Appendix B - IP Addressing Fundamentals

IP Addresses.

IP uses an anarchic and highly distributed model, with every device being an equal peer to every other device on the global Internet. This structure was one of IP's original design goals, as it proved to be useful with a variety of different systems, it did not require a centralized management system (which would never have scaled very well), and also it provided for fault-tolerance on the network (no central management means no single point of failure).

In order for systems to locate each other in this distributed environment, nodes are given explicit addresses that uniquely identify the particular network that the system is on, and that also uniquely identify the system to that particular network. When these two identifiers are combined, the result is a globally unique address.

This concept is illustrated in Figure B-1. In that figure, the network is numbered 192.168.10, and the two nodes are numbered 10 and 20. Taken together, the fully qualified IP addresses for those systems would be 192.168.10.10 and 192.168.10.20.

An IP address is actually a 32-bit binary number (in binary, 192.168.1.20 corresponds to 11000000101010000000101000010100). However, the 32-bit IP address actually consists of two sub-addresses, with one part identifying the network and the rest identifying the host to the network, with an imaginary boundary separating the two.

Subnet Masks

The particular location of the boundary marker within the 32-bit address is determined through the use of a subnet mask. The subnet mask is another 32-bit binary number that acts like a filter when it is applied to the IP address. By comparing a subnet mask with an IP address, systems can determine which portion of the IP address relates to the network and which portion relates to the host. Anywhere the subnet mask has a bit set to 1, the underlying bit in the IP address is part of the network address, while anywhere the subnet mask is set to 0, the related bit in the IP address is part of the host address.

For example, assume that the IP address of 11000000101010000000101000010100 has a subnet mask of 11111111111111111111111100000000. In this example, the first 24 bits of the 32-bit IP addresses are used to identify the network, while the last eight bits are used to identify the host on that network.

The size of the network—i.e., the number of devices that can be used on a particular network—is a function of the number of bits that are used to identify the host portion of the address. If a subnet mask shows that 24 bits are used for the network portion of the address, then there are only eight bits available for the host portion of the address block, allowing only 256 possible host addresses for that specific network. Similarly, if the subnet mask showed that 16 bits were used for the network, then the remaining 16 bits can be used for the host portion of the address space, allowing for 65,535 possible host addresses on that particular network.

If a network administrator needs to split a single network into multiple virtual networks, the bit-pattern in use with the subnet mask can be changed to allow as many networks as are required. For example, assume that we want to split the 192.168.10 network into two smaller networks. All we would have to do in this situation is change the subnet mask of the devices on the network so that they used 25 bits for the network instead of 24 bits (the default for that address). This would turn our original network of 192.168.10 into two distinct networks with 128 possible addresses on each network (instead of a single network with 256 host addresses). In this case, the first network would have a range of network addresses between 192.168.10.0 through 192.168.10.127, while the second network would have a range of addresses between 192.168.10.128 through 192.168.10.255.

Whenever you split a network into multiple subnets, you must reserve any host addresses that are made up entirely of ones or zeros, to be used by the network itself. This is so that each subnet will have a network-specific address (the all-zeroes address) and a broadcast address (the all-ones address). This means that you will lose two possible host addresses from each subnet that you create. If you split a 24-bit network into two 25-bit networks with 128 possible addresses, then only 126 of those addresses can be used for host address assignments (the all-zeroes and all-ones addresses from each subnet must be set aside for the subnets themselves).

Table B-1 shows some of the most common subnet masks (in decimal notation), and the number of networks and hosts (after subtracting for the all-zeroes and all-ones addresses) that result from them.

When you split a network into multiple subnets, all of the systems on those subnets must use the same subnet mask in order to communicate with each other directly. If they use different subnet masks, then they will think they will think are on different networks, and will not be able to communicate with each other without going through a router first.

You must also remember that the subnet masks are only used by the internal systems; external systems will not be aware of the subnet masks in use on your internal networks. As such, external systems will still route data to your network according to the subnet mask associated with the address block assigned to you by your ISP. They will continue to send packets to the routes published for the unsegmented network, and your internal routers will have to determine the appropriate subnet mask for the specific destination system in order to successfully deliver the data.

Subnet Classes

Until recently, network addresses were clumped into three distinct classes, each of which provided different-sized blocks of network addresses for organizations to use on their internal networks. The only real difference between these network classes was the number of bits used in the subnet mask to identify the network portion of the addresses, which in turn dictated the number of hosts that could be used on that network. These address classes are shown in Table B-2.

The number of networks available with each of the subnet classes—and the number of hosts possible on each of those networks—varies widely between the different classes. This concept is illustrated in Table B-3, which shows that there are only a few Class A networks available, although each of them can have millions of possible hosts. Conversely, there are a couple of million possible Class C networks, although they can only serve 254 devices each (after subtracting the all-ones and all-zeroes addresses).

