ip communication explained

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change Moosacherstr. 56a D-80809 Munich GERMANY offer on request Fax +49.89.3589.8519 Email [email protected]

IP Communications lessons learned

2005 DOSCH & AMAND Research GmbH & Co KG

V1.2 1 Introduction to the Internet Protocol Perhaps one of the most important and well known protocols is Internet Protocol, or IP. IP gives us the ability to uniquely identify each computer in a network or on the Internet. When a computer is connected to a network or the Internet, it is assigned a unique IP address. If you're connecting to the Internet, chances are you're given an IP automatically by your ISP. If you're connecting to a LAN, then you're either given the IP automatically or you manually configure the workstation with an assigned IP. If you really want to know how network communications work, it most important to fully understanding IP. DNS, FTP, SNMP, SMTP, HTTP and a lot of other protocols and services rely heavily on IP in order to function correctly, so you can immediately see that IP is more than just an address on your workstation. IP Address The above example shows an IP address in decimal notation, which we understand more easily. This IP address (192.168.0.1) is then converted to Binary, which is what the computer understands. You can see how big the number gets. It's easier for us to remember four different numbers than 32 zeros or ones. An IP address is a 32 Bit address Now we're going to look at how the conversion works between decimal and binary. This is an important step, because you'll probably find yourself in need of such a conversion when dealing with complex subnets. The picture below shows an IP address that we are going to convert to Binary. We are now going to convert the first octet in the IP address 192.168.0.1 to Binary. In other words, we take the "192" and convert it to Binary.


In our example, we used the 192. We needed bits 8 and 7 and this gave us the Binary number of 11000000, which is 192 in decimal. Using this method, you will convert decimal to Binary without the need for complex mathematical calculations. Example decimal number 168 Here again you can see that we needed to choose bits 8, 6 and 4 in order to get a decimal value of 168. So the Binary value of 10101000 is equal to the decimal value of 168. Internet protocol header Just like every other protocol, IP has a place in the OSI model. Because it's such an important protocol and other protocols depend upon it, IP needs to be placed before them in the OSI model. IP = Layer 3 When a computer receives a packet from the network, the computer will first check the destination MAC address of the packet at the Datalink Layer (2). If it passes, it's then passed on to the Network layer. At the Network layer, it will check the packet to see if the destination IP address matches the computer's IP address. If the packet is a broadcast, it will pass the network layer anyway. From there, the packet is processed as required by the upper layers. On the other hand, the computer may be generating a packet to send to the network. Then, as the packet travels down the OSI model and reaches the Network layer, the destination and source IP address of this packet are added in the IP header.


The IP header Now we are going to analyze the Internet protocol header, so you can see the fields it has and where they are placed. In here you will find the destination and source IP address field which is essential to every packet using the protocol. It's worth noting that the 9th field, which is the "Protocol" field, contains some important information that the computer uses to find out where it must pass the datagram once it strips off the IP header. TCP and UDP exist on Layer 4 of the OSI Model, which is the transport layer. When data arrives at a computer and the packet is processed by each layer, it needs to know whereabouts above to pass the data. This protocol field tells the computer to give the remaining data to either the TCP or UDP protocol, which is directly above it. The destination IP address is another important field which contains the IP address of the destination machine. No matter which way you convert, from Decimal to Binary or Binary to Decimal, the same method is used. If you understood the above, you should be able to convert any Binary or Decimal number. Internet Protocol classes - Network and host ID Every protocol suite defines some type of addressing that identifies computers and networks. IP addresses are no exception to this rule. There are certain values that an IP address can take; these have been defined by the IEEE committee. A simple IP address is a lot more than just a number. It tells us the network of which the workstation is part and the node ID.


