Sticky IP Address vs. Sticky MAC Address?

Is there a difference between these two terms: a sticky IP address vs. a “sticky MAC” [address]? As I am googling around, it sounds as if a sticky IP address stays around as long as a device stays connected or as long as the ISP allows. The latter term, if I understand correctly, is slightly different where only specific MAC addresses are recognized by port(s) to allow that device to connect to a network. Is my understanding correct? These terms often get thrown around quite loosely.

Also, feel free to correct me if my terminology is not quite on target.

A simple way to think about it is that a MAC address is like a serial number and an IP address is like a phone number. They are similar but different ideas.

MAC addresses don’t change on their own, but people can freely change their MAC address at any time. Sometimes they are used by a router to identify a piece of hardware to assign it a particular IP address. Sometimes they are used for security purposes so only trusted MAC addresses are allowed to connect (called MAC Filtering and is a poor form of security).

I may be out of date here, but I think for the vast majority of devices, the MAC address they leave the factory with is the MAC address they use for their entire existence. Changing them just isn’t a thing that people do.

Some devices do constantly change their MAC address though, for privacy purposes. For example, many cell phones. It was easy to track people by seeing what MAC addresses hit a router. You setup a bunch of routers around your mall and now you can track individuals as they walk through it, en masse.

Network interfaces have their own unique MAC address. By unique, it should be truly unique within the possible uses the device will ever see. For the most part they are burnt into the device at manufacture, and don’t ever change. At the base of how network protocols work, you eventually send packets between devices by knowing their MAC addresses. But in an IP based network you only use MAC addresses for communication between devices on the same physical sub-net (or virtualised physical network). For routing of packets across interconnected networks, IP uses the IP address, and relies upon local knowledge (routing tables) to work out how to forward on packets so that they will eventually arrive.

IP addresses are allocated to a device’s network interfaces. If you move to a different network you will need a new network address. This is because IP addresses come in two parts - the network and the host. IP works out how to get packets to an interface by working out how to get to the home network for an address and then letting that network work out what device the host part of the address is. So if you move networks you will have a new network address.

IP version 4 addresses are a limited resource. So ISPs tend to only allocate them on an as needed basis and reclaim them when not used. However if you wish to allow your own network to be findable from the outside world, especially by getting your own domain name, you need to provide a way to resolve that domain name to your address. This requires that you register the domain name, and engage an entity that will resolve the name to an IP address. Hence you are going to need a way to keep your IP address from changing. So ISPs will, for an additional price, let you nail down the IP address they allocate to you, so you can have the domain name resolve to it. So, within the ISP’s control, that IP address is sticky. Much the same might be done within an organisation. It may make sense to keep the same IP address for each computer. Internally each computer could have the IP address permanently set in its internal config. Alternatively, a central server can be configured (DHCP) which allocates IP addresses. These local IP addresses can again be allocated dynamically, or an association can be fixed, so that a given machine will always be allocated the same IP address. This mapping is done by mapping the MAC address to the IP address.

For a MAC address you have a very different problem to address. If you want to control access to a network, and prevent any random bozo from gaining access by simply walking up and plugging their laptop in, you can configure most semi-advanced network switches to restrict the MAC address of any device that connects, and do this on a port by port basis. This is only something of a speed hump for someone really wanting to break into a network, but does act to prevent random casual intrusion. It also can form part of the basis of full remote management and control of computers across an organisation.

You will discover that most of this functionality exists even inside you humble home DSL modem, although most people will not bother with it.

ETA = Palooka makes a very good point about dynamic MAC addresses and mobile phones.

That’s one solution.

The other option is to create an automated process that will reach out to your domain name service provider and change the address record associated with your domain name when your IP address changes. This is called Dynamic DNS; a number of home routers support the process for a number of DNS providers.