Networks that are very large would want to use the Class A subnet mask, since Class A networks can have millions of nodes on a single large network. The most common users of Class A addresses have historically been the global service providers with extremely large, world-wide networks. In practice, Class A networks are too large to be usable as single entities (I do not know of any data-link topologies that are capable of handling 16 million devices on a single network). For this reason, Class A networks have typically been split into several virtual networks, as described in Subnet Masks earlier in this chapter.

Organizations with networks that have thousands (but not millions) of nodes have been the typical users of Class B networks. This group includes universities, large commercial enterprises, and mid-level network service provides. Class B networks were also commonly split into multiple networks, since a single network of 65,535 devices would not work efficiently (if it worked at all).

Almost all networks used the Class C subnet mask, since most companies have fewer than 100 employees (the average network only has around forty nodes). In fact, most of the Class A and Class B networks were simply broken into multiple Class C networks, since they represent the most common network size. For these reasons, Class C networks have historically been the most popular with the general public.

		There is a fourth class of addresses—known as Class D addresses—which is used exclusively for multicast applications. Class D addresses use all 32 bits to identify a group of hosts, each of which can accept data sent to that specific IP address. For more information on multicasting and Class D addresses, refer to Chapter 4, Multicasting and the Internet Group Management Protocol. There's also a Class E, which is reserved for experimentation.

Class-Based Routing

Since the network portion of a packet's destination IP address determines the destination network, routing a packet requires examining the IP address, determining the network portion of that address, and then sending the traffic to that specific network. However, IP packets do not carry subnet mask data around with them, and only contain the 32-bit IP address of the destination system. Without this information, devices are unable to determine what portion of the IP address belongs to the network, and which portion belongs to the host, meaning they cannot determine the destination network number and thus cannot route the packets.

In order to resolve this problem, IP systems had to use some other form of logic to determine which portion of the IP address applied to the destination network, and which portion applied to the destination system. This was achieved through the use of the address classes defined above, and the way in which network addresses were assigned.

Class A network addresses always have the first bit of their IP address set to 0. Since Class A networks only use the first eight bits for the network number, this leaves seven bits for the network portion of the address, allowing for 128 possible network numbers. However, the all-on and all-off networks (numbered 0 and 127) were also reserved, so there were really only 126 possible network numbers (1 through 126). Therefore, any IP packet with a destination network of 1.x.x.x through 126.x.x.x is for a Class A network, and therefore has a subnet mask of 11111111000000000000000000000000.

Class B addresses have their first bit set to 1 and the second bit set to 0. Since Class B addresses use the first 16 bits to identify the network portion of the address, this leaves 14 bits to identify each network segment, for a maximum of 16,383 networks. However, the all-on and all-off network numbers are also reserved and therefore unavailable, reducing the maximum number of available addresses to 16,381, ranging from 128.1 through 191.254. Any packet that has one of these addresses is a Class B address, and has a subnet mask of 11111111111111110000000000000000.

Class C addresses have their first two bits set to 1 and the third bit set to 0. Class C addresses use the first 24 bits to identify the network portion of the address, so there are 21 bits available, allowing for 2,097,151 possible Class C network addresses. However, both of the extreme networks are also reserved here as well, reducing this quantity to 2,097,149, with a possible range of network numbers from 192.0.1 through 223.255.254. Any packet that has one of these addresses is a Class C address, and thus has a subnet mask of 11111111111111111111111100000000.

This concept is illustrated in Table B-4. As you can see, a device can determine the class of the IP address in use by examining the first four bits of the first octet of the destination IP address.

By examining the first four bits of the destination IP address could determine what type of IP address was in use, and could then use that information to determine the subnet mask for that IP address as well. Once this information was gleaned, the device could apply the appropriate subnet mask to the IP address in question, determine which portion of the address belonged to the network (versus belonging to the host), and then determine the router for that network.

Classless Inter-Domain Routing (CIDR)

All told, there are around 4.3 billion possible host addresses (there are fewer if you don't consider Class D and E addresses, which cannot be used as host addresses). Unfortunately, the class-based structure of the addressing scheme used by IP placed heavy restrictions on the distribution of these addresses.

Every time a Class A address was assigned to an organization, almost 17 million host addresses went with it. If all 126 of the Class A networks were assigned, then two billion of the possible addresses were gone. If all of the available Class B networks were assigned, then another billion host addresses were gone as well.

Class C addresses represented the biggest problem, however, for two reasons. First, there are fewer IP addresses available in all of the Class C networks than there are with the other classes (only about 600 million possible node addresses are available from all of the Class C networks combined). Second, Class C networks were the most popular, since they reflected the size of the majority of the LANs in use.

However, every time a Class C address was assigned, 256 possible host addresses went with it. Organizations who had three segments but who only had 60 devices were wasting over 700 possible addresses (3 segments ´ 254 addresses = 762 addresses - 60 active nodes = 702 inactive addresses). Whether or not all of the addresses were actually put to use or not is irrelevant because they were assigned to a specific network and could not be used by anybody else. This problem is even worse with Class B addresses, since an organization with a few hundred nodes might have been given a Class B address, in which case they would be wasting several thousand IP addresses.

