IP Addressing Mechanics
The Complete Engineering Guide: IPv4, IPv6, Subnetting & CIDR
Introduction: Why IP Addressing Is Not Optional Knowledge
Every packet that traverses a network — whether it is a TCP SYN from your browser or a Modbus command from an industrial PLC — carries two critical pieces of information at the IP header level: a source IP address and a destination IP address. Routers at every hop make their forwarding decision based solely on matching the destination address against a routing table. If that address is wrong, malformed, or from an overlapping subnet, the packet is silently dropped.
IP addressing sits at Layer 3 of the OSI model (the Network Layer), providing the logical, hierarchical structure that makes internet-scale routing possible. Unlike MAC addresses (Layer 2, hardware-bound, flat), IP addresses are logical — they are assigned by administrators, are topology-dependent, and carry routing hierarchy information within their structure.
This guide covers IPv4 (RFC 791, still the dominant protocol), the CIDR revolution (RFC 4632), the private address space (RFC 1918), NAT reality, and IPv6 (RFC 8200). Each section builds on the last.
1. The Logic of the Bit: Binary Foundations of IPv4
To understand IP addressing at an engineering level, you must first abandon decimal notation. While we represent IP addresses like 192.168.1.1 for human readability, every router in the world processes them as a 32-bit binary number. Decimal notation is a convenience abstraction — the machine sees only bits.
The 32-Bit Address Space
An IPv4 address is exactly 32 bits. These 32 bits are divided into four groups of 8 bits, called octets (sometimes called "bytes," though engineers use "octet" to be unambiguous). Each octet is displayed as a decimal number from 0 to 255.
The total IPv4 address space is 2³² = 4,294,967,296 addresses (approximately 4.3 billion). This sounds enormous — but it was essentially exhausted decades before we expected. The regional internet registries (ARIN, RIPE, APNIC) distributed the last remaining /8 blocks years ago, with IANA allocating the final blocks in 2011.
Network vs. Host: The Two-Part Structure
Every IPv4 address has a two-part structure: a Network portion and a Host portion. The network portion identifies which logical network the address belongs to. The host portion identifies a specific device within that network. A subnet mask defines the boundary between these two parts.
The subnet mask is also a 32-bit number. Where a bit in the mask is 1, the corresponding bit in the IP address is part of the network. Where a mask bit is 0, the corresponding IP bit is part of the host field. Bitwise AND operations are used by the router hardware to mask out the host bits and determine the destination network.
2. From Classful to CIDR: The Revolution That Saved IPv4
The original IP addressing scheme (pre-1993) was Classful. Every IP address inherently belonged to a class, determined by its first few bits, which dictated a fixed subnet mask. This was elegant in its simplicity but catastrophically wasteful.
| Class | First Bit(s) | Default Mask | Host Capacity | Original Use Case |
|---|---|---|---|---|
| A | 0xxxxxxx | /8 | 16,777,214 | ARPANET, large telcos |
| B | 10xxxxxx | /16 | 65,534 | Universities, corporations |
| C | 110xxxxx | /24 | 254 | Small businesses, ISPs |
| D | 1110xxxx | N/A | N/A | Multicast (224.0.0.0–239.x.x.x) |
The problem was stark: a company needing 300 IP addresses could not fit in a Class C (254 hosts) but would have to take a Class B block — wasting over 65,000 addresses. As the internet exploded in the early 1990s, the address space was hemorrhaging at an unsustainable rate, and routing tables were growing impossibly large.
CIDR: Classless Inter-Domain Routing (RFC 1519, 1993)
CIDR abolished the class system entirely. The key insight: the network/host boundary does not need to fall on an octet boundary. Any bit position can be the dividing line. This introduced the prefix notation (e.g., 192.168.1.0/24) where the number after the slash specifies exactly how many bits constitute the network ID.
Route Summarization: CIDR at the Internet Scale
CIDR also enables route aggregation — grouping multiple smaller prefixes into a single larger advertisement. If an ISP owns the block 203.0.113.0/24 and allocates four /26 subnets to customers, it only needs to advertise the single /24 to the internet, not four separate /26 routes. This keeps global BGP routing tables manageable (currently ~1 million prefixes) instead of the billions that would exist without aggregation.
3. RFC 1918 Private Addresses and the NAT Architecture
In 1996, RFC 1918 codified a critical conservation mechanism: three blocks of IPv4 addresses were designated as private, meaning they would never be allocated or routed on the public internet. Any organization could use them internally, repeatedly, without registration.
10.0.0.0/8 Large enterprise, data centers, cloud VPCs
172.16.0.0/12 Medium networks, Docker default, cloud subnets
192.168.0.0/16 SOHO routers, home networks, small branches
Network Address Translation (NAT) — RFC 3022
Private addresses solve the allocation problem internally, but they create a new architectural problem: private-addressed devices cannot directly communicate with public internet servers, because their source addresses are not globally routable. The solution is NAT.
