IP Network Addressing
Just as you use addresses to identify the specific locations of homes and businesses so that mail can reach them efficiently, you use IP addresses to identify the location of specific devices on a network so that data can be sent correctly to those locations. IP addressing has various aspects, including the calculations for constructing an IP address, the classes of IP
addresses designated for specific routing purposes, and public versus private IP addresses.
Learning how IP addresses are structured and how they function in the operation of a network provides an understanding of how data is transmitted through Layer 3 internetworking devices using TCP/IP. To facilitate the routing of packets over a network, the TCP/IP protocol suite uses a 32-bit logical address known as an IP address. This address must be unique for each device in the internetwork. The header of the Internet layer of TCP/IP is known as the IP header. Figure 1-26 shows
the layout of the IP header.
Figure 1-26 IP Header
Note that each IP datagram carries this header, which includes a source IP address and destination IP address that identify the source and destination network and host.
An IP address is a hierarchical address, and it consists of two parts:
- The high order, or leftmost, bits specify the network address component (network ID) of the address.
- The low order, or rightmost, bits specify the host address component (host ID) of the address.
Every physical or virtual LAN on the corporate internetwork is seen as a single network that must be reached before an individual host within that company can be contacted. Each LAN has a unique network address. The hosts that populate that network share those same bits, but each host is identified by the uniqueness of the remaining bits. Like a group of houses along the same road, the street address is the same, but the house number is unique.
Figure 1-27 illustrates a sample IP addressing scheme in an internetwork.
Figure 1-27 IP Addressing
The IP address is 32 bits in length and is binary in nature, but it is expressed in a format that can be easily understood by the human brain. Basically, the 32 bits are broken into 4 sections of 8 bits each, known as octets or bytes. Each of these octets is then converted into decimal numbers between 0 and 255, and each octet is separated from the following one by dots. Figure 1-28 illustrates the format of an IP address using 172.16.122.204 as an example.
Figure 1-28 IP Address Format
The IP address format is known as dotted decimal notation. Figure 1-28 shows how the dotted decimal address is derived from the 32-bit binary value:
- Sample address: 172.16.122.204.
- Each bit in the octet has a binary weight (such as 128, 64, 32, 16, 8, 4, 2, and 1), and when all the bits are on, the sum is 255.
- The minimum decimal value for an octet is 0; it contains all 0s.
- The maximum decimal value for an octet is 255; it contains all 1s.
While many computers might share the same network address, combining the network address with a host address uniquely identifies any device connected to the network.
IP Address Classes
When IP was first developed, no classes of addresses existed, because it was assumed that 254 networks would be more than enough for an internetwork of academic, military, and research computers.
As the number of networks grew, the IP addresses were broken into categories called classes to accommodate different sizes of networks and to aid in identifying them. These classes are illustrated in Figure 1-29.
Assigning IP addresses to classes is known as classful addressing. The allocation of addresses is managed by a central authority, the American Registry for Internet Numbers (ARIN), which you can go to at http://www.arin.net for more information about network numbers.
Figure 1-29 Address Classes
Five IP address classes are used, as follows:
Class A: The Class A address category was designed to support extremely large networks. A Class A address uses only the first octet to indicate the network address. The remaining three octets are used for host addresses.
The first bit of a Class A address is always 0; therefore, the lowest number that can be represented is 00000000 (decimal 0), and the highest number that can be represented is 01111111 (decimal 127). However, these two network numbers, 0 and 127, are reserved and cannot be used as a network address. Any address that starts with a value between 1 and 126 in the first octet, then, is a Class A address.
Class B: The Class B address category was designed to support the needs of moderateto large-sized networks. A Class B address uses two of the four octets to indicate the network address. The other two octets specify host addresses. The first 2 bits of the first octet of a Class B address are always binary 10. The remaining 6 bits might be populated with either 1s or 0s. Therefore, the lowest number that can be represented with a Class B address is 10000000 (decimal 128), and the highest number that can be represented is 10111111 (decimal 191). Any address that starts with a value in the range of 128 to 191 in the first octet is a Class B address.
Class C: The Class C address category is the most commonly used of the original address classes. This address category was intended to support a lot of small networks.
A Class C address begins with binary 110. Therefore, the lowest number that can be represented is 11000000 (decimal 192), and the highest number that can be represented is 11011111 (decimal 223). If an address contains a number in the range of 192 to 223
in the first octet, it is a Class C address.
