What is this IP address: 169.254.169.254?

Question

I have always noticed an IP something "169.254.x.x" in my routing table even when I am not connected to any network in my Windows operating system.

In Linux, when I list my routing table.

$ ip route show

I get an entry like

169.254.0.0/16 dev eth0  scope link  metric 1000

Can somebody explain me what is this IP address actually. Whether its something like the 127.0.0.0/8 family.

Edit: In ec2, each instance can get meta-data regarding their own by making HTTP requests to this IP.

$ curl -s http://169.254.169.254/user-data/

So can someone tell me to whom this IP address is actually assigned ?

Since you say that you see this in your Windows OS, it sounds like you're referring to APIPA (Automatic Private IP Addressing). More info [here](http://www.webopedia.com/TERM/A/APIPA.html) or [here](https://wiki.wireshark.org/APIPA). — venomin, Aug 14 '15 at 03:30
Very relevant: [A Technical Analysis of the Capital One Hack](https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea?gi=a69a9fee6c2d) "By combining the SSRF attack from earlier with the knowledge that an AWS EC2 server has access to a metadata endpoint containing temporary credentials, the attacker was able to trick the server into making a request to the following URL: http://169.254.169.254/iam/security-credentials. This endpoint returned a role name... " — David Tonhofer, Aug 06 '19 at 09:01
This [Stackoverflow question](https://stackoverflow.com/questions/42314029/whats-special-about-169-254-169-254-ip-address-for-aws) has a more understandable answer. PS: Ironically, that question was closed because being considered "off-topic" there. — RayLuo, Jul 28 '20 at 19:31
Similarly in Microsoft Azure a VM can get metadata about itself by connecting to that IP: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm#get-an-access-token-using-the-vms-system-assigned-managed-identity-and-use-it-to-call-azure-resource-manager `$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"}` — masterxilo, Nov 28 '21 at 20:07

score 131 · Accepted Answer · edited May 17 '22 at 17:03

131

These are dynamically configured link-local addresses. They are only valid on a single network segment and are not to be routed.

Of particular note, 169.254.169.254 is used in AWS, Azure and other cloud computing platforms to host instance metadata service.

edited May 17 '22 at 17:03

abatishchev

531
1
9
31

answered Sep 13 '12 at 10:02

Michael Hampton

237,123
42
477
940

1

So can u tell me that 169.254.169.154 is assigned to whom in ec2. – pradeepchhetri Sep 13 '12 at 10:04
24

The blue text means a link that you can click on for more information. Please do so. – Michael Hampton Sep 13 '12 at 10:06
But there is nothing mentioned to whom this ip is assigned to ..regarding the internals in terms of virtualization. – pradeepchhetri Sep 13 '12 at 10:13
That address is not a public address, it is in the same scope as 10.x.x.x, 192.168.x.x etc, many people around the world could have this address, it is private. – Alex Berry Sep 13 '12 at 10:14
9

@pradeepchhetri It's not assigned to anyone. It's a [special-use address](http://tools.ietf.org/html/rfc5735). – Michael Hampton Sep 13 '12 at 10:18
3

@pradeepchhetri, to answer the specific question of "who", it's Amazon themselves (though the caveat of it being a private IP applies); in the same way that Charter "owns" 192.168.100.1 in many households (only Charter uses it for the modem WebUI rather than to Amazon's service of dispensing metadata). – JamesTheAwesomeDude Jul 19 '17 at 15:59
@pradeepchhetri - +1 for the great answer. I have encountered the same issue in a particular case where my Ubuntu 16.4 NTP was configured to this address. Hope it helps. – Guy Avraham Mar 12 '18 at 13:16
1

Like 127.0.01 it is assigned locally on EC2 instances.. – mckenzm Apr 19 '18 at 20:04

score 20 · Answer 2 · answered Sep 13 '12 at 09:58

20

In almost all circumstances that's a IP assigned automatically by an interface that's set to get its IP via DHCP but can't get one.

answered Sep 13 '12 at 09:58

Chopper3

100,240
9
106
238

score 11 · Answer 3 · answered Sep 13 '12 at 10:03

11

It's a IPv4 link local address, as defined in rfc3927. Usually ZeroConfig/Bonjour/mdns et al enabled boxes are setup to have IPv4 ll address to enable (home) networking without the presence of an DHCP or unicast DNS server.

