|
|
Understanding your own place on the Internet is essential for you to understand the way that routers and computers on the Internet find one another. Like Ethernet, the Internet deals in data divided up into small units (typically about 1,500 bytes each) called packets. The collection of rules and techniques that enable packet-based communication over the Internet is called the Internet Protocol, abbreviated IP. Within the Internet protocol is an addressing scheme based on a type of numeric address called the IP address.
The Internet Protocol is intimately connected with a slightly higher-level protocol called Terminal Control Protocol, abbreviated TCP. The Internet Protocol is focused on addressing and routing packets; the terminal Control Protocol is focused on establishing and maintaining connections between computers so that packets may be transferred. TCP is the Internet's delivery mechanism: It makes sure that packets actually get where they're going, and that the order of a stream of packets is preserved as it travels from computer to computer. IP and TCP work together and are rarely used separately. This is why most of the time you see them referred to as TCP/IP.
Although the details of how TCP operates are interesting, understanding TCP is much less useful than understanding IP addresses, where they come from, and how they're used.
An IP address has two parts: One is the address of a network and the other is the address of a particular node (in Internet jargon, a host) on that network. A host is anything that can be gathered together into a network: computers, printers, or other networkable devices. (An Internet host doesn't have to 'host' anything.) A router can be a host, which means that a network (which a router governs) may be a part of a larger network, as I explained earlier.
Expressed in the conventional way, an IP address looks like this:
264.136.8.101
Each group of numbers separated by periods is called an octet, because the value in an octet must be expressible in no more than eight bits. By the rules of binary numbers (which aren't necessary for you to understand) the value of an octet thus must always lie between 0 and 255. If you're sharp you'll see that the IP address shown above is invalid, because 264 is greater than 255. That's deliberate: I don't want to be using somebody's real IP address in my examples here in this book. Just assume that in the real world, an IP address would contain no octets greater than 255.
Where, then, is the division into two parts? (It looks more like the IP address is split into four parts.) I can't answer that question right now; tuck it in the back of your mind for a moment. In the meantime, look at Figure 3.3.
Figure 3.3: The Two Parts of an IP Address.
In the example shown in Figure 3.3, the first three octets represent the address of a network. The last octet contains a unique address for each host on the network. Because each octet can express numbers from 0 to 255, there can be no more than 256 different hosts on this network. (The real number is actually less than 256, for various technical reasons.)
In the real world, that's a fairly small network, but just as there are many more small companies than enormous companies, the larger network address has enough 'space' to allow millions of different networks, each with as many as (but no more than) 256 hosts.
Because the world contains networks of many different sizes, the architects of the Internet created three different classes of IP addresses for normal network use. (Two additional classes of IP addresses exist for special purposes, but I won't be covering those in this book.) I've summarized the ways the three classes of IP address are structured in Figure 3.4.
Figure 3.4: IP Address Classes.
Now we can return to the question of how IP addresses are split into two parts. It's done by class: The shaded octets in Figure 3.4 are the network portion of the IP address, and the white octets are the host portion of the IP address. In Class A addresses, only one octet is used for the network address. This means there can only be 126 Class A networks, but each network can have almost seventeen million hosts. In Class B addresses there are more possible networks, but not as many possible hosts. And in Class C networks there are millions of possible networks, but each network is limited to 254 hosts. (Two host addresses are reserved for special uses in each address class.)
Routers and other equipment can determine the address class (and thus where to split the address) by inspecting the first octet. Figure 3.4 shows the possible values allowed for each octet by class. For example, if the first octet is 129, the address is a Class B address, and the address is split down the middle, with two octets for network and two for host.
All octets but the first octet may have any value from 0 to 255.
An IP address is applied to a host (that is, a computer or a router) to allow it to be located on a network. A host, however, may be running many different kinds of software. There are hundreds of different kinds of servers, for example, and dozens of different servers may be available on a single host. A Web server, an email server, and an FTP (File Transfer Protocol) server may reside on the same host computer. You can get to the computer with an IP address. How do you get to a specific server out of many on a single host?
The TCP protocol includes the definition of ports, which are numbers that are assigned to individual entities (usually software) residing on a host. Web servers are usually assigned port 80, and FTP servers are usually assigned port 21.
Think of an apartment building with a single street address, like '6817 N. Ozark Avenue.' Inside the apartment building are several apartments, each with numbers:
#1, #2, #3, and so on. The address will get you to the building, but to find a person living in the building, you need the apartment number as well.To reach Ms. Kathleen Prendergast, who lives in the building, you need to use the full address: '6817 N. Ozark Avenue, #2.'
Even if you're not interested in servers, ports are still important as the key to making Network Address Translation (NAT) work-which is very important. More on that shortly.
Knowing how to find your own computer's IP address is important. Windows doesn't always make it as easy as it should be. For Windows NT, 2000, and XP, you have to open a command line window. At the command prompt you enter the command:
ipconfig
and press enter. The ipconfig utility will display a very simple summary of your IP address details. An example is shown here:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.1.102 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1
Your values, of course, may be different. (They may also be exactly the same! More about that, and also about subnet masks and default gateways, a little later.)
