Ólafur Guðmundsson

What do we know about an IP Address?

1 You have liked this article 0 times.

When a packet reaches our network, the first thing we see is where the IP address packet originates from. And we make decisions based on that IP address. In this article, I will explain what these decisions are and if they make sense. Can we actually use an IP address as a decision point or not?

Ancient history

The Internet as we know it started on 1 January 1983 when the ARPANET changed from NCP to the TCP/IP protocol suite. It went through a rapid evolution during the 1980s: In 1985, with the creation of the Supercomputer Centers programme, NSF created NSFNET, a network that connected the five supercomputer centres and provided a network for research and education. Then, based on the ARPANET protocols, the NSFNET created a national backbone service.

In 1987, the first Internet Service Providers (ISPs) were created. At that point in time, you would send a mail to the IANA or more precisely to Jon Postel and ask for a block or IP addresses for your network. Usually, Jon would assign as many addresses to you as you had asked for - or more likely a bit more, because the address architecture looked like this:

Figure 1: Classful IP address architecture

Addresses were assigned on 8-bit boundaries. So, we ended up with a few very large blocks, some mid-sized blocks (class B addresses) and many small blocks (class C). In addition to that, there was a range of addresses (class E) that were pretty much unusable because it was reserved for research and development and many operators today filter packets sent from those addresses.

When I got on the Internet some years ago, we could easily say that an IP address is a host. In those days, every computer on the Internet had a public IP address and a local host address ( So, we could say that an

IP address = identity

But it didn't equal the identity of a user, but the identity of a host on the network. In those days, computers were expensive and one host could have had many hundreds of users.

In the late 1980s, the Internet started to grow exponentially and around 1990 we realised that the classful addressing architecture described above was wrong and wouldn't scale. The assigned blocks were either too big or too small which overall resulted in very low utilisation.

Figure 2: A map of the IPv4 address space according to xkcd

So a new technology was developed, called Classless Interdomain Routing (CIDR) that allowed routing announcements not only on 8-bit boundaries but on all bit boundaries from a /8 to a /24.

Over the years all kinds of factors came into play that affected how we use and understand IP address, some made more sense than others (see Figure 3).

Figure 3: Timeline of factors affecting IP addresses


Where does this leave us?

Because of this rapid growth of the Internet, we have an understanding of what an IP address is that is extremely diverse, based on your experience or even what you learned in school or university. For instance, Cloudflare operates an anycast-only network. That means all of our addresses are advertised in all of our locations. However, it turns out that a lot of people who are doing research in the field of network measurements do not take anycast into account which basically means they do not understand how large parts of the Internet are operated today. This is scary.

So what do we actually want and need to know about IP addresses? The answer to that question very much depends on your perspective and viewpoint. In essence, an IP address is just an identifier that helps the routing system to send packets around. But all kinds of other attributes can be attached to an IP address, here are some examples:

  • The postal address of a registrant
  • The location of a user
  • Routing aspects: unicast vs anycast
  • Services: email, DNS, HTTP, none
  • History
  • Abuse

Let's look at some of these attributes in more detail.

Location, location, location

Location is a big thing today and many service providers base decisions on the location of the user or what they think the location of the user is. Sometimes that is a good thing so you can reach the content you are looking for faster. But sometimes providers do the wrong thing and the user ends up with "craptimisation" instead of "optimisation". In addition to those annoyances, there are also things like privacy rules, GDPR and a country's sovereignty. Different countries apply different rules and regulations and content that is legal in some countries might be illegal in others.

In Cloudflare's case, we are also trying to optimise traffic based on location and we are trying to answer the following questions:

  • At which PoP does the IP address land?
  • Where will it move to if the preferred PoP is “down”?
  • What if the top two/three/four are down?
  • What if the “transit” provider goes down? Where will the alternate one take the IP address to?

Address reputation

Some people have decided that some IP addresses are good, and others are bad. How they make those decisions very much depends on what they consider bad. For instance, if an address sends spam, it means it is bad for mail providers, but does that mean it is also bad for a DNS provider? There are all kinds of lists showing the quality or reputation of an address. But how accurate and up-to-date are those lists? Maybe an address that has been bad yesterday is not bad today?

In addition to all that, there is a whole industry that is trying to figure out who the user is behind an IP address. But didn't we say above that an address identifies a device? Is that still the case?  We invented NAT and carrier-grade NAT and mobility. Do you know how many IP addresses your smartphone had in the last couple of days? Probably more than you think.

So, how long does an IP address live on your device? Some users get a static address if they pay extra. Others get dynamic address assignments, for a number of hours or days. Some people share addresses, other addresses are used for roaming.

Who "owns" IP addresses?

Some of you might think you own the IP addresses you got from your RIR or your service provider. But just like with domain names you actually lease them. However, since there is a shortage of IPv4 addresses, they have become valuable and a transfer market has developed which is very lucrative for some and which has led to some abuse. Note that you should not lend addresses to others. First of all, you don't actually own them. And secondly, you never know what others will use these addresses for. It is very hard to restore a good reputation. 


Different types of services attach different values to an IP address. See below an overview of the types of values can be attached to the same IP address, based on the service you are providing.


Think about an IP address as a temporary identifier. Also, the value you attach to an address very much depends on the type of business you are in. If you are in the filtering business, think about an IP address as an identifier with temporary accuracy. It can change. Let's keep the Internet open and trustworthy!

This was presented at the RIPE 78 meeting in Reykvavik.


1 You have liked this article 0 times.

About the author

Comments 0