What are those 169.254.x.x addresses all about?
An look at IPv4 Link Local Addressing
Earlier, we looked at DHCP. A familiar experience of troubleshooting networks is that when something breaks, Windows spends a while trying to connect, and eventually gives a seemingly meaningless address in the range of 169.254.xx.xx.
Why does it do this? What are these addresses? Are they useful?
The IANA (the international body that governs internet numbering and addressing) has reserved the range 169.254.0.0 - 169.254.255.255 as "link local address space". When Windows computers are unable to retrieve a valid DHCP lease, as a fallback, it assigns a randomly generated address in the above range (one of ~16 000). This is to allow addresses to be easily generated in very rudimentary topologies.
A common example of this would be connecting two PCs together with a single crossover cable (if your card is gigabit, then any cable will work).
Initially windows will look for a DHCP server, it will then time out and assign each PC a link local address. You will then be able to ping back and forth, and copy over data. This is all achieved without manual addressing by the user
Even though they are never allowed to cross the boundry into the global, public internet, private networks like 192.168.x.x span across internal boundaries all the time. For example, it is perfectly acceptable to assign 192.168.1.x for your wired network, and 192.168.2.x for your wireless network, and for these two networks to talk to each other via an intermediary router.
The 169.254.x.x private network is special in that routers must never move traffic to or from this network. This dictum is part of the cardinal law of the internetz. and the rules and roles of these networks is described in RFC3927 (an RFC is a formal, peer reviewed memorandum or standard published by the Internet Engineering Task Force)
Because they are never forwarded by routers, if you can reach a host on the 169.254 network, it must be a directly connected neighbour; you are on the same switch*, or directly connected by a wire
*note, multiple simple switches connected together function as one).
Another rule surrounding link local networks is that devices must be prevented from clashing. While the ~65000 address range may seem large, when you start daisy chaining large switches together, or are an ISP, it's possible to have a large "neighbourhood" (hosts reachable through switches/layer2 alone), so care must be taken that IP address conflicts do not occur.
These addresses should not ever be assigned arbitrarily by hand; this is in violation of internet standards. Instead hosts must 'randomly' pick an address (in a statistically sound way) and check the address is unused before assigning it. The last step is important because in computer terms, odds in the order of 1/64 thousand fall in the category "common enough to cause regular problems" unaccounted.
Why am I getting assigned them?
Windows will assign them in the case of your DHCP server being either non functional, or non existent. This can be due to many reasons
- Your router/home gateway is unplugged
- Your DHCP server has run out of addresses and cannot give any out
- Your DHCP server has been configured not to serve unknown clients
- A firewall is blocking the DHCP transaction, possibly either on the server side or on your end
- Your DHCP server is mis-configured in some other way
- You're on a network that consists only of a switch, or you're connecting via a cross over cable
Your best cause of troubleshooting would be to manually assign an address in your familiar network range and see if the problem is with DHCP or something systemic
Link Local addresses in IPv6
What are those fe80::abcd:dbac:1234:aaaa/64 addresses all about?
Even if you're seemingly running in an IPv4 only environment, your computer is probably reachable using IPv6.
By default, link local addresses are automatically assigned for IPv6 hosts, but in a different way. The MAC address is used, and in IPv6 the potential for accidental conflict would be absurdly low. While in IPv4, we're dealing with ~65,000 IPs (2^16), in IPv6, we are dealing with a numerical space of 2^64, an incomprehensibly large number in the trillions of trillions.
The link local address in IPv6 plays an important role for things like Stateless autoconfiguration (SLAAC), which compared to IPv4 DHCP, really does seem to configure addresses by magic. But that's a topic for another post
Using IPv6 Link Local addresses
As we've discussed earlier, link local addresses are, as the name suggests, only have significance along a local link (that is to say, you can only communicate with neighbours along the same physical network).
Despite this, in IPv4, they are used (in terms of say pinging a host etc) in the same fashon as normal addresses.
IPv6 changes this, and to ping use a link local address, you must explicitly state which link you are communicating over.
Suppose my laptop is connected over wireless (in linux) using the interface wlp3s0 and I would like to ping my netbook with the link local address fe80::1234:dead:beef:ffff/64. I would use the following syntax:
ping6 fe80:1234:dead:beef:7777%wlp3s0
(this corresponds to a mac address of 10:34:de:ef:77:77, you can use this tool to convert between the two)
Because every IPv6 enabled interface has an address in the fe80:/48 network, the system needs to know what is the specific interface to connect from.
Even though it doesn't cross the boundaries of routers, link local addresses are of potential interest to hackers because in some cases, they are represent a blind spot in a systems security, and if IPv6 is not in use in your network, they merely increase the attack surface.