Addressingenablesdatacommunicationbetweenhostsonthesamenetworkorondifferent

networks.Designing,implementing,andmanaginganeffectiveIPv4addressingplanensuresthat
networkscanoperateeffectivelyandefficiently.
IPv4Addresses
AnatomyofanIPv4Address
Eachdeviceonanetworkmustbeuniquelydefinedbyanetworklayeraddress.Thepacketalso
identifiedwiththesourceanddestinationaddressofthetwoendsystems.
Theseaddressesarerepresentedinthedatanetworkasbinarypatterns.Digitallogicisappliedfor
theinterpretationoftheseaddresses.IPv4addressesarerepresentedusingdotteddecimalformat.
DottedDecimal
RepresentingIPv4addressesasdotteddecimalbeginsbyseparatingthe32bitsoftheaddressinto
bytes.Eachbyteofthebinarypattern,calledanoctet,isseparatedwithadot.
10101100000100000000010000010100>172.16.4.20
NetworkandHostPortions
Themostsignificantbits,orhigherorderbits,representsthenetworkaddress.Allthebitsinthe
networkportionoftheiraddressesareidentical.
172.16.4.20>networkhost
Avariablenumberofbitsrepresentthehostportionoftheaddress.Thenumberofbitsusedinthis
hostportiondeterminesthenumberofhostswithinthenetwork.
Youdeterminehowmanybitsarerequiredforthehostportionbasedonthenumberofhoststhata
networkrequires.
BinarytoDecimalConversion
PositionalNotation
Positionalnotationmeansthatadigitrepresentsdifferentvaluesdependingonthepositionit
occupies.Thevaluethatadigitrepresentsisthevalueofthedigitmultipliedbythepowerofthe
base,orradix,representedbythepositionthedigitoccupies.
BinaryNumberingSystem
Eachpositionrepresentsincreasingpowersof2.
Thebase2numberingsystemhasonlytwodigits:0and1.Whenabyteisinterpretedasadecimal
number,thequantitythatpositionrepresentsisaddedtothetotalifthedigitisa1and0isaddedif
thedigitisa0
Powersof2 2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0

Decimalvalue 128 64 32 16 8 4 2 1
Binarydigit 1 0 1 0 1 1 0 0
Positionvalue 128 0 32 0 8 4 0 0
Totalvalue 128+0+32+0+8+4+0+0=172
BinaryCounting
Countingisonly0and1beforeanewcolumnisadded.
DecimaltoBinaryConversions
Youstartbydeterminingwhetherthedecimalnumberofanoctetisequaltoorgreaterthanthe
largestdecimalvaluerepresentedbythemostsignificantbit.Inthehighestposition,youdetermine
whetherthevalueisequaltoorgreaterthan128.Ifthevalueissmallerthan128,youplacea0in
the128positionandmovetothe64bitposition.Ifthevalueinthe128postionislargerthanor
equalto128,placea1inthe128positionandsubtract128fromthenumberbeingconverted.You
continuethisprocessforalltheremainingbitpositions:64,32,16,8,4,2and1.
Youneedtoconverteachoctetindividually.Thisprocessbeginswiththeconversionofthemost
significantoctet.
AddressingTypesofCommunication:Unicast,Broadcast,Multicast
InanIPv4network,thehostscancommunicateinoneofthreedifferentways:
Unicast: theprocessofsendingapacketfromonehosttoanindividualhost
Broadcast: theprocessofsendingapacketfromonehosttoallhostsinthenetwork
Multicast: theprocessofsendingapacketfromonehosttoaselectedgroupofhosts
Eachofthesethreetypessupportsdifferenttypesofcommunicationinthedatanetworksanduses
differentIPv4destinationaddresses.Inallthreecases,theIPv4addressoftheoriginationhostis
placedinthepacketheaderasthesourceaddress.
UnicastCommunicationandAddresses
Unicastisthemostcommontypeofcommunication.Thisisthenormalhosttohostcommunication
inbothaclient/serverandapeertopeernetwork.Thehostaddressesassignedtothetwoend
devicesareusedasthesourceanddestinationIPv4addresses.Duringtheencapsulationprocess,the
sourcehostplacesitsIPv4addressintheunicastpacketheaderasthesourceshostaddressandthe
IPv4addressofthedestinationhostinthepacketheaderasthedestinationaddress.Theunicast
packetcanbeforwardedthroughaninternetworkusingthesameaddresses.(Figure66)
BroadcastCommunicationandAddresses
Broadcastcommunicationistheprocessofsendingapacketfromonehosttoallhostsinthe
network.Broadcastandmulticastcommunicationusespecialaddressesasthedestinationaddress.
Thisspecialaddressiscalledthebroadcastaddressandallowsallthereceivinghoststoacceptthe
packet.Ahostprocessesthepacketasitwouldapackettoitsunicastaddress.Broadcastsare
generallyrestrictedtothelocalnetwork.Broadcasttransmissionisusedforthelocationofspecial
services/devicesforwhichtheaddressisnotknownorwhenahostneedstoprovideinformationto
allthehostsonthenetwork.(Requestinganaddress,mappingupperlayeraddressestolowerones)
Whenahostneedsinformation,thehostsendsarequest,calledaquery,tothebroadcastaddress.
