own the 18.0.0.0/8 subnet before selling most of it to Amazon in a dumbass one time sale. It should have been leased out, now Amazon makes enough profit to cover the cost of the purchase from that IP range annually.
Tbf, if MIT wouldn't sell it I imagine Amazon would have gone to someone else who would
IANA regulates this via its 5 regional registries. 1.1.1.1 belongs to APNIC.
Cloudflare doesn’t “own” 1.1.1.1 they are just the agreed upon resolver for that specific IP address.
Also no sane person not doing cloud fares business would want a 1234 IP. That’s like having a phone number that’s one of the random numbers people will enter to test if it works or some shit. I.e. 1.1.1.1 is basically passively being ddos’d permenarly
It's like having 867-5309, in the late 80s.
Goddamnit, No, Nobody named Jenny lives here!
Such a useful number to memorize, even if you don't know the song. Pretty much any rewards card program will have it in there. Just put in your area code followed by 867-5309 and you can get the benefits from things only given to card holders without giving out personal info (of course, if it builds points of something off the gas price then some other lucky schmuck gets the credit).
That’s what I do. I don’t care about the fuel points and put in my area code for store savings. Free gas discount for anyone who uses it!
or 281-330-8004 if you're from the 2000s
I don’t know if you meant to say permenarly, like permanent in a gnarly sort of way, but I like it and I’m stealing it.
I made this
I do that to Google and I assume just as many ping that as do 1.1.1.1, or at least still a very large number
It was a bit worse than just having an address that everyone knew. It was commonly used for things like captive portals before Cloudflare bought it.
This was only 8 years ago maybe? I remember all of the guest wifi in the hospital system I worked for at the time, suddenly stopped working because it was Cisco's default address for such things.
Happened with the captive portal for my college dorm's wifi. I had completely forgotten about this until I read your comment.
There are some absurdities in there, like universities getting Multiple /16 blocks of addresses, and in some cases, a /8
A /16 is ~65,536 IP addresses. A /8 is 16 MILLION.
No .edus still hold a /8. MIT and Stanford both gave theirs up. UC has a bunch of /16s - I think around 30 of them. Understand that UC operates a number of national labs, multiple hospitals, and so on. 270,000 employees, 300,000 students - it adds up.
Nobody noted that US DOD is sitting on 13 /8s - about 5% of all addresses. China doesn't even have one /8.
Microsoft owns a huge chunk and won't give it up. Another reason we ran out.
ICANN regulates this.
It sells blocks of op addresses to whoever wants to buy them. And some of those sell subblocks or even individual ip's from that.
The bigger a block, the more expensive it is of course.
Your isp will have a range of IP addresses to use for its servers and such. But also hosting and cloud companies.
Some IP addresses are free to use and thus not unique. For example the 10.x.x.x, 192.168.x.x and (i believe) 172.x.x.x. So these are the ranges you will usually find in local networks.
Don't forget 169.254.x.x - the APIPA range. It stands for "Network broken but Microsoft."
Linux and mac will use this address range too. It really just means, I have no network, but I have software running that needs to be told an ip address.
It can actually be useful as well. You can plug your computers into a switch without a router, they'll all just randomly pick an IP address, and still be able to talk to each other.
That 172 range is awkward and goes from 172.16.0.0 – 172.31.255.255.
No it is not akward rfc 1918 are 10.0.0.0/8 172.16.0.0/12 and 192.168.0.0/16
It's awkward if you don't understand subnetting and are just pulling numbers out of your bum.
And sevens have sharper edges.
I'm not sure if "awkward" is the correct word, but they were making a good point. They were responding to a post that only said 172.0.0.0.
As a human being:
172.16.0.0/12 is more awkward than
10.0.0.0/8
It's more understandable If you write It in hex, the decimal system is sadly not so straightforward here. As others pointed out, it stands for 172.16.0.0/12, which means the first 12 bits or 1.5 bytes are set. If you write it as hex "ac.10.0.0 - ac.1f.0.0" you'll see that only the digit after the first '1' will go from '0' to 'f'.
| You mean | mask | subnetwork |
|---|---|---|
| from | 10101100.0001 | 0000.00000000.00000000 |
| to | 10101100.0001 | 1111.11111111.11111111 |
/12?
The bigger a block, the more expensive it is of course.
Where does the monies from sales go?
My org owns a couple contigous /16's and my name is the administrator contact. I get offers weekly that would be enough to probably retire on a small island somewhere.
Others have answered this well for IP Addresses but I think it is important to also note that Domain Name Registration is an important thing aswell. This decides for example who "owns" www.google.com or reddit.com.
Currently this is handled by ICANN must like IP Addresses but before 1998 it was litterally one dude named Jon Postel who did it. Which I find hilarious that if in 1997 you asked "Who decides who owns a domain name" the Answer was just "Jon does".
IP brokers sell them. They are divided into blocks by world region. In North America the organization that manages IP addresses is ARIN.
ICANN is ultimately responsible for allocating IP address blocks to different organizations.
This responsibility is further delegated to regional authorities such as ARIN (North America), APNIC (Asia Pacific), RIPE (Europe), LACNIC (Latin and South America), and AFRINIC (Africa).
To get IP addresses you apply for them as an organization and if you qualify you are assigned blocks based on your region.