A NAT device (typically a router or firewall) sits at the boundary between the private network and the internet. When an internal device (say, 192.168.1.100) initiates a connection to a public server, the NAT device replaces the private source IP with its own public IP (203.0.113.5) before forwarding the packet. It maintains a NAT Translation Table mapping internal IP:port pairs to the public IP:port, enabling it to reverse the translation for return traffic.
4. Special-Purpose IPv4 Address Ranges
Beyond RFC 1918, several other IPv4 blocks are reserved for specific, non-routable purposes. A misconfiguration using these ranges can cause mysterious failures.
0.0.0.0/8 Represents the local network or an unspecified source. Used by DHCP clients before they have an address assigned.
127.0.0.0/8 Traffic sent here never leaves the host. 127.0.0.1 is the canonical loopback address for testing local network stacks.
169.254.0.0/16 Automatic Private IP Addressing. Windows/macOS self-assign from this range when DHCP fails. Seeing this address is a sign of a DHCP failure.
100.64.0.0/10 Designated for Carrier-Grade NAT (CGN). Used internally by ISPs for their last-mile infrastructure. Never route this on your LANs.
240.0.0.0/4 Originally reserved for experimental use. Effectively unusable on the internet. Most OS network stacks will reject packets from this range.
255.255.255.255/32 Reaches all hosts on the local network segment. Not forwarded by routers. Used by DHCP Discovery.
5. IPv6: Engineering the 340 Undecillion Solution
IPv6 (RFC 8200) is not simply "IPv4 with more bits." It is a ground-up redesign of the network layer, addressing both the exhaustion problem AND a decade of NAT-induced architectural complexity.
The Address Space: Comprehending 128 Bits
IPv6 uses 128-bit addresses: 2¹²⁸ = 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. To put this in context: this is enough to assign over 100 addresses to every atom on the surface of the Earth. Address exhaustion is categorically solved.
IPv6 addresses are written as eight groups of four hexadecimal digits, separated by colons: 2001:0db8:85a3:0000:0000:8a2e:0370:7334. Two simplification rules apply: (1) Leading zeros in each group may be omitted. (2) One contiguous sequence of all-zero groups may be replaced with ::. The address above compresses to: 2001:db8:85a3::8a2e:370:7334.
Key Architectural Changes in IPv6
No Broadcast, Only Multicast
IPv6 eliminates broadcast entirely. All-to-all communications use multicast — which routers can selectively forward, eliminating the broadcast storm problem that plagues large flat IPv4 LANs.
SLAAC — Plug & Play Addressing
Stateless Address Autoconfiguration (RFC 4862) allows devices to derive their own globally unique IPv6 address from the router's advertised prefix + their own MAC-derived interface identifier. No DHCP server required.
IPsec as a Core Feature
IPv6 was designed with IPsec (AH and ESP headers) as a mandatory capability (though not always mandatory in use). Every IPv6 stack supports it; in IPv4, IPsec is an optional add-on.
Simplified Header Format
The IPv6 header is fixed at 40 bytes (vs. IPv4's variable 20-60 bytes) with no checksum field. Fragmentation is handled only by endpoints, not routers, reducing processing overhead at every hop.
True End-to-End Connectivity
Every device gets a globally unique public address. NAT is a workaround for IPv4 scarcity — in IPv6, every IoT sensor, phone, and server is directly addressable from the internet (with firewall policy controlling actual access).
NDP Replaces ARP
The Neighbor Discovery Protocol (NDP, RFC 4861) replaces IPv4's ARP for address resolution. NDP uses ICMPv6 and multicast, eliminating ARP broadcast and the ARP poisoning attack vector.
IPv6 Address Types
IPv6 defines several distinct address types, each with a specific purpose:
- Global Unicast (2000::/3): The IPv6 equivalent of public IPv4 addresses. Globally routable. IANA allocates from the
2001::/32range for documentation, and ISPs receive blocks like2001:db8::/32. - Link-Local (fe80::/10): Automatically configured on every IPv6 interface. Only valid within a single network link — never forwarded by routers. Used by NDP and routing protocols.
- Unique Local (fc00::/7): The IPv6 equivalent of RFC 1918 private addresses. Not routable on the public internet but routable within an organization.
- Loopback (::1/128): The IPv6 equivalent of 127.0.0.1. Represents the local host.
- Multicast (ff00::/8): Replaces broadcast. Specific well-known multicast groups:
ff02::1(all nodes),ff02::2(all routers). - Anycast: Multiple devices share the same IPv6 address; BGP routes to the nearest instance. Used by DNS root servers and CDNs.