IP address classes and structure When the IEEE committee sort out the range of numbers that were going to be used by all computers, they came up with five different ranges or "classes" of IP addresses. When someone applies for IP addresses they are given a certain range within a specific class depending on the size of their network. In the above table, you can see the five classes. The first three classes (A, B and C) are used to identify workstations, routers, switches and other devices, whereas the last two classes (D and E) are reserved for special use. An IP address consists of 32 Bits, which means it's four Bytes long. The first octet (first eight bits or first byte) of an IP address is enough for us to determine the class to which it belongs. And, depending on the class to which the IP address belongs, we can determine which portion of the IP address is the network ID and which is the node ID. For example, the first octet of an IP address is "168," then, using the above table, you would notice that it falls within the 128-191 range, which makes it a class B IP address. Understanding the classes Earlier mentioned that companies are assigned different IP ranges within these classes, depending on the size of their network. For instance, if a company required 1000 IP addresses, it would probably be assigned a range that falls within a class B network rather than a class A or C. The class A IP addresses were designed for large networks, class B for medium size networks and class C for smaller networks. Introducing network ID and node ID concepts We need to understand the network ID and node ID concept because it will help us to fully understand why classes exist. Putting it as simply as possible, an IP address gives us two pieces of valuable information:

1) It tells us which network the device is part of (network ID).

2) It identifies that unique device within the network (node ID).

Think of the network ID as the suburb you live in and the node ID as your street in that suburb. You can tell exactly where someone is if you have their suburb and street name. In the same way, the network ID tells us to which network a particular computer belongs and the node ID identifies that computer from all the rest that reside in the same network.


The picture below gives you a small example to help understanding the concept: In the picture, you can see a small network. We have assigned a class C IP range for this network. Class C IP addresses are for small networks. Host A, you will see that its IP address is 192.168.0.2. The network ID portion of this IP address is in blue, while the host ID is in orange. How do I figure out which portion of the IP address is the network ID and which is the host ID? The network and node ID of each class The network class helps us determine how the four byte, or 32 bit, IP address is divided between network and node portions. The table below shows you (in binary) how the Network ID and Node ID changes depending on the class: Explanation The table above might seem confusing at first but it's actually very simple. We will take class A as an example and analyze it so you can understand exactly what is happening here: Any class A network has a total of 7 bits for the Network ID (bit 8 is always set to 0) and 24 bits for the Host ID. Now all we need to do is calculate how much seven bits is: 27 = 128 networks and 224 = 16.777.216 hosts in each network, of which two cannot be used because one is the Network Address and the other is the Network Broadcast Address. Therefore when calculating the "valid" hosts in a network we have to subtract "2". Therefore you can have a on class A network 16.777.214 hosts and not 16.777.216.


Maximum possible hosts The same story applies for the other two classes we use, that's class B and class C, the only difference is that the number of networks and hosts changes because the bits assigned to them are different for each class. Class B networks have 14 bits for the network ID (Bits 15, 16 are set and can't be changed) and 16 bits for the host ID, that means you can have up to '2 to the power of 14' = 16,384 networks and '2 to the power of 16' = 65,536 hosts in each network, of which two cannot be used because one is the network address and the other is the network broadcast address Class C networks have 21 bits for the network ID (Bits 22, 23, 24 are set and can't be changed) and eight bits for the host ID, that means you can have up to 221 = 2.097.152 Networks and ' 228 = 256 hosts in each network, of which two cannot be used because one is the network address and the other is the network broadcast address Therefore "valid" hosts on class C network are 254 and not 256. Now, even though we have three classes of IP addresses that we can use, there are some IP addresses that have been reserved for special use. This doesn't mean you can't assign them to a workstation but in the case that you did, it would create serious problems within your network. For this reason it's best to avoid using these IP addresses.


The following table shows the IP addresses that you should avoid using:

IP address Function

Network 0.0.0.0 Refers to the default route. This route is to simplify routing tables used by IP.

Network 127.0.0.0 Reserved for Loopback. The Address 127.0.0.1 is often used to refer to the local host. Using this Address, applications can address a local host as if it were a remote host.

IP Address with all host bits set to "0" (Network Address) e.g. 192.168.0.0

Refers to the actual network itself. For example, network 192.168.0.0 can be used to identify network 192.168. This type of notation is often used within routing tables.

IP Address with all node bits set to "1" (Subnet / Network Broadcast) e.g. 192.168.255.255

IP Addresses with all node bits set to "1" are local network broadcast addresses and must NOT be used. Some examples: 125.255.255.255 (Class A), 190.30.255.255 (Class B), 203.31.218.255 (Class C). See "Multicasts" & "Broadcasts" for more info.