Only large organizations and ISPs are generally allowed to be allocated IPs on this scale, most individual companies and end users (homes) will get IP addresses assigned to them by their ISP from the ISPs pool.
Several large organizations like Apple, HPE, and the US government have absurdly large blocks of address space assigned to them. This is because they applied in the early days of the internet, and now squat on it.
1.1.1.1 belongs to APNIC and Cloudflare made a deal with them to use it.
1.1.1.1 receives tons of garbage traffic and no one wanted it, except Cloudflare because dealing with that garbage happens to be their business model.
It also was clever marketing because 1.1.1.1 is easy to remember.
I remember back in the 90’s there wasn’t such a shortage of addresses and I asked for a block from my ISP and got an entire Class C for my 65 person company. Those were the days!
I perfectly understand what you just said, but could you explain what this means to other people?
IP addresses used to be split up into class A, B, or C blocks- the class is basically just the size of the block, or how many IP addresses are in it. (There were also class D and E blocks, which worked differently). A class A block covered a huge amount of addresses (16 million), but there were only a few of them (127). There were a ton of class C blocks (2 million), but each would cover a lot fewer IP addresses (254).
If you wanted to buy a class A address, you could buy, say, 10.XXX.XXX.XXX. That means you would reserve all of the IP addresses that started with 10 for your own use. A class B block might be 140.23.XXX.XXX, while a class C block might be 200.143.7.XXX.
Fun fact, the Class A block reserved for private use is 10.x, and 10 is 0x0A in hexadecimal. The class C block is block 192.168.x. 192 is 0xC0 in hex. Sadly, the class B block 172.16 through to 172.31 couldn’t keep the system. 172 is 0xAC in hex. I think 176 (0xB0) must have already been allocated.
Nitpicking, but 172.16-31 isn't a class B, it's 16 class B's. (/12, not /16)
Correct, I should have said "blocks", instead of "block". The same applies to the Class C blocks in the 192.168 range.
Ah haha you're right. My brain zoomed in on the class B part and ignored that the class C part is actually a class B in terms of range if not in terms of most significant bits.
Thank you. I think I understand with this explanation.
If the numbers go from 0-255, wouldn't there be 65,536 (256*256) class C blocks?
A class C block is identified by the first 3 segments of the IP address, so theoretically there could be 256*256*256 class C blocks. However, that would cover every single IP address, leaving no room for the other classes. Instead, only addresses between 192.XXX.XXX.XXX and 223.XXX.XXX.XXX were class C blocks. So, in practice there were around 32 * 256 * 256 class C blocks.
(It's not quite that simple. There are special cases, such as 192.168.XXX.XXX that is reserved for private addresses. Certain values aren't allowed, so you don't actually have 256 possibilities per segment. But, these values should get you in the ballpark.)
Any IP addresses whose first number was between 0 and 127 belonged to a class A block, while class B blocks started with 128 to 191.
I still remember when I was learning subnets and started thinking of them as actual bit masks, and realized how incredibly nice the math was with stuff like that.
Like how multicast stuff was literally everything starting with 0xE, or 1110. Didn't matter if the IP address was 0xEF4B2C31 or 0xE06B792A, it started with an E, that made it multicast.
So that meant that layer 3 hardware could quite literally WIRE that shit in, literally bake it into the structure of the wires.
0x0A, 0xAC1, and 0xC0A8, are the prefixes for all private traffic, 0x7F is localhost, and so on.
Of course, those are just the patterns that look nice as nybbles/hex, with classless routing, things don't always work out as nice little hexadecimal patterns, but once you think about them as actual bitmasks and not decimal octets, it's downright beautiful.
256×256×256
KIND OF... There'd be 16.7 million of them. -- 224 or 256x256x256
So when they initially split the address space, they decided everything that started with a
0in binary was a class A -- 0.x.x.x to 127.x.x.xThen they took everything that starts with
10in binary would be class B blocks 128.0.x.x through 191.255.x.xThen everything that starts with
110in binary would be class C blocks. 192.0.0.x through 239.255.255.xThere were also class D and E blocks but they weren't for general use.
So this was purely for giving out blocks of addresses -- computers don't care. Or they do, but they just look at their subnet mask to decide if something is local or not. Like the companies that own a class A will break it down into smaller networks, no muss no fuss. But they're generally responsible for routing among those smaller networks they own.
And the inverse happened too -- some folks had multiple class C blocks in a row and they could in theory call them a /23 or /22 (the fancy word was supernetting, as opposed to subnetting) instead of a /24, but they mostly broke it down into smaller subnets. Particularly in the bad old days of hubs, large numbers of hosts on a single network would scale very poorly. Nowadays with switched networks, not much of an issue with larger networks, but a /8 that actually had 16 million hosts on one network would still be bad -- it'd probably run the switches out of memory (switches keep track of which hosts are down which port, and hubs just blindly send all the traffic down every port)
The university where I lived had a class B, and they basically turned it into 256 class C networks (/24 with 256 addresses on each). The JC where I lived also had a class B, but they split it into 1024 networks (/26 with 64 addresses on each).
Basically, he got a full set of 256 public IP addresses. IPV4 address blocks go from 0 to 255, aka one byte, and there are four bytes in every such address.
Think of this almost like a home address in reverse. Most physical mail is very specific at the top, then gets more vague. So your house number then street, then city, then province or state, then country if international.