6. IP Addressing in AI Compute Fabrics (RoCE v2)
The rise of Large Language Models (LLMs) has pushed IP addressing into the data center "Back-End" fabric. While standard Ethernet is fine for web traffic, AI training requires lossless, low-latency communication between GPUs.
RoCE v2: RDMA over Converged Ethernet
RoCE v2 is the technology that allows GPUs to talk to each other across an IP network without CPU intervention.
- IP Encapsulation: Unlike RoCE v1, v2 is encapsulated in UDP/IP. This means it can be routed across standard Layer 3 switches using IP addresses.
- ECMP Load Balancing: Because it uses standard IP headers, AI traffic can be spread across hundreds of parallel paths in a Leaf-Spine topology using Equal-Cost Multi-Path (ECMP) routing.
- Lossless Fabric Mechanics: To prevent "dropped packets" (which are fatal to AI training), RoCEv2 relies on a combination of protocols. Explicit Congestion Notification (ECN) uses Layer 3 markings to signal end-to-end congestion (DCQCN), while Priority Flow Control (PFC) provides hop-by-hop lossless behavior at Layer 2. DSCP values map AI traffic into these priority queues.
In an AI cluster with 32,000 GPUs, the IP addressing strategy is massive. Every GPU potentially has its own IP on the Frontend (management/user traffic) and a high-speed IP on the Backend (RoCE fabric). This necessitates a tiered CIDR strategy that maximizes routing efficiency.
7. Anycast, Multicast, and the Cast Taxonomy
IP defines four fundamental delivery modes. Every network engineer must know when each is used and which protocols leverage them:
Unicast — One to One
A packet from a single source to a single destination. The standard mode for TCP connections — web browsing, SSH, API calls. The source and destination IP are both specific individual interfaces.
Broadcast — One to All (IPv4 Only)
A packet sent to the subnet broadcast address (e.g., 192.168.1.255) is delivered to every host on the local subnet. Used by ARP, DHCP discovery, and legacy protocols. Deprecated in IPv6, replaced by multicast.
Multicast — One to Group
A packet sent to a multicast group address (224.0.0.0/4 for IPv4, ff00::/8 for IPv6) is delivered only to hosts that have joined that specific group via IGMP (IPv4) or MLD (IPv6). Used by video streaming, routing protocols (OSPF Hello, EIGRP), and financial data feeds.
Anycast — One to Nearest
Multiple servers share the same IP address, announced via BGP from multiple locations. The internet's routing protocol automatically directs each packet to the topologically nearest instance. Used by DNS root servers (13 IPs, 1500+ physical nodes), Cloudflare 1.1.1.1, and AWS Route 53. Every query reaches the nearest node, usually in under 10ms globally.
8. IP Addressing Troubleshooting: Systematic Diagnostics
When a network connectivity issue is reported, Layer 3 IP addressing is almost always the first place to look. A systematic approach follows the OSI bottom-up model:
Step 1: Verify the IP Configuration
An APIPA address (169.254.x.x) immediately confirms a DHCP failure. A wrong subnet mask is harder to spot but causes "one-way routing" — the host thinks the gateway is local and sends ARP instead of routing.
Step 2: Test Layer 3 Reachability
Step 3: Verify with Layer 7 (DNS)
The Classic IP Troubleshooting Matrix
| Symptom | Likely Cause | Fix |
|---|---|---|
| Cannot reach gateway | Wrong subnet mask — host thinks it's on a different subnet | Correct mask to match gateway's network |
| 169.254.x.x address | DHCP server unreachable or exhausted pool | Verify DHCP server, extend pool, check scope |
| Local hosts reachable, internet not | NAT misconfiguration or missing default route | Verify NAT rules and 0.0.0.0/0 route on gateway |
| VPN connects but no traffic flows | Overlapping subnets on both VPN endpoints | Re-IP one side to use non-overlapping ranges |
| Intermittent packet loss on LAN | Duplicate IP address conflict (two hosts, same IP) | Use ARP scan to find conflicting device: arp -n |
| MTU black hole (works locally, fails via WAN) | PMTUD failing due to ICMP blocking on path | Enable MSS clamping (1452 for PPPoE), check firewall ICMP policy |
9. CIDR Quick Reference: The Engineer's Subnet Cheat Sheet
Every network engineer memorizes the key prefix-to-host-count relationships. Here is the complete reference from /24 downward, which covers 95% of real-world subnet design:
| Prefix | Mask | Total IPs | Usable Hosts | Common Use |
|---|---|---|---|---|
| /24 | 255.255.255.0 | 256 | 254 | Standard LAN, VLAN segment |
| /25 | 255.255.255.128 | 128 | 126 | Split LAN (two halves) |
| /26 | 255.255.255.192 | 64 | 62 | Department or server VLAN |
| /27 | 255.255.255.224 | 32 | 30 | Small office or DMZ |
| /28 | 255.255.255.240 | 16 | 14 | Server cluster, IoT segment |
| /29 | 255.255.255.248 | 8 | 6 | Small server group |
| /30 | 255.255.255.252 | 4 | 2 | WAN link, P2P connection |
| /31 | 255.255.255.254 | 2 | 2* | P2P link (RFC 3021, no broadcast) |
| /32 | 255.255.255.255 | 1 | 1 | Host route, loopback interface |
* /31 is a special case per RFC 3021 — both addresses are usable as host addresses on point-to-point links.
