networking - Why can a network address not be a valid host address?

06
2014-04
  • Goblinlord

    So... I have studied for CCNA and such and been working with IP networking at the least the past 8 years or so. I have always seen and been told that the network address for a subnet is not a valid host address. Now first I will start by saying I know this is true. My question is more... is there a technical reason it can not be used or was it just arbitrarily agreed upon when the specification was designed? I understand why a broadcast address can not be used (because it is ACTUALLY used). The thing is when I see a network address used it is normally only in routing which is specifically using NETWORK addresses. This being the case, (network addresses being used only when you are expecting a network address) is there some technical reason that they could not have the network address be an actual valid host address?

    • Answers
  • haimg

    As far as I understand, "network address" as a special address is an artifact from the classful IP networks from the past. Today, we use Classless Inter-domain Routing (CIDR) on the Internet, which does not have the concept of a network address (if you look at the RFC 4632 linked above, you'll see that it lists 256 possible IP addresses per legacy "C" block, e.g. no reserved addresses for either network or broadcast address (although broadcasts are defined as essential in other RFCs).

    This being said, you still should not assign a network address to any specific host in a network: Network address is essential for routing. This concept is used extensively in RFCs (RFC 1812). Just look at the routing tables (route command), you'll see how your local network address is used to separate your local network traffic from what must go through the router. What if that local network address was assigned to some host?

    Even worse: it is better not to assign IP addresses ending in zero even if this address is not a network address. E.g. if your network is 10.10.0.0/255.255.0.0, IP address 10.10.5.0 is not your network address, but you'd better not assign such IP even though it is completely valid even on classful IP networks. Some legacy software/IP stacks may have problems with it.

  • Dagelf

    So the practical answer is: It really depends. It depends on:

    • The exact address
    • The version and revision of your operating system
    • ...And that of your router, and every other upstream router
    • ...And the intelligence and sophistication of all the network admins of those routers...

    I've not delved very deep into this but it seems that most ISPs do not block you from assigning and using your network address and I have not run into any problems accessing any sites in testing this; it seems that ultimately it's all left up to the network administrators' whims.

    I'm sure there are security analysts and hackers out there who have insanely detailed stats on exactly how many variants of TCP-IP stack implementations are out there and what the do and do not accommodate or allow and exactly how and where they miss their mark.

    Matter of fact, I'm browsing and posting this from my network address.

    Don't call me a bad netizen unless you have a better solution to fixing this house of cards: the reality is that if it's possible, it will happen. The reality is that nobody really smart enough sat down and thought this whole thing through in all its possible iterations in order to come up with a completely fool-proof design. The result? Standards where a lot of things don't add up and/or get lost in translation.

    Welcome to the real world. Don't let that dissuade you from chasing the ever elusive optimal ideals... Just don't expect support from the "official" channels or forums unless you are willing to get your hands dirty and dedicate your time and life to it.

    So, I think what the other posters were trying to say: If you want to make this official policy and use it in production, you're on your own. (But aren't you anyways?) Maybe we'll strike it lucky and have a computer intelligence design us an IPv8 that's backwards compatible with IPv4 and IPv6 and all their broken implementations.

  • William

    I'm new to network but I'll give my 2 cents as well.

    If I have a /28 subnetwork from x.x.x.0 - x.x.x.15 According to the predefined rules we would have 14 usable hosts and 2 remaining. the remaining are for network and broadcast.

    Lets, instead of following the rule above, actually use all 16 hosts. Then in that case all would be ok, no problems. But if communucation was needed outside the network then it would not be possible because of lack of resources to send or recieve the information.

    I'm not great at explaining but to put it another way.

    If I lived in a house on a street and the street contained 14 houses. A laneway in and out for access to the main road.

    My mailing address would range from 1-14 Personal Street, Off Network Road.

    That would be no problem for the mail man. Now lets assume the developers got greedy and added 2 more house and got rid of the laneways.

    Then my new mailing address would range from 1-16 Personal Street

    In this instance the mail man would be in trouble.

    This is a guess, let me know if I'm talking bull.

  • David Costa

    The network address allows you to build route tables with fixed-size (4-bytes IPv4) destination column and fixed-size binary operations so that host routing and network routing is actually the same thing.

    Imagine a routing table like this: (this PC has a parallel connection with another PC and a network card)

    Dest           Mask    Dev
192.168.0.123  /32     plip0   # This is a single host
192.168.0.0    /24     eth0    # This is a network

    The AND between the IP address and the netmask gives you exactly what you need, a 4 bytes number which can be compared against each line without further calculations.

    So the host number zero is special in the sense that after the AND operation its address naturally represents the whole network.

    If you decided to use the network number as a host number it would result in a table like this:

    Dest           Mask    Dev
192.168.0.0    /32     eth0    # This is the host (it's a redundant line)
192.168.0.0    /24     eth0    # This is the network

    This seems legit, so I suppose the concept of network address is used for routing reasons and thus it was decided arbitrarily to mark it as a special address and prohibit its use as a host address.

