Tip | Avoid using APIPA addresses (169.254.0.0/16) for your network

Learn why using APIPA addresses are not recommended for your network

Updated at July 14th, 2023

Advice


APIPA addresses are convenient. Without the presence of a DHCP server, devices that follow RFC 3927 - Dynamic Configuration of IPv4 Link-Local Addresses will be able to communicate within a local subnet without configuring a static IP. 

In Q-SYS network design, APIPA addresses should work fine as long as the network follows our requirements that are listed on the Q-SYS Help page.

However, we recommend avoiding using APIPA addresses for your network design, and here are the reasonings behind it:

Future-Proofing Layer 3 Network

RFC 3927 - Dynamic Configuration of IPv4 Link-Local Addresses states, 

 A router MUST NOT forward a packet with an IPv4 Link-Local source or destination address, irrespective of the router's default route configuration or routes obtained from dynamic routing protocols.

  A router which receives a packet with an IPv4 Link-Local source or destination address MUST NOT forward the packet.  This prevents forwarding of packets back onto the network segment from which they originated, or to any other segment.

If your L3 network devices are in compliance with RFC 3927, 169.254.0.0/16 addresses will not be routed. If you are planning on expanding your network in the future and to prevent any other potential issues that might occur in a network with multiple VLANs, you should not consider using APIPA addresses for your network in the first place.

 
 

Large Broadcast Domain

APIPA addresses use /16 subnet mask which allows up to 65534 hosts in a single subnet. For the best performance, we recommend setting the subnet size to /24 to ensure that no more than 254 devices can be placed in a single subnet. 

You can still place less than 254 devices on a /16 subnet, but always, defensive designing is a good practice in network designing.

 
 

Security Concerns

APIPA addresses are not secure by nature, since the addresses can be self-assigned. If a malicious device is plugged into the switch and self-assigns an APIPA address, it could easily discover the devices on the network, which may be a security concern.