Class D: The Class D address category was created to enable multicasting in an IP address. A multicast address is a unique network address that directs packets with that destination address to predefined groups of IP addresses. Therefore, a single
station can simultaneously transmit a single stream of datagrams to multiple recipients. The Class D address category, much like the other address categories, is mathematically constrained. The first 4 bits of a Class D address must be 1110. Therefore, the first octet range for Class D addresses is 11100000 to 11101111, or 224 to 239. An IP address that starts with a value in the range of 224 to 239 in the first octet is a Class D address. As illustrated in Figure 1-30, Class D addresses (multicast addresses) include the
following range of network numbers: 22.214.171.124 to 126.96.36.199.
Class E: Although a Class E address category has been defined, the Internet Engineering Task Force (IETF) reserves the addresses in this class for its own research. Therefore, no Class E addresses have been released for use in the Internet. The first 4
bits of a Class E address are always set to 1111. Therefore, the first octet range for Class E addresses is 11110000 to 11111111, or 240 to 255.
Figure 1-30 Multicast Addresses
Within each class, the IP address is divided into a network address (or network identifier, network ID) and the host address (or host identifier, host ID). The number of networks and hosts vary by class. A bit or bit sequence at the start of each address, known as the high order bits, determines the class of the address, as shown in Figure 1-31.
Figure 1-31 Address Classification
Figure 1-31 shows how the bits in the first octet identify the address class. The router uses the first bits to identify how many bits it must match to interpret the network portion of the address (based on the standard address class). Table 1-1 lists the characteristics of Class A, B, and C addresses that address network devices.
Table 1-1 IP Address Classes
*The number of usable hosts is two less than the total number possible because the host portion must be nonzero and cannot be all 1s.
Network and Broadcast Addresses
Certain IP addresses are reserved and cannot be assigned to individual devices on a network. These reserved addresses include a network address, which identifies the network itself, and a broadcast address, which is used for broadcasting packets to all the devices on a network. An IP address that has binary 0s in all host bit positions is reserved for the network address.
Therefore, as a Class A network example, 10.0.0.0 is the IP address of the network containing the host 10.1.2.3. A router uses the network IP address when it searches its IP route table for the destination network location. As a Class B network example, the IP
address 172.16.0.0 is a network address, as shown in the Figure 1-32.
Figure 1-32 Network Address
Network Address (Host Bits = All 0s)
The decimal numbers that fill the first two octets in a Class B network address are assigned. The last two octets contain 0s because those 16 bits are for host numbers and are used for devices that are attached to the network. The IP address in the example (172.16.0.0) is reserved for the network address; it is never used as an address for any device that is
attached to it. An example of an IP address for a device on the 172.16.0.0 network would be 172.16.16.1. In this example, 172.16 is the network-address portion and 16.1 is the host-address portion.
If you wanted to send data to all the devices on a network, you would need to use a network broadcast address. Broadcast IP addresses end with binary 1s in the entire host part of the address (the host field), as shown in Figure 1-33.
For the network in the example (172.16.0.0), in which the last 16 bits make up the host field (or host part of the address), the broadcast that is sent out to all devices on that network includes a destination address of 172.16.255.255.
Figure 1-33 Network Broadcast Address
Network Address (Host Bits = All 0s)
The network broadcast is also known as a directed broadcast and is capable of being routed, because the longest match in the routing table would match the network bits. Because the host bits would not be known, the router would forward this out all the interfaces that were members of the major 172.16.0.0 network. Directed broadcast can be used to perform a DoS attack against routed networks. This behavior is not the default for Cisco routers, however.
If an IP device wants to communicate with all devices on all networks, it sets the destination address to all 1s (255.255.255.255) and transmits the packet. This address can be used, for example, by hosts that do not know their network number and are asking some server for it, as with Reverse Address Resolution Protocol (RARP) or DHCP. This form of broadcast is never capable of being routed, because RFC 1812 prohibits the forwarding of an all networks broadcast. For this reason, an all networks broadcast is called a local broadcast because it stays local to the LAN segment or VLAN.
