21

In the history, I mostly used 0.0.0.0/0 for "match every IP address". Recently, I saw a 0.0.0.0/1 subnet filter.

What is the difference between 0.0.0.0/0 and 0.0.0.0/1 and what's the practical use of 0.0.0.0/1?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Arakis
  • 321
  • 2
  • 6
  • 2
    The most specific route (the one with the largest prefix length) is used. For the first half of the full IPv4 address range, `0.0.0.0/1` would be preferred over `0.0.0.0/0`. Addresses in the second half of the full IPv4 address range will not match `0.0.0.0/1`. Any more specific routes will be use for traffic that falls into those ranges. – Ron Maupin May 05 '22 at 16:07

3 Answers3

37

The 0.0.0.0/0 matches every IP address, whereas 0.0.0.0/1 only matches half of them (0.0.0.0-127.255.255.255) and requires 128.0.0.0/1 as its pair to match the rest (128.0.0.0-255.255.255.255).

In basic routing, the smallest available subnet containing the IP address takes precedence. This rule comes from RFC 4632, 5.1. It is typical there will be overlapping networks as, for example, 192.168.1.0/24 is part of 192.168.0.0/16, which is – just like any IP address – part of 0.0.0.0/0.

Therefore, by splitting the 0.0.0.0/0 into smaller chunks one can constrain the interface to take precedence over any other interface that has default route 0.0.0.0/0, without playing with metric values. This is a common technique with VPNs that would not want data to bypass the tunnel. The same logic is the reason you could still use resources from your local subnet (e.g., /24) while the VPN is on – if no other methods are used to enforce everything gets tunneled.

Likewise, the entire IPv4 address space could be divided into even smaller subnets, e.g. in four chunks:

  • 0.0.0.0/2 (0.0.0.0-63.255.255.255)
  • 64.0.0.0/2 (64.0.0.0-127.255.255.255)
  • 128.0.0.0/2 (128.0.0.0-191.255.255.255)
  • 192.0.0.0/2 (192.0.0.0-255.255.255.255)

Or eight with 0.0.0.0/3, 32.0.0.0/3, 64.0.0.0/3, 96.0.0.0/3, 128.0.0.0/3, 160.0.0.0/3, 192.0.0.0/3 & 224.0.0.0/3, etc., etc.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
9

What is the difference between 0.0.0.0/0 and 0.0.0.0/1

0.0.0.0/0 matches all IPv4 addresses.

0.0.0.0/1 matches the IP range from 0.0.0.0 to 127.255.255.255

IP routing uses a "longest prefix match" rule, so if there are routes in the routing table for both 0.0.0.0/0 and 0.0.0.0/1 and both match the destination then the route for 0.0.0.0/1 will be preferred.

what's the practical use of 0.0.0.0/1?

Openvpn uses it as a trick to override the default route without modifying or removing the existing one. It would not surprise me if other VPN software does too but I haven't seen it.

Removing the exiting default route when the VPN connects and re-adding it when the VPN disconnects has the potential for race conditions with other network control or administration software. It is also likely to leave the system without network access if the VPN client crashes.

It is possible to override a route by using a lower metric, however that doesn't work if the existing route already has the lowest possible metric.

So openvpn's "redirect-gateway" feature has an option called "def1". When this option is enabled it will create routes for 0.0.0.0/1 and 128.0.0.0/1 rather than creating a single route for 0.0.0.0/0. These routes will be preferred over the existing route for 0.0.0.0/0 thanks to the "longest prefix match" rule, so there is no need to remove the existing default route.

Peter Green
  • 4,056
  • 10
  • 29
  • 2
    This answer gets closest to the "practical" use of a /1 pair - to override the default route, without replacing the default route. – chexum May 07 '22 at 07:16
1

The literal meaning: that is just two different networks expressed in CIDR notation.

The practical use of 0.0.0.0/1: Splitting the IPv4 space by the first bit does not produce particularly meaningful subnets today, outside of history lessons.

It just happens to be the smallest split possible. So spelling out two halves is the shortest method to express "all of IPv4" where 0/0 is not a valid input. A script would not let me configure network topology for which it had not been designed, so I used 0/1 as a workaround (in routing context, prefix length determines preference).

Besides typos, that is the only instance where I ever encountered it.

anx
  • 6,875
  • 4
  • 22
  • 45
  • re. the link to history lessons, I don't really see how `0/1` has anything to do with classful networks, as the classes corresponded to `/8`, `/16` and `/24` blocks. – ilkkachu May 06 '22 at 09:23
  • @ilkkachu initial /8 allocations had the most significant bit unset – anx May 06 '22 at 09:45
  • @ilkkachu in classful addressing there were no arbitrary network masks. The IPv4 unicast address space was split to sets of `/8`, `/16` and `/24` networks in a fixed manner encoded in the address itself. `0.0.0.0/1` contains exactly all the Class A (`/8`) networks and nothing more. Read the Wikipedia article linked in the answer. – pabouk - Ukraine stay strong May 06 '22 at 21:07
  • @anx, right. Though as pabouk there says, there were no arbitrary masks, so no arbitrary size blocks, so it seems to me when the classes existed, it wouldn't have been possible to say Class A corresponded to `0/1`. – ilkkachu May 06 '22 at 21:51
  • @pabouk-Ukrainestaystrong, I did, it never mentions `/1`. – ilkkachu May 06 '22 at 21:51
  • 1
    @ilkkachu `0/1` means that the most significant bit (MSB) is zero and that is the definition of Class A addresses in classful network: `0nnnnnnn.HHHHHHHH.HHHHHHHH.HHHHHHHH`. `0` - fixed zero MSB, `n` - network part bits, `H` - host part bits. - Today you can compare the mask with the obsolete classes for fun. Today's masks did not exist at the time of classful networks. – pabouk - Ukraine stay strong May 06 '22 at 22:13