IP Configuration Rant


IPv4 address configuration
IP Address 192.168.1.2
Subnet Mask 255.255.255.0
Default gateway 192.168.1.1
Primary DNS 192.168.1.1
Secondary DNS

I'm sick and tired of the standard "address, subnet mask, gateway, primary DNS server, secondary DNS server" schema often used in network configurations because it reinforces a very rigid way of thinking. More specifically, at the network level, these designations are totally meaningless, and can waste as many as three public IPv4 addresses per subnet, which is actually quite a lot these days where ISPs may only give out a small number of addresses.

But it doesn't need to be that way. Fundamentally, assigning an address, subnet mask, and gateway actually performs the following operations:

  • When you assign an IP address of 192.168.1.2 to an interface, your computer configures its routing table so that 192.168.1.2 is locally processed when it is used as a destination IP, and that outbound connections through this interface can use 192.168.1.2 as a source IP. In other words, it marks 192.168.1.2 as "local."
  • When you set the subnet mask to 255.255.255.0 (/24), your computer does the following things:
  • Configure a static route that says that to reach computers in 192.168.1.0/24, the next hop is found by performing an ARP query on the interface for the requested IP address, as opposed to sending it through a gateway.
  • Set 192.168.1.0 (the first address in the /24) as the network identifier address.
  • Set 192.168.1.255 (the last address in the /24) as the broadcast address.
  • When you set the default gateway to 192.168.1.1, your computer sets a static route of 0.0.0.0/0 (a.k.a. the "default" route) with a "gateway" address of 192.168.1.1. In other words, this means that to connect to any IP address outside of 192.168.1.0/24, your computer makes an ARP query for 192.168.1.1 (which is on-link), and processes the packet in the computer's routing table as if the destination IP were 192.168.1.1.
  • The DNS server option is an application-layer protocol. An IP address is usually specified here because of the chicken-and-egg scenario that may result if a domain name were to be specified: if it were a domain name, then it would need to be resolved first, and it can't do so unless it knows where to send the DNS request. However, on the network layer, DNS is meaningless.

We can immediately see how this schema is fatally flawed, especially with respect to the subnet mask and default gateway settings:

  • The ARP protocol itself is not dependent on subnet masks. They only contain individual IP and MAC addresses. For similar reasons, proxy ARP is inefficient since it requires ARP entries for all the IP addresses in a particular range.
  • Because the only involvement of a default gateway is to resolve its MAC address, this means that theoretically, it is not a necessary condition for a default gateway IP address to be in the same subnet as the rest of the network.
  • The default gateway IP address could be a private IP address on a network with normally public network identifiers, as long as that private IP address exists on-link. This could be useful for certain scenarios like HSRP, where there could be multiple default gateways.
  • The default gateway IP address could be an IPv6 address for an IPv4 network, or vice versa. In this scenario, NDP could be used to discover the default gateway MAC address instead of ARP. However, this is not implemented on Linux.
  • The default gateway IP address could be entirely arbitrary, as long as a static ARP entry with the actual MAC address exists for that IP address.
  • It is not necessary to assign network identifier and broadcast addresses. If none of the systems on a network set their network identifier and broadcast addresses, then they could potentially be used as normal IP addresses, and if they do not end in .0 or .255, then they are virtually indistinguishable from normal IP addresses. To do this, in lieu of a "subnet mask", a static entry could be added to each system's routing tables that merely marks the local subnet as on-link without actually configuring the "subnet mask" for that interface.
  • Two or more discrete network ranges can coexist on a single network segment (without using a VLAN) as long as all nodes on that segment are aware of both ranges being an on-link subnet. In that case, each node theoretically needs just one IP address, which can be chosen from any of those ranges. This already happens in practice with link-local vs. global addresses in IPv6, although in that case, IP addresses are assigned from both ranges. Although not really useful in practice, the author envisions this technique being used on a network where public IP addresses are overlaid on a private network.
  • If the subnet mask is 255.255.255.255 (/32) or /128 (IPv6), then none of the steps that normally occur when configuring the subnet mask are performed.
  • The assignment of an IP address to an interface in the traditional way only assigns a single IP address. Multiple IP addresses in a range can be assigned by running ip route add local [range]/[prefix length] dev lo, as described in Snippets:Nginx geo local server address.
  • A default route is a static route, just like any other static route.

The preceding list describes the behavior on Ethernet links, including Wi-Fi. Point-to-point links (e.g. PPPoE, cellular modems, etc.) are much simpler. There is no ARP; instead, any route that specifies such an interface will be sent through the interface directly without any other addresses to resolve. This means that point-to-point links do not need a default gateway IP nor a subnet mask, since it is assumed that any IP addresses other than its own is on the other side of the link if there are no other network interfaces.

I'm sorry if this ruined your CCNA.