TLDR

For the foreseeable future, you can likely use 127.0.0.0/8 freely (or at least 127.0.0.0/16).

Introducing 127.0.0.0/8, the Loopback Range

If you have a Cidr range 127.0.0.0/8 visualized with 4 colors, one color per number.
Visualization of the 127.0.0.0/8 range

From cidr.xyz by Yuval Adam

If you have ever done web development or otherwise set up a local server, you have most likely used the IP address 127.0.0.1 to communicate with a local server. Often, localhost is even internally translated to that address. But what if you want to run another server on the same computer? Easy, make the first one use, say, port 8080 and the second one, port 8181!

Something more difficult now: say you can convince1 your browser that your local service is serving a valid HTTPS connection only if you use port number 443. How can you run many of those services? In turns out in IPv4, you have many such local addresses: 127.0.0.1, 127.0.0.2, 127.0.0.3, 127.0.0.4… So you just need to spawn the various servers on the same 443 port number with different addresses and packets will go straight to your localhost.

But how many such addresses do we have? According to RFC990 from 1986:

   The class A network number 127 is assigned the "loopback"
   function, that is, a datagram sent by a higher level protocol
   to a network 127 address should loop back inside the host.  No
   datagram "sent" to a network 127 address should ever appear on
   any network anywhere.

The “class A network” translate to a /8 in CIDR notation, so that’s all addresses between 127.0.0.0 and 127.255.255.255. A quite sizeable 2²⁴ or 16,777,216 addresses2!

Note the wording of the RFC: IPs are not “owned”, there are just “allocated”. For addresses routable on the wider Internet, it’s usually done by Regional Internet Registeries. And allocations could change, as we will see at the end of this article.

Other Use Cases

What can you do with so many IPs? A couple of things.

Multiple Servers on the Same Port Number

As we have seen earlier with the port number 443 example, the 127.0.0.0/8 range is handy to run multiple local services on the same port. Thus, it’s not surprising to see systemd-resolved – a local DNS resolver that needs to listen on port 53 – use a couple addresses from that range. The man page reads:

Additionally, systemd-resolved provides a local DNS stub listener on the IP addresses 127.0.0.53 and 127.0.0.54 on the local loopback interface.

In this case, systemd-resolved has to bind on the default port, because one of the main ways (on Unix-like systems) that DNS resolution is configured is through the file /etc/resolv.conf. This file does not widely support setting a port number, forcing the configured server to be reachable on the default port. Thanks to the use of a loopback addresse though, systemd-resolved can become the default resolver just by adding this line to resolv.conf:

nameserver 127.0.0.53

Naming Things

On Unix-like systems, the /etc/hosts file associates IP addresses with names, like so:

127.0.0.1	localhost
::1		localhost

That’s how localhost is associated with 127.0.0.1 (and IPv6 ::1).

You can edit this file and add useful aliases to other IPs (not necessarily in the local range by the way). Then, you just bind your multiple services to their default ports and access to them by name. No more complicated ports to remember! This benefit comes as a byproduct of using default ports but with different IPs for different services.

For instance, you could name one of the aforementioned systemd-resolved IPs by adding this line to /etc/hosts:

127.0.0.1	localhost
::1		localhost

127.0.0.53	sd

And then query it like so:

dig @sd s.cj.rs

instead of

dig @127.0.0.53 s.cj.rs

if you did not have the setting.

I’m using this trick to make the Syncthing web interface accessible on a memorable port on an address with a memorable name in my web browser.

Future of 127.0.0.0/8

Even if the ability to give various services different IPs is handy, 16 milion addresses is huge. Given how IPv4 is sometimes called “internet real-estate”, there have been discussions to drastically limit the size of this loopback range, and use some of it as “normal” IPs. For instance, this IETF draft proposes to cut the loopback range to 127.0.0.0/16 (so only addresses between 127.0.0.0 and 127.0.255.255) and make the rest (addresses between 127.1.0.0 and 127.255.255.255) routable on the public internet. The 65536 addresses in 127.0.0.0/16 should to be enough for almost everyone on a local machine and nearly 16 million IPs could be used as a fresh supply of IPv4 addresses3.

And IPv6?

Even though IPv6 has a huge namespace, your IPv6 loopback only has one address ::1. And that’s quite a shame because, as we have just seen, multiple loopback addresses are quite handy.


  1. For instance using mkcert↩︎

  2. Admittedly, some addresses like 127.0.0.0 or 127.255.255.255 are reserved, but there is still plenty of space. ↩︎

  3. Whether more useable IPv4 addresses is a good thing is debated. It might divert efforts from the IPv6 transition and even with a few millions more IPv4 addresses, these are still scarce. ↩︎