For IP addresses, there’s no implicit meaning to anything, but it goes from more broad to more specific. So somebody has the ownership of 222.x.x.x, probably. It’s possible that is divided up further, but some ISP or country or organization was randomly assigned that group of numbers, where x can be any possible number between 0 and 255. In the example above, that is 256x256x256, or just under 17 million addresses. This is a big number! This is a class A network assignment. It’s crazy uncommon.
Let’s say that was given to an ISP. If they have more than 16.7 million customers, they will need another class A block. But hey, it’s the 90s! Who would ever have 16 million customers! For computer stuff? How silly.
So there’s some big company that uses this ISP. That company might have been assigned a class B block. For example 222.45.x.x. Maybe this is the 45th big client of that ISP, or maybe it’s random. They only have 255 blocks of this size, and each one of them contains precisely 65,536 addresses in it. That’s a lot for a company! What sort of company would have that many devices? It’s the 90s! There weren’t smart devices or “an internet of things.” There are barely laptops. Anyway, the ISP just gave away 1/256th of their entire allocation to one company, but I’m sure that will never be a problem. The internet is a fad for nerds! It’s fine!
Okay, now we come to our friend above. You probably see where this is going. The ISP gave him a class C block of IPs. So that might be… 222.222.71.x. Maybe the ISP decided all small companies will be assigned blocks from 222.220.x.x to 222.255.x.x. That would be reserving 35 class B blocks for small clients, meaning 2.2 million of their 16 million total addresses. They are being generous and giving out entire class C blocks, because frankly they have 8960 of those blocks allocated for this, and the idea of having almost 9000 small business customers who want computer networks is quite silly. It’s the 90s! Who could need that much. So they gave our friend 256 addresses when he might have needed like 5 or 10.
Anyway, so that’s what people are talking about. A decade later, by the mid-2000s, it’s suddenly clear there is a major problem. People have a lot more computers than before. It looks like this mobile phone thing might take off. Smart devices are taking off. Things like ATMs need an IP address. I don’t remember how many computers were in use at this time, but well over a billion. Now it’s many, many billions.
You may notice that with four bytes from IPv4, only 4 billion unique Ip addresses are possible. Also, for various reasons, there are some reserved ranges, so the number is a bit lower. Also, because of early allocations, there were some silly oversights like giving MIT more addresses than the entire country of China. Or a bunch of other countries combined. Oops. (So far as I know, this is accurate, but I never looked into it).
It’s clear that the internet is going to break, and soon, as there are not enough IP addresses to go around. We had better move fast and switch to IPv6, which supports vastly larger quantities of addresses. More than we could ever need. 340 undecillion. It wouldn’t matter if every person on earth needed 4 billion addresses to themselves, it would still barely put a dent in this number. And obviously people don’t need that many. It’s future proof! So far as we know.
So, naturally, we’ll switch over by the early 2010s
Oh shit! Most software doesn’t support this. There’s a lot of software.
Uh… we also have far surpassed 4 billion devices, and IPv6 is still around the corner a bit. It’s like 2009, I guess. Pick a year from 2005 to now, it’s all the same. Anyway, good thing we have routers. That allows companies to have private ip addresses, and homes as well. So rather than every device on a network having a public IP, each home network typically is set up to support 256 (but there’s nothing from stopping you from changing that), and most large companies support 16.7 million devices (and if they need more than that, which they might, they’ll have to further segment, which they can do. It’s all internal to them. Do it by physical location or something. It will be fine. Not sarcastically, this time.)
Right, so more and more software supports IPv6. Pretty much all hardware supports it. But not the oldest and most decrepit stuff that runs some of the most critical systems. And yet people most have not switched over. Both v4 and v6 coexist, and routers abound. It… works? There are still many ludicrous allocations, and occasional further complications, but overall we’re not running out of room thanks to routers and IPv6.
And yeah, total v6 adoption is just around the corner. Just like when I started my career, 24 years ago.
Lmao. I've also been in telecom/saas for 20 years now. At least once a year we'll get a customer asking us to support ipv6, telling us how it's important for their rfp cause they've heard that's where everything is going.
Sure thing mr customer, we'll swap over right at the same time you do....
Ahahahaha. Yeah, I was in SaaS from 2001 to 2009. It amazes me in retrospect how much has changed and also how much has not.
Since 2009 I’m in games, and have written networking code for about 5 titles. Since the transport layers are library based, it’s pretty trivial for me to add IPv6. The big thing I notice is that, one, people don’t want to type in an IP in general. And two, people really don’t want to type in an IPv6 IP. I’m not sure I’ve ever had a support ticket related to that in 16 years and half a million customers. Maybe there was someone and I forgot, but I don’t remember it.
The endless support requests that I always have gotten are all about NAT. The worst is when people have two routers and don’t realize it, because their ISP modem has a router and they didn’t set it to bridge mode. So basically no NAT punchthrough will work. You have to rely on something like steam relay servers, or private VPNs like Hamachi.
On the other hand, there’s been this plethora of new auto-NAT punchthrough technology like ICE and STUN that I can’t keep up with. The network libraries kind of cycle through what the router supports and do what they can, and it works or it doesn’t. Often it just works.
The other big issue is all the software firewalls people have. They might be running up to three while thinking they’re running one. Windows firewall! Norton security suite! And then the actual software firewall they meant to use.
