Network Fundamentals - Internet Protocol and IP Addressing
What is Internet Protocol (IP) addressing?
When devices communicate with each other over a local area network, or "LAN", or across the internet, the message transmitted is ultimately directed to the target device's network hardware address that is programmed into the device by the manufacturer. This hardware address, or "MAC" address, is physically encoded very much like an automobile's VIN number that includes information about the manufacturer and when the device was created along with a sequential number.
Unfortunately, MAC addresses are not helpful for routing communication messages outside of a small number of locally interconnected devices because they are randomly scattered around the world, i.e., a device with a MAC address of 10:20:30:40:50:60 could be in New York and another with a MAC address of 10:20:30:40:50:61 could be in Beijing.
To enable devices to find each other easily no matter where they are in the world, the creators of the Internet came up with a logical addressing scheme that made it much easier for devices to find each other, no matter where they were on the Internet. These logical, Internet Protocol, addresses are commonly referred to as "IP addresses".
The form and organization of IP addresses
Note: for the purpose of this discussion, we will be describing IPv4 addresses, a four byte address format that has been in use for decades and continues to be used by a majority of Internet connected organizations. The latest IP addressing scheme, IPv6, uses a six byte address so that many more devices on the Internet can be addressed.
Each IPv4 address is four bytes in length and is expressed in the form: "nnn.nnn.nnn.nnn", where each "nnn" is a number from 0 through 255, the largest value of that can be expressed in eight binary bits. For example, the string 192.168.252.199 would be a syntactically correct expression of an IPv4 address.
Each IP address string is made up of two components:
- A network identifying component which is the leftmost part of the address, and
- A device identifying component which is the rightmost part of the address
The network identifying component is used by network routing devices or "routers" to determine the best way to send a communication message to take it closer to its final destination, the target device itself. The device identifying component of the IP address is only of significance to the target device and any other devices sharing the same local area network (LAN).
The length of the network and device identifying components may vary based upon the number of devices that an organization needs to address, but the total number of bytes used for the address will always be four for IPv4 addresses.
Classful Routing
Message routing devices or "routers" that transfer messages from one organization to another use a highly structured method of IP addressing called "classful routing", where IP address ranges are grouped into five classes. Because of its structured nature, routers using classful routing are far more efficient than other methods that will be described later in this discussion.
The following table describes the fundamental IP address network classes including how the addresses are defined, the number of device IP addresses the network class can support, and examples of device IP address that would be included in the network. The last column in the table shows the first byte values for networks in each class that are set by convention.
IP address network class | # of leftmost bytes that identify the network | # of rightmost bytes that identify devices within the network | Maximum # of IP addresses supported by each network in this class | Examples of IP addresses that would be on the same network in this class | IP addresses in this class have a first byte value of: |
---|---|---|---|---|---|
Class A | 1 | 3 | 16,777,216 | 10.1.7.242, 10.7.23.195, 10.253.20.17 |
0 through 127 |
Class B | 2 | 2 | 65,535 | 172.16.21.9, 172.16.47.18, 172.16.250.241 |
128 through 191 |
Class C | 3 | 1 | 256 | 192.168.45.1, 192.168.45.25, 192.168.45.253 |
192 through 223 |
Notes:
- The network identifying component each device IP address example is displayed in bold.
- There are also class D addresses (first byte value from 224 through 239) used for multi-casting, and class E addresses (first byte value from 240 through 255) that are used for Internet Engineering Task Force (IETF) testing. These two classes are not part of this discussion.
Classless Inter-Domain Routing (CIDR)
The number of class "A", "B" and "C" IP address ranges is severely limited, so when an organization obtains an IP address range, they usually obtain a number of class "C" ranges, or, if they are lucky, a class "B". Obtaining a class "A" address range is highly unlikely.
If all we had was classful addressing and an organization obtained a class "B" IP address range, all the devices would need to be on the same local area network which could result in extremely poor performance and a lack of network design flexibility. Fortunately, the development of the Classless Inter-Domain Routing (CIDR) method of IP addressing and routing gave organizations the opportunity to easily segregate any of their classful IP address ranges or "networks" into a number of sub-ranges or "subnets" through the use of "subnet masks".
Note: For the purpose of the remainder of this discussion, the term "network" will be used to refer to either a network or a subnet.
Subnet masks
Each Internet router that uses classful routing knows that any IP address starting with 0 through 127 is a class "A" address with a network identifying component one byte in length. Any IP address beginning with 128 through 191 is a class "B" address, so the network identifying component is two bytes in length, etc.
But when an organization needs to break up its class "A" or class "B" network into a number of class "C"- or other smaller-sized subnets, its routers cannot rely on the initial byte of the IP address to tell it anything about the length of the network identifying component of the subnetted address.
