| ||
The Internet Protocol suite (commonly referred to as TCP/IP) comprises the essential protocol stack for modern networks. To effectively plan or manage a network based on TCP/IP, one must understand the network addressing methodology.
As mentioned, the IP protocol defines a simplified version of the OSI model stack, comprising the four layers described here.
The IP protocol classifies all application ( user -oriented) protocols into a single layer. IP is primarily concerned with internetworking, so these protocols are handled monolithically
The IP transport layer consists of two primary services: connection-oriented (session) service via TCP, and connectionless service via UDP. TCP is used for guaranteed delivery by tracking individual segments in sequence. UDP provides less overhead and "faster" service but does not guarantee delivery. Connection-oriented service is used for most data transfer needs, while connectionless service is used extensively for voice over IP (VoIP) and similar needs. To understand the difference, envision two environments: First, a Citrix session (ICA) where video display data is transported to and from a serverdata integrity is more important than speed, the key-clicks and resulting screens must be accurately represented. Second, a VoIP callthe talker is not subject to flow control and a listener must receive most of the data in a contiguous flow to hold a conversationthey cannot wait for the missing pieces of the conversation to be retransmitted and reassembled, even over a poor-quality path . Data flow is more important than integrity.
The IP network layer consists of the addressing and routing protocols needed to get IP packets across the Internet.
The IP link layer (also called the network access layer) employs industry-standard drivers and OSI-compatible data link-layer services (Ethernet, Token Ring, and so on).
The textbook for one 300-level college course attempts to teach IP addressing logic by jumping straight in to binary math and espousing the mathematical concept of a "bitwise and." For those unaccustomed to IP addressing, this explanation immediately falls in the range between voodoo and techno-babble. Nonetheless, binary math is the key to really understanding IP addressing.
Standards define IP addresses by "class" and further define reserved and private address ranges. Reserved addresses are not usable by host devices, while "private" addresses are private in the sense that they are not routable over the Internet and must undergo network address translation (NAT) to a registered public IP address when traversing the Internet. Table A-1 lists the IP address allocations and classes.
Decimal Range | Class | Default Mask/Length | First Octet |
---|---|---|---|
1.0.0.0126.255.255.255 | Class A | 255.0.0.0/8 | 0xxxxxxx |
128.0.0.0191.255.255.255 | Class B | 255.255.0.0/16 | 10xxxxxx |
192.0.0.0223.255.255.255 | Class C | 255.255.255.0/24 | 110xxxxx |
224.0.0.0239.255.255.255 | Class D (Multicast) | None | 1110xxxx |
240.0.0.0255.255.255.254 | Class E (Experimental) | None | 11111xxx |
Special Address | |||
10.0.0.010.255.255.255 | RFC 1918 | 255.255.255.0/8 | |
127.0.0.0127.255.255.255 | Reserved-Loopback | ||
169.254.0.0169.254.255.255 | Automatic Private IP Addressing | 255.255.0.0/16 | |
172.16.0.0172.31.255.255 | RFC 1918 | 255.255.0.0/12 | |
192.168.0.0192.168.255.255 | RFC 1918 | 255.255.255.0/16 |
Address Classes Class A networks encompass 126 networks, each with over 16 million unique addresses. The decimal values specified are really based on the underlying binary values such that the first eight bits (octet) of the address defines the class.
– Class B networks encompass over 14,000 networks, each with over 65,000 addresses.
– Class C networks encompass some two million possible networks of 254 addresses each.
– Class D networks are used for multicast services (including many dynamic routing protocols), while Class E networks are reserved.
Each of the first three classes carries a presumed (default) self-encoded mask. This is evident when entering an IP address on most network hardwareonce the address is entered, the default mask automatically populates. As an example, here is the IP address 10.10.10.1:
Decimal: | 10. | 10. | 10. | 1 |
Binary: | 00001000 | 00001000 | 000010000 | 000000001 |
Mask (binary): | 11111111 | 00000000 | 000000000 | 00000000 |
Mask (decimal): | 255. | 0. | 0. |
|
The first octet starts with the binary sequence 0 xxxxxxx, making it a Class A address.
Binary Basics The binary values of each octet reveal the structure of the IP address. Use a simplified conversion table to convert decimal to binary. In IP addressing, the default mask can be modified to reduce (subnet) or expand (supernet) existing networks. In common notation the mask is expressed either in decimal format (255.255.255.128) or as a number of 1s in the mask (/25). In the following example, the binary values use the same address (10.10.10.1) with different subnet masks. To determine the " size " of the network (number of hosts), use the formula "2n-2". To determine the maximum number of hosts on a given subnet, n is the number of 0s in the binary mask. To determine the number of possible subnets, n is the number of 1s added to the default mask 1.