IP Address with all bits set to "1" (Network Broadcast) e.g. 255.255.255.255

The IP Address with all bits set to "1" is a broadcast address and must NOT be used. These are destined for all nodes on a network, no matter what IP address they might have.

Subnets Subnetting is one of my favorite subjects. It can be as simple as 1, 2, and 3 or as complex as trying to get free tech support from Microsoft. Subnetting is a very important topic When we subnet a network, we basically split it into smaller networks. For example, when a set of IP addresses is given to a company, the company might want to "break" (the correct term is "partition") that one network into smaller ones, one for each department. This way, the technical department and management department can each have a small network of their own. By subnetting the network, we can partition it to as many smaller networks as we need. This also helps reduce traffic and hides the complexity of the network. By default, all type of classes (A, B and C) have a subnet mask; we call it the default subnet mask. You need to have one because: 1) All computers need the subnet mask field filled when configuring IP 2) You need to set some logical boundaries in your network 3) You should at least enter the default subnet mask for the class you're using Compared to IP classes, network IDs and host IDs, the subnet mask is what determines the network ID and host ID portion of an IP address. The table below shows clearly the subnet mask that applies for each network class.


When dealing with subnet masks in the real world, we are free to use any type of subnet mask in order to meet our needs. If, for example, we require one network which can contain up to 254 computers, then a class C network with its default subnet mask will do fine. If we need more, then we might consider a class B network with its default subnet mask. Note that the default subnet masks have been set by the IEEE committee, the same guys that set and approve the different standards and protocols. Partitioning one network into smaller ones by using different subnet masks. The picture below shows our example network (192.168.0.0). All computers here have been configured with the default class C subnet mask (255.255.255.0): Because of the subnet mask we used, all these computers are part of the one network marked in blue. This also means that any one of these hosts (computers, router and server) can communicate with each other. If we now wanted to partition this network into smaller segments, then we would need to change the subnet mask appropriately so we can get the desired result. Let's say we needed to change the subnet mask from 255.255.255.0 to 255.255.255.224 on each configured host. The picture below shows us how the computers will see the network once the subnet mask has changed: In reality, we have just created eight networks from the one large (blue) network we had, but for simplicity reasons we only show two of these smaller networks because of understanding the concept of subnetting the subnet mask. There are a few different ways to approach subnetting, and it can get confusing because of the complexity of some subnets and the flexibility they offer. For this reason I created this little paragraph to let you know how we are going to approach and learn subnetting.


Default subnet masks of each class Each class has its DEFAULT subnet mask, which we can change to suit our needs. The picture below shows our three network classes with their respective default subnet masks: The effect of a subnet mask on an IP address In the IP classes page we analyzed and showed how an IP address consists of two parts,

1) The network ID and 2) The host ID.

This rule applies for all IP addresses that use the default subnet mask, so we call them classful IP addresses. We can see in the picture below, where the IP address is analyzed in binary, because this is the way you should work when dealing with subnet masks: We are looking at an IP address with its subnet mask for the first time. What we have done is take the decimal subnet mask and converted it to binary, along with the IP address. It is essential to work in binary because it makes things clearer and we can avoid making silly mistakes. The ones (1) in the subnet mask "lock" or, if you like, define the network ID portion. If we change any bit within the network ID of the IP address, then we immediately move to a different network. So in this example, we have a 24 bit subnet mask.


NOTE: All class C classful IP addresses have a 24 bit subnet mask (255.255.255.0) All class B classful IP addresses have a 16 bit subnet mask (255.255.0.0) All class A classful IP addresses have an 8 bit subnet mask (255.0.0.0) On the other hand, the use of an IP address with a subnet mask other than the default results in the standard host bits (the Bits used to identify the HOST ID) being divided in to two parts: a subnet ID and Host ID. These types of IP addresses are called classless IP addresses. In order to understand what a "classless IP address" is without getting confused, we are going to take the same IP address as above, and make it a classless IP address by changing the default subnet mask: Looking at the picture above you will now notice that we have a subnet ID, something that didn't exist before. As the picture explains, we