Skip to content

IP Addresses (IPv4)

IPv4 Addresses Explained

Internet Protocol version 4 or simply IPv4 is a set of rules that lets computers and phones, to exchange data on the internet. This is the fourth version of the Internet Protocol (IP) and is one of the core protocols of the standard-based internetworking methods not only in the internet, but also in other packet-switched networks. It utilizes a 32-bit address space which gives 4,294,967,296 (232) unique addresses, however huge blocks are set aside or are reserved for special networking techniques.

In 1982, it was the first version to be deployed for production on the Atlantic Packet Satellite Network or SATNET. And it was also deployed for production on the Advanced Research Projects Agency Network (ARPANET) in January of the next year. Up to this day, IPv4 still routes a lot of internet traffic despite the current deployment of a newer protocol IPv6.

History of IPv4

The Internet Protocol was at first separated in the version 3 of the Transmission Control Protocol or TCP for design improvement purposes. It was eventually stabilized in version 4. TCP is one of the main protocols of the IP suite and started in the initial network implementation in which it complemented the IP. Thus, the total suite is known as TCP/IP, and major internet applications like the World Wide Web, emails, remote administration and file transfer apps greatly rely on this connection-oriented protocol.

The IPv4 was described in the Internet Engineering Task Force or IETF publication RFC 791 published in September 1981. The definition in this article replaced the earlier definition which was written on RFC 760, January 1980. Two years later, the US Department of Defense has declared that the TCP/IP will be used in all of the country’s military computer networking in March 1982.

What is the purpose of an Internet Protocol?

The Internet Protocol is the procedure that defines and also enable and facilitate internetworking at the internet layer of the IP Suite. Basically the internet protocol forms the internet. The IP utilizes a logical addressing method and do routing, which is the forwarding of packets from a source host to the next router that is nearer to the projected destination host on a different network.

The Internet Protocol version 4 is a connectionless protocol. It operates on a best-effort delivery system. This does not guarantee delivery, does not ensure proper sequencing nor does it guarantee that it can prevent duplicate delivery. These features, including date integrity, are addressed by an upper layer transport protocol and this is where the TCP comes in.


As mentioned earlier, IPv4 makes use of 32-bit addresses. This limits the address space to about 4,294,967,296 (232) addresses. Moreover, the IPv4 reserves special address blocks for special networking methods like private networks  which has about ~18 million addresses and multicast addresses  with ~270 million addresses in them.


This protocol can be characterized in any data or notation with a 32-bit integer value. They are usually in a dot-decimal notation that has four octets of the address expressed individually in decimal figures and are divided by dots.

Classless Inter-Domain Routing or CIDR merges the address with its routing prefix in a compact format. The address precedes a slash sign and the count of primary consecutive 1 bits in the routing prefix or subnet mask.

Other address representations were also used during the time when the classful networking was still utilized. Classful Networking is a network addressing architecture and was used until 1981. The introduction of CIDR in 1983 put an abrupt halt to the use of classful networking.

For example: a loopback address of is normally written as 127.1 as this belongs to the class-A network that has 8-bits for the network mask and 24-bits for the host digit. When lesser than four numbers are specified in the address in decimal notation, the last value is considered as an integer of as many bytes as are needed to fill out the address to four octets. With this example, the address 127.65530 is therefore equal to


Originally, the IPv4 was designed in a way that the IP address gets separated into two parts, the network identifier and host identifier. The former is the most significant octet of the address while the latter refers to the rest of the address. The host identifier is also called the rest field. This structure allows a maximum of 256 network identifiers, which was quickly discovered to be insufficient.

To overcome this deficiency, the most important address octet was redefined in 1981 to generate network classes, in a system that was later known as classful networking. It has five classes with A,B and C having different bit lengths for network identification. The rest of address was maximized to identify a host within a network. And due to the different sizes of fields in different classes, a network has to had various capacity in order to address hosts. Aside from the three classes, Class D and E were added, with the former being used for multicast addressing and the latter to be used for future applications. In 1985 with the publication of RFC 950, existing classful networks were divided into subnets. Two years later, the variable-length subnet mask or VLSM was introduced allowing the division to become more flexible as published in RFC 1109. In 1993, RFC 1517 presented the CIDR which expressed the number of bits starting from the most significant as /24, and the class-based format was by contrast, called classful. It was designed to allow separation of any address space allowing smaller or larger blocks could be allocated to users.

The ranking structure made by CIDR is handled and directed by the Internet Assigned Numbers Authority (IANA) and the Regional Internet Registries or RIRs. A RIR retains a publicly searchable Whois record that gives information about IP address assignment.


