IP Address Analyzer

An IP address analyzer is a foundational conceptual framework and mathematical process used to decode, segment, and manage the numerical identifiers assigned to every device connected to a computer network. Understanding this process is the absolute bedrock of modern networking, allowing engineers to prevent data collisions, route traffic across the globe, and securely isolate sensitive systems. By mastering the mechanics of IP address analysis, you will learn how the internet physically functions, how to design scalable network architectures, and how to translate seemingly random strings of numbers into highly structured, geographical, and topological maps of digital communication.

What It Is and Why It Matters

At its absolute core, an IP (Internet Protocol) address is a digital mailing address assigned to every single device—whether it is a smartphone, a smart refrigerator, a corporate server, or a laptop—that connects to a network. Without IP addresses, devices would have no mathematical way to locate each other, rendering the internet and all local networks completely non-functional. However, an IP address is not just a random string of numbers; it is a highly structured, mathematically precise locator that contains hidden metadata about the network it belongs to and the specific device it identifies. Analyzing an IP address involves breaking down this numerical string to extract that hidden metadata, separating the "network portion" (the neighborhood or city) from the "host portion" (the specific house).

This process matters because the global internet and local enterprise networks are strictly hierarchical. When you send a photograph from your phone in New York to a server in Tokyo, the data does not wander aimlessly. Routers—the traffic cops of the internet—analyze the destination IP address to determine exactly which global pathway the data packet must take. If network engineers do not properly analyze and assign IP addresses, networks experience catastrophic failures. Two devices might end up with the same address, causing an "IP conflict" that knocks both offline. Alternatively, a network might be configured to be too large, resulting in excessive "broadcast traffic" that slows every device to a crawl.

Furthermore, IP address analysis is essential for cybersecurity and access control. Firewalls and intrusion detection systems rely on analyzing the source IP addresses of incoming traffic to determine whether that traffic is originating from a trusted internal department, a known partner organization, or a malicious actor in a foreign country. By understanding how to dissect an IP address, determine its subnet mask, calculate its usable host range, and identify its geographical or organizational origin, a practitioner gains total control over how data flows into, out of, and within a digital environment. It is the fundamental grammar of the language that computers use to speak to one another.

History and Origin

The concept of the IP address and the necessity of analyzing it dates back to the very dawn of interconnected computing. In the late 1960s, the United States Department of Defense's Advanced Research Projects Agency (DARPA) funded the creation of ARPANET, the precursor to the modern internet. Early networking protocols were clunky, hardware-specific, and incapable of scaling across different types of networks. In 1974, computer scientists Vint Cerf and Bob Kahn published a seminal paper titled "A Protocol for Packet Network Intercommunication," which laid the theoretical groundwork for the Transmission Control Protocol (TCP) and the Internet Protocol (IP). Their vision was a universal, hardware-agnostic addressing system that would allow any computer on earth to communicate with any other.

This theoretical framework was formalized in September 1981 with the publication of Request for Comments (RFC) 791, edited by Jon Postel at the University of Southern California. RFC 791 officially defined Internet Protocol version 4 (IPv4), establishing the 32-bit addressing system that is still predominantly used today. At the time, the creators believed that 32 bits—which allows for approximately 4.29 billion unique addresses—would be more than enough for an experimental military and academic network. In these early days, IP analysis was managed through "classful networking," where addresses were rigidly divided into Class A (massive networks), Class B (medium networks), and Class C (small networks). A computer could simply look at the first few bits of an address to analyze its entire network structure.

However, the explosive commercialization of the internet in the early 1990s quickly revealed the fatal flaw in classful networking: it wasted millions of addresses. A company needing 300 addresses was forced to take a Class B block containing 65,534 addresses, wasting the rest. To save the internet from running out of IPs entirely, the Internet Engineering Task Force (IETF) introduced Classless Inter-Domain Routing (CIDR) in 1993 via RFC 1519. CIDR destroyed the rigid classes, allowing networks to be mathematically sliced into custom sizes. This made IP address analysis significantly more complex, requiring binary mathematics to understand network boundaries. Eventually, even CIDR could not stop the exhaustion of the 4.29 billion IPv4 addresses, leading to the creation of IPv6 in 1995 (RFC 1883, later updated by RFC 2460), which expanded the address space to a staggering 128 bits, permanently solving the scarcity problem but adding new layers of complexity to network analysis.