The network portion of an IP address is also referred to as the network ID. It is important because hosts on a network can only directly communicate with devices in the same network. If they need to communicate with devices with interfaces assigned to some other network ID, a Layer 3 internetworking device that can route data between the networks is needed. This is
true even when the devices share the same physical media segment or VLAN. A network ID enables a router to put a packet onto the appropriate network segment. The host ID helps the router deliver the Layer 2 frame, encapsulating the packet to a specific
host on the network. As a result, the IP address is mapped to the correct MAC address, which is needed by the Layer 2 process on the router to address the frame. Specific guidelines exist for assigning IP addresses in a network. First, each device or
interface must have a nonzero host number. Figure 1-34 shows devices and routers with IP addresses assigned.
Figure 1-34 Host Addresses
Each wire is identified with the network address. This value is not assigned, but it is assumed. A value of 0 means “this network” or “the wire itself” (for example, 172.16.0.0). This is the information used by the router to identify each network. The routing table contains entries for network or wire addresses; it usually does not contain any information about hosts.
As soon as the network portion is determined by the classification, you can determine the total number of hosts on the network by summing all available 1 and 0 combinations of the remaining address bits and subtracting 2. You must subtract 2 because an address consisting of all 0 bits specifies the network, and an address of all 1 bits is used for network broadcasts.
The same result can be derived by using the following formula:
2N – 2 (where N is the number of bits in the host portion)
Figure 1-35 illustrates a Class B network, 172.16.0.0. In a Class B network, 16 bits are used for the host portion. Applying the formula 2N – 2 (in this case, 216 – 2 = 65,534) results in 65,534 usable host addresses.
All classful addresses have only a network portion and host portion. So, the router(s) within the internetwork know it only as a single network, and no detailed knowledge of the internal hosts is required. All datagrams addressed to network 172.16.0.0 are treated the same, regardless of the third and fourth octets of the address.
Figure 1-35 Determining the Available Host Addresses
Each class of a network allows a fixed number of hosts. In a Class A network, the first octet is assigned for the network, leaving the last three octets to be assigned to hosts. The first host address in each network (all 0s) is reserved for the actual network address, and the final host address in each network (all 1s) is reserved for broadcasts. The maximum number of hosts in a Class A network is 224 – 2 (subtracting the network and broadcast reserved addresses), or 16,777,214.
In a Class B network, the first two octets are assigned for the network, leaving the final two octets to be assigned to hosts. The maximum number of hosts in a Class B network is 216 – 2, or 65,534.
In a Class C network, the first three octets are assigned for the network. This leaves the final octet to be assigned to hosts, so the maximum number of hosts is 28 – 2, or 254.
Just as local broadcasts and directed broadcasts are special network addresses, you also find a special host address known as the loopback address that is used to test the TCP/IP stack on a host. This address is 127.0.0.1.
Another common special host address that many people run into is the autoconfiguration IP address assigned when neither a statically nor a dynamically configured IP address is found on startup. Hosts supporting IPv4 link-local addresses (RFC 3927) generate an address in the 169.254.X.X/16 prefix range. The address can be used only for local network connectivity and operates with many caveats, one of which is that it is not routed. These addresses are usually encountered when a host fails to obtain an address via startup using DHCP.
Public and Private IP Addresses
Some networks connect to each other through the Internet, whereas others are private. Public and private IP addresses are required, therefore, for both of these network types.
Internet stability depends directly on the uniqueness of publicly used network addresses. Therefore, some mechanism is needed to ensure that addresses are, in fact, unique. This responsibility originally rested within an organization known as the InterNIC (Internet Network Information Center). This organization was succeeded by the Internet Assigned Numbers Authority (IANA). IANA carefully manages the remaining supply of IP addresses to ensure that duplication of publicly used addresses does not occur. Such duplication would cause instability in the Internet and compromise its capability to deliver datagrams to networks using the duplicated addresses.
To obtain an IP address or block of addresses, you must contact an Internet service provider (ISP). The ISP allocates addresses from the range assigned by their upstream registry or their appropriate regional registry, which is managed by IANA, as follows:
- Asia Pacific Network Information Center (APNIC)
- American Registry for Internet Numbers (ARIN)
- Réseaux IP Europens Network Coordination Centre (RIPE NCC)
With the rapid growth of the Internet, public IP addresses began to run out, so new addressing schemes such as classless interdomain routing (CIDR) and IPv6 were developedto help solve the problem. CIDR and IPv6 are discussed later in this chapter in the “Address Exhaustion” section. Although Internet hosts require a globally unique IP address, private hosts that are not connected to the Internet can use any valid address, as long as it is unique within the private network. Because many private networks exist alongside public networks, grabbing “just any address” is strongly discouraged. Therefore, the IETF defined 3 blocks of IP addresses (1 Class A network, 16 Class B networks, and 256 Class C networks) in RFC 1918 for private, internal use. Addresses in this range are not routed on the Internet backbone, as shown in Table 1-2. Internet routers are configured to discard private addresses as defined by RFC 1918.