    Well... actually it's not that simple. I decided to give it a try (!!!):

    # route add -net 192.168.0.0/32 eth0
# ping 192.168.0.0
Do you want to ping broadcast? Then -b
# telnet 192.168.0.0
Trying 192.168.0.0...
telnet: connect to address 192.168.0.0: Network is unreachable

    At present the network programs don't allow me to use a network number as a normal address.

  • Styne666

    Whilst searching for the answer to this question I came across this article from Cisco. The following quote from that article sums it up nicely I think.

    [...] consider the IP address 172.16.1.10. If you calculate the subnet address corresponding to this IP address, the answer you arrive at is subnet 172.16.0.0 (subnet zero). Note that this subnet address is identical to network address 172.16.0.0, which was subnetted in the first place, so whenever you perform subnetting, you get a network and a subnet (subnet zero) with indistinguishable addresses. This was formerly a source of great confusion.

    Avoiding confusion is a good enough reason for me.


    • Related Question

    networking - IP address classes, networks and hosts
  • Questioner

    This may seem like a basic question but I need to understand IP addresses.

    I don't understand why IP addresses are split into network (wires) and nodes (hosts | device).

    For example Class A has 8 bits of network and 24 bits of host, where does this fit into the actual IP address.

    I am quite stuck on this as I look at examples around the net and they state mainly that the IP is split into network and hosts then each class has different values. But I'm not sure exactly what this means.

    would be great if someone could spend a little time to explain.


    • Related Answers
  • Spiff

    There are two main reasons a host needs to know which portion of its address is the network number and which portion is the host number.

    The first reason is so it knows what data link layer (e.g. Ethernet MAC layer) destination address to put on an outgoing packet. If the destination IP address's network section matches the source IP address's network section, then the destination host is directly reachable on the local data link (e.g. it's on the same Ethernet LAN), so the sender can find the destination machine's link-layer address (perhaps via ARP) and put that host's link-layer address in the destination field of the link layer header of the packet. If the network sections of the source and destination IP addresses doesn't match, then the sending host has to send the packet to a router. In that case, the sending host puts the router's link-layer address in the link-layer header.

    The second reason is so the host can determine the local network's broadcast address. It does this by filling in all the bits in the host section with ones. So in the case of 192.168.1.0/24, the broadcast address is 192.168.1.255.

    The idea of network "classes" (a.k.a. "classful networking") only really mattered from the invention of IPv4 in 1981 until the invention of subnetting and Classless Inter-Domain Routing (CIDR) in 1993. From 1981 to 1993, if the first bit of your IP address was a zero, you knew you were on a Class A network, so the first 8 bits of your address was your network number, and the other 24 were your host number. But this meant sites with Class A networks would have 16.8 million hosts on a single flat network, which was impractical. Even though it's been almost two decades since "Class A", "Class B", and "Class C" really mattered, the names still get kicked around to refer to /8's (16.8 million host networks), /16's (65 thousand host networks), and /24's (~256 host networks), respectively.

  • ultrasawblade

    The reason for the split is that it's rare that you have a direct connection to the computer you want to send something to. The data you send usually goes to a router, which then forwards it to other routers, and so forth until a final router in the chain delivers it to your system.

    For this to work, there must be a way of knowing which IP addresses can be reached just by dumping data out of the network card, and which IP addresses can only be reached "behind" a router. The network part of the IP address, determined by the network mask, makes this distinction.

    So, if my IP is 10.1.1.42, and my netmask is 24 bits from the left (255.255.255.0), then that means I can reach any IP address from 10.1.1.1 to 10.1.1.254 just by sending data out of my network card. I'll use my IP as the source address, the end machine as the destination address, and just throw the traffic on the wire. It should get there if say, the other machine is connected via a switch or hub, without any further help.

    Let's say I want to talk to 10.1.2.50. Well, I can't reach that just by spitting the bits out of my NIC. It has to go through a router. The simplest situation is where there is a default gateway given by DHCP. Let's say the default gateway given to us through DHCP is 10.1.1.254. I'll then send my traffic that I want to go to 10.1.2.50 to 10.1.1.254, putting my IP (10.1.1.42) as a source address and 10.1.2.50 as a destination address. The default gateway is not the ultimate destination, but I'm really expecting 10.1.1.254 to forward the traffic to 10.1.2.50 on my behalf. Hopefully the machine at 10.1.1.254 has a connection to the 10.1.2.0/24 network, and will be able to do that.

    I hope this is helpful.

  • maks

    Example: 10.0.0.1 /8
    where /8 - means network mask. This means that first 8 bits of 32(the adress consists of 32 bits divided by dots and this bits are represented as decimal numbers) identify the network and others - the host

  • Sathya

    Perhaps this article from Cisco will help.