Key Concepts and Terminology

To deeply understand IP address analysis, one must first master the vocabulary of network engineering. The most fundamental unit of digital data is the Bit (binary digit), which is a single electrical signal representing either a 1 or a 0. In IPv4, addresses are exactly 32 bits long. Because humans cannot easily read 32 ones and zeros, these bits are grouped into four sets of eight. A set of eight bits is called a Byte, or in networking terminology, an Octet. An IPv4 address is simply four octets, separated by periods, and converted from binary into standard decimal numbers (e.g., 192.168.1.1).

Every IP address is divided into two distinct parts: the Network ID and the Host ID. The Network ID identifies the specific local network (the street), while the Host ID identifies the specific device on that network (the house number). The tool used to determine where the Network ID ends and the Host ID begins is called the Subnet Mask. The subnet mask is another 32-bit number that "masks" the IP address; wherever there is a binary 1 in the mask, the corresponding bit in the IP address belongs to the network. Wherever there is a binary 0 in the mask, the bit belongs to the host.

Because writing out full subnet masks (like 255.255.255.0) is tedious, engineers use CIDR Notation (Classless Inter-Domain Routing). CIDR notation represents the subnet mask as a slash followed by a number, indicating exactly how many bits are turned on (set to 1) in the mask. For example, a /24 means the first 24 bits are network bits. The Network Address is the absolute first IP address in a given subnet, representing the network itself, and cannot be assigned to a device. Conversely, the Broadcast Address is the absolute last IP address in a subnet, used to send a message to every single device on that network simultaneously. Finally, the Default Gateway is the IP address of the router that provides a path out of the local network and onto the broader internet; devices send traffic to the gateway when the destination IP address is not part of their local subnet.

How It Works — Step by Step

Analyzing an IP address to find its network boundaries requires executing a specific sequence of binary mathematics. Computers do not see the decimal numbers humans use; they only see 32 bits. To find the Network Address, the Broadcast Address, and the Usable Host Range, we must use a mathematical operation called a "Bitwise AND." The rules of a Bitwise AND are simple: if you compare two binary bits, the result is 1 only if both bits are 1. If either bit is 0, the result is 0.

Let us perform a complete, manual analysis of the IP address 192.168.1.130 with a CIDR subnet mask of /26.

Step 1: Convert the IP Address to Binary We break down the decimal numbers 192.168.1.130 into four 8-bit octets.

• 192 = 128 + 64 = 11000000
• 168 = 128 + 32 + 8 = 10101000
• 1 = 00000001
• 130 = 128 + 2 = 10000010 The binary IP is: 11000000.10101000.00000001.10000010

Step 2: Convert the Subnet Mask to Binary A /26 mask means the first 26 bits are 1s, and the remaining 6 bits are 0s. The binary mask is: 11111111.11111111.11111111.11000000 Converting this back to decimal gives us the traditional subnet mask: 255.255.255.192.

Step 3: Calculate the Network Address (Bitwise AND) We line up the binary IP and the binary Mask, and apply the AND rules vertically. IP: 11000000.10101000.00000001.10000010 Mask: 11111111.11111111.11111111.11000000

AND: 11000000.10101000.00000001.10000000 Converting the AND result back to decimal gives us 192.168.1.128. This is the Network Address.

Step 4: Calculate the Broadcast Address To find the Broadcast Address, we take the Network Address and change all the "host bits" (the bits that were 0 in the subnet mask) to 1s. Since the mask had 6 zeros at the end, we change the last 6 bits of the Network Address to 1s. Network: 11000000.10101000.00000001.10000000 Broadcast: 11000000.10101000.00000001.10111111 Converting the last octet (10111111) to decimal: 128 + 32 + 16 + 8 + 4 + 2 + 1 = 191. The Broadcast Address is 192.168.1.191.

Step 5: Calculate the Usable Host Range The usable hosts are all the addresses mathematically situated between the Network Address and the Broadcast Address. First usable host: Network Address + 1 = 192.168.1.129 Last usable host: Broadcast Address - 1 = 192.168.1.190 To verify the total number of usable hosts, we use the formula: $2^n - 2$, where n is the number of host bits (the zeros in the mask). $2^6 - 2 = 64 - 2 = 62$ usable hosts. Counting from .129 to .190 exactly equals 62 available IP addresses for devices.