Yeah, I didn’t want to complicate things too much. I have never been sure how fast the change propagates. Seems hard to avoid a bit of dead time as caches expire. Had to deal with a bit of dynamic DNS in the past, but mostly I have been able to avoid it.

Just as a minor nit, “sticky IP” is a somewhat informal term and there seems to be some disagreement and loose nomenclature associated with what it means. In my experience, ISP marketers refer to the option to provide an IP that doesn’t change as a static IP, whether or not it’s technically the true static kind that existed back in the days before DHCP and its predecessors. In common usage a sticky IP often refers to a dynamic IP assigned via DHCP with a long lease and a propensity to renew to the same one for the same modem MAC, so that it very rarely changes. These differences in meaning may be regional, however.

On the subject of sticky MACs, just to add to what Francis said, commercial network switches might maintain a combination of trusted and untrusted learned MAC addresses, and the ones whose trust privileges remain persistent across switch reboots are called sticky MACs or the general principle as persistent MAC learning. To the best of my understanding, since it can form the basis of comprehensive security management in commercial switches, “sticky MAC” is not really synonymous with the “MAC address filter” of the humble home router even though there’s some overlap. The latter is usually just a simple table of MACs that are allowed access.

The answer is found in the TTL setting for the authoritative DNS record for the domain. I think the default is 86400 – 24 hours – but it’s customizable within the SOA record.

So this means that if the authoritative server is queried, you get an instantly correct answer (obviously). If a cached server is queried, it will serve up its cached entry for no more than 24 hours, or whatever the TTL setting actually is.

Or a reserved lease option in the DHCP server, so that it always assigns IP address X to MAC address Y. That takes the config choices away from the client completely; he doesn’t need to set a static address. He just leases, and renews, as normal but always gets the same address.

Indeed, and products in the commercial space are very robust compared to the past. You can plug your unknown device into a wall port and get assigned an IP address that’s part of an untrusted VLAN that goes nowhere – except to a web portal that lets you log in and authenticate yourself, at which point the switch reassigns the port to a trusted VLAN, or perhaps allows you to be a guest and gives you a single default route to the outside world with no paths to internal trusted networks. And you can even require a clean virus scan before you let the machine do that!

Every network adapter has a mac address. In the old days, it was hard coded on a prom chip, and the only way to change it was to reprogram the prom chip, if that was even possible. Sometimes you had to burn a completely new prom chip since it was the type that wasn’t erasable. These days, the mac address is stored in EEPROMs that can be easily changed. You can usually go under the network interface’s properties section of your computer/phone/tablet/whatever and somewhere there will be an option to change it.

Most of the time though, there’s no reason to change it. Most devices will have the same mac address from the time they are manufactured until the end of their useful life.

Mac addresses are assigned by the manufacturer. Every manufacturer gets (well, buys) a block of addresses, and they assign mac addresses to every device they make out of that block of addresses. Every mac address is supposed to be unique, but some of the older ones have been re-used (which could potentially cause problems, but hasn’t been much of an issue in the real world, yet).

Ethernet messages basically have this format:
[start/preamble][destination mac][source mac][message type][message][frame check]

Note that there’s no IP in that anywhere. IP doesn’t happen at this level. IP is at a higher level, and all of the IP stuff is in the [message] portion of the packet.

TCP/IP is by far the most common protocol in use today, but it’s not the only protocol around. All of these higher level protocols reside inside the [message] part of the ethernet frame. I deal with a lot of industrial equipment protocols, and whose fit inside the standard ethernet frame, but many of them do not use TCP/IP at all.

Anyway, since most things use TCP/IP, I’ll focus on that.

A typical TCP/IP message will look like this:
[version][header][source IP][destination IP][options][data]

All of this fits inside the [message] part of the ethernet frame above.

