102

Are IP addresses with a 0 in the last octet valid?

10.6.43.0

In my case, I have the the following netmask

255.255.252.0

What about a 0 for the other octets?

splattne
  • 28,348
  • 19
  • 97
  • 147
Alan H
  • 2,234
  • 4
  • 20
  • 17
  • 14
    others have answered, but we run /23s in our DHCP ranges, meaning that the middle .255 and .0 addresses of the two /24s get assigned to clients. Works fine. Sometimes "knowledgeable" users freak out a little thinking they've pulled an invalid IP, but from a networking POV it works fine. – jj33 May 21 '09 at 21:26
  • 1
    See Also: [What is the network address *X.Y.Z.0* used for?](http://serverfault.com/questions/135267/what-is-the-network-address-x-x-x-0-used-for) – voretaq7 Nov 19 '12 at 23:07

6 Answers6

162

It depends on the subnet of the IP address in question. In general, the first and last addresses in a subnet are used as the network identifier and broadcast address, respectively. All other addresses in the subnet can be assigned to hosts on that subnet.

For example, IP addresses of networks with subnet masks of at least 24 bits ending in .0 or .255 can never be assigned to hosts. Such "last" addresses of a subnet are considered "broadcast" addresses and all hosts on the corresponding subnet will respond to it.

Theoretically, there could be situations where you can assign an address ending in .0: for example, if you have a subnet like 192.168.0.0/255.255.0.0, you are allowed to assign a host the address 192.168.1.0. It could create confusion though, so it's not a very common practice.

In your example

 10.6.43.0 with subnet 255.255.252.0 (22 bit subnet mask)

means subnet ID 10.6.40.0, a host address range from 10.6.40.1 to 10.6.43.254 and a broadcast address 10.6.43.255. So in theory, your example 10.6.43.0 would be allowed as a valid host address.

splattne
  • 28,348
  • 19
  • 97
  • 147
  • 5
    One addition. In the past I have had to deal with some older software that had problems with using a .0 address in places where it was a perfectly legal thing to do. – Zoredache May 21 '09 at 22:56
  • And no answer to this question would be complete without a reference to the CIDR RFCs: RFC1518 and RFC1519 which define all this. – pjz May 22 '09 at 02:42
  • 18
    RFC 1519 is obsolete for a long time. The current version is RFC 4632. – bortzmeyer May 22 '09 at 06:11
  • 3
    Just got assigned a dot zero by an Amazon EC2 instance. They are sure maximising the IP's they have. – hookenz Jun 05 '17 at 20:38
  • @bortzmeyer, RFC 4632 is simply a BEST CURRENT PRACTICE, while RFC 1519 is a standards track RFC. – Ron Maupin May 27 '19 at 03:39
  • While your answer doesn't explicitly exclude that, it might be notable that 10.6.43.0 is a perfectly valid IP address in a /31 P2P subnet as well ([RFC 3021](https://datatracker.ietf.org/doc/html/rfc3021)). – Zac67 Feb 19 '22 at 20:01
13

answer to your question depends on the netmask. in general statement 'IP addresses ending in .0 or .255 is invalid' is false. take 10.0.1.0/23 - it's valid ip address.

also 10.6.43.0/255.255.252.0 aka 10.6.43.0/22 is valid.

that was the theory. most reasonable network devices [ including linux servers, windows boxes, cisco / hp / etc ] will work fine with such address, but i've seen dlink and other low-end network appliance [ routers, access points ] not accepting such addresses.

pQd
  • 29,561
  • 5
  • 64
  • 106
11

I found this, which claims that it is valid, depending on your subnet mask.

http://en.wikipedia.org/wiki/IPv4#Addresses_ending_in_0_or_255

Alan H
  • 2,234
  • 4
  • 20
  • 17
10

I'd like to add a bit about 0 for the other octets:

This one is easy: it's no problem at all, as the fairly common private network address 192.168.0.1 shows.

Of course an even more obvious example would be 127.0.0.1.

splattne
  • 28,348
  • 19
  • 97
  • 147
Joachim Sauer
  • 880
  • 5
  • 17
3

I have run into problems with remote networks denying IP addresses from my network if they ended with 0 (or 255) and they were from the class C range, since anything ending with 0 would be an invalid class C network.

This was a few years ago; I don't know if anyone still blocks addresses like that or not.

Josh Kelley
  • 963
  • 1
  • 7
  • 17
  • That just sounds like your firewall/software is a bit daft ;) – nixgeek Jul 04 '09 at 15:51
  • Every IP address on my network except .0 or .255 could access every site, IP addresses ending in .0 and .255 could access 95% of sites, but there were two or three completely different sites that they couldn't access. If it was my firewall/software, I sure couldn't figure out how. – Josh Kelley Jul 04 '09 at 17:22
  • 1
    These must be using firewalls configured by the same kind of people who block all ICMP and end up breaking PMTUD, or block all "invalid" TCP flags and end up breaking ECN. – CesarB Jul 05 '09 at 00:11
  • Microsoft servers allegedly do it even today. No Windows Update for you. But Microsoft has been known to break the rules since forever. – Zdenek Feb 20 '16 at 12:15
0

Just something I found that's probably noteworthy:

If you're running R-fx networks' APF script for iptables, it drops all traffic to 0.0.0.255

We had a BT customer with an address ending in .255 with a prefix of /21 .. Technically a valid IP address, however the guys at R-fx networks think there is cause for dropping packets for these addresses.

Squeeb
  • 152
  • 1
  • 13
  • they are choosing to drop packets to 0.0.0.255 most likely for security purposes. 1) DOS attacks can happen by leveraging the power of a broadcast packet and 2) to completely privatize the network so no hosts can broadcast. see http://en.wikipedia.org/wiki/Broadcast_traffic#Security – zamnuts Jul 03 '13 at 23:41