The Science of Subnetting

Subnetting is the art and science of borrowing bits from the host portion of an IP address to create multiple smaller, isolated networks out of a single large network. It is the core reason why IP address analysis is necessary. Imagine an organization is granted the network block 10.0.0.0/8. This single network provides $2^{24} - 2$, or 16,777,214 usable IP addresses. If a company put all 16 million devices on a single network, the resulting broadcast traffic (devices yelling out to discover each other) would instantly overwhelm the network hardware, causing a total collapse. Subnetting solves this by dividing the large block into manageable, logical segments.

When you subnet, you move the CIDR slash to the right. Every time you move the slash one position to the right, you cut the number of available hosts in half, but you double the number of available subnets. For example, if you start with a 192.168.1.0/24 network (which has 254 usable hosts), and you need to split it between the Accounting and Marketing departments, you borrow one bit to make it a /25. The mathematical formula for the number of created subnets is $2^b$, where b is the number of borrowed bits. By borrowing 1 bit, you create $2^1 = 2$ subnets.

The first subnet becomes 192.168.1.0/25 (Network: .0, Broadcast: .127, Hosts: .1 to .126). The second subnet becomes 192.168.1.128/25 (Network: .128, Broadcast: .255, Hosts: .129 to .254). These two departments are now logically separated. If a computer in Accounting (.15) wants to talk to a computer in Marketing (.150), the traffic must pass through a router, allowing network administrators to place a firewall between them and enforce security policies. To maximize efficiency, engineers use Variable Length Subnet Masking (VLSM), which allows them to subnet a subnet. They might take the Marketing /25 and slice it further into a /26 and two /27s, perfectly tailoring the mathematical size of the network to the physical number of devices required in each physical room.

Types, Variations, and Methods

The landscape of IP addressing is divided into several distinct types and variations, each serving a specific architectural purpose. The most prominent division is between IPv4 and IPv6. IPv4 uses 32-bit addresses formatted in dotted-decimal (e.g., 203.0.113.45) and is the legacy protocol that still runs the majority of the internet. Because IPv4 addresses ran out globally in the 2010s, IPv6 was deployed. IPv6 uses 128-bit addresses formatted in hexadecimal, separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334). IPv6 is so mathematically massive that it provides $3.4 \times 10^{38}$ addresses—enough to assign an IP address to every atom on the surface of the earth. Analyzing an IPv6 address involves understanding "zero compression," where consecutive blocks of zeros are collapsed into a double colon (::) to make the address human-readable.

Another critical variation is the difference between Public and Private IP addresses. Public IP addresses are globally unique and routable across the entire internet; they are leased from Internet Service Providers (ISPs). If a web server hosts a public website, it must have a Public IP. Private IP addresses, defined by RFC 1918, are strictly reserved for internal use within local networks. They are not routable on the global internet. Anyone can use the private IP 192.168.1.5 inside their own home, and millions of homes do simultaneously, without any conflict. When internal devices need to access the internet, a router uses Network Address Translation (NAT) to temporarily map the private IP to the single public IP assigned to the building.

Addresses are also categorized by how they are assigned: Static vs Dynamic. A Static IP is manually typed into a device's operating system by an administrator and never changes. This is essential for servers, printers, and routers—devices that other machines need to reliably find at the same location every day. Dynamic IPs are automatically assigned by a DHCP (Dynamic Host Configuration Protocol) server. When a smartphone joins a Wi-Fi network, it broadcasts a request, and the DHCP server temporarily leases it an IP address from a predefined pool. Once the phone leaves, the IP address is returned to the pool for the next device, ensuring highly efficient use of the limited address space.

Real-World Examples and Applications

To understand how IP address analysis dictates reality, consider the architectural design of a mid-sized enterprise network. A corporation moves into a new headquarters with 400 employees. The IT director is given the private IP block 10.50.0.0/16 by the corporate parent company. This block contains 65,534 usable addresses. The director must analyze and subnet this block to create a secure, efficient topology.

First, the director creates a subnet for the general employee workstations. They need space for 400 devices, plus room for future growth. A /24 subnet only provides 254 hosts, which is too small. A /23 subnet provides $2^9 - 2 = 510$ hosts, which is perfect. The director assigns 10.50.2.0/23 to the employee VLAN (Virtual Local Area Network). The network address is 10.50.2.0, the usable range is 10.50.2.1 through 10.50.3.254, and the broadcast address is 10.50.3.255. The router gateway is assigned the first usable IP, 10.50.2.1.