Table 1-2 Private IP Addresses
If you are addressing a nonpublic intranet, these private addresses can be used instead of globally unique addresses. If you want to connect a network using private addresses to the Internet, however, it is necessary to translate the private addresses to public addresses. This translation process is referred to as Network Address Translation (NAT). A router is often the network device that performs NAT
The growth of the Internet has resulted in enormous demands for IP addresses. This section describes the capabilities of IPv4 in relation to that demand. When TCP/IP was first introduced in the 1980s, it relied on a two-level addressing scheme,
which at the time offered adequate scalability. The architects of TCP/IP could not have predicted that their protocol would eventually sustain a global network of information, commerce, and entertainment. Twenty years ago, IPv4 offered an addressing strategy that, although scalable for a time, eventually resulted in an inefficient allocation of addresses. The Class A and B addresses make up 75 percent of the IPv4 address space, but a relative handful of organizations (fewer than 17,000) can be assigned a Class A or B network number. Class C network addresses are far more numerous than Class A and B addresses,
although they account for only 12.5 percent of the possible 4 billion IP addresses, as shown in Figure 1-36.
Unfortunately, Class C addresses are limited to 254 hosts, which does not meet the needs of larger organizations that cannot acquire a Class A or B address.
Table 1-2 Private IP Addresses
As early as 1992, the IETF identified two specific concerns:
- The Class B address category was on the verge of depletion, and the remaining, unassigned IPv4 network addresses were nearly depleted at the time.
- As more Class C networks came online to accommodate the rapid and substantial increase in the size of the Internet, the resulting flood of new network information threatened the capability of Internet routers to cope effectively.
Over the past 20 years, numerous extensions to IPv4 have been developed to improve the efficiency with which the 32-bit address space can be used.
In addition, an even more extendable and scalable version of IP, IPv6, has been defined and developed. An IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits. It provides 3.4 x 1038 IP addresses. This version of IP should provide sufficient addresses for future Internet growth needs. Table 1-3 compares IPv4 and IPv6 addresses.
Table 1-3 IPv6 Addresses
After years of planning and development, IPv6 is slowly being implemented in select networks. Eventually, IPv6 might replace IPv4 as the dominant internetwork protocol.
Another solution to the shortage of public IP addresses is a different kind of routing. CIDR is a new addressing scheme for the Internet that allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme allows.
First introduced in 1993 and later deployed in 1994, CIDR dramatically improved the scalability and efficiency of IPv4 in the following ways:
- It replaced classful addressing with a more flexible and less wasteful scheme.
- It provided enhanced route aggregation, also known as supernetting. As the Internet
grows, routers on the Internet require huge memory tables to store all the routing information. Supernetting helps reduce the size of router memory tables by combining and summarizing multiple routing information entries into one single entry. This
reduces the size of router memory tables and also allows for faster table lookup.
A CIDR network address looks like this:
The 192.168.54.0 is the network address itself and the /23 means that the first 23 bits are the network part of the address, leaving the last 9 bits for specific host addresses. The effect of CIDR is to aggregate, or combine, multiple classful networks into a single larger network. This aggregation reduces the number of entries required in the IP routing tables and allows the provisioning a larger number of hosts within the network. Both are done without using a network ID from the next larger classful address group.
With the CIDR approach, if you need more than 254 host addresses, you can be assigned a /23 address instead of wasting a whole Class B address that supports 65,534 hosts.
Figure 1-37 shows an example of using CIDR. Company XYZ asks for an address block from its ISP, not a central authority. The ISP evaluates company XYZ’s needs and allocates address space from its own large CIDR block of addresses. CIDR blocks can be, and are, assigned by the regional authorities to governments, service providers, enterprises, and organizations.
Figure 1-37 CIDR Addressing
NOTE Figure 1-37 shows an example using private IP addresses as defined in RFC 1918. These addresses would never be used by an ISP for C IDR, but they are shown here merely as an illustration. Public addresses are not used in this example for security reasons.