Honestly these problems have decreased in the last decade. People are less tech savvy on average and just use Steam relay.
But wait! That has arbitrary code from like 2004 or something that caps the data chunking and recombination at 511 kb or so. Including headers and miscellaneous. So really it will randomly fail above like 480kb. Boy I sure hope there’s never a need to send a single batch of data that large. Like a single image, or maybe a savegame.
So, yeah, that meant then writing my own chunking and recombination code on top of theirs, for anything 480kb or larger.
“I’m sure this limit will never be a problem” issues from the past seem to be inescapable. Honestly I think I’m done making multiplayer games.
Just wanted to say this was the first explanation in the thread I actually got on how this worked. I already knew how to read binary, bits and bytes and how to represent any number in binary but this made it really click. Perfect ELI5 right here. Thank you.
Glad to help! Thank you for the kind words.
The addresses used to be sized by class so
Class A: 111.xxx.yyy.zzz
Class B: 111.222.yyy.zzz
Class C: 111.222.033.zzz
So a class C would be 256 addresses while A tens of
thousandsmillions of addressIt would be like the difference between having all the addresses in a city vs all the addresses in a zipcode vs all the addresses in an apartment building.
B's were tens of thousands of addreses (216 = 65,536)
A's were millions of addresses (224 = 16,777,216)
Don't forget the largest class, class D, it's a whole ass /4.
In the 90s, as an individual you could get a /24, but it was non-routable, as nobody would waste router memory on a /24 back then. But having your own /24 was good for supporting clients, as it was certain that there wouldn’t be ad address clash.
Then they called and took my /24 away…..
I worked for the General Electric Company right out of school (early 2000s) and at the time they owned the entire 3.0.0.0/8 subnet.
Like, the majority of it wasn't routable on the public internet, obviously, but I thought it was pretty cool. They had it all subnetted out to different business units and then even physical buildings, then even function, so you could look at an IP and be like "Ok, that's GE Appliances, Appliance Park in KY, in the DHCP range. Probably some schmoe's laptop.
IBM’s internal’s are on the 9Dot intranet. Which isn’t an intranet, they’ve just got 9.X.X.X
This is such a flex
Yeah when I started at HP (just before the split into HP and HPE) it was wild seeing the printers have 15.x.x.x or 16.x.x.x IPs (and every laptop and desk phone likewise got a globally unique IP in one of those subnets).
Yes, HPE got two class A's in the divorce (one from pre-Compaq HP and the other from pre-Compaq DEC; laptop and printer HP basically contracted with HPE for IT for some years after). Fairly soon after was a project in HPE to move internal IPs onto the 10-net and begin selling freed-up blocks.
It's the same deal with barcodes nowadays. The short barcodes are standardized by one company who sells blocks of it to the highest bidder.
Wait, what? They control 1/256 of all ipv4 addresses?
Yes. Ford, AT&T, Comcast, Apple, cogent, and Mercedes Benz all have 1/256th of the ip space.
The US DOD has 13/256 of it.
There are other companies who have been assigned a class blocks through ARIN, like Amazon who has 3.x.x.x
https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
I'm a bit surprised this arrangement survived despite how much people were worried about IPv4 addresses running out.
Though I guess recovering those 6/256 of the address space doesn't help that much in the grand scale of things with how rapidly the usage was/is growing?
Honestly, with private networks and NAT lots of stuff is negated.
Have a company with a million servers? All 10. Addresses with a few external facing IPs.
This is us. Very astute
There are officially no more IPv4 addresses available from ICANN. I think the last block was given out in 2018 or so to the sub registrar for Africa or Asia, don't remember. A few of the sub registrars (e.g. the ones managing different continents) still have IPs left from the blocks they got from ICANN, but I think all of them also stopped giving blocks out. The last few ones they have are reserved for "special" cases.
If someone (e.g. a new internet provider) today wants an IPv4 block they have to buy it from someone else. Usually, they would only get a few IPv4 addresses, give their customers only IPv6 and if needed provide a natting service (you call their service via IPv6 and send "I actually want this IPv4 address" with it and they use router magic to make that happen).
But more and more parts of the net are also available via IPv6, so the pressure to have an IPv4 is easing up over time.
https://xkcd.com/195/
I wanna see that map in 2025.
I don't think there's been any green left for a long time.
https://xkcd.com/195/
Seems crazy that the IP allocation criteria is basically be a large company in the US at the time when internet was invented. What does Ford and General Electric even need (this many) IP addresses for?
Mainly because it was available and they could. General Electric is still a behemoth of a corporation, and was more so in the late 80's/early 90's.
The internet was invented in and by the US, why wouldn't the original allocations be predominately US companies?
And at the time, no one envisioned that there would ever BE a shortage of internet addresses, so if you wanted a large block, you asked, and were just given it.
IBM used too; but they have spun off a lot of the 9. space.
Actually. They don’t have 9.9.9.x. That’s assigned to someone else.
I worked for IBM in the mid-90s and I remember that every workstation had a public address. It was wild.
I went to and then worked for universities up until 2012 - most of them had class B space - so /16 or 256x256 IP addresses, (like 129.100.x.x, 130.95.x.x, 139.230.x.x), although one had three of them, and like franks red hot sauce, we’d put that sh*t on everything.