Next, the director must secure the company's physical security cameras. There are 45 cameras. A /26 subnet provides 62 usable hosts. The director allocates 10.50.4.0/26 for the cameras. The usable range is 10.50.4.1 to 10.50.4.62. Because this subnet is mathematically distinct from the employee /23 subnet, the director can configure the central firewall to completely block traffic between the two. If an employee's computer is infected with malware, the malware cannot mathematically reach the security cameras, because the router will drop any packets attempting to cross the subnet boundary without explicit firewall permission. This real-world application of IP analysis—segmenting networks to enforce security boundaries—is the foundation of the "Zero Trust" security model used by modern enterprises.

Common Mistakes and Misconceptions

Beginners and even intermediate IT professionals frequently fall into specific traps when analyzing and assigning IP addresses. The most common misconception is that the subnet mask 255.255.255.0 (a /24) is a universal default that applies to all internal networks. Because consumer home routers almost exclusively use /24 subnets out of the box, novices assume this is a rigid rule. In reality, a subnet mask can be drawn at almost any bit boundary. Using a /24 for a point-to-point link between two routers wastes 252 IP addresses, while using a /24 for a stadium Wi-Fi network will result in thousands of users failing to connect because the address pool will instantly exhaust.

Another frequent mistake is forgetting to subtract 2 when calculating usable hosts. When a novice calculates that a /28 subnet leaves 4 bits for hosts, they often calculate $2^4 = 16$, and assume they can connect 16 laptops to that network. They forget that the absolute first address (all host bits set to 0) is reserved as the Network ID, and the absolute last address (all host bits set to 1) is reserved as the Broadcast ID. If they attempt to assign the broadcast address to a server, the network stack will reject it, or worse, the server will accidentally intercept and respond to traffic meant for the entire network, causing severe latency and packet collisions.

A deeply ingrained misconception regarding public and private IP addresses is that private IPs offer inherent security. Many novices believe that because a 10.x.x.x address is not routable on the internet, it is completely invisible to hackers. While it is true that a hacker in Russia cannot directly ping your 10.0.0.5 laptop, they do not need to. If the hacker compromises a web browser on that laptop via a phishing email, the malicious software is now operating inside the private network. The malware can freely scan, analyze, and attack other devices within the same private subnet. Private IP addresses are a routing mechanism, not a security boundary; true security requires proper subnetting and internal firewalls.

Best Practices and Expert Strategies

Professional network architects do not guess at IP assignments; they rely on strict methodologies and IP Address Management (IPAM) systems. An IPAM is a specialized database (such as NetBox, SolarWinds, or Infoblox) that acts as the single source of truth for all IP address analysis and allocation in an enterprise. The foremost best practice is absolute, meticulous documentation. An expert never assigns an IP address without logging the device's MAC address, physical location, owner, and purpose in the IPAM. Relying on ping sweeps or ARP tables to figure out which IPs are free is a recipe for IP conflicts and network outages.

When designing a subnetting scheme, experts employ a strategy called "Hierarchical Addressing." Instead of assigning subnets randomly as they are needed, architects group subnets geographically or functionally to allow for "Route Summarization." If a company has an office in London, the architect might assign the entire 10.20.0.0/16 block to that physical building. Inside the building, they subnet it into hundreds of smaller /24s for different floors and departments. However, because all those smaller subnets mathematically roll up into the larger 10.20.0.0/16 block, the London core router only needs to advertise a single route to the global corporate network: "Send all 10.20.x.x traffic to me." This drastically reduces the memory and processing power required by corporate routers, speeding up the entire network.

Another critical rule of thumb is standardization of gateway and infrastructure addresses. Experts universally reserve the very first usable IP address (e.g., .1) or the very last usable IP address (e.g., .254) in a subnet for the default gateway. They also reserve the first 10 to 20 addresses of any dynamic DHCP pool for static infrastructure, such as local switches, access points, and printers. By strictly adhering to this convention across hundreds of subnets, an engineer troubleshooting an outage at 3:00 AM does not need to look up the router's IP address; they know mathematically exactly where it resides in the subnet.