In this example, the ISP owns the 192.168.0.0/16 address block. The ISP announces only this single 192.168.0.0/16 address to the Internet (even though this address block actually consists of many Class C networks). The ISP assigns the smaller 192.168.54.0/23 address block within the larger 192.168.0.0/16 address block to the XYZ company. This assignment allows the XYZ company to have a network that can have up to 510 hosts (29 – 2 = 510), or that network can be subdivided into multiple smaller subnets by the XYZ company.
Providers assume the burden of managing address space in a classless system. With this system, Internet routers keep only one summary route, or supernet route, to the provider’s network, and only the individual provider keeps routes that are more specific to its own customer networks. This method drastically reduces the size of internetwork routing tables.
Dynamic Host Configuration Protocol
Host addresses are assigned to devices either manually or automatically. Automated methods make administration of devices easier, so they are the ones most often employed. Several automated methods that use protocols for assigning IP addresses exist, and DHCP is the most popular of those methods.
DHCP is a protocol used to assign IP addresses automatically and to set TCP/IP stack configuration parameters, such as the subnet mask, default router, and Domain Name System (DNS) servers for a host. DHCP is also used to provide other configuration information as necessary, including the length of time the address has been allocated to the host. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocating network addresses to hosts. DCHP addresses are usually obtained on startup, and Figure 1-38 shows
the communication that takes place to obtain the address.
Using DHCP, a host can obtain an IP address quickly and dynamically. All that is required is a defined range of IP addresses on a DHCP server. As hosts come online, they contact the DHCP server and request address information. The DHCP server selects an address and allocates it to that host. The address is only “leased” to the host, so the host periodically contacts the DHCP server to extend the lease. This lease mechanism ensures that hosts that have been moved or are switched off for extended periods of time do not hold on to addresses that they are not using. The addresses are returned to the address pool by the
DHCP server to be reallocated as necessary.
DHCP is a protocol specified by RFC 2131, superseding RFC 1541. DHCP is based on the Bootstrap Protocol (BOOTP), which it has effectively superseded. IP addresses can also be assigned statically by configuring the host manually. Domain Name System Another important parameter used in TCP/IP is DNS. DNS is a mechanism for converting symbolic names into IP addresses. The DNS application frees users of IP networks from the burden of having to remember IP addresses. Without this freedom, the Internet would not be as popular or as usable as it is. The DNS address is a server that provides the DNS services. The address is typically assigned during the DCHP address assignment or can be assigned manually.
Figure 1-38 DHCP Request
Using Common Host Tools to Determine the IP Address of a Host
Most operating systems provide a series of tools that can be used to verify host addresses and DNS addresses For a Microsoft Windows device the Network Connections tab under System setup enables you to set and view the IP address configured on the PC. As shown in Figure 1-39, this PC is configured to obtain the address from a DHCP server.
Figure 1-39 TCP/IP Properties
To determine the actual address of the device, the command ipconfig can be used from the command line to display all current TCP/IP network configuration values and refresh DHCP and DNS settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. Figure 1-40 shows an example of an IPCONFIG output.
Figure 1-40 IPCONFIG Output
You can run ipconfig with various flags to determine exactly what output should be displayed. The syntax flags are as follows:
ipconfig [/all] [/renew [ Adapter]] [/release [ Adapter]] [/flushdns] [/displaydns] [/registerdns] [/showclassid Adapter] [/setclassid Adapter [ ClassID]] The parameters are as follows:
- /all: Displays the full TCP/IP configuration for all adapters. Without this parameter,
- ipconfig displays only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dialup connections.
- /renew [Adapter]: Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.
- /release [Adapter]: Sends a DHCPRELEASE message to the DHCP server to release the current DHCP configuration and discard the IP address configuration for either all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.
- /flushdns: Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as any other entries that have been added dynamically.
- /displaydns: Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local hosts file and any recently obtained resource records for name queries resolved by the computer. The DNS client service uses this information to resolve frequently queried names quickly, before querying its
configured DNS servers.
- /registerdns: Initiates manual dynamic registration for the DNS names and IP addresses that are configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or resolve a dynamic update problem between a client and the DNS server without rebooting the client computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names are registered in DNS.
- /showclassid Adapter: Displays the DHCP class ID for a specified adapter. To see the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically.
- /setclassid Adapter [ClassID]: Configures the DHCP class ID for a specified adapter. To set the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. If a DHCP class ID is not specified, the current class ID is removed.
- /?: Displays help at the command prompt.