Why can a network address not be a valid host address?

As far as I understand, "network address" as a special address is an artifact from the classful IP networks from the past. Today, we use Classless Inter-domain Routing (CIDR) on the Internet, which does not have the concept of a network address (if you look at the RFC 4632 linked above, you'll see that it lists 256 possible IP addresses per legacy "C" block, e.g. no reserved addresses for either network or broadcast address (although broadcasts are defined as essential in other RFCs).

This being said, you still should not assign a network address to any specific host in a network: Network address is essential for routing. This concept is used extensively in RFCs (RFC 1812). Just look at the routing tables (route command), you'll see how your local network address is used to separate your local network traffic from what must go through the router. What if that local network address was assigned to some host?

Even worse: it is better not to assign IP addresses ending in zero even if this address is not a network address. E.g. if your network is 10.10.0.0/255.255.0.0, IP address 10.10.5.0 is not your network address, but you'd better not assign such IP even though it is completely valid even on classful IP networks. Some legacy software/IP stacks may have problems with it.

UPDATE: by goblinlord

According to RFC 1812 (Section 5.3.5.2) what we call a network address was originally used for "directed broadcasts" which would send a broadcast packet to the desired network. This function was made obsolete because of SMURF attacks. The function was officially changed in RFC 2644. Subsequently, further implementations should silently drop packets with a source address as described (the network address). While this is what should happen I am curious as to how many implementations actually do so.

This is further added to in RFC 3021 when /31 subnetting was addressed.

So the practical answer is: It really depends. It depends on:

• The exact address, and its meanings in the many RFC's
• The version and revision of your operating system
• ...And that of your router, and every other upstream router
• ...And the intelligence and sophistication of all the network admins of those routers...

I have not run into any problems accessing any sites in testing this; it seems that ultimately it's all left up to the network administrators' whims. There is usually no way for an upstream device to tell whether an address is part of a network or broadcast address, or not, as it is simply an address in a bigger block to them... So no ISPs will block you from assigning and using your network address, unless they assigned it to you and their network administrator has explicitly blocked it.

I'm sure there are security analysts and hackers out there who have insanely detailed stats on exactly how many variants of TCP-IP stack implementations are out there and what the do and do not accommodate or allow and exactly how and where they miss their mark.

Matter of fact, I'm browsing and posting this from my network address.

Don't call me a bad netizen unless you have a better solution to fixing this house of cards: the reality is that if it's possible, it will happen. The reality is that nobody really smart enough sat down and thought this whole thing through in all its possible iterations in order to come up with a completely fool-proof design, before people started using it - as with most things in life. The result? Standards where a lot of things don't add up and/or get lost in translation.

Welcome to the real world. Don't let that dissuade you from chasing the ever elusive optimal ideals... Just don't expect support from the "official" channels or forums unless you are willing to get your hands dirty and dedicate your time and life to it, building the necessary consensus, and navigating the politics around that.

So, I think what the other posters were trying to say: If you want to make this official policy and use it in production, you're on your own. (But aren't you anyways?) Maybe we'll strike it lucky and have a computer intelligence design us an IPv8 that's backwards compatible with IPv4 and IPv6 and all their broken implementations.

I'm new to network but I'll give my 2 cents as well.

If I have a /28 subnetwork from x.x.x.0 - x.x.x.15 According to the predefined rules we would have 14 usable hosts and 2 remaining. the remaining are for network and broadcast.

Lets, instead of following the rule above, actually use all 16 hosts. Then in that case all would be ok, no problems. But if communucation was needed outside the network then it would not be possible because of lack of resources to send or recieve the information.

I'm not great at explaining but to put it another way.

If I lived in a house on a street and the street contained 14 houses. A laneway in and out for access to the main road.

My mailing address would range from 1-14 Personal Street, Off Network Road.

That would be no problem for the mail man. Now lets assume the developers got greedy and added 2 more house and got rid of the laneways.

Then my new mailing address would range from 1-16 Personal Street

In this instance the mail man would be in trouble.

This is a guess, let me know if I'm talking bull.