To some readers, the logic for having different classes of addresses may seem vague at best. With the current design, there are only 2,113,662 possible networks. If all of the networks used Class C addressing, then there would be 16,777,124 networks, with 254 nodes on each of them. Surely this would be a better design!

Remember, however, that TCP/IP networks are inherently router-based, and that it takes much less overhead to remember a few networks than to remember millions of them. Having to process 16 million networks would quickly overwhelm even the fastest of routers, and network traffic would either slow to a crawl or would fail completely. Having network classes allowed routers to deal with large networks, which allowed the routers to run faster (in some cases, it allowed them to work at all).

Remember also that the original architecture of the Internet mostly of large networks connecting to each other directly, and didn't look much like the hierarchical design that is used today. It was easy to give one huge address block to the military and another big block to Stanford University. In that model, routers only had to remember one IP address for each of those networks, and could reach millions of hosts through each of those routes.

Today however, things are considerably different, and organizations of all sizes are connecting to the Internet. Some networks are still quite large, requiring many thousands of network numbers in order to satisfy their requirements, while some organizations are quite small, consisting of only a handful of PCs that need direct connectivity to the Internet. In this evolving environment, class-based routing does not scale very well, although there still exists the need for bundled networks so that routers do not have to remember millions of separate routers and network paths.

This problem has been resolved through the use of variable-length subnet masks; instead of assigning network numbers in 24-, 16-, or 8-bit subnet masks, addresses are assigned to organizations using the most-appropriate subnet mask for the number of devices on that network. If a network only has eight PCs, then they would only be assigned a 28-bit subnet mask for that network, which would provide them with 16 addresses (14 of which would be usable by the hosts).

This system results in a substantially less amount of wasted address space, although it also results in more routing entries that must be managed somewhere. However, another key part of the classless address assignment architecture is that network numbers are assigned hierarchically, with top-level service providers getting big network numbers (possibly as large as 13 bits, which offers 524,288 host addresses). Those organizations then assign subnets from within their allocated address space.

This process allows a single routing entry for the top-level ISP to be used for all of the networks underneath it. Rather than the top-level routers having to store routing information for the 32,000+ networks that could result from segmenting the large block into 28-bit networks, they only have to remember one route for the entire 13-bit network.

Internet-Legal Versus Private Addressing

Although the pool of IP addresses is somewhat limited, most companies have no problems obtaining them. However, many organizations have already installed TCP/IP products on their internal networks without obtaining legal addresses from the proper sources. Sometimes these addresses come from example books or are simply picked at random (several firms use networks numbered 1.2.3, for example).

These addresses are not legal, and will not be usable when these organizations attempt to connect to the Internet. These firms will eventually have to reassign Internet-legal IP addresses to all of the devices on their networks, or they will have to invest in address translation gateways that re-write outbound IP packets so that they appear to be coming from an Internet-accessible host.

Even if an address translation gateway is installed on the network, these firms will never be able to communicate with the sites that are the registered owners of the IP addresses in use on the local network. For example, if you choose to use the Class A address block of 36 on your corporate network, then your users will never be able to access the computers at Stanford University, which is the registered owner of that particular address block. Any attempt to connect to a host at 36.x.x.x would be interpreted by the local routers as a request for a local system, so packets would never leave your local network.

Not all firms have the luxury of using Internet-legal addresses on their hosts, for any number of reasons. There may be legacy applications that use hard-coded addresses, or there may be too many systems across an organization for a clean upgrade to be successful.

If you do not wish to obtain Internet-legal addresses, then you should at least be aware that there are groups of private Internet addresses that can be used on internal networks by anyone. These address pools have been set aside in RFC 1918, and therefore cannot be assigned to any organization. As such, these addresses can be used by anyone, although only on an internal-use basis. The Internet's backbone routers are explicitly configured not to route packets with these addresses, so they are completely useless outside of an organization's internal network. The address blocks available are listed in Table B-5.

Since these addresses can not be routed across the Internet, you must have an address translation gateway or firewall, or else you will not be able to communicate with any hosts on the Internet. These gateways are available from a number of vendors.

An important note here is that since nobody can use these addresses on the Internet, it is safe to assume that anybody who is using these addresses is also utilizing an IP gateway. Therefore, you will never see these addresses used as a destination on the Internet. However, if your organization establishes a private connection to a partner company who is also using these addresses, then you will encounter the same difficulties described above, and your firms will not be able to interconnect completely.

It is always best to use formally assigned, Internet-legal addresses whenever possible. If this is not possible for some reason, then you should use one of the private address pools described in Table B-5. Never use random, self-assigned addresses if you can possibly avoid it, as this will only cause connectivity problems for you and your users.