Allhostsinthenetworkreceiveandprocessthisquery.Oneormoreofthehostswiththerequested
informationwillrespond,typicallyusingunicast.
Unlikeunicast,wherethepacketscanberoutedthroughouttheinternetwork,broadcastpacketsare
usuallyrestrictedtothelocalnetworkandnotforwardedbyarouter.
Twotypesofbroadcasts:directedandlimitedbroadcasts.Eachofthemusesadifferentmethodof
IPv4addressing.

DirectedBroadcast
Directedbroadcastissendtoallhostsonaspecificnetwork.Thistypeisusefulforsendinga
broadcasttoallhostsonanonlocalnetwork.DirectedbroadcastusesanIPv4destinationaddress
thatisthehighestaddressinanetwork:255>172.16.4.255
LimitedBroadcast
Limitedbroadcastisusedforcommunicationthatislimitedtothehostsonthelocalnetwork.These
packetsuseadestinationIPv4addressofall1s(255.255.255.255).Routersdonotforwardthis
broadcast.Packetsaddressedtothelimitedbroadcastaddresswillonlyappearonthelocalnetwork.
ThesourcehostcreatesasinglepacketaddressedtotheLayer3broadcastaddress.Thelowerlayer
serviceswilluseacorrespondingdatalinklayeraddresstoforwardthispackettoallthehosts.When
acopyofthispacketarrivesateachenddevice,thedevicesrecognizethatitisaddressedtoallthe
devicesandprocessesthepacket.(Figure67)
Whenapacketisbroadcast,itusesresourcesonthenetworkandforceseveryhostonthenetwork
thatreceivesthepackettoprocessit.Broadcasttrafficshouldbelimitedsothatitdoesnotadversely
affecttheperformanceofthenetworkordevices.Becauseroutersseparatedomains,subdividing
networkswithexcessivebroadcasttrafficcanimprovenetworkperformance.
MulticastCommunicationandAddresses
MulticasttransmissionisdesignedtoconversethebandwidthoftheIPv4network.Itreducestraffic
byallowingahosttosendasinglepackettoaselectedsetofhosts.Asourcehostwouldsendan
individualpacketaddressedtoeachhost.Thesourcehostcansendasinglepacketthatcanreach
thousandsofdestinationhosts.(Videoandaudiobroadcasts,newsfeeds).
Hoststhatwanttoreceiveparticularmulticastdataarecalledmulticastclients.Theyuseservices
initiatedbyaclientprogramtosubscribetothemulticastinggroup.Thescopeofmulticasttrafficis
oftenlimitedtothelocalnetworkorroutedthroughaninternetwork.(Figure68)
TheIPv4addressesfrom224.0.0.0to239.255.255.255arereservedformulticastcommunication.
Thismulticastaddressrangeissubdividedintodifferenttypesofaddresses:reservedlinklocal
addressesandgloballyscopedaddresses.Oneadditionaltypeistheadministrativelyscoped
addresses,alsocalledlimitedscopeaddresses.
IPv4addressesfrom224.0.0.0to224.0.0.255arereservedlinklocaladdresses.Theyareusedfor
multicastgroupsonalocalnetwork.Packetstothesedestinationsarealwaystransmittedwitha
TimetoLive(TTL)valueof1.Aroutershouldneverforwardthemoutsidethelocalnetwork.
Thegloballyscopedaddressesare224.0.1.0to238.255.255.255.Theycanbeusedtomulticastdata
acrosstheInternet.
IPv4AddressesforDifferentPurposes
ManyoftheIPv4unicastaddresseshavebeenreservedforspecialpurposes.Someofthese
addresseslimitthescopeorfunctionalityofthehoststowhichtheyareassigned.Otherreserved
addressescannotbeassignedtohosts.
TypesofAddressesinanIPv4NetworkRange
Networkaddress: referstothenetwork
Broadcastaddress: isusedtosenddatatoallhostsinthenetwork
Hostaddress: isassignedtotheenddevicesinthenetwork
Twoaddressescannotbeassignedtodevices:networkandbroadcastaddress.
NetworkAddress
Thenetworkaddressisastandardwaytorefertoanetwork.(Figure69)
Thisaddresscannotbeassignedtoadeviceandisnotusedasanaddressforcommunicationinthe
network.Itisonlyusedasareferencetothenetwork.Thelowestaddressisreservedforthe
networkaddress(10.0.0.0).
BroadcastAddress
Thisaddressisusedincommunicationtoallthehostsinanetwork.Thisaddressallowsasingle
packettocommunicatetoallthehostsinthatnetwork.Tosenddatatoallhostsinanetwork,ahost
cansendasinglepacketthatisaddressedtothebroadcastaddressofthenetwork.
Thebroadcastaddressusesthehighestaddressinthenetworkrange(10.0.0.255).
HostAddresses
Everyenddevicerequiresauniqueunicastaddresstodeliverapackettothathost.Thevalues
betweenthenetworkaddressandthebroadcastaddressaretothedevicesinthatnetwork.
Addressesbetween10.0.0.1to10.0.0.254canbeassignedtothehostsinthislogicalnetwork.