The IETF and IANA have also constrained and blocked from general use several reserved IP addresses for special purposes. These addresses are employed for multicast traffic and also to supply addressing space for unrestricted uses on private networks.


In IPv4, there are approximately four billion addresses, and about 18 million addresses in 3 ranges are kept for future use in private networks. Packets addresses in these ranges cannot be routed in public internet; public internet tends to ignore them. Thus, private host are not able to communicate directly with public networks, and need network address translation at a routing gateway intended for this.

Two private networks are not able to interoperate directly thru the public internet. These networks have to be bridged across the internet using a virtual private network or VPN or an Internet Protocol tunnel. The VPN basically encapsulates the packets including the headers which have the private addresses in it. Moreover, these packets that have been encapsulated can be encrypted which can then be transmitted across public networks to get the data.


The RFC 3927 has classified the special address block for link-local addressing, allowing them to be valid only on the link, like a local network segment or point-to-point connection, directly connected to a host that uses it. Furthermore, these addresses cannot be routed, and like private addresses, it cannot be the course or the destination of packets in the internet. These addresses are used mainly for address autoconfiguration (Zeroconfi). This is when a host is not able to or cannot get an IP address from the Dynamic Host Configuration Protocol (DHCP) server or other internal configuration processes.  When the address block was set aside, there is no standard for address autoconfiguration. Automatic Private IP Addressing (APIPA), which was created by internet giant, Microsoft, was deployed on millions of computers and machines and have eventually become the de facto standard or have been widely accepted worldwide. However, in 2005, the IETF defined a formal standard called the Dynamic Configuration of IPv4 Link-Local Addresses in RFC 3927.


Loopback is the practice of having electronic signals or digital data get routed and steamed back to their source without any deliberate processing or alteration. It is mainly a way of testing the communications infrastructure. Basically, classless network or Class A network is reserved for this. IP Packets whose source address belongs to such network should not be seen outside a host. The packet received on a non-loopback interface with a loopback source or destination address must be removed.


In a subnet, the first address is used to identify the subnet itself. Here, the entire host bits are Zero in this address. To avoid vagueness and confusion in representation, the address is reserved or set aside. The last address has all host bits at 1 and is maximized as a local broadcast address. Typically it is used to send messages to all devices on the subnet at the same time. For networks with the size of /24 and above, the broadcast address ends in 255 every time.

Example: subnet (subnet mask will have as the identifier, and is utilized to refer to the whole subnet. While the broadcast address of the system is  

However, some addresses ending in 0 or 255 can also be used as a host address. In the /16 subnet it has an equivalent address range of–, the broadcast address here is You can use this addresses for hosting although it ends with 255. is the network identifier and should not be placed to an interface. And instead,,, etc can be put to the interface despite having zero at the end.

Before, a conflict between network addresses and broadcast addresses happens due to software using non-standard broadcast addresses having zeroes and not ones. In network smaller than /24, the broadcast addresses does not automatically end with 255 like a CIDR subnet which has a address.

However, there are special instances that a network can accommodate only two hosts, a /31 network. These are usually employed for point-to-point connections and have no network identifier nor broadcast address.


In the world of internet, the hosts are popularly known by their names and not by their IP address. Example is easier to remember than its IP address, which is basically used for routing and network identification purposes.

The use of domain names needs translating which is known as resolving, and is utilized to addresses and vv. This is the same to searching for a phone number in a phone book using the name of the recipient.  The translation between the domain names and the addresses is done through the help of the DNS or Doman Name System. This is a hierarchical, distributed naming structure that permits for the sub-delegation of namespaces to other DNS servers. Namespace in computing is a set of names or signs that are being used in order to identify and refer to objects of different kinds. Namespace also guarantees that all of the given sets of objects are given unique names. This allows the user to identify them easily.


Since the 80s, it was already evident that the depletion of the allocation for IPv4 addresses is going on a rate no one really anticipated since it was originally designed. The major market forces that speed up this depletion are the rapidly growing number of internet users, who also have mobile computing gadgets like laptop computers, personal digital assistance or PDA, and smart phone having IP data services.    Furthermore, always-on machines or gadget have been used as a basis for high-speed internet access.

The risk of space exhaustion prompted the introduction of a number of remedial technologies like the CIDR methods in the 90s, the use of Network Address Translation or NAT and the strict usage-based allocation rules being implemented at regional and local internet registries.  