Edge Cases, Limitations, and Pitfalls

While the mathematics of IP analysis are absolute, the practical application encounters severe edge cases when networks scale to extreme sizes or face artificial limitations. One of the most notorious pitfalls is overlapping private subnets during corporate mergers or VPN deployments. If Company A uses 192.168.1.0/24 for its servers, and Company B also uses 192.168.1.0/24, establishing a VPN tunnel between the two networks will result in total routing failure. When a user in Company A tries to reach a server at 192.168.1.50, their computer will assume the server is on the local network and will not send the traffic across the VPN to Company B. Resolving this requires complex, messy Double-NAT configurations or a complete, highly disruptive re-IP-addressing of one of the companies.

A fascinating edge case in IP analysis is the /31 subnet. According to the standard host formula ($2^n - 2$), a /31 subnet (which leaves only 1 host bit) provides $2^1 - 2 = 0$ usable hosts. Mathematically, a /31 consists of exactly two addresses: a network address and a broadcast address, leaving nothing for devices. However, to conserve IP addresses on massive global networks, the IETF published RFC 3021, which allows the use of /31 subnets exclusively for Point-to-Point links between two routers. Because there are only two devices on the wire, there is no need for a broadcast address to discover other devices. The two addresses are simply assigned to the two router interfaces, breaking the traditional rules of subnet analysis to achieve maximum efficiency.

Another modern limitation is the proliferation of Carrier-Grade NAT (CGNAT). Because public IPv4 addresses are exhausted, many ISPs (particularly cellular carriers and satellite internet providers) no longer give customers a true public IP address. Instead, they assign customers an address from the 100.64.0.0/10 block (defined by RFC 6598). This is a specialized, massive private network operated by the ISP. The ISP then translates thousands of these customer IPs into a single public IP at their core facility. This breaks traditional inbound routing; customers behind CGNAT cannot host web servers, run traditional port-forwarding for video games, or easily establish direct peer-to-peer connections, because they do not genuinely own a routable public IP address.

Industry Standards and Benchmarks

The entire ecosystem of IP address analysis is governed by strict global standards maintained by the Internet Assigned Numbers Authority (IANA) and the Internet Engineering Task Force (IETF). IANA is the ultimate global authority that oversees global IP address allocation. However, IANA does not hand out IPs to end-users; it allocates massive /8 blocks to five Regional Internet Registries (RIRs): ARIN (North America), RIPE NCC (Europe/Middle East), APNIC (Asia-Pacific), LACNIC (Latin America), and AFRINIC (Africa). These RIRs then analyze and distribute smaller blocks to national ISPs and massive corporations based on strictly audited justifications of need.

The most famous industry standard in IP networking is RFC 1918, published in 1996. This document established the three blocks of IPv4 addresses permanently reserved for private, internal networks:

• 10.0.0.0 to 10.255.255.255 (A single /8 block, providing ~16.7 million addresses)
• 172.16.0.0 to 172.31.255.255 (16 contiguous /16 blocks, providing ~1 million addresses)
• 192.168.0.0 to 192.168.255.255 (256 contiguous /24 blocks, providing ~65,000 addresses) Any network engineer designing an internal network is benchmarked against their use of these specific blocks. Using public IP space (like 11.0.0.0 or 22.0.0.0) for internal devices is considered a severe architectural failure, as it will prevent internal devices from reaching the legitimate owners of those public IPs on the internet.

For IPv6, the equivalent standard for private internal addressing is Unique Local Addresses (ULA), defined in RFC 4193. These addresses always begin with the prefix fd00::/8. Furthermore, industry benchmarks dictate that when an ISP hands out IPv6 addresses to a residential consumer, they should not give them a single IP address. The standard is to delegate a /56 prefix to a home user, which provides the user with 256 separate /64 subnets, each containing $1.8 \times 10^{19}$ addresses. This benchmark ensures that a consumer will never have to use NAT in their home again, allowing every smart bulb, phone, and computer to have its own globally unique, routable address.

Comparisons with Alternatives

To fully grasp IP addresses, one must understand how they compare to the other addressing systems used in computing, primarily MAC Addresses and DNS Names. An IP Address operates at Layer 3 (the Network Layer) of the OSI model, while a MAC (Media Access Control) address operates at Layer 2 (the Data Link Layer). A MAC address is a 48-bit hexadecimal identifier physically burned into the silicon of a network interface card at the factory (e.g., 00:1A:2B:3C:4D:5E). It is permanent and unchangeable. The difference is akin to a person's Social Security Number (MAC address) versus their Home Mailing Address (IP address). A MAC address tells the local network exactly who the device is, but it provides zero topological information about where the device is located in the world. IP addresses are hierarchical and routable; MAC addresses are flat and only work for communication between devices on the exact same physical wire or Wi-Fi channel.

