Category Archives: IP ADDRESSING
Network Subnetting A subnet is a segment of a network. Subnetting is a technique that allows a network administrator to divide one physical network into smaller logical networks and, thus, control the flow of traffic for security or efficiency reasons. Dividing a network into several subnets can serve a number of purposes: to reduce network traffic by decreasing the number of broadcasts (if used in combination with a switch), to exceed the limitations in a local area network, for instance the maximum number of allowed hosts, or to enable employees to be able to dial in to the network from home, without opening the entire network up to unwanted visits from the Internet. Subnets are created by using a so-called subnet mask to divide a single Class A, B, or C network number into smaller pieces, thus allowing an organisation to add subnets without having to obtain a new network number through an Internet service provider. Subnets can again be subnetted into sub-subnets. Subnets were originally invented to help solve the lack of IP addresses on the Internet. How subnetting work An IP address consists of a network portion and a host portion. A subnet is created by borrowing bits from the part of the IP address which normally designates the host and using them to designate one or more smaller, secondary networks (subnets) within the original network. The network prefix and subnet number in combination are called the extended network prefix (in every day talk often, somewhat confusingly, referred to as the network number!). Subnet masks A 32-bit subnet mask is used as a deciphering key to determine how an IP address is to be divided into extended network prefix and host part. It is used by routers and network devices to determine where traffic should be routed to. Like IP addresses, subnet masks consist of four numbers of 8 bits, separated by dots. They are usually written in the corresponding decimal notation. The typical subnet masks used for Class A, B and C addresses are as follows: All the 0’s in the subnet mask specify that this part in a corresponding IP address is the host portion, while the 1’s indicate that the corresponding bits in the IP address constitute the network portion. The three subnet masks above set the change from network to host portion at the end of a whole octet – Class A after one octet, Class B after two octets, and Class C after three. However, a subnet masks does not have to follow the address classes, but can specifiy a host portion that is not a whole octet. The subnet mask 255.255.255.240 (11111111.11111111.11111111.11110000) for instance, marks the breaking point four bits into the last octet. The purpose of having subnet masks defining networks is that the technical devices that the network is build from will be able to determine if traffic should be routed out of the network or kept within it. Using a mask saves the routers from having to handle the entire 32-bit address, because they can simply look at the bits selected by the mask (and thus not worry about the host portion of the address). Internet routers use only the network number of the destination address to route traffic to a subnetted environment. Subnetting, thus, also has the advantage that it keeps the size of the routing tables on the Internet down because Internet routers only need to know the one common network address for all the individual computers and devices on the different subnets. The route from the Internet to any subnet of a network is the same, no matter which subnet the destination host is on, namely that of the mother network. From there, the local network router(s) divides the communication out into individual subnets and to the individual hosts on these subnets. Subnetting keeps the size of the routing tables on the Internet down, as the Internet routers only use the network number of a subnetted environment to route traffic to any of the subnets A router within a subnetted environment uses the extended network prefix to route traffic between the individual subnets. The extended network prefix is composed of the network prefix and the subnet number.
Each computer on a TCP/IP based network (including the Internet) has a unique, numeric address called an IP address (IP stands for Internet Protocol), enabling data packages to be addressed to this specific recipient.
What is an IP address?
An IP address consists of four so-called octets separated by dots. The octet is a binary number of eight digits, which equals the decimal numbers from 0 to 255. To make IP addresses more easy to read and write, they are often expressed as four decimal numbers, each separated by a dot. This format is called “dotted-decimal notation”.
In a local area network based on TCP/IP, an IP address must be assigned to each host (computer or device) in the network. The IP address must be unique to each host. (If two hosts were given the same address, the data to these hosts would be picked up randomly by one of them – be it the intended receiver or not – causing network irregularities.)
In addition, a device that serves as router to another network, contains two or more network adaptors and belongs to two or more networks. In this case, each adaptor must be assigned a unique IP address on each network.
Part of an IP address designates the network, while another part designates the individual host. The network number field is also referred to as the ‘network prefix’.
Exactly where the network part ends and the host part begins is calculated by routers, using a so-called subnet mask as a deciphering key.
All hosts on a given network share the same network number, but each of them must have a unique host number:
The network portion of an IP address is inherited down through a network hierarchy, as illustrated below.