I’m still involved with one of them and they’re gradually moving to 10.x.x.x internal IPs
The Rochester MN IBM plant I worked at back then had 9.5.x.x
Used too; they have split that off for well over a decade now.
Wait the GE appliances office was in a city called Appliance Park?
lol no, that's just what the site was called. It's in Louisville, but it's big enough that it has it's own zip code, IIRC.
I'm in Canada. Our postal codes are granular enough that I actually have my own. It's a glitch, and it's actually not technically correct anymore, but it still works.
Canadian Postal codes are granular enough that each side of the street on a given street is a unique code. Not so much tiny towns and villages..
of course, the codespace is huge. Letter-number-letter, number-letter-number. D, F, I, O, and Q are not used for anti-confusion purposes; U, W, and Z was deemed unnecessary at the time. That grants 5,832,000 codes, to the Zipcode 100,000 in the US.
A: Newfoundland and Labrador
B: Nova Scotia
C: Prince Edward Island
E: New Brunswick
G: Eastern Quebec
H: Montreal
J: Western Quebec
K: Southeastern Ontario
L: South-central Ontario
M: Toronto
N: Southwestern Ontario
P: The rest of Ontario
R: Manitoba
S: Saskatchewan
T: Alberta V: British Columbia (Vancouver at the time was not expected to grow to the size of Montreal or Toronto)
X: Nunavut and Northwest Territory (Nunavut splitting out of NWT is comparatively recent)
Y: Yukon
If the first number in a postal code is a 0, that postal code is designated a rural location--some tiny town or village that doesn't need full street designations. There is one special 'rural' code: H0H 0H0 is designated for the North Pole, so kids can write to Santa.
I knew someone that you could put just his first name and his postal code on a letter and it'd probably get there. The university had its own postal code, and he worked in their mail room at the time, so it was even likely he'd be the first one to see his letter.
The postal code I actually use, that's for the area, services maybe 200 people. And it's a general store that sorts the mail, so my mailing address technically is "name, General Delivery, Town name, postal code"
You could leave the town name off, leaving you with name, GD, postal code.
It's not that implausible.
The U.S. has been using zip + 4 since 1983, giving 1B codes.
The correct zip + 4 can get it put on the right route on the right truck, directly into the right PO Box, or even specify a specific building or recipient.
Obligatory XKCD based on the block assignments as of 2006:
https://explainxkcd.com/wiki/index.php/195:_Map_of_the_Internet
Apparently, 3.0.0.0/8 is Amazon now.
You would’ve had to voluntarily give it up (or at least, stop paying the registration fee on it). If you had it before a certain time you should’ve been grandfathered into the old policies that let you keep it.
Most likely he did not get the ip's directly from ICANN/IANA but rather was resold from a larger block from his ISP. The ISP as a private company would have their own agreements when reselling them and would most likely be able to recall them based on their own contract.
The allocation was from RIPE, and in 2013 they wrote telling me "my" network (a PI) was about the be de-registered, unless I did things I didn't want to do. Bye bye network. There were never any fees involved.
That tracks. I was a member of a small regional non-profit that ran a, for lack of a better description, a cybercafe.\ We were open 365/24/7. In addition to Linux terminals and PC's we had ~40 slots for members to bring their own PC there. We had a sub-block of our city's IP. I had my very own IP there.
Was great value for $50 back in $95. We had our city's connection aswell. 2mb before ADSL was even a thing.
What does this /24 mean?
an IPv4 address is a 32 bit number, just 32 ones and zeroes. We turn them into something more readable, 10.11.12.13 or whatever, but under the covers, it's just 32 ones and zeroes.
But they trickily shove TWO numbers into those 32 bits, by splitting it into a left part and a right part. The left part is the network address, and the right part is the node address.
If you've ever entered in a subnet mask (255.255.255.0 for instance), that's the mask that's used to split the network address from the node address.
So that subnet mask i wrote, 255.255.255.0 is 24 ones followed by 8 zeroes. The ones are where the network address is, the zeroes are where the node address is. So /24 is just another way to write it, indicating 24 ones with the rest being zeroes.
If you do this stuff a lot, you can switch back and forth in your head. Like a /26 would be 255.255.255.192 subnet mask, or a /22 would be 255.255.252.0 subnet mask.
When your computer wants to talk to some arbitrary IP, it looks at its own network address, then it looks at the network address of the thing you want to talk to. If they match, that means the other IP is just another node on your local network, then it can just scream and that other device will hear it. If they DON'T match, then it consults a routing table to see where it has to send it off to. For home setups, generally the routing table is stupid simple, like "if it's not local, send it to the default gateway." That's kind of like the post office -- you write an address, they figure out how to get it there, you don't have to worry about it. The default gateway is probably your cable modem, who sends it along to your ISP, which is kind of like your local post office that has fancy sorting machines to take mail bound for California out over one connection, mail bound for New York out another one, etc.
One small nitpick:
Your default gateway is not your cable modem unless it's a modem/gateway.
Modems are typically specifically just bridges/media converters. A fair number of household cable modems do integrate a router too, but they're specifically sold as cable modem gateways to indicate they have a second function instead of just the modem. But a fair number of households have separate routers and modems, including almost everyone who has a 'mesh' Wi-Fi network.
So for most people, your default gateway will be your router which is either between your computer and your cable modem, or built into the cable modem (but still logically between your computer and the modem function).