While your mac address is built into your hardware, your IP address is just a software thing. If you make your own little network separate from the internet, you can assign pretty much whatever IP addresses you want to each machine, as long as they are unique (you can’t have two with the same IP address). If you control the network, you control the IP addresses, and you can assign them any way you want. Once you get on the internet, you have to play nice with everyone else on the internet. IP addresses on the internet are purchased by companies. An internet provider like Comcast or Time Warner will buy a huge block of IP addresses, which they will then hand out to their customers.

IP addresses can be static or dynamic. Static means that they don’t change. A server like the SDMB computer will typically have a static IP. Your home computer or tablet will typically have a dynamic IP. When your computer boots up, it sends out a request for an IP address, and a computer called the DHCP server tells your computer what IP address to use.

If you open up a command prompt on a windows computer and type “ipconfig /all” (without the quotes), that will tell you what the network configuration is for your computer. It will show your mac and IP, along with things like the network mask and gateway, and what DNS servers your computer will use to do address resolution.

If you have a dynamic IP, you can generally type “ipconfig /release” to stop your computer from using its currently assigned IP address, then type “ipconfig /renew” to have the DHCP server give you a new address. If you are on a cable provider like Comcast or Time Warner, it is very likely that their DHCP server will give you the same address again. Cable companies don’t change IP address assignments very often, even though they are dynamic IPs. You could have the same IP for a month or longer. Hence, they tend to be called “sticky” IPs, even though they are technically dynamic IPs. Mobile phone IPs, in contrast, change very frequently and aren’t sticky at all.

I’ve never heard of a sticky mac. Mac addresses typically aren’t ever changed. What the OP describes as a sticky mac is what I’ve always heard called mac filtering, where a device (typically a network switch) won’t allow any device whose mac address isn’t on its pre-approved list to connect to it.

Here is how all of this fits together.

Let’s say you are browsing the SDMB. “” is meaningless to a computer, so the first thing it does is it sends out a DNS request to the DNS server configured in your network’s IP settings. This will convert into an IP address ( as of when I am typing this). Now your browser sends its network request to talk to this IP address. Note that your web browser doesn’t give two hoots about mac addresses. All it cares about is the IP address. It gives its request to your operating system, and the operating system handles the rest.

Your operating system now needs to figure out what mac address to send this to, so it does what is called an ARP (address resolution protocol). Once it gets the reply from the ARP, now it knows where to send the message, and off it goes. When the reply comes back, the operating system hands it back to the browser, and you get to see your web page.

(note - I’m glossing over some details here)

Your computer doesn’t have to send out an ARP for every packet. Once it knows where is (that’s, remember), it will keep that in what is called the ARP cache and will keep using it so that it doesn’t have to keep sending out a request for it every time.

If you go to a command prompt and type “arp -a” that will show you what is currently in your ARP cache. It will show you the IP, mac, and whether the IP is static or dynamic.

Never underestimate the ability of engineers to be contrary. DECnet, an early protocol for DEC VAX computers and workstations (and PC’s) changed the MAC to incorporate the internal DECnet address.

Some software drivers allow you to change what MAC address you are using on a device. This does not change the hard-wired MAC, but it does allow you to override it in network communications. This is most useful with, for example, ISP’s (Internet Service Providers, you internet supplier) who have allocated an IP address to a specific device (i.e. your home router) and now you had to replace it. It’s also a convenient disguising and hacking tool.

DHCP hands out addresses. Since the requesting device does not have an address yet, it communicates using a broadcast out and listens for a broadcast reply. (I.e. to “all 1’s” address, “this broadcast is for everyone who uses it.”) Typically, DHCP IP addresses are allocated to a MAC address, since it is unique; which is why if you renew, odds are you get the same address. I guess this is a form of “sticky”.

DHCP hands out addresses for a lease life… say 8 days, or 4 hours, or something. AS mentioned, typically the IP is assigned by DHCP to the MAC, so reboot, or turn back on before the lease expired, and you get the same address. Typically a machine that’s still live will renew that lease well before it runs out, so keeps the address until something changes - was turned off past end of lease, or someone resets the DHCP server, etc. So that would make an IP address somewhat “sticky”.