NetworkPrefixes
WhenanIPv4networkaddressisexpressed,youaddaprefixlengthtothenetworkaddress.This
prefixlengthisthenumberofbitsintheaddressthatgivesthenetworkportion.Thisprefixlengthis
writteninslashformat:172.16.4.0/24(Table69)
SubnetMask:DefiningtheNetworkandHostPortionsoftheAddress
Theprefixandthesubnetmaskaredifferentwaysofrepresentingthesameinformation:the
networkportionofanaddress.Theprefixlengthtellsyouthenumberofbitsintheaddressthatare
thenetworkportioninawaythatiseasiertocommunicatetohumans.Thesubnetmaskisusedin
datanetworkstodefinethisnetworkportionforthedevices.
Thesubnetmaskisa32bitvalue.Thesubnetmaskisexpressedinthesamedotteddecimalformat
astheIPv4address.
Thesubnetmaskiscreatedbyplacingabinary1ineachappropriatebitpositionthatrepresentsa
networkbitoftheaddressandplacingabinary0intheremainingbitpositionthatrepresentsthe
hostportionoftheaddress.(Table610)
Therearealimitednumberof8bitpatternsusedinaddressmasks.(Table611)
IPv4ExperimentalAddressRange
Theblockofaddressesfrom224.0.0.0to239.255.255.255isreservedfortheaddressingofmulticast
groups.AlltheIPv4addresseshigherthanthemulticastrangearealsoreservedforspecialpurposes.
Theaddressrangeof244.0.0.0to255.255.255.254istheIPv4experimentaladdresses.Theyare
reservedforfutureuse(RFC3330)andcannotbeusedinIPv4networks.
Addressrangeof0.0.0.0to223.255.255.255areusedforIPv4hosts.
PublicandPrivateAddresses
PublicaddressesaredesignatedforuseinnetworksthatareaccessibleontheInternet.
PrivateaddressesareblocksofaddressesusedinnetworksthatrequirelimitedornoInternet
access.
Theprivateaddressblocksare
10.0.0.0/8 (10.0.0.0 to 10.255.255.255)
172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
192.168.0.0/16 (192.168.0.0 to 192.168.255.255)
Privatespaceaddressblocksaresetasideforuseinprivatenetworks.Theuseoftheseaddresses
neednotbeuniqueamongoutsidenetworks.
Manyhostsindifferentnetworkscanusethesameprivatespaceaddresses.Packetsusingthese
addressesasthesourceordestinationshouldnotappearonthepublicInternet.Therouteror
firewalldeviceattheperimeteroftheseprivatenetworksmustblockortranslatetheseaddresses.
PacketswithprivatespacedestinationaddressesarenotroutableacrosstheInternet;servicesto
translatepacketsfromhostusingprivateaddressesarerequired.TheseservicesarecalledNetwork
AddressTranslation(NAT).NATchangesheprivatespaceaddressesintheIPv4packetheadertoa
publicspaceaddress.(Figure610)
SpecialUnicastIPv4Addresses
Specialaddressescanalsobeassignedtohostsbutwithrestrictionsonhowthosehostscaninteract
withinthenetwork.Defaultroute,loopbackaddress,linklocaladdress,testnetaddress.
DefaultRoute
TheIPv4defaultrouteis0.0.0.0.Thisrouteisacatchallroutetoroutepacketswhenamore
specificrouteisnotavailable.
Loopback
127.0.0.0/8isreservedintheIPv4hostsforthe127.0.0.1loopback.Theloopbackisaspecialaddress
thathostsusetodirecttraffictothemselves.Theloopbackaddresscreatesashortcutmethodfor
TCP/IPapplicationsandservicesthatrunonthesamedevicetocommunicatewithoneanother.
Noaddresswithinthisblockshouldeverappearonanynetwork.
LinkLocalAddresses
169.254.0.0/16addressblocksaredesignatedaslinklocaladdresses.Theseaddressescanbe
automaticallyassignedtothelocalhostbytheoperatingsysteminenvironmentswherenoOP
configurationisavailable.Thesemightbeusedinasmallpeertopeernetworkorforahostthat
couldnotautomaticallyobtainanaddressfromaDynamicHostConfigurationProtocol(DHCP)
server.Onlysuitableforcommunicationwithotherdevicesconnectedtothesamenetwork.Ahost
mustsendapacketwithanIPv4linklocaldestinationaddresstoanyrouterforforwardingand
shouldsettheIPv4TTLforthesepacketsto1.
Linklocaladdressesdonotprovideservicesoutsidethelocalnetwork.
TestNetAddresses
192.0.2.0/24istheaddressblockforthetestnetaddresses;theyaresetasideforteachingand
learningpurposes.Theseaddressescanbeusedindocumentationandnetworkexamples.Addresses
withinthisblockshouldnotappearontheInternet
ReservedandspecialpurposeIPv4addresses:table612
LegacyIPv4Addressing
Intheearly1980stheIPv4addressingrangewasdividedintothreedifferentclasses:A,BandC.Each
classofaddressesrepresentednetworksofaspecificfixedsize.
Inthelate1980sandearly1990s,thesubnetmaskwasaddedtotheIPv4addressingscheme.
Bythemid1990s,mostoftherestrictionsofthisclassbasedaddressingsystemhadbeenremoved
fromthestandardsandtheequipmentoperation.(Table613)
HistoricNetworkClasses
RFC1700definedtheunicastrangesclassA,classBandclassCaddressesintospecificsizes.Italso
definedclassD(multicast)andclassE(experimental)addresses.
Theuseofaddressspaceisreferredtoasclassfuladdressing.
ClassABlocks
TheclassAaddressblockwasdesignedtosupportextremelylargenetworkswhitmorethan16
millionhostaddresses.Theyusedafixed/8prefixwiththefirstoctettoindicatethenetwork
address,theremainingthreeoctetswereusedforhostaddresses.
ClassBBlocks
ClassBaddressspacewasdesignedtosupporttheneedsofmoderatetolargesizenetworkswith
morethan65.000hosts.AClassBIPaddressusedthetwohighorderoctetstoindicatethenetwork
address.
ClassCBlocks
ClassCaddressspacewasintendedtoprovideaddressesforsmallnetworkswithamaximumof254
hosts.ClassCaddressblocksuseda/24prefix,theyonlyusedthelastoctetashostaddresses.
LimitstotheClassfulAddressingSystem
Notallorganizationsaddressingrequirementsfitwellintooneofthesethreeclasses.Classful
allocationofaddressspaceoftenwastedmanyaddresses,whichexhaustedtheavailabilityofIPv4
addresses.Thisclassfulsystemwasabandonedinthelate1990s.
ClasslessAddressing
Classlessaddressingisthesystemthatiscurrentlyinuse.Addressblocksappropriatetothenumber
ofhostsareassignedtocompaniesororganizationswithoutregardtotheunicastclass.Using
networksoffixedsized,thathavemadeIPv4addressingmoreviable.
AssigningAddresses
PlanningtoAddresstheNetwork
Theallocationofnetworklayeraddressspacewithinthecorporatenetworkneedstobewell
designed.Networkadministratorsshouldplananddocumenttheallocationoftheseaddressesinside
thenetworksforthefollowingpurposes:preventing,providingandmonitoring.
PreventingDuplicationofAddresses
Eachhostinaninternetworkmusthaveauniqueaddress.Withouttheproperplanningofthese
networkallocations,youcouldeasilyassignanaddresstomorethanonehost.AduplicateIPaddress
foravitaldeviceonthenetwork,canaffecttheoperationofmanyotherhosts.
ProvidingandControllingAccess
Somehosts,suchasservers,provideresourcestotheinternalnetworkaswellastotheexternal
network.Accesstotheseresourcescanbecontrolledbythelayer3address.Iftheaddressesfor
theseresourcesarenotplannedanddocumented,thesecurityandaccessibilityofthedevicesare
noteasilycontrolled.
MonitoringSecurityandPerformance
Youwillneedtomonitorthesecurityandperformanceofthenetworkhostsandthenetworkasa
whole.Aspartofthemonitoringprocess,youexaminenetworktraffic,lookingforaddressesthatare
generatingorreceivingexcessivepackets.
AssigningAddresseswithinaNetwork
HostsareassociatedwithanIPv4networkbyacommonnetworkportionoftheaddress.Withina
network,therearedifferenttypesofhost,suchas:enddevices,serversandperipherals,hosts
Eachofthesedifferentdevicetypesshouldbeallocatedtoalogicalblockofaddresseswithinthe
addressrangeofthenetwork.
Iftherearemoredevicesthanavailablepublicaddresses,onlythosedevicesthatwilldirectlyaccess
theInternet,suchaswebservers,requireapublicaddress.ANATservicewouldallowthosedevices
withprivateaddressestoeffectivelysharetheremainingpublicaddresses.
StaticorDynamicAddressingforEndUserDevices
AddressesforUserDevices
Inmostdatanetworks,thelargestpopulationofhostsincludestheenddevicessuchasPCsand
printers.Thelargestnumberofdeviceswithinanetwork,thelargestnumberofaddressesshouldbe
allocatedtothesehosts.Addressesinthenetworkcanbeassignedtohostsstaticallyordynamically.
StaticAssignmentofAddresses
Withastaticassignment,thenetworkadministratormustmanuallyconfigurethenetwork
informationforahost.ThisincludesenteringthehostIPaddress,subnetmaskanddefaultgateway.
Advantages:usefulforprinters,serversandothernetworkingdevicesthatneedtobeaccessibleto
clientsonthenetwork.Theycanprovideincreasedcontrolofnetworkresources.
Disadvantage:timeconsumingtoentertheinformationoneachhost.
WhenusingstaticIPaddressing,itisnecessarytomaintainanaccuratelistoftheIPaddressassigned
toeachdevice.
DynamicAssignmentofAddresses
Enduserdevicesoftenhaveaddressesdynamicallyassigned,usingDHCP.
DHCPenablestheautomaticassignmentofaddressinginformationsuchasIPaddress,subnetmask,
defaultgateway,andotherconfigurationinformation.Anaddresspoolcanbedefinedtobeassigned
totheDHCPclientsonanetwork.
DHCPisthepreferredmethodofassigningIPaddressestohostonlargenetworksbecauseitreduces
theburdenonnetworksupportstaffandvirtuallyeliminatesentryerrors.
Benefit:anaddressisnotpermanentlyassignedtoahostbutonlyleasedforaperiodoftime.
SelectingDeviceAddresses
AddressesforServersandPeripherals
AnynetworkresourceshouldhaveastaticIPv4address.Predictableaddressesforeachofthe
serversandperipheralsarenecessary.
Serversandperipheralsareaconcentrationpointfornetworktraffic.Whenmonitoringnetwork
trafficwithatool,anetworkadministratorshouldbeabletorapidlyidentifythesedevices.
AddressesforHoststhatareAccessiblefromtheInternet
Inmostinternetworks,onlyafewdevicesareaccessiblebyhostsoutsidethecorporation.These
devicesareusuallyserversofsometype.Alldevicesinanetworkthatprovidesnetworksresources,
theIPv4addressesforthesedevicesshouldbestatic.
Additionalconfigurationintheperimeterintermediarydevice,itisevenmoreimportantthatthese
deviceshaveapredictableaddress.
AddressesforIntermediaryDevices
Intermediarydevicesarealsoaconcentrationpointfornetworktraffic.Thesenetworkdevices
provideanopportunelocationfornetworkmanagement,monitoringandsecurity.
MostintermediarydevicesareassignedLayer3addresses.Devicessuchashubs,switchesand
wirelessaccesspointdonotrequireIPv4addressestooperateasintermediarydevices.Toaccess
thesedevicesashoststoconfigure,monitor,ortroubleshootnetworkoperation,theyneedtohave
addressesassigned,theyshouldhavepredictableaddresses.Theiraddressesaremanuallyassigned.
AddressesforRoutersandFirewalls
RoutersandfirewalldeviceshaveanIPv4addressassignedtoeachinterface.Eachinterfaceisina
differentnetworkandserversasthegatewayforthehostsinthatnetwork.Therouterinterfaceuses
eitherthelowestorthehighestaddressinthenetwork.
Routerandfirewallinterfacesaretheconcentrationpointfortrafficenteringandleavingthe
network.(Table614)showsanexampleofdesigningaddressinggroupsforanetwork.Securityrules.
InternetAssignedNumbersAuthority(IANA)
AcompanyororganizationthatwantstohavenetworkhostsaccessiblefromtheInternetmusthave
ablockofpublicaddressesassigned.Theuseofthesepublicaddressesisregulatedandthecompany
musthaveablockofaddressesallocatedtoit.
IANAisthemasterholderoftheIPaddresses.TheIANAallocatedremainingIPv4addressspaceto
variousotherregistriestomanageforparticularpurposesorforregionalareas.Theseregistration
companiesarecalledRegionalInternetRegistries(RIR).Examples:p204.
ISPs
MostcompaniesobtaintheirIPv4addressblocksfromanInternetserviceprovider(ISP).AnISPwill
generallysupplyasmallnumberofusableIPv4addressestoitscustomersasapartofitsservices.
TheISPloansorrentstheseaddressestotheorganization.
ISPServices
TogetaccesstotheservicesoftheInternet,youhavetoconnectyourdatanetworktotheInternet
usinganISP.ISPshavetheirownsetofinternaldatanetworktomanageInternetconnectivityandto
providerelatedservices.OtherservicesthatanISPgenerallyprovidesareDNSservices,email
servicesandawebsite.
ISPTiers
ISPsaredesignatedbyahierarchybasedontheirlevelofconnectivitytotheInternetbackbone.
EachlowertierobtainsconnectivitytothebackbonethroughaconnectiontoahighertierISP.
(Figure612)
Tier1
AtthetopoftheISPhierarchyaretier1ISPs.TheyarelargenationalorinternationalISPsdirectly
connectedtotheInternetbackbone.ThecustomersarelowertieredISPsorlargecompanies.They
engineerhighlyreliableconnectionsandservices.
Advantage:reliabilityandspeed.Disadvantage:highcost.
Tier2
Tier2ISPsacquiretheirInternetservicesfromtier1ISPs.Tier2ISPsgenerallyfocusonbusiness
customersandusuallyoffermoreservicesthantheothertwotiers.TheyhavetheITresourcesto
operatetheirownservicessuchasDNS,emailserversandwebservers.
Disadvantage:slowerInternet,poorerreliabilitythantier1ISPs.
Tier3
Tier3ISPspurchasetheirInternetservicesfromtier2ISPs.Theyfocusonretailandhomemarketsin
aspecificlocale.Theirprimaryneedisconnectivityandsupport.Theyhavereducedbandwidthand
lessreliabilitythantier1.Theyareoftengoodchoicesforsmalltomediumsizecompanies.
CalculatingAddresses
ToworkwithIPv4networks,youneedtobeabletodevelopanddetermineproperaddressing.
IstheHostonmyNetwork?
Youwillneedtodeterminewhathostsareinagivennetwork.
ANDing:WhatisinYourNetwork?
WhencreatingorforwardinganIPv4packet,thedestinationnetworkaddressmustbeextracted
fromthedestinationaddress.ThisisdonebyalogiccalledAND.
TheIPv4hostaddressislogicallyANDedwithitssubnetmasktodeterminethenetworkaddressto
whichthehostsassociated.WhenthisANDingbetweentheaddressandthesubnetmaskis
performed,theresultyieldsthenetworkaddress.
ANDOperation
ANDisusedtodeterminatethenetworkaddress.LogicalANDisthecomparisonoftwobits.
1and1=1,elseresult=0
ReasonstoUseAND
RoutersuseANDingtodetermineanacceptablerouteforanincomingpacket.Thisyieldsanetwork
addressthatiscomparedtotheroutefromtheroutingtablewhosesubnetmaskwasused.
Anoriginatinghostmustdeterminewhetherapacketshouldbesentdirectlytoahostinthelocal
networkorbedirectedtothegateway.Tomakethisdetermination,ahostmustfirstknowitsown
networkaddress.
ImportanceofAND
Youneedtounderstandtheoperationofthenetworkdevices.Innetworkverificationand
troubleshooting,youoftenneedtodeterminewhatIPv4networkahostisonorwhethertwohosts
areonthesameIPnetwork.
ANDingProcess
Figure613
CalculatingNetwork,Hosts,andBroadcastAddresses
CalculatingtheNetworkAddress
Thenetworkaddressisthelowestaddressintheaddressblock.Torepresentanetworkaddress,all
thehostbitsare0.Figure614:172.16.20.0
CalculatingtheLowestHostAddress
Thisisalways1greaterthanthenetworkaddress.Figure615:172.16.20.1
CalculatingtheBroadcastAddress
Thebroadcastaddressofanetworkisthehighestaddressintheaddressblock.Itrequiresallthe
hostbitstobeset.Allhostbitsusedinthenetworkare1s.Figure616:172.16.20.127
CalculatingtheHighestHostAddress
Itis1lessthanthebroadcastaddress.Figure617:172.16.20.126
DeterminingtheHostAddressRange
Thehostrangeofthenetworkincludesalltheaddressesfromthelowesthostaddresstothehighest
hostaddressinclusive.Theaddressrangeis:172.16.20.1to172.16.20.126
BasicSubnetting
Theaddressrangeusedinaninternetworkneedstobedividedintonetworks.Eachofthese
networksmustbeassignedaportionoftheseaddressescalledasubnet.
Subnettingallowscreatingmultiplelogicalnetworksfromasingleaddressblock.
Youcreatethesubnetsbyreassigningoneormoreofthehostbitsasnetworkbits.Thisisdoneby
extendingtheprefixtoborrowsomeofthebitsfromthehostportionoftheaddresstocreate
additionalnetworkbits.Foreachbitborrowed,youdoublethenumberofsubnetworksavailable.
Witheachbityouborrow,youhavefewerhostbitstodefinethehostaddressesineachsubnet.
CreatingTwoSubnets
Formulatocalculatethenumberofsubnets:2
n
,wheren=thenumberofbitsborrowed.
Foreachsubnet,examinethelastoctetofthesubnetaddressinbinary.
Tocalculatethenumberofhostspernetwork,usetheformulaof2
n
2,wheren=thenumberofbits
leftforhosts.(Figure618.Table615)
CreatingThreeSubnets
Borrowingasinglebitwouldonlyprovidetwosubnets.Toprovidemorenetworks,youchangethe
subnetmaskandborrowtwobits.These2bitswillprovidefoursubnets.(Figure619.Table616)
CreatingSixSubnets
(Figure620.Table617)
Subnetting:DividingNetworksintoRightSizes
Somenetworks,suchaspointtopointWANlinks,onlyrequireamaximumoftwohosts.Other
networks,suchasuserLANinalargebuilding,mightneedtoaccommodatehundredsofhosts.The
numberofhostsineachdivisionshouldallowgrowthinthenumberofhosts.
Subnettinganaddressblockforaninternetworkusesthefollowingsteps:
DeterminetheTotalNumberofHosts
Considerthetotalnumberofhostsrequiredbytheentirecorporateinternetwork.Useablockof
addressesthatislargeenoughtoaccommodatealldevicesinallthecorporatenetworks.This
includesenduserdevices,servers,intermediatedevicesandrouterinterfaces.(Figure621)
DeterminetheNumberandSizeoftheNetworks
Considerthetotalnumberofnetworksandthenumberofhostsineachnetwork.Thenetworkis
subnettedtoovercomeissueswithlocation,sizeandcontrol.Indesigningtheaddressing,consider
thefactorsforgroupingthehoststhatwediscussedpreviously:Groupingbasedon:
commongeographiclocation
hostusedforspecificpurposes
ownership
EachWANlinkisanetwork.YoucreatesubnetsfortheWANthatinterconnectdifferentgeographic
locations.Whenconnectingthedifferentlocations,youusearoutertoaccountforthehardware
differencesbetweentheLANsandtheWAN.
Youcanhavesubnetworksforspecialhostssuchasservers.Alsoconsideranyspecialsecurityor
administrativeownershipneedsthatrequireadditionalnetworks.
Anetworkdiagramallowsyoutoseethenetworksandmakeamoreaccuratecount.
AllocatingAddresses
Allocatingnetworkaddressesforthelocationsthatrequirethemosthostsandworkdownwardto
thepointtopointlinks.Thisprocessensuresthatlargeenoughblocksofaddressesaremade
availabletoaccommodatethehostsandnetworksfortheselocations.
Plancarefullytoensurethattheaddressblocksassignedtothesubnetdonotoverlap.Use
spreadsheetsforplanning.(Figure622)
Youshouldsubnetanyofthelocationsthatrequirefurtherdividing.Thisfurtherdivisionofthe
addressessoftencalledsubnettingthesubnets.Youneedtocarefullyplantheaddressallocationso
thatyouhaveavailableblocksofaddress.(Figure623)
Thecreationofnew,smallernetworksfromagivenaddressblockisdonebyextendingthelengthof
theprefix,thatis,adding1stothesubnetmask.
DeterminetheTotalNumberofHosts
Asyoudividetheaddressrangeintosubnets,youlosetwohostaddressesforeachnewnetwork.
Thesearethenetworkaddressandthebroadcastaddress.
SubnettingaSubnet
Subnettingasubnet,orusingvariablelengthsubnetmask(VLSM),wasdesignedtomaximize
addressingefficiency.VLSMisapracticeassociatedwithclasslessaddressing.Whenidentifyingthe
totalnumberofhostsusingtraditionalsubnetting,youallocatethesamenumberofaddressesfor
eachsubnet.Ifallthesubnetshavethesamerequirementsforthenumberofhosts,thesefixedsize
addressblockswouldbeefficient.Thisisoftennotthecase.(Figure624)
Althoughyouhaveaccomplishedthetaskofdividingthenetworkintonadequatenumberof
subnets,itwasdonewithasignificantwasteofunusedaddresses.Thisinefficientuseofaddressesis
characteristicoffixedblocksizesthatisacarryoverfrompracticeswithclassfuladdressing.
Applyingastandardsubnettingschemetothisscenarioisinefficient.
GettingMoreSubnetforLessHosts
Theoriginalsubnetsweredividedtogainadditional,smallersubnetstousefortheWANlinks.
Creatingsmallersubnets,eachsubnetisabletosupporttowhosts,whichleavestheoriginalsubnets
freetobeallottedtootherdevicesandpreventsmanyaddressesfrombeingwasted.
AdditionalSubnettingExample
Subnettingbasedonthenumberofhosts,includingrouterinterfacesandWANconnections.
Meerinfooppaginas222224.
VLSMChart
UseaVLSMcharttoidentifywhichblocksofaddressesareavailableforuseandwhichonesare
alreadyassigned.Thismethodhelpstopreventassigningaddressesthathavealreadybeenallocated.
Thischartcanbeusedtodoaddressplanningfornetworkswithprefixesinthe/25to/30range.
(Figure626)Meerinfooppaginas226227.
TestingtheNetworkLayer
PingisautilityfortestingIPconnectivitybetweenhosts.Pingsendsoutrequestsforresponsesfrom
aspecifiedhostaddress.PingusesaLayer3protocolthatisapartoftheTCP/IPsuitecalledInternet
ControlMessageProtocol(ICMP).PingusesanICMPechorequestdatagram.
Ifthehostatthespecifiedaddressreceivestheechorequest,itrespondswithanICMPechoreply
datagram.Foreachpacketsent,pingmeasuresthetimerequiredforthereply.
Aseachresponseisreceived,pingprovidesadisplayofthetimebetweenthepingbeingsentandthe
responsebeingreceived.Thisisameasureofthenetworkperformance.
Afterallthesendingofrequest,thepingutilityprovidesanoutputwiththesummaryofthe
responses.Thisoutputincludesthesuccessrateandaverageroundtriptimetothedestination.
Ping127.0.0.1:TestingtheLocalStack
YoucanusepingfortestingtheinternalconfigurationofIPonthelocalhostbypingingthespecial
reserveaddressoflocalloopback(127.0.0.1)
AresponseindicatesthatIPisproperlyinstalledonthehost.Thisresponseisnotanindicationthat
theaddresses,masks,orgatewaysareproperlyconfigured.ThissimplytestsIPdownthroughthe
networklayerofIP.AnerrormessageisanindicationthatTCP/IPisnotoperationalonthehost.
PingGateway:TestingConnectivitytotheLocalLAN
UsepingtotestthehostsabilitytocommunicateonthelocalnetworkbypingingtheIPaddressof
thegatewayofthehost.Apingtothegatewayindicatesthatthehostandtheroutersinterface
servingasthatgatewayarebothoperationonthelocalnetwork.
Thegatewayaddressismostoftenused.Ifeitherthegatewayoranotherhostresponds,thelocal
hostscansuccessfullycommunicateoverthelocalnetwork.(Figure627)
PingRemoteHost:TestingConnectivitytoRemoteLAN
UsepingtotesttheabilityofthelocalIPhosttocommunicateacrossaninternetwork.Thelocalhost
canpinganoperationhostofaremotenetwork.
Ifpingissuccessful,youwillhaveverifiedtheoperationofalargepieceoftheinternetwork.
Asuccessfulresponsefromthishostverifiesthelocalhost(10.0.0.1),thelocalnetwork,andthe
gatewayaddress,thesuccessfulroutinginrouter,theremotenetwork,andtheoperationofthe
remotehost10.0.1.1.(Figure628)
Thisalsoverifiesthattheremotehosthasthepropergatewayconfigured.Thelackofaping
responsecouldbebecausesecurityrestrictionsandnotbecauseofnonoperationalelementofthe
networks.
Traceroute(tracert):TestingthePath
Traceroute(tracert)isautilitythatallowsyoutoobservethepathbetweentwohosts.Thetrace
generatesalistofhopsthatweresuccessfullyreachedalongthepath.Thislistcanprovideyouwith
importantverificationandtroubleshootinginformation.
Ifthedatareachesthedestination,thetraceliststheinterfaceoneveryrouterinthepath.Ifthe
datafailsatsomehopalongtheway,youhavetheaddressofthelastrouterthatrespondedtothe
trace.Thisisanindicationofwheretheproblemorsecurityrestrictionsare.
RoundTripTime(RTT)
Tracerouteprovidestheroundtriptime(RTT)foreachhopalongthepathandindicateswhethera
hopfailstorespond.TheRTTisthetimeapackettakestoreachtheremotehostandforthe
responsefromthehosttoreturn.
TimetoLive(TTL)
Thetimetolive(TTL)fieldisafunctionintheLayer3headerandICMPTimeExceededmessage.The
TTLfieldisusedtolimitthenumberofhopsthatapacketcancross.WhentheTTLreaches0,a
routerwillnotforwardthepacket,andthepacketwillbedropped.
Inadditiontodroppingthepacket,therouternormallysendsanICMPTimeExceededmessage
addressedtotheoriginatinghost.ThisICMPmessagewillcontainIPaddressoftherouterthat
responded.
ThisprocessofusingtheincreasingTTLprovidesamapoftherouteapackettakesacrossan
internetwork.Whenthefinaldestinationisreached,thehostrespondswitheitheranICMPPort
UnreachablemessageoranICMPEchoReplymessage,insteadoftheICMPTimeExceededmessage.
ICMPv4:TheProtocolSupportingTestingandMessaging
IPv4isnotareliableprotocol,butitdoesallowmessagestobesentintheeventofcertainerrors.
ThesemessagedaresentusingservicesoftheInternetControlMessageProtocol(ICMP).The
purposeofthesemessagesistoprovidefeedback.
ICMPisthemessagingprotocolfortheTCP/IPsuite:ICMPprovidescontrolanderrormessagesandis
usedbythepingandTracerouteutilities.
ICMPmessagesthatcanbesentinclude:
HostConfirmation
AnICMPEchomessagecanbeusedtodeterminewhetherahostisoperational.Thelocalhostsends
anICMPEchorequesttoahost.ThehostreceivingtheEchomessagereplieswiththeICMPecho
reply.ThisuseoftheICMPEchomessagesisthebasisofthepingutility.
UnreachableDestinationorService
DestinationUnreachablemessagecanbeusedtonotifyahostthatthedestinationorserviceis
unreachable.TheDestinationUnreachablepacketwillcontaincodesthatindicatewhythepacket
couldnotbedelivered.
TheDestinationUnreachablecodesinclude:
0=netunreachable
1=hostunreachable
2=protocolunreachable
3=portunreachable
Codesfornetunreachableandhostunreachableareresponsesfromarouterhenitcannotforwarda
packet.IfarouterreceivesapacketforwhichitdoesnothavearouteitcanrespondwithanICMP
UnreachableDestinationmessagewithacode=0.
Ifarouterreceivesapacketforwhichithasanattachedroutebutisunabletodeliverthepacketto
thehostontheattachednetwork,theroutercanrespondwithanICMPUnreachableDestination
messagewithacode=1.
Thecodes2and3areusedbyanendhosttoindicatethattheTCPsegmentorUDPdatagram
containedinapacketcouldnotbedeliveredtotheupperlayerservices.
TimeExceeded
AnICMPTimeExceededmessageisusedbyaroutertoindicatethatapacketcannotbeforwarded
becausetheTTLfieldofthepackethasexpired.TheroutercanalsosendanICMPTimeExceeded
messagetothesourcehosttoinformthehostofthereasonthepacketwasdropped.
RouteRedirection
AroutercanusetheICMPRedirectmessagetonotifythehostonanetworkthatabetterrouteis
availableforaparticulardestination.
SourceQuench
TheICMPSourceQuenchmessagecanbeusedtotellthesourcetotemporarilystopsending
packets.WhenahostreceivesanICMPSourceQuenchmessage,itreportsittothetransportlayer.
OverviewofIPv6
TheInternetEngineeringTaskForce(IETF)begantolookforareplacementofIPv4anddeveloped
IPv6.Creatingexpandedaddressingcapabilitieswastheinitialmotivationfordevelopingthisnew
protocol.IPv6isnotmerelyanewLayer3protocol;itisanewprotocolsuite.Newprotocolsat
variouslayersofthestackhavebeendevelopedtosupportthisnewprotocol.Thereisanew
messagingprotocolandnewroutingprotocols.IPv6hasbeendesignedwithscalabilitytoallowfor
yearsofinternetworkgrowth.