Ip addresses can be written in binary with 8 digits per section like 11010010.11111111.10101010.10010101
The biggest number from each block of an ip is 255 which happens to be 11111111 in binary.
A /24 means mask off 3 of those sections (24 digits) 11010010.11111111.10101010.xxxx and say you own all the ip addresses for any combination of those x’s after the masked digits. So a /24 leaves you with one quadrant assigned to you, giving you 255 addresses out of the entire address space. There’s only 255 possible combinations for every 8 digit binary, so giving you a /8 for instance is essentially 1/255th of the entire internet because only one quadrant would be masked. Or a /1 would be half the entire ip space as only the first digit would be masked 1 or 0 and you’d own everything after.
I think you have it backwards, a /24 subnet mask masks the first 24 bits, giving you 256 (254 usable) ip addresses.
Whoops updating
And why use bits (24) instead of bytes? Because you can have subnets that are for example 3 bits (8 addresses), and your network would be /29 (32-3).
[deleted]
Holy moly
Other commenters have given the gory details, but it’s what we called, in the pre-enlightened times, a Class C block, 256 addresses, of which 254 are useable for things.
What makes two addresses unusable but ownable
They have uses, albeit they can't be used by hosts like the remaining addresses. The first is the network id and the second is the broadcast domain. Although you can't assign these ip addresses to a host, you use them to either refer to the network (alongside the subnet mask) or to forward a broadcast to all hosts in the network. The network id is used by routers/isps to forward traffic, the latter is used in multicast applications.
If I remember correctly, in the old days you could ping the broadcast address and everything would respond back. Spoof the source address and you had an effective smurf attack. Properly configured firewalls fixed that for the most part though.
One address needs to be allocated for the network as a whole, and another address needs to be allocated for "send this to everyone on the network".
You kind of can if you're further subnetting. The "normal" way for point-to-point connections is to assign a /30 (4 addresses), losing a network address and a broadcast address, and using the other two for the two points. But point to point connections don't really need those, so you can use a /31. RFC 3021 I think?
Say you have a block of addresses, from 192.168.1.0 to 192.168.1.255.
The first one mentioned here (the one ending in 0) is the address of the network itself, not a specific device. The other one mentioned is the broadcast address. So if a message is sent to the 192.168.1.255, it is forwarded to every device withing the same network.
192.168.1.1 to 192.168.1.254 can be used for regular devices.
/24 is not a "C class block".
Of course networks from C class do have mask /24, but you can also split any class B (with mask /16) to 256 smaller /24 networks, and they're not "class C"
All addresses with the same first three parts, eg. 10.123.66.xxx
It’s the number of bits in a 32-bit ip address that specify the network, the remaining (32-24=) 8 bits specify which host on that network. So you can have 256 (2 to the 8th power) host computer addresses on a /24 network. Technically, you lose a couple addresses for “reasons” so you can only probably use around 254 of them, and one usually has to be your router’s address, so we’re down to 253 for actual hosts. A /29 has 3 bits of host address space, which results in 5 usable addresses. I had a /29 to my house for many years, never used it for anything real, just experiments.
Also, take /29 as an example. It's the log2 of the total number of subnets there would be if the entire address space was divided up that small.
There are 536,870,912 theoretical /29 subnets (if the entire ipv4 could be divided up that way), and log2 of that is 29.
Of course, I'm saying that the first 29 bits are identical for every address in that range, just in a weird way, the statements are identical. I'm also saying that there are 23, or 8, addresses in that range, exactly the same statement.
I love binary math.
It was fun, fun, fun, until ICANN took my class C away! 🎶
I work at a web host, and we have a client who has his own /24 he got from ARIN back in 1992. Its currently being routed to his vps and he is using exactly 3 of those IPs. Two are assigned for dns and the other handles his email.
My University has an absurdly large /16 (more than the entirety of Africa) because it was a telecommunications school that got in early to the action
This is true of many universities, they got an allocation back in the day, as they say.
To correct the statement about Africa: AfriNIC (the African registry delegating IPs to local institutions) got delegated more than 7 /8s from ICANN, that's more than 1800 /16s.
No pesky nats or firewalls to worry about.
If it was the early 90s, smaller subnets weren't really a thing yet.
IP blocks were only given out as Class A, B, or C back then.
CIDR addressing came around in the early 90s, but it took a while for ISPs everywhere to adopt it as hardware had to be replaced to support it in most cases.
Berkeley has millions of IP addresses, because they were one of the first universities who wanted IPs and why would we ever have a shortage of them. We have 4 billion, do you expect the whole world to need IPs or what? Oops ...
I think they started selling/giving part of it to others when the IPv4 shortages started to get interesting.
Back when IP addressing used classes. Now it's CIDR and classes don't exist anymore.
I'm a network admin and I've never bothered to remember the classes. This was already out of date for many years when I was born.
Thanks for making me feel old as shit!
Would you mind explaining why garbage traffic is part of cloudflare business model?
They do a lot of services tailored around blocking that garbage traffic
Cloudflares business model is as a smart firewall ontop of your application. If it notices unusual traffic, or traffic from botnets it had previously tagged as being malicious it either gives them a captcha or blocks them entirely from accessing your website.