answered Sep 13 '12 at 10:03

pfo

5,630
23
36

score 7 · Answer 4 · edited Jun 22 '20 at 05:44

7

This is a special case of an APIPA address. The OP is not asking for 169.254.x.x

As well as being an APIPA address, this is the internal address used by AWS EC2 instances for EC2META queries via HTTP (curl, say).

curl http://169.254.169.254/latest/meta-data/instance-id

will return the instance id without a newline, and this is useful for scripting. It is not used for "distributing" the metadata. Instead, it is used for querying these attributes.

edited Jun 22 '20 at 05:44

auspicious99

111
1
9

answered Apr 19 '18 at 20:15

mckenzm

254
2
7

2

"_This is a special case of an APIPA address._ Such a use is not allowed by the RFC. The addresses in `169.254.0.0/16` are not allowed to be assigned in a fixed manner, the range cannot be subnetted, and packets in the range cannot be routed. I would not use anything that violates the standard. – Ron Maupin Apr 19 '18 at 20:22
Agreed, I suppose AWS feel they can guarantee that RFC would never apply within their internal networks due to DHCP failure. The range is also used for static IP assignment for peer to peer ad hoc networks, but low numbers are generally chosen. – mckenzm Apr 19 '18 at 20:29
1

@RonMaupin, APIPA are used in MS when no IP is configured on an interface (either manually or dhcp). More info is available [here](https://support.microsoft.com/en-us/help/220874/how-to-use-automatic-tcp-ip-addressing-without-a-dhcp-server) which seems to show it follows the RFC though I haven't tested it for compliance. – user2320464 Apr 19 '18 at 20:30
2

"_Note that addresses in the 169.254/16 prefix SHOULD NOT be configured manually or by a DHCP server. Manual or DHCP configuration may cause a host to use an address in the 169.254/16 prefix without following the special rules regarding duplicate detection and automatic configuration that pertain to addresses in this prefix._" That means that you cannot set a fixed address in that range. A host needs to randomly select an address in the range. – Ron Maupin Apr 19 '18 at 20:38
2

"_Administrators wishing to configure their own local addresses (using manual configuration, a DHCP server, or any other mechanism not described in this document) should use one of the existing private address prefixes [RFC1918], not the 169.254/16 prefix_" – Ron Maupin Apr 19 '18 at 20:43
6

It says SHOULD NOT, not MUST NOT. Technically you can violate a SHOULD and still be considered conforming to spec. See RFC2919: _"SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label."_ :) – mmalone Jun 22 '18 at 23:30

score 2 · Answer 5 · answered Jul 28 '20 at 21:39

Found some info from this IANA page that is probably easier to digest than the RFC3927. Quoted below:

Special-Use Addresses
"Autoconfiguration" IP Addresses:
  169.254.0.0 - 169.254.255.255
Addresses in the range 169.254.0.0 to 169.254.255.255 are used automatically by most network devices when they are configured to use IP, do not have a static IP Address assigned and are unable to obtain an IP address using DHCP.

This traffic is intended to be confined to the local network, so the administrator of the local network should look for misconfigured hosts. Some ISPs inadvertently also permit this traffic, so you may also want to contact your ISP. This is documented in RFC 6890.

And, its following section provides a side-by-side comparison, for OP's second question "Can somebody explain me what is this IP address actually. Whether its something like the 127.0.0.0/8 family."

"Loopback" IP addresses:
  127.0.0.0 - 127.255.255.255
Each computer on the Internet uses 127.0.0.0/8 to identify itself, to itself. 127.0.0.0 to 127.255.255.255 is earmarked for what is called "loopback". This construct allows a computer to confirm that it can use IP and for different programs running on the same machine to communicate with each other using IP. Most software only uses 127.0.0.1 for loopback purposes (the other addresses in this range are seldom used). All of the addresses within the loopback address are treated with the same levels of restriction in Internet routing, so it is difficult to use any other addresses within this block for anything other than node specific applications, generally bootstraping. This is documented in RFC 6890.

What is this IP address: 169.254.169.254?

5 Answers5

Special-Use Addresses

Linked