10. Apply the Knowledge: IP Addressing Diagnostic Tools
Now that you understand the theory, use these purpose-built tools to practice and diagnose real-world IP addressing problems:
Compute network address, broadcast, usable host range, and subnet masks from any CIDR prefix.
Full subnet analysis: binary mask view, network/broadcast/host ranges, wildcard mask.
Discover ASN, ISP, country, and routing information for any public IP address.
Resolve any IP to its hostname via PTR records in the in-addr.arpa zone.
Discover who owns any IP block or domain — shows ARIN/RIPE/APNIC registration data.
Calculate optimal MTU for your encapsulation stack (GRE, IPsec, VXLAN, PPPoE).
Frequently Asked Questions
What is the difference between a subnet mask and a CIDR prefix?
A subnet mask (e.g., 255.255.255.0) and a CIDR prefix (e.g., /24) express exactly the same information using different notations. The subnet mask is a 32-bit number expressed in dotted-decimal, where all the network bits are '1' and all host bits are '0'. The CIDR prefix is simply a count of how many leading '1' bits the mask contains. /24 means 24 bits are '1', which equals 255.255.255.0. CIDR notation (introduced in RFC 4632) is more compact and is universally used in modern routing table entries.
How many usable host addresses are in a /24 subnet?
A /24 subnet has 8 host bits, giving 2^8 = 256 total addresses. However, two addresses are always reserved: the Network Address (all host bits = 0, e.g., 192.168.1.0) which identifies the subnet, and the Broadcast Address (all host bits = 1, e.g., 192.168.1.255) which is used to send packets to all hosts simultaneously. Therefore, the usable host count is 256 - 2 = 254 hosts.
Why can't I route RFC 1918 (private) IP addresses on the public internet?
RFC 1918 defines three IP address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) that are reserved for private use. Internet backbone routers are globally configured to drop packets with these source or destination addresses. This is by design: since millions of organizations reuse the same private address space internally, allowing them to be routed publicly would cause catastrophic routing table conflicts and security vulnerabilities. NAT (Network Address Translation) is the technology that allows private-addressed devices to access the internet by translating their source address to a public one.
What is VLSM and when would I use it?
VLSM (Variable Length Subnet Masking) is the technique of using different subnet mask lengths within the same major network block. For example, if you have a 192.168.1.0/24 block, you could carve it into a /26 (62 hosts) for your main office LAN, a /28 (14 hosts) for a server network, multiple /30 subnets (2 hosts each) for point-to-point WAN links, and a /32 for a loopback interface — all from the same /24. VLSM is an essential skill for efficient IP address management and is required by modern routing protocols like OSPF and BGP.
What is the difference between IPv4 and IPv6?
IPv4 uses 32-bit addresses (4 billion total addresses, now exhausted) expressed in dotted-decimal notation. IPv6 uses 128-bit addresses (340 undecillion addresses) expressed in hexadecimal colon notation. Beyond address space, IPv6 includes: mandatory IPsec support (originally), Stateless Address Autoconfiguration (SLAAC) providing plug-and-play addressing without DHCP, elimination of broadcast in favor of multicast, and a simplified header format for faster router processing. NAT is generally unnecessary in IPv6 because every device gets a globally unique public address.
What causes the 'overlapping subnet' problem in VPNs?
An overlapping subnet problem occurs when the same IP address range is used on both sides of a VPN tunnel. For example, if your corporate network uses 192.168.1.0/24 and the remote site you're connecting to via VPN also uses 192.168.1.0/24, the router doesn't know whether to send packets to the local network or through the VPN tunnel. The operating system uses the most specific route, which is always the directly connected local interface, so VPN traffic to the 'remote' 192.168.1.x addresses never leaves your machine. The fix is proper network design using non-overlapping RFC 1918 ranges from day one, or configuring Policy NAT (Twice NAT) on the VPN gateway to translate the overlapping addresses into unique 'dummy' subnets before the traffic enters the IPsec tunnel.
Conclusion
Whether you are subnetting an IPv4 /24 for a home office or designing a RoCE-based IPv6 fabric for a 100,000-GPU cluster, the fundamental principles of Network vs. Host identification remain the same. The internet is built on these numbers; understanding them is the first step toward mastering the network.