It does this by basically collecting as much information from as many multiple different sources it can (DNS requests through 1.1.1.1, individual requests to individual domains that use Cloudflare, and through crawlers (applications that scan the entire internet looking for open ports that are used by botnets/exploits to ddos)). It uses all of this data to train a model that then analyzes new internet traffic to your website and gives it a threat level. If the aggregate threat level to your website is higher than it was before, or if it sees a large influx of previously tagged IP's/suspicious traffic hitting your website it turns on DDOS protection and captcha challenges protecting your website.
Cloudflare's whole business is filtering garbage traffic from legitimate visitors. This is most evident in their DDoS protection offer (DDoS is a Distributed Denial of Service attack. It's kind of like getting hundreds of people to try to talk to the same bartender at the same time so the bartender just can't respond to anyone.) What Cloudflare does is filter through all the people asking questions for the single person who is just there to pay his tab and get out. And they're pretty good at it.
Since they're filtering junk requests anyway, it's no skin off their back if there's a little more junk traffic than there would be otherwise.
Not only is it “no skin off their back”, but it actually probably helps them improve their traffic detection algorithms. Legitimate DNS requests to 1.1.1.1 are another datapoint they can use in assessing your traffic.
DDos is more like putting up a free drinks poster so that all the patron go argue with the bartender?
How you get people to go waste the bartender's time is more of an implementation detail.
That sounds like a reflected attack, too.
One example is that cloudflare is very good at stopping DDoS attacks :)
Part of it is due to testing and people sending bogus traffic to test external connectivity. There are also network appliances that send traffic there as well, all with no real purpose.
And, they’ve introduced a service that will allow website owners to allow or disallow “scraping” by AI bots. Not sure if I’m describing that well.
It's not really. They block garbage traffic, sure.
But in this specific case it is APNIC that wanted to perform analysis on the requests coming into 1.1.1.1
Due to the volume of stuff coming in thanks to it being used as a placeholder, not many companies wanted it or had the resources to easily deal with that. Then cloudflare came along and wanted the address for convenience.
Part of the deal is that they share query data with APNIC. You can read about it here - https://www.theregister.com/2018/04/03/cloudflare_dns_privacy/
Though of course as time has gone on it will have been used less and less as a placeholder because people now know it's a real, functioning resolver. So there will be less garbage and mostly legitimate requests.
I remember being surprised once when I realized that MIT had as many IP addresses (IPv4) as China.
MIT got there first. What is now the Internet started as a US government/academic project with only a few sites. Back in the day, MIT was considered a really major site on the network because it had four computers connected in addition to the IMP. That's five total devices! But seriously, there were so few connected orgs/ institutions that giving MIT 1/256 of the network's address space seemed like a non issue. You'd need more than 256 sites connected to the network for it to matter, and that sounded insane in the early days. Here's a map from the early 70's where you can see each computer in the whole network: https://www.reddit.com/r/Damnthatsinteresting/comments/1bpc4jh/map_of_the_internet_1973/
Mit used to have all of 18, but gave up a lot of it years ago.
Imagine your work computer having a public IP address. That was the case for a while there.
I remember around 2000 when we first got ADSL I think we got 5 public IP addresses. We had a hub hooked up to the modem instead of a router, and our two! computers each just sat there, naked and afraid, on the internet with no firewall or anything
Rawdogging the internet, like hippies did it before HIV
If you happen to have an ISP using IPv6, your home computer may have a public IP address. Though I imagine they're dropping traffic before it gets to your machine unless you specifically change the setup.
I don't have to imagine it, my work computer did have a public IP address, for a long time.
Some of the machines I work on now have public IP addresses.
When I was working at MIT, every computer on every desk had a public facing IP. Not servers, just your every day windows computer (NT or 2K at the time).
Also the phones, we had our own PSTN, so all phones on desks had public numbers, no extensions.
Did Google get 8.8.8.8 and 8.8.4.4 the same way?
probably something similar. They just paid for the prime real estate.
its free real estate
Location location location location
Yeah -- L3 owns 8.x.x.x. So they must have some deal with L3. Though they also do other fancy things layered on top, so the 8.8.8.8 I talk to might not be the same machine you talk to.
Correct, 8.8.8.8 isn't going to be a single server, it's a load balancer that has a lot of servers behind it to ensure capacity and redundancy.
I think they do geographic stuff too - you get a different load balancer than me and we both have 5ms ping to some relatively local load balancer
https://en.wikipedia.org/wiki/Anycast
IP addresses can also be traded nowadays. 1.1.1.1 was kinda special because so many systems used it as an example, default or "special" address (Cisco was a major offender here IIRC). That made it effectively unusable for many practical purposes, so Cloudflare essentially got a deal "if you can clean up the mess and write down how to do it you get to use the IP", with some likely not believing it was even possible.
Is it really that hard? They need some heavy filtering for sure, but basically have to filter for "is this a DNS query?". There is also DNS over HTTPS making it more complicated, but I would think that it's just about having some beefy hardware at enough locations to make the service usable.
Especially with how popular 1.1.1.1 became, I would assume that they have a lot more legitimate traffic now.
The main problem isn't the junk traffic, the main problem is your customers being unable to reach you because some shitty equipment between their computer/phone and your server thinking that 1.1.1.1 is their IP address, not one that should be routed on the Internet.
I see, that makes sense. Maybe Cloudflare could monitor if a network region only connects to 1.0.0.1 and not 1.1.1.1, then notify the owners that something is broken.