Comparing IP addresses to the Domain Name System (DNS) highlights the difference between machine-readability and human-readability. An IP address (like 142.250.190.46) is highly efficient for routers to process using binary math, but impossible for humans to memorize for millions of websites. DNS acts as the internet's phonebook, translating a human-friendly alternative (like google.com) into the required IP address. While DNS is an alternative way to navigate the internet, it does not replace the IP address. Underneath the hood, every single DNS request ultimately resolves to an IP address, because data packets cannot be routed to a word; they can only be routed mathematically to an IP address.

Finally, one can compare manual IP address analysis (using binary math on paper) to automated IPAM (IP Address Management) software. In the early days of networking, engineers literally used spreadsheets and calculators to map out subnets. Today, automated tools perform the bitwise AND operations instantly, preventing human error. However, relying solely on automated alternatives without understanding the underlying math is dangerous. If an automated tool miscalculates a VLSM boundary due to a configuration bug, an engineer who does not understand binary subnetting will be completely incapable of troubleshooting why half the corporate network suddenly lost connectivity.

Frequently Asked Questions

What is the "localhost" or 127.0.0.1 address used for? The IP address 127.0.0.1 (and the entire 127.0.0.0/8 block) is strictly reserved as the "loopback" address. It is a virtual IP address that points directly back to the device you are currently using. When a developer builds a website on their laptop and wants to test it without putting it on the internet, they host it locally and navigate to 127.0.0.1. The computer's networking stack intercepts this traffic before it ever hits the physical network card and loops it right back to the internal software. It is the universal networking equivalent of talking to yourself in the mirror.

Why do almost all home Wi-Fi routers use addresses that start with 192.168? In 1996, the IETF published RFC 1918, which designated the 192.168.0.0/16 block exclusively for private, internal networks. Because this block contains 65,536 addresses, it was the perfect size for consumer hardware manufacturers (like Linksys, Netgear, and Asus) to use as default settings for home routers. It guarantees that the IP addresses assigned to your phone and laptop will never conflict with the public IP addresses used by servers on the internet. It became an industry standard simply through mass adoption by these hardware vendors in the early 2000s.

Can an IP address reveal my exact physical location and identity? No, an IP address cannot pinpoint your exact street address or reveal your name by itself. When someone analyzes your public IP address using a geolocation database, they are mapping it to the Internet Service Provider that owns that block of addresses. This typically reveals the city, state, or general metropolitan area where the ISP's regional data center is located. However, your ISP keeps strict internal logs mapping that IP address to your specific customer account and billing address. Law enforcement can subpoena the ISP to match the IP address to your exact physical identity, but an ordinary website or individual cannot.

What is APIPA, and why does my computer sometimes get a 169.254.x.x address? APIPA stands for Automatic Private IP Addressing (also known as Link-Local addressing). If your computer is configured to get an IP address dynamically, but it cannot reach the DHCP server (perhaps the router crashed, or the Ethernet cable is unplugged), the operating system will automatically assign itself an address from the 169.254.0.0/16 block. This is a fail-safe mechanism. It allows devices on the same physical switch to still talk to each other without a router. However, APIPA addresses are strictly non-routable, meaning if you see a 169.254.x.x address, you have fundamentally lost internet connectivity.

What is the difference between a /32 subnet and a normal network? A /32 subnet mask (255.255.255.255) means that all 32 bits are dedicated to the network, leaving exactly zero bits for host addresses. Mathematically, a /32 represents a single, specific, isolated computer, rather than a network of computers. This is heavily used in firewall rules and routing tables. If a security engineer wants to block a single malicious hacker's IP address without blocking the rest of the hacker's ISP, they write a firewall rule targeting that specific IP with a /32 mask. It tells the router, "Apply this rule to this exact address, and absolutely no others."

Why does IPv6 use letters in its addresses? IPv6 addresses are 128 bits long, which is too massive to display using the decimal numbers (0-9) used in IPv4. To make them shorter and easier to read, IPv6 uses the hexadecimal numbering system. Hexadecimal is a Base-16 system. It uses the numbers 0 through 9 to represent values zero to nine, and the letters A, B, C, D, E, and F to represent the values ten through fifteen. Therefore, the letters in an IPv6 address are not words or code; they are simply mathematical digits representing numbers higher than nine.