Under Windows 9x and ME, you bring up the Start|Run dialog, and type the following program name
winipcfg
and click OK. You'll then see the utility pop up in its own window, as shown in Figure 3.5.
Figure 3.5: The Windows 9x winipcfg Display.
When the architects of the Internet defined the suite of Internet protocols that include the IP addressing system, they never imagined that the general public would ever be connecting to the Internet by the hundreds of millions. They also didn't envision that devices as mundane as coffee machines, TV sets, and refrigerators would someday want their own IP addresses for home automation purposes. This has led to a serious problem: There aren't enough different IP addresses to give one to every person (or refrigerator) on Earth who wants one. We're in good shape now, but the shortage could begin to pinch in another ten years or so.
Several things are being done to deal with this shortage of IP addresses. The high road is to create a whole new addressing scheme with larger addresses, which is being done in the IPv6 project. The IPv6 'address space' is almost beyond imagining, supporting up to 2128 different addresses. That number works out to 3.4 X 1038, which probably exceeds the number of stars, planets, moons, and odd chunks of loose rock kicking around in the observable universe.
But that's still for the future. In the meantime, we have an Internet to run. There are two different approaches to conserving IP addresses that are of considerable interest to people creating home office and small office networks. (Another, called Classless Inter-Domain Routing, is of interest to networking gurus only.) Let's take a close look at both, as they're related.
When they go into business, ISPs are given a block of IP addresses for their subscribers. In Olden Tymes (that is, prior to 1995 or so) when you created an Internet account with an ISP, the ISP gave you your very own IP address to plug into your computer. This IP address remained yours and didn't change as long as you had the account. Any time you dialed into the ISP's network and accessed the Internet, that IP address was how the Internet knew you. This system provided Internet account holders with a static IP address; it was 'static' because it didn't change.
Millions of new Internet subscribers put a strain on this system, and after 1995 or so a new system came to prominence: ISPs put their block of IP addresses into a pool, and whenever a subscriber dialed into the ISP network, a special server program pulled a currently unused IP address from the larger pool of addresses and sent it down the line to the subscriber computer. This IP address was used by the subscriber only during the time the subscriber was connected to the ISP network. After the connection was ended, the IP address went back into the IP address pool, and became available for use by the next subscriber to dial in.
This way, IP addresses were assigned only while they were in use, which allowed much more efficient use of IP addresses. Many people would log in for only an hour or so a day; why tie up an address 24/7 for use maybe 5% of the time? This new system provided a dynamic IP address. At the current time, virtually all consumer IP addresses are dynamic. Static IP addresses can still be had, but ISP's charge a premium price for them.
This system works because static IP addresses are generally required only when someone intends to operate a server, like a Web or file transfer protocol (FTP) server. Few ISP subscribers want to run servers, and the ISPs discourage it for various reasons. For the things most people do on the Internet (access the Web, use email, get on chat servers) static IP addresses are not required at all.
The way dynamic IP addresses are generated is important. Back at ISP headquarters, the central ISP server computer runs a type of server program called a Dynamic Host Configuration Protocol (DHCP) server. When your computer connects to the ISP network, one of the first things it does is request an IP address. The DHCP server pulls an address from the free IP address pool and sends it (along with a few other things) back down the line to your computer.
The DHCP server gives you a lease on the IP address it sounds down the line. A lease in this case has nothing to do with the money you pay the ISP for the account. It's really a time limit on the IP address. When the lease expires, the IP address goes back into the free address pool. If you happen to be connected to the ISP network when your IP address lease expires, your computer simply requests that it be renewed. This leasing process is used to keep abnormal disconnections and other networking glitches from 'losing' IP addresses. If your computer for any reason fails to release its IP address when disconnecting from the ISP network, the lease on the IP address will eventually expire and the IP address will again become available for re-use.
DHCP servers actually do a little more than this: Additional network parameters like subnet masks and default gateways are also sent out with IP addresses. I'll return to those additional parameters a little later.
Dynamic IP addressing via DHCP is one way to conserve our limited supply of IP addresses. The other way of interest to home network people involves reserving a number of IP addresses strictly for local use, entirely within local area networks. Such addresses are various called local IP addresses, private IP addresses, unregistered IP addresses, or non-routable IP addresses.
This last term is key to understanding the concept: A local IP address can't be processed by a router. The router knows that IP addresses within certain ranges are local, and it ignores such addresses. They are 'non-routable' and are known only within a local-area network. Because routers govern all communication between one network and another, a non-routable IP addresses is stuck on one side of the router and can't be accessed from beyond the router, from other networks or from the Internet as a whole. The governing body IANA (Internet Assigned Numbers Authority) is responsible for setting aside blocks of IP addresses for local use. There are several blocks of local IP addresses. I've summarized them in Table 3.1.
