IPv4 Addresses

-

 A review of IPv4 addressing



IP addresses can be either IPv4 or IPv6. IPv6 addressing is out of the scope of this post but will be in another post later. IPv4 addresses are 32-bits long and are represented in dotted decimal notation. There are two portions of IPv4 addresses: The network portion and the host portion. The network portion identifies a physical or logical link and is common to all devices attached to that link. The host portion identifies a unique device connected to the link. We distinguish between the network portion and the host portion with the subnet mask. We represent IP addresses in dotted decimal to make it easier for us to remember and work with. Each group of 8-bits is referred to as an "octet" and the "." separates each grouping of 8-bits. Since there are 4 groups of 8-bits that gives us a 32-bit address. We can change an IP address back to the binary equivalent to get a better idea of the the host and network portions. 

Dotted decimal
IP: 192.0.0.1
Subnet Mask: 255.255.255.0
binary format
11000000 . 00000000 . 00000000 . 00000001

We generally classify networks into, well, classes. There are three major classes(the others we won't talk about). The classes are A, B, C, and they are three different size networks. Basically, Class A is for very large networks. Because they are very large networks you have fewer networks. Class B is for medium sized networks that have smaller networks in relation to Class A but have much more of the networks. Class C is for small networks. These small networks can only have a small amount of hosts on them so there can be a lot more networks in relation to both Class A and B. These Classes are known as classful boundaries. If you want to visualize the difference in the classes we can take our IP address we saw above and represent it with each class.

Class A
192.0.0.1 
255.0.0.0

Class B
192.0.0.1
255.255.0.0

Class C(which is what it is above)
192.0.0.1
255.255.255.0

We use the subnet mask to tell us where the boundary is between the network portion and the host portion. Wherever there is a "255" we can just say that is part of the network portion and where there is a "0" we can say that is part of the host portion. Notice that these Classes are at an octet boundary. Okay, so now how can we tell how many hosts we can have on our network ? or what the network address is ?

We will start with the network address, which is the first address in a subnet and is used to identify the whole subnet. An example would be 192.0.0.0 being our network address for our class C subnet. The way we find the network address is to set all the host bits to zero. In our example, we had 3 octets as network portion and 1 octet as host portion. So if I write down the digits where I have a 255(which tells me that section is part of the network portion) we will get:
192.0.0.X
If we then set the host portion to zero that will give us our network address:
192.0.0.0
Now we have the subnet identifier(the network address), we need to find out how many addresses are available in our subnet. To calculate the number of host addresses in a subnet you use the following formula: 2^h - 2, where h is the number of host bits. In our example, we had the last octet(8-bits) for host bits. so to calculate how many hosts we would calculate 2^8 - 2 = 254 hosts. Why the (-2) ? We subtract the 2 because in each subnet there are two reserved addresses, one if the network address(the one we just showed) and the other is the broadcast address. The broadcast address is the address hosts use to communicate with all the hosts on the same subnet. 

So how does a router or other network devices know when another device is on the same network as itself ? 
The answer is that the router/device will perform a logical AND with its subnet mask. If the device has the same network address as itself then it knows that it's on the same network and if it doesn't then it knows it must reach out to the gateway address in order to reach this device. 

This was just a high level look at IP addresses and if you want to go even deeper then I suggest you look at Jeff Doyle's book Routing TCP/IP volume 1. 












Comments

Post a Comment

Popular posts from this blog

AWS Identity and Access Management(IAM)

-
Image
 IAM   With the cloud becoming more and more prevalent, how do we secure who can access cloud resources and which resources can speak to each other. This very important problem is solved with AWS Identity and Access Management(IAM) resource.  IAM enables you to control who can access your AWS environment, what actions they can perform, and which resources they can interact with. It allows you to set fine-grained permissions and policies to meet your security and compliance requirements. So what are the parts that make up Identity and Access Management(IAM) ? - User groups - Users - Roles - Policies - Identity Provider Lets go into more detail about each resource that makes up IAM. User groups are groups you can define to logically group users together that perform similar functions in job. This is kind of like having different groups for different job roles. Users are just the manually configured users created for use on the management console. This is where you define all the diffe
Read more

AWS Virtual Private Clouds(VPCs)

-
Image
   In the spirit of my last blog on cloud computing, we will discuss VPC's in this blog.  What are VPC's ? Before I answer this question I need to explain this picture and the terms used. In AWS(and other cloud providers) we have several things that make up the global cloud infrastructure. Those things are Regions, Availability Zones, and Edge Locations(not pictured). A region is a geographical area around the world that consist of multiple availability zones. An availability zone can be thought of as multiple discrete data centers that have separate power, cooling, networking, and housed in separate buildings. Edge locations are places where CloudFront caches your content to provide ultra-low latency delivery of your content. According to AWS they currently have 32 regions, 102 availability zones, and more than 550 PoP's(points of presence). These things together make it possible to create global resources in minutes that serve millions of customers.  A VPC or Virtual Pri
Read more

IPSec VPN - Fundamentals

-
A VPN, or Virtual Private Network, is a way to establish a tunnel between two endpoints, like two routers or two endpoints. VPN’s are used to provide a way of secure communication over an unsecure medium. A simple example would be secure communication between two branch offices over the unsecure internet. This is important because we need secure communication so that people can’t eavesdrop and steal important company information. Oftentimes, people misunderstand VPN's and think just because "private" is in the name that it's secure. This is not always the case, especially in the service provider world where there are different types of VPN's that do not provide any sort of encryption. IPSec VPN's do however provide encryption and other features. There are several different types of VPN’s that can be deployed. The most common ones are Site-To-Site and Remote Access, although there are many more and depending on the use case, the most common could be differe
Read more