Is it valid to have part of an IPv4 address set to zero?

Question

I am working on a change in a Java EE application that would authenticate based on the user's IP address using ServletRequest.getRemoteAddr. We store IP address ranges (FROM_IP and TO_IP) in a database and the system would authenticate only if a user's IP address falls in a range.

Now, testers have pointed out that digit 0 (zero) should not be allowed in FROM_IP and TO_IP values (in any place). Note that this is an Internet facing application, and so we will get only public IP addresses.

Are testers right in suggesting that validation? Why can't we have zero in the range value such as in 167.23.0.1 - 167.23.255.255?

MikeyB · Accepted Answer · 2015-01-14T18:34:45.123

No, they are completely incorrect.

In fact, this is a valid IP address: 192.168.24.0

As is 167.23.0.1.

Separation of the IP address into dotted segments is a purely human convenience for display. It's a lot easier to remember 192.168.1.42 than 3232235818.

What matters to computers is the separation (netmask). It's not valid to have an host address with the host section of the address set entirely to 0 or 1.

So, 192.168.24.0 as long as the netmask is such that some bits get set in the host part. See the following calculations:

michael@challenger:~$ ipcalc 192.168.24.0/16
Address:   192.168.24.0         11000000.10101000. 00011000.00000000
Netmask:   255.255.0.0 = 16     11111111.11111111. 00000000.00000000
Wildcard:  0.0.255.255          00000000.00000000. 11111111.11111111
=>
Network:   192.168.0.0/16       11000000.10101000. 00000000.00000000
HostMin:   192.168.0.1          11000000.10101000. 00000000.00000001
HostMax:   192.168.255.254      11000000.10101000. 11111111.11111110
Broadcast: 192.168.255.255      11000000.10101000. 11111111.11111111
Hosts/Net: 65534                 Class C, Private Internet

In this case, the address part (right side) has 2 bits set. This is a valid host address in the 192.168.0.0/16 subnet.

michael@challenger:~$ ipcalc 192.168.24.255/16
Address:   192.168.24.255       11000000.10101000. 00011000.11111111
Netmask:   255.255.0.0 = 16     11111111.11111111. 00000000.00000000
Wildcard:  0.0.255.255          00000000.00000000. 11111111.11111111
=>
Network:   192.168.0.0/16       11000000.10101000. 00000000.00000000
HostMin:   192.168.0.1          11000000.10101000. 00000000.00000001
HostMax:   192.168.255.254      11000000.10101000. 11111111.11111110
Broadcast: 192.168.255.255      11000000.10101000. 11111111.11111111
Hosts/Net: 65534                 Class C, Private Internet

In this case, the address part has 10 bits set and 6 bits unset. This is another valid host address in the same subnet.

michael@challenger:~$ ipcalc 192.168.24.0/24
Address:   192.168.24.0         11000000.10101000.00011000. 00000000
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard:  0.0.0.255            00000000.00000000.00000000. 11111111
=>
Network:   192.168.24.0/24      11000000.10101000.00011000. 00000000
HostMin:   192.168.24.1         11000000.10101000.00011000. 00000001
HostMax:   192.168.24.254       11000000.10101000.00011000. 11111110
Broadcast: 192.168.24.255       11000000.10101000.00011000. 11111111
Hosts/Net: 254                   Class C, Private Internet

In this case, the address part has zero bits set. This is not a valid host address in the 192.168.24.0/24 network.

score 18 · Answer 2 · answered Jul 15 '11 at 23:20

18

Unless I'm misunderstanding, your testers are dead wrong. Valid IP addresses can certainly have a 0 in them.

answered Jul 15 '11 at 23:20

EEAA

110,608

score 13 · Answer 3 · answered Jul 16 '11 at 00:22

In general: No, it doesn't matter if there is a 0 in the address or not.

However, there is a grain of truth in what your testers are saying. In some cases old or broken network equipment will not work correctly on addresses with 0 in the last octests. This is due to the old classfull routing rules. In Classfull routing, you can tell the netmask from the first octet of the address. If the equipment still follows classfull routing rules it is likely to handle an address like 200.100.1.0/16 incorrectly.

score 4 · Answer 4 · answered Jul 16 '11 at 00:00

Let's say you need 510 IP adresses in one range and your network adress is 192.1.1.0, you would have a /23 subnet, of which one of your host IP's is a .0 IP address, your testers are wrong if the .0 address is a host address. If you have a /24 network it would be right to say it was wrong.

joeqwerty · Answer 5 · 2011-07-16T13:51:17.283

3

To provide a very simple answer: One or more zeros in an ip address are perfectly valid for host addresses as long as those addresses are not the network or broadcast address.

Network and broadcast addresses are valid ip addresses, they're just not usable by hosts.

edited Jul 16 '11 at 13:51

answered Jul 16 '11 at 02:11

joeqwerty

111,849

StefanKaerst · Answer 6 · 2021-02-03T16:41:34.970

If the network range contains more than 256 IPv4 addresses, some of them will contain one or more zeros. As IPv4 addresses are classless you can use sipcalc to verify.

user@linux:~ # sipcalc 10.1.0.0/8 | grep "Usable range"
Usable range            - 10.0.0.1 - 10.255.255.254
user@linux:~ # sipcalc 10.0.0.1/8 | grep "Usable range"
Usable range            - 10.0.0.1 - 10.255.255.254
user@linux:~ # sipcalc 10.0.1.0/8 | grep "Usable range"
Usable range            - 10.0.0.1 - 10.255.255.254

Is it valid to have part of an IPv4 address set to zero?

6 Answers6