IANA which maintained the primary address pool of the internet saw its exhaustion on February 3, 2011. The last five blocks that were allocated to the five RIRs prompted this depletion. In April 15, 2011, APNIC was the first RIR to exhaust its regional pool. They however have a small amount of space left for their addresses.  The amount of space is intended for the transition to IPv6 of which can be implemented but through a restricted strict policy.

To solve this issue, a new version of the IP which is the IPv6 was specified in 1998. The IPv6 provides a hugely increased address space, greatly improved the route aggregation across the net, and provides large subnetwork share of at least 264   host addresses to all end users. But the problem however was that the former version IPv4 is not directly interoperable with this newer version, so that the older version only hosts cannot communicate directly to hosts that are operating under the IPv6 already. In 2004, the experimental network 6bone project was eventually phased-out and soon after, the permanent formal launching of the IPv6 started in 2006.

The completion of the deployment takes time and this is so in order that intermediate transition technologies are necessary to permit and allow hosts to join in the internet using the two versions.


An IP packet has a header and a data sections. It contains no data checksum and does not have other footer after the data section as well. Basically, the link layer summarizes the IP packet in frames with a CRC footer which detects errors.  A lot of transport-layer protocols that are carried by IP also posses their own error checking system.

Header. The IPv4 packet header is made up of 14 fields, 13 of which are required or needed. The last field is optional and is appropriately named: options.

In the header, the fields are packed with the most significant bytes first or the big endian. Endianness is the order or the sequence of bytes of a word of digital data in computer memory. Primarily this is expressed as big endian or little endian.

For the diagram and discussion, the major bits come first. Here they are numbered as zero, thus the version field is located in the four most important bits of the first byte.   

Version. The four-bit version field is the first header field in an IP packet. In the IPv4, this is equal to 4.

Internet Header Length. The IPv4 header is erratic in size mainly because of the optional 14th field or simply options. The Internet Header Length or IHL field has the size of the IPv4 header, contains 4 bits which detail or indicates the figure of 32-bit words in the header.  It has the smallest allowable value for this field which is 5. This specify a length of 5 x 32 bits = 160 bits = 20 bytes. As a field, the greatest or the highest value is 15, which means, the IPv4 header has a maximum size of 15 x 32 bits =480 bits = 60 bytes.

Differentiated Services Code Point. Defined as the type of service (ToS) originally, DSCP specifies differentiated services or DiffServ based on RFC 2474. Real-time data streaming greatly utilizes the DSCP field. Our VoIP (Voice over IP) which is popular among interactive voice services rely and make use of the DSCP.  

Explicit Congestion Notification(ECN) was described in RFC 3168. It allows end-to-end notification of network congestion without dropping any packets. This is an optional feature that is only available when endpoints support it and is efficient when the underlying or essential network supports it.

Total Length. 16-bit field is describes the whole packet size in bytes. This includes the header and the data. 20bytes is the minimum and this is without data, while the maximum size may reach up to 65,535 bytes. All hosts are required to be able to reassemble datagrams of size that may reach up to 576 bytes. Modern hosts today can handle bigger packets. Links may enforce further limitations with regards to the size of the packets and in most cases, datagrams has to be fragmented. When we talked about fragmentation, this is usually performed in the sending host or in routers. It allows reassembly to be executed at the receiving host.

Identification. This is the identification field and is basically used for identifying a group of fragments of a IP datagram. In some experimentation work, it was suggested that the ID field can be used for other purposes like but not limited to adding packet-tracing information in order to help trace datagrams having spoofed source address. However, the RFC 6864 no longer allow such  use.

Flags. A 3-bit field tracks and is maximized to manipulate and control or identify fragments. Bit 0 being the least significant or Reserved, bit 1: Do not fragment (DF), and bit 2: More Fragments or MF.

If for some reason the DF Flag is set and requires fragmentation in order to route the packet, the packet is then dropped. This can be used while sending packets to a host which lacks or does not have any resources to do reassembly of fragments. It can also be applied for path MTU discovery. It can work automatically by the host IP software or by using a diagnostic tool like ping or traceroute manually.

For packets that are unfragmented, MF Flag is cleared. Fragmented packets have the MF Flag set except for the last one which has a non-zero Fragment Offset field, making it unique and different from an unfragmented packet.

Fragmented Offset specifies the offset of a specific fragment comparative to the start of the original unfragmented IP Datagram in units of 8-byte blocks. The first fragment has zero as an offset. The 13 bit field lets a maximum offset of (213 – 1) × 8 = 65,528 bytes, this including the header length can have 65,528 + 20 = 65,548 bytes. It can support fragmentation of packets over the maximum IP length of 65,535 bytes.