To provide the routers with this information when using classless routing, you must specify the length of the network identifying component of the subnet's IP addresses through the use of a "subnet mask". The subnet mask for each subnet is formatted just like an IP address, i.e., "nnn.nnn.nnn.nnn", but the meaning of the byte values is very different. In a subnet mask, all of the bits from the left that are to be included in the network identifying component of the IP address have a value of one, and all the bits from the right that identify the device within the range have a value of zero.
So, if you need to carve out a class "C"-sized subnet from a class "A" or class "B" network, you would specify a subnet mask with a decimal value of 255.255.255.0 or a binary value of 11111111 11111111 11111111 00000000.
With classless routing, you are not limited to subnet sizes based upon the three fundamental class sizes. You may need to have a subnet with more than 254 devices or less. Some subnets only involve two devices, so creating a class "C"-sized subnet for that purpose would waste addresses. Fortunately, subnet masks provide enough flexibility to allow us to set the boundary between the IP address' network identifying component and its device identifying component at virtually any bit in the four byte IP address string.
If an organization has obtained a class "B" network and needs to create a subnet within the network that can handle twice the number of device addresses as a traditional class "C" range, we could define a subnet that indicates we are using the first 23 bits of each IP address for our network identifying component and the last 9 bits to address up to 510 devices in the subnet (2 to the 9th power minus two reserved addresses). In this case, the subnet mask would have a decimal value of 255.255.254.0 or a binary value of 11111111 11111111 11111110 00000000.
If an organization has a class "B" or a class "C" network and needs to create a subnet that can handle half the number of devices as a traditional class "C" range, we could define a subnet that indicates we are using the first 25 bits of each IP address in the subnet for our network identifying component, and the last 7 bits to address up to 126 devices in the subnet (2 to the 7th power minus two reserved addresses). In this case, the subnet mask would have a decimal value of 255.255.255.128 or a binary value of 11111111 11111111 11111111 10000000.
CIDR notation – the easier way
Since many of us are not very efficient binary calculators, CIDR notation provides a simpler method of expressing the mask merely by indicating the network address (i.e. the first address in the IP address range) followed by a slash and the number of bits that are in the network identifying component of the IP address.
Note: The sample ranges and maximum device counts have been adjusted to reflect the fact that IP addressing reserves the first address in the range to identify the network and the last address in the range to broadcast to all devices in the network, so they cannot be assigned to individual devices.
Mask Expression | CIDR Notation | Sample IP Address | Max # of Devices |
---|---|---|---|
255.255.255.0 | 192.168.64.0/24 | 192.168.64.1 – 192.168.64.254 | 254 |
255.255.254.0 | 192.168.64.0/23 | 192.168.64.1 – 192.168.65.254 | 510 |
255.255.252.0 | 192.168.64.0/22 | 192.168.64.1 – 192.168.67.254 | 1022 |
255.255.248.0 | 192.168.64.0/21 | 192.168.64.1 – 192.168.71.254 | 2046 |
Routable address vs. Non-routable addresses
Were we to give every device in the world its own unique IP address, we would have run out of addresses a long time ago. So, the Internet Engineering Task Force (IETF) decided that, since most devices only need to be accessed within their organization and never need to be accessed remotely, they would reserve ranges of addresses that every organization can use for their internal device-to-internal device communication traffic. These addresses are called "non-routable" addresses (or "RFC 1918" addresses since the recommendation was the 1918th accepted through the IETF's "Request for comment (RFC)" process).
The IP address ranges that are reserved by RFC 1918 are:
- 10.0.0.0 through 10.255.255.255
- 172.16.0.0 through 172.31.255.255
- 192.168.0.0 through 192.168.255.255
Because all Internet-based routers are configured to ignore any message packet destined for an IP address in any of the above ranges, there is no concern about millions of organizations using exactly the same numbers as other organizations to address their devices. However, routers that are used to exchange information among devices within an organization are configured to treat these IP addresses as any other IP routable address.
Can a device with a non-routable IP address ever receive a message from the Internet?
Yes – but only if a mechanism called "Network Address Translation (NAT)" is set up on one of the routing devices. What NAT does is to reserve an alias IP address for the device that is in a routable range. When a message arrives destined for the alias IP address, the router changes the destination IP address to the target device's actual non-routable IP address before sending it to the target device.
When a device that has a non-routable address needs to send a communication message outbound to a device on the Internet, one of two NAT methods could be employed:
- If the router is configured to perform "one-to-one address translation", it will replace the sending device's non-routable IP address in the outbound message with its associated routable IP address that has been configured in the router's NAT table.
- If the router is configured to perform many-to-one address translation, each sending device's non-routable IP address will be replaced with the address of the router itself. In this case, since all exiting communication traffic from multiple sending devices will leave the campus with the same IP address and each is probably expecting a response, the router will need to know which response is supposed to go to which target internal device. To accomplish this, other data elements in the message header, such as the "session ID" are used to identify the appropriate internal device.
For further information about message routing
Please see the Network Communications – Routers and Switches section.