Class A | 10.0.0.0 - 10.255.255.255 |
Class B | 169.254.0.1 - 169.254.255.254 |
Class C | 192.168.0.0 - 192.168.255.255 |
Because local IP addresses can't be seen from beyond the local router, any local area network can use the exact same IP addresses. Millions of people can happily use an IP address like 192.168.1.102, all at the same time, and no confusion results. This makes millions of additional IP addresses unnecessary.
Why is this useful? First of all, certain devices are inherently local in nature and don't need to be seen from outside the local area network. Networked printers are a good example: Why allow people from Singapore to access your printer over the Internet? And if you really need an IP address for your refrigerator, why not keep it local? (It's tough enough keeping the neighbor kids out of the fridge, much less the global hacker community.)
If you run a DHCP server somewhere inside your local area network, your DHCP server can hand out local IP addresses to all the computers, printers, and other networkable devices on your home network. These addresses are completely functional, and allow the TCP/IP protocol to operate within your local area network. Although designed originally for establishing communication among networks, TCP/IP works just as well on local area networks, and it currently is by far the most common way that local area networks pass data around within themselves.
It's worth noting here that you may be using two different DHCP servers: One owned by your ISP, which gives your home office router its IP address, and a second DHCP server inside your home office router, which gives local IP addresses to all the computers and other devices on your home network. Every network, big or small, may have its own DHCP server.
The good news about local IP addresses is that they're invisible to the Internet as a whole. If hackers can't see your IP address, breaking into your computer from the Internet is a lot harder. The bad news, of course, is that if your IP address is invisible to the Internet, it's kind of hard for a Web server to send you satellite weather images or anything else.
The solution is something called Network Address Translation (NAT). NAT is a software service that can run on a computer or (more commonly) inside a router. Quite simply, NAT translates a non-routable local IP address into a 'normal,' routable IP address. There are several different types of NAT software. I'm going to focus on the kind that runs inside a small router, because that's the place NAT runs in most simple home office networks.
If you create a home or small office network using a router or wireless residential gateway, (gateways contain routers, so when I say 'routers' in this discussion I'm including gateways too) your router is the device that gets the IP address that you receive from your Internet Service Provider. Routers are the 'entrance points' to networks, and your IP address is the address 'over the door.'
Anything you do using the TCP/IP protocol (which, over the Internet, is virtually everything you do) involves a connection between your computer and a computer somewhere else. A connection requires two ends, and both ends must have IP addresses. The hangup (as I mentioned earlier) is that a local IP address cannot be accessed beyond your router. To use the Internet from your computer, you must have a routable IP address.
NAT provides this.Take a look at Figure 3.6.This is a sketch of a very common home network setup: Four computers, a router, and a switch. (In many or even most cases these days, the router and the switch are combined into a single unit. I break them out here for conceptual clarity.) Each of the network's four computers has a local, non-routable IP address. NAT is running inside the router. NAT keeps these local IP addresses in a table that it maintains within itself.
Figure 3.6: How NAT Works.
The router has a public, routable IP address that is the only address for the whole network that can be seen by the outside world. When a server or some other program needs to create a connection to one of the computers inside the network, the router takes its own public IP address, and adds a TCP port number to that address. It tucks this 'extended' IP address in its internal table beside the local IP address of the computer in question. Which port number isn't important, as long as it isn't already being used by anything in that particular network. (There are over 65,000 different port numbers, so finding a free one in a small network is rarely a problem.) In this way, NAT creates the table as a sort of 'internal phone book' for the devices on its network. This table is not accessible from the Internet. Only NAT can read it or change it.
When one of the computers inside the network wants to connect to a Web server, NAT takes the Web page request and places the extended IP address (the router's IP address plus a port number) into the request. When the Web server establishes a connection, it uses this extended IP address, and not the internal, local IP address of the computer to which it connects. The connection is thus established with the router, not the computer-and the router decides what material delivered from the Web server can reach the computer.
NAT thus provides two very important benefits to a small network:
It makes good use of scarce unique public IP addresses. Only one is needed for the network as a whole. Computers on the network all have local IP addresses, which may also be used locally by other networks, even millions of other networks.
It provides considerable security. No computer may connect to a computer inside the network without the router's consent and cooperation.
Virtually all home office routers include both DHCP servers (which provide local IP addresses to devices on the network) and NAT servers, which intermediate between local IP addresses and the global Internet. Rounding out the equipment lineup on home routers is usually a switch with several hardware ports (no relation to TCP ports!) for plugging in computers and other network devices, like Wi-Fi access points. One of the first big successes in this product category was the Linksys BEFSR41, shown in Figure 3.7.
Figure 3.7: The Linksys BEFSR41: Router and 4-Port Switch. (Photo courtesy of Linksys.)
If you add a wireless access point to a router/switch appliance like the BEFSR41, you'll have a wireless residential gateway. I'll cover this in more detail in Chapter 6.
|
|