This reminds me of the story of how even though there's an RFC declaring example.com will never be a real domain name, a mailing list service defaulted to outbound emails being sent with a return address of donotreply.com because they wanted to make clear to customers that replies would not be answered.
Problem is... donotreply.com is not a special domain. Somebody bought it and put up a dead-letter-office mail server on the domain, and would get all manner of intended-private correspondence from random people trying to reach out their banks, doctors, local governments...
company.com is another good example
There is a surprising number of Microsoft Active Directory instances that use company.com as their domain name. Someone setting those up was reading the textbook a little too literally...
For the longest time it was owned by a hacker who sat there looking at all the unsolicited traffic from these domains.
The hacker tried to get Microsoft to buy it (since they own and use contoso.com as an example in the literature for the same reason) but they weren't interested.
Now it's owned by a domain squatter.
This is less eli5 territory, but more people should make use of all the weird ways ip addresses can be formatted. Cloudflared also has 1.0.0.1, which can be expressed as 1.1
However most people don't know it can also be expressed as 0100000001, or 16777217, or even 01.0x1 if you want to start mixing stuff.
What can people do with the different ways to express IP addresses??
Ruin the dreams of every PM who wants to finally crack input validation
Mostly hide the fact that it's an IP address from malware scanners, to be honest. I haven't seen a meaningful, practical use of actually writing it in one of these ways. It could be useful for debugging some edge cases like when IPv4's (typically written in decimal) are embedded in IPv6's (typically written in hexadecimal) but I wasn't even aware of several of the formats presented here.
You used to be able to use the full 32 bit number in your browser, like 10.0.0.1 is 167772161 in decimal, so you could go to http://167772161/ or whatever. Some viruses used that to obfuscate, so I imagine modern browsers may panic if you try it these days.
IPv6 addresses are long enough that shortening is common. like
::1is localhost (127.0.0.1 in IPv4)there's strict rules to ipv6 shortening that prevent similar shenanigans and make expansion unambiguous at least. [::1] is [0:0:0:0:0:0:0:1] or [0000:0000:0000:0000:0000:0000:0000:0001] but [1] isn't supported as an address
Which is going to fail 99.99% of all validators out there.
0x7f.042.1337is a completely valid IPv4 address.this became more visible with IPv6's long addresses
Can you actually use 1.1 in an application?
A lot of real world applications will get confused. But if you were really bored, you could file a legitimate bug report against those applications because it's technically valid input. The developer of the application would then yell at you.
Or just close the request as "wont do"
yea, you can try ping 1.1
Before the IANA it was this guy, at least until his death in 1998.
Why does 1.1.1.1 receive tons of garbage traffic? Is there an equivalent of "loading google.com to check internet working" in dns world? Because I can't see any human typing 1.1.1.1 randomly, so is it all automated garbage?
1.1.1.1 is used an as example IP in a lot of literature, and as the default IP in some software.
Cisco in particular is notorious for doing this.
They have even been forced to release guides on how to change this setting in some of their devices now that Cloudflare owns it. Or worse you can't change it and they recommend null routing 1.1.1.1 at your router to ensure it isn't routable.
example:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213535-wlc-virtual-ip-address-1-1-1-1.html
So there's a lot of devices out there sending unsolicited garbage to 1.1.1.1 all the g'dang time
Sometimes called ICANN'T by those who dislike them :P
4.4.4.4 and 8.8.8.8 are Google DNS servers
Does IPv6 with the super long number change any of this or does it just affect client machines?
The ELI5 answer is that it's the exact same process for IPv6, they only difference is there's a lot more IPv6 addresses to give out.
There's also some neat history baked into those numbers.
At the start, there weren't many machines on the network so the numbers described which network you were on. 10.x.y.z, for example, was ARPANET (there were several network experiments that DARPA was working on at the same time). In the very beginning, you could get one of the numbers 0 through 255 (minus a couple special ones) allocated to you and then you controlled all the machines under the .x.y.z part.
When the experiment "escaped the lab" and we started wiring up universities together, people realized pretty quick that we were going to run out of numbers, so they stopped giving out such large chunks. Originally, "class B" networks were identified by starting with 128. So you'd have 128.something.y.z, and that meant you controlled all the machines with the last two numbers .y.z. Carnegie Mellon University is 128.2.y.z because they were the second university to get a class-B network (and they've never given it up; from their cold dead hands ;) ).
Nowadays though, the whole IPv4 space is pretty diced up and some whole universities get like five IP addresses for the whole institution (and then they have to use translation on their side to share those 5 addresses among whatever services they provide). IPv6 promises to fix this and will be rolled out universally any day now (I'm joking, kinda; it pretty much is at this point).
To close up the story: the reason 10.x.y.z is a "safe" address range to use for your local network is that when the whole Internet became patterned on the ARPANET experiment, they didn't need a special network ID to denote ARPANET anymore; everything was ARPANET. So they re-assigned the 10.x.y.z address space to mean "local area network" and you can always use it internally.
neat
Another additional info is the enforcement of the IP addresses. I can get an edge device and put what ever IP address I want on the public facing side. And let's say the next hop will handle it, there will eventually by a router that refuses to handle packets from that IP address.
So essentially all major companies that manage the back bone of the internet agree on the authorities that handle IP allocation and enforce it in the routing protocols.
Actually the military got them because of Arpanet as the class A numbers went to them along with a few others