Classes of IP addresses
In order to provide the flexibility required to support differently sized networks, IP addresses come in three classes, A, B, and C. Every class fixes the boundary between the network portion and the host portion of the IP address at a different point. This makes them appropriate for different size networks.
Class C addresses allow 254 hosts per network and are typically used by smaller and middle-sized companies. Class B networks allow a maximum of 16,384 hosts, while Class A networks allow more than 16 million hosts. As a consequence, Class A networks are only used by really large organisations.
Calculating the number of possible hosts requires a closer look at the IP classes in their binary form. (The binary system is a base-2 number system, just like the base-10 number system is known as the decimal number system). It is done as follows:
- In a Class C network only the last octet is used to designate the hosts. The maximum decimal number that you can write using eight bits is 256 (28). The host calculation now requires that 2 is subtracted, because two host addresses must be reserved for a network address and a broadcast address (for a further explanation of network and broadcast addresses, see the section on ‘Subnets’). Ergo the maximum number of hosts on a Class C network is 256-2=254.
- A class B network allows a maximum of 16,384 hosts (216-2) per network (two octets designate the hosts).
- A class A network allows up to 16,777,214 (224-2) hosts per network (three octets are used to
Class A networks are also referred to as ‘/8’s (pronounced slash eight’s or just eight’s) since they have an 8-bit network prefix (one octet is used to designate the network). Following the same convention, Class B networks are called ‘/16s’ and Class C networks ‘/24s’.
Globally routable and private network IP addresses
There are two types of IP addresses – those which are globally routable (included in the routing tables on the Internet), and those which have been set aside for private networks. It is generally recommended that organisations use IP addresses from the blocks of private network addresses for hosts that require IP connectivity within their company network, but do not require external connections to the global Internet.
The system with non-routable IP addresses was introduced to help prevent a future shortage of IP addresses due to the explosive growth of the Internet. Because addresses belonging to these address blocks are not routed through the Internet routing system, the same numbers can be used at the same time by many different organisations.
The three blocks of IP addresses which have been reserved for private networks are:
There are no official rules for when to use which of the three private network IP address blocks, but generally the one of the most suitable size is used. For obvious reasons there is no need to use 10.x.x.x if it is unthinkable that your LAN will ever grow to more than 254 hosts. However, when using private addresses the network administrator can be liberal on the usage of the addresses when assigning them to the different parts of a network, as the strict rules that govern public IP address assignment do not apply.
Hosts with private network IP addresses cannot communicate directly with the Internet, because the Internet refuses to receive and transmit data with such origin or destination address. For a host with a private network IP address to be allowed to communicate with the Internet, it must have its data stream to the Internet handled by an intermediary host, which can act as an ‘Internet representative’ for the private host. The intermediary host must have ways to relay data between the global Internet and the host on the private network. Therefore it must have a globally routable IP address that it uses when communicating with the Internet, and a private network IP address that is uses for communication with the private host. There are a number of different types of intermediary hosts that fit this description. The most common types of intermediary hosts are proxy servers, firewalls and firewalls with NAT (Network Address Translation).
An advantage of using private network addresses is that it makes it easier for organisations to change their Internet service provider without having to renumber their IP addresses. If private network addresses are not used, renumbering when changing ISP is necessary because globally routable IP addresses are “owned” by the Internet service provider that the company has “leased” the IP addresses from. It is possible to buy and own IP addresses, but this only applies to very large organisations that need in the magnitude of 40,000 globally routable IP addresses.
Using private network IP addresses also gives a company a measure of security. Globally routable IP addresses are advertised in the routing tables on the Internet, making the system vulnerable to hackers. When private IP network addresses are used, however, the intermediary host (such as a firewall with NAT) will work as a barrier against unwanted visits from the Internet.
The current version of IP, IP version 4, defines a 32-bit address, which means that there are only 232 (4,294,967,296) addresses available globally. Over the past few years, the number of available IP addresses on the Internet has started to run out, as the number of companies and people wishing to go on-line has exploded. As a consequence, a new generation of IP addresses (IPv6) is currently in the works. The current IP system will not become obsolete overnight, however, as the two systems will coexist for some time after the new version has been implemented.