Time to Live or TTL. TTL that is eight bit field helps in preventing the datagrams from crashing or going in circles on the net. This field limits the lifetime of the datagram. It is specified in seconds, usally less than a second but is rounded up to 1. In practice, when the datagram arrives at the router, the field turns into a hop count, and the router decrements the TTL field by one. If it hits zero, the router get rid of the packet and prompts an ICMP Time Exceeded message to the sender.  

Traceroute program uses the ICMP Time Exceed messages in order to print the routers that are being maximized by packets to go from the source to its goal.

Protocol. This field classifies the protocol that was applied in the data portion of the IP datagram. As mandated by the RFC 790, IANA has the responsibility to keep a list of IP Protocol numbers.

Header Checksum. IPv4 header checksum field that is 16-bit is usually employed for error-checking of the header. If the packet appears in the router, the router computes the checksum of the header and matches it up with the checksum field. Should the values fail to match, automatically, the router throws the packet out. The encapsulated protocol handles the data field if there are any errors. UDP and TCP contain checksum fields. If the packet arrives at the router, the router lessens the TTL field and it should calculate a new checksum.

Source Address is the IPv4 address of the sender of the packet. It can be changed by a network address translation device while traversing.

Destination Address on the other hand is the IPv4 address of the receiver of the packet. Like the source address, this too can change while in transit by the same device.

Options Field is not frequently used. The value in the IHL field however must have enough extra 32-bit words in order to hold all the options. Padding can also be applied in order that it can accommodate the header with an integer number of 32-bit words. List of options can be stopped with an EOL and is only needed if the last part of the options would not match with the end of the header. Packets having some options can be viewed as risky by some routers and are usually blocked.

Data. Not included in the checksum is the packet payload. The contents are read and interpreted basing on the value of the protocol header field. Some of the common payload protocols may include: ICMP, IGMP, TCP, UDP, ENCAP and more.


The IP allows traffic in between networks. It was made to have room for networks of various physical natures. It depends on the original transmission technology employed and used in link layer. Networks having different hardware usually differ in transmission speed and in the maximum transmission unit or MTU. If one network transmit datagram to a network with smaller MTU, it fragment in datagram can occur. This function was located at the internet layer in IPv4 and is done in IPv4 routers. This needs no further implementation of any higher layers for the function of routing packets. But in IPv6, it does not allow routers to perform fragmentation. The hosts must resolve the path MTU prior to sending datagrams.

Fragmentation. If a router obtains a packet, it automatically inspects the destination address and find out what outgoing interface is should use, in this case the MTU. When the packet size is bigger than the MTU, and the DF bit in the packet’s header is set to Zero, the packet may then be fragmented by the router.

The router usually divides the packet into smaller bits called fragments. The biggest size of such fragments is the MTU less the IP header size. 20-bytes minimum and 60-bytes maximum. The router puts each fragment into its own packet with each packet gets to have the following:

  • The total length is the fragment size
  • The MF flag is set for all fragments excluding the last one which has the value of Zero
  • Fragment offset field is based on the offset of the fragment in the original data payload. 8-byte blocks is used to measure this.
  • The header checksum field is calculated again.

A packet can be fragmented in another router, and the fragments can also be fragmented once again at another router.


The receiver recognizes the packet as a fragment if:

  • The flag “more fragments” is set, which is true for all fragments with the exception of the last one.
  • The field “fragment offset” is nonzero, which is true for all but with the exception of the first.

The receiver can determine identical fragments with the same foreign and local address, the protocol ID and the identification field.  It can also reassemble the data from the fragments with identical ID utilizing fragments offset and more fragments flags. When the receiver gets the last fragment, which has the “more fragments” flag set to zero, the receiver can then compute and analyze the size of the original data payload by multiplying the last fragment’s offset by eight. After this, add the last fragment’s data size.

If the receiver got all the fragments, it can be reassembled in the right sequence based to the offsets, in order to form the original datagram.

Assistive Protocols

IP Addresses are not entirely dependent to hardware identifications. As a matter of fact, a network interface can have several IP addresses in modern OS. Hosts and routers require additional mechanisms to recognize the connection between the gadget’s interfaces and the IP addresses. This is to deliver the IP packet to the destination host on the link correctly. The Address Resolution Protocol (ARP) executes this IP-address-to-hardware-address translation for the Internet Protocol version 4.  The reverse correlation is also needed frequently like when the IP host is booted or is connected to a network, it is required to verify its IP address, unless an administrator has preconfigured the address. Procedure for inverse correlations happens in the Internet Protocol Suite. Methods that are used frequently today include the Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP). Reverse ARP also exists in the IPC but is seldom used.

Learn more about IPv4.