What’s the history behind 192.168.1.1? Why not 220.127.116.11 or any other IP address? When did it start being used? Who started it? Why? Why not 18.104.22.168? What is the relation to 127.0.0.1? What about 10.0.0.1 (Apple)?
First, some background:
Originally, IP (v4) addresses were broken into “classes.” The upper bits of the first octet indicated the network class, which implied how a specific address should be split into a network and host portion. These bits dictated how the address should be interpreted by routers.
00000000 – Class A.
That was 0 – 127. First octet network, the rest host.
10000000 – Class B.
That was 127 – 191. First two octets network, the rest host.
11000000 – Class C.
That was 192 -223. First three octets network, the rest host.
11100000 – Class D.
That was 224 – 239. Used for multicasting.
11110000 – Class E.
That was 240 – 255. Reserved for future use.
The IP address space has to be globally unique. This means that only one of each address can exist on the whole network. As a result, address “blocks” had to be assigned to end user networks. These days, IP address space for the public internet gets handed out by the Internet Assigned Numbers Authority, but in Ye Olde Days, Jon Postel personally managed the address space allocations.
Loopback interfaces were created on hosts to assure that there was a place for IP traffic to go even if all interfaces were down, or to be able to test IP traffic without any worries about hardware or driver issues associated with a network interface. The address assigned was called Localhost, and the address chosen was just the last of the class A networks. In retrospect, that was a wasteful choice, but who knew at the time? Since the upper bits were easy to check, convenience ruled the day over long-term vision. So it goes.
The 10.0.0.0/8 network was originally assigned to MILNET and the Defense Data Network (DDN). A LOT of early devices had 10.x.x.x networks hardcoded into the software. In the mid-1990s, those networks were shut down and moved into other forms, but the 10.x.x.x space was considered “poisoned” since so many non-MILNET/DDN systems had hardcoded configurations that continued to send traffic to those long-defunct networks.
As IPv4 address exhaustion took hold, a need for non-routable addresses for Private networks arose. At first, people picked random address spaces, but they ran the risk of failing to reach any network that their randomly-chosen space overlapped with. To address the problem and set a reserved private address space, RFC 1597, Address Allocation for Private Internets, specified reserved a number of specific networks for use as private networks. RFC 1597 (and its later revision, RFC 1918) specifed a Class A, Class B, and Class C space. For Class A, the RFC specified the poisoned 10.0.0.0/8 MILNET/DDN space. For class B and Class C, the next available unassigned blocks at the time of the RFC authoring were assigned by Jon Postel. For the Class B networks, the space happened to be the 172.16.0.0/12 blocks (172.16.0.0 – 172.31.255.255). For the class C space, that happened to be 192.168.0.0/16 blocks, (192.168.0.0 – 192.168.255.255). Most consumer router vendors I have seen use 192.168.x.0/24. Many use 192.168.1.x, or 192.168.0.x. I have seen some that use 192.168.123.x, and others that use 192.168.2.x. Personally, I set all of my home routers to 192.168.10.x, so I can use my home network on the WAN side of any home router I am testing with using its default addresses.
Some vendors use the 10.x.x.x address space, and a silly minority use the 172.16.x.x address space. After all, if you’re going to use an address space that is too large for your device to handle, go all the way and use 10.x.x.x to let people type less.
The 1.x.x.x and 2.x.x.x address space ended up being very problematic, since lots of people had reflexively used that space for testing without coordinating with anyone. It had been left as a reserved space from nearly the beginning of IPv4, for that reason. Geoff Huston researched just how poisoned that space was in his paper Traffic in Network 22.214.171.124/8. Based on that research, some of the 126.96.36.199/8 network was released to be used for real traffic, isolating some of the most poisoned parts of the space. Despite the poisoning, Cloudflare used their extensive content delivery network to set up an Anycast DNS server at 188.8.131.52 (https://184.108.40.206/), serving as both a DNS server and packet sink. Seems to be working for them.