Sorry, but to be fair, this is not what ARP is used for at all. ARP is 99% used for your computer to send a frame to the next device, usually a switch or your ISP router. ARP is not used to get MAC addresses of IP addresses out on the Internet.

Also, **frames ** get sent to MAC addresses, not packets

Technically true, but kinda splitting hairs. An ARP is basically “who has address X? Please tell Y” and it is how the operating system and network driver convert an IP into a mac so that the ethernet frame can get sent out. The point was just to explain that. Like I said, I was glossing over details, and left out not only that, but also things like gateways and NAT and routing and all kinds of stuff.

I think I probably overloaded the OP as it was. :slight_smile:

True. Where I work we just tend to refer to everything as packets, even though half the time we mean frames, so admittedly we’re a bit slangy with the terminology. But yes, technically the packet is a higher level thing that goes into the lower level frame.

We can start talking in detail about the whole OSI model and really start confusing the OP.

I would love to, but I’ve got this paint to watch dry :smiley:

And it does so using UDP, not TCP. :slight_smile:

what ports does it use? (without looking it up!)

Actually, OSI is historically quite a fascinating topic. A few decades ago there was a fairly widespread belief that OSI was The Future, and that TCP/IP wasn’t robust enough to support truly large-scale public networking, either in its available address space, routing protocols, name service, security, or pretty much anything else. The aforementioned DECnet at that time had already made a substantial transition to OSI in its fifth major phase in the form of DECnet/OSI. (Incidentally, DECnet wasn’t a protocol just for VAXen and workstations – it was explicitly designed as DEC’s universal cross-platform communications standard.)

As it turned out, the assessment of the weaknesses of TCP/IP was, in fact, largely correct. It was conceived as a resilient decentralized network that would be suitable for internal military communications and for research and development partnerships, and certainly never thought of as a global network, which OSI explicitly was. TCP/IP exists today as the successful underpinning of the Internet because of a vast series of add-ons, improvements, band-aids, rubber bands, bubble gum, coat hangers and glue holding everything together.

Now that you’ve got me, let’s both revisit the birth of the D’Oyly Carte Opera Company. :slight_smile:

A vector for attacking a network is “MAC-flooding” where an attacker changes his MAC really fast in order to fill a switch’s CAM table with BS, forcing other devices on the network to broadcast their packets so the attacker can eavesdrop on traffic.

A way to mitigate this weakness of switches is making the ports “sticky”: not accepting new MAC address thereby making it impossible to overwhelm the switch’s capabilities.

What a sticky IP is I do not know. Possibly it is a case of hearing the bell but not knowing where the clapper hangs. (As we say in Dutch;)

In the grandest hacker tradition, TCP/IP conquered the world because the group designing it on-the-fly “…reject[ed] kings, presidents and voting…[and] believe[d] in rough consensus and running code”. (Paraphrasing David Clark’s seminal quote.)

As a systems engineer, this paradigm is cautionary to me. In my discipline, it’s doctrinal to specify every thing in obsessive detail and completeness before the first line of code is written. The modern Internet is a continuous repudiation of the belief that you have to do that. “Prototype into operations” seems to work pretty well, in practice.

Please. Easy peasy. 53.

And I know this because I had to set up a rule on my home network – I had one DHCP server but multiple internal networks, one for Bricker Jr. that had no direct external access but could reach a proxy server (a Linux box running Privoxy) which let me explictly whitelist websites and allow him to take “one hop” from a whitelisted site freely. So he could browse and, and visit any site they hotlinked without my needing to pre-approve it. This was when he was ~6 and I wanted him to explore but safely.

So for a while I had to have a “helper rule” that grabbed UDP 53 from the kid-net side and rebroadcast it on the trusted side to get DHCP working without needing two DHCP servers. (Still had two scopes, of course).