Mask (decimal): | 255. | 0. | 0. |
|
Binary: | 00001000 | 00001000 | 000010000 | 000000001 |
Mask (binary): | 11111111 | 00000000 | 000000000 | 00000000 |
The address and mask define one network (no bits added to the default mask). There are twenty-four 0s in the mask, so the network has 2 24 ˆ 2 host addresses (16,777,214). The two excluded addresses (the ˆ 2) are the host address of all zeros (10.0.0.0), which defines the network, and the host address of all ones (10.255.255.255), which defines a broadcast to all hosts on this network.
In a routed environment, addresses at each end of the link must be different (different networks or subnet). To use the 10. x.x.x address space, subnetting is required to define smaller networks.
Decimal: | 10. | 10. | 10. | 1 |
Mask (decimal): | 255. | 0. | 0. |
|
Binary: | 00001000 | 00001000 | 00001000 | 000000001 |
Mask (binary): | 11111111 | 00000000 | 000000000 | 00000000 |
The address and mask define multiple networks (15 bits were added to the default mask). The original network has been subnetted to produce 2 15 ˆ 2 individual (32,766) subnets. There are nine 0s in the mask, so each subnet has 2 9 ˆ 2 host addresses (510). The two excluded addresses are the host address of all zeros (10.10.10.0), which defines the network, and the host address of all ones (10.10.11.255), which defines a broadcast to all hosts on this network.
Why Binary Until IP addressing becomes second nature, only the binary values can reveal problems with the addressing scheme. From the last example, the host A at 10.10.10.1 with a mask of 255.255.255.240 needs to communicate to host B plugged in to the same hub with an address of 10.10.10 21 and a mask of 255.255.255.240. All appears well, but they cannot communicate over IP.
Decimal (A): | 10. | 10. | 10. | 1 |
Decimal (B): | 10. | 10. | 10. | 1 |
Mask (decimal): | 255. | 255. | 254. |
|
Binary (A): | 00001000 | 00001000 | 000010000 | 00000001 |
Binary (A): | 00001000 | 00001000 | 000010000 | 00010101 |
Mask (binary): | 11111111 | 11111111 | 111111111 | 11111000 |
The bits in the host address that correspond to the ones in the mask must match for both devices to be on the same logical network. In this case host A is on network 10.10.10.0, while host B is on network 10.10.10.16. Even though they share the same Layer 1 electrical signal, and they can see each other's MAC address at Layer 2, they cannot communicate without a router.
Referring back to Figure A-1, note that at both the transport and network layers, services are keyed to specific protocols (of which IP is one) and ports (such as TCP port 23 for telnet). Numerous Web sites have extensive lists of both the well-known and not-so-well-known ports and protocols. The partial lists in Table A-2 (protocols) and Table A-3 (ports) cover the majority of values common in modern networking. Table A-4 lists Internet Control Message Protocol message types and codes.
Literal | Value | Description |
---|---|---|
ip |
| Internet Protocol |
icmp | 1 | Internet Control Message Protocol, RFC 792 |
igmp | 2 | Internet Group Management Protocol, RFC 1112 |
ipinip | 4 | IP-in-IP encapsulation |
tcp | 6 | Transmission Control Protocol, RFC 793 |
igrp | 9 | Interior Gateway Routing Protocol |
udp | 17 | User Datagram Protocol, RFC 768 |
gre | 47 | General Routing Encapsulation |
esp | 50 | Encapsulated Security Payload for IPv6, RFC 1827 |
ah | 51 | Authentication Header for IPv6, RFC 1826 |
eigrp | 88 | Enhanced Interior Gateway Routing Protocol |
ospf | 89 | Open Shortest Path First routing protocol, RFC 1247 |
nos | 94 | Network Operating System (Novell's NetWare) |
pcp | 108 | Payload Compression Protocol |
Literal | Protocol | Value | Description |
---|---|---|---|
ftp-data | TCP | 20 | File Transfer Protocol (data port) |
ftp | TCP | 21 | File Transfer Protocol (control port) |
ssh | TCP | 22 | Secure Shell |
telnet | TCP | 23 | RFC 854 Telnet |
smtp | TCP | 25 | Simple Mail Transport Protocol |
domain | TCP/UDP | 53 | DNS (Domain Name System) |
bootps | UDP | 67 | Bootstrap Protocol Server |
bootpc | UDP | 68 | Bootstrap Protocol Client |
tftp | UDP | 69 | Trivial File Transfer Protocol |
gopher | TCP | 70 | Gopher |
finger | TCP | 79 | Finger |
www | TCP | 80 | World Wide Web |
pop3 | TCP | 110 | Post Office Protocol, Version 3 |
ntp | TCP | 123 | Network Time Protocol |
msrpc | TCP | 135 | Microsoft RPC [*] |
netbios-ns | TCP | 137 | NetBIOS Name Service |
netbios-dgm | TCP | 138 | NetBIOS Datagram Service |
netbios-ssn | TCP | 139 | NetBIOS Session Service [*] |
bgp | TCP | 179 | Border Gateway Protocol, RFC 1163 |
smb | TCP | 445 | Microsoft SMB [*] |
isakmp | UDP | 500 | ISAKMP |
syslog | UDP | 514 | System Log |
lpd | TCP | 515 | Line Printer Daemon, printer spooler |
rip | TCP | 520 | Routing Information Protocol |
mssql | TCP | 1433 | Microsoft SQL |
citrix-ica | TCP | 1494 | Citrix ICA |
sqlnet | TCP | 1521 | Structured Query Language Network |
radius | UDP | 1645, 1646 | Remote Authentication Dial-In User Service |
radius | UDP | 1812, 1813 | Remote Authentication Dial-In User Service |
citrixima | TCP | 2512 | Citrix Independent Management Architecture |
citrixadmin | TCP | 2513 | Citrix Management Console |
citriximaclient | TCP | 2598 | Citrix Session Reliability ( replaces 1494) |
rdp | TCP | 3389 | Microsoft RDP |
n/a | TCP | 8082 | Citrix License Management Console |
n/a | TCP | 9001 | Access Gateway Portal Tool ( https ) |
n/a | TCP | 9002 | Access Gateway Admin Tool |
n/a | TCP | 9001 | Access Gateway Notification |
n/a | TCP | 27000 | Citrix Licensing Service |
[*] Also used by Microsoft Terminal Server Licensing Service |
ICMP Type | Message | Code | Code Meaning |
---|---|---|---|
| Echo Reply | ||
3 | Destination Unreachable |
| Net unreachable |
1 | Host unreachable | ||
2 | Protocol unreachable | ||
3 | Port unreachable | ||
4 | Fragmentation needed and Don't Fragment was set | ||
5 | Source route failed | ||
6 | Destination network unknown | ||
7 | Destination host unknown | ||
8 | Source host isolated | ||
9 | Communication with destination network is administratively prohibited | ||
10 | Communication with destination host is administratively prohibited | ||
11 | Destination network unreachable for type of service | ||
12 | Destination host unreachable for type of service | ||
13 | Communication administratively prohibited | ||
14 | Host precedence violation | ||
15 | Precedence cutoff in effect | ||
4 | Source Quench | ||
5 | Redirect |
| Redirect datagram for the network (or subnet) |
1 | Redirect datagram for the host | ||
2 | Redirect datagram for the type of service and network | ||
3 | Redirect datagram for the type of service and host | ||
8 | Echo | ||
11 | Time Exceeded |
| Time to live (TTL) exceeded in transit |
1 | Fragment reassembly time exceeded | ||
12 | Parameter Problem |
| Pointer indicates the error |
1 | Missing a required option | ||
2 | Bad length | ||
13 | Timestamp | ||
14 | Timestamp Reply | ||
15 | Information Request | ||
16 | Information Reply | ||
17 | Address Mask Request | ||
18 | Address Mask Reply |
In Table A-2, the literal value is the common name. When defining access control lists or firewall rules to control access to the corporate data center, some protocols are generally "safe" and can be permitted (such as esp, the encrypted traffic in IPSec), while others may need to be restricted (such as gre, to prevent nonapproved tunneling through the network).
Individual ports at the transport layer are a more granular way of controlling, monitoring, and managing traffic flows. Both Citrix (ICA, TCP port 1494/2598) and Microsoft (RDP, TCP port 3389) are defined ports that can be easily managed to restrict traffic.
ICMP messages are included as a reference for two reasons. First, some ICMP messages are essential to a well-behaved network (unreachables), while others are essential troubleshooting tools (echo, echo-reply, traceroute). Second, the remaining messages will propagate through the network and create a security and denial-of-service risk if not controlled. As an example, mask reply messages can be used for fingerprinting the network, redirects can be used for denial-of-service attacks, and echo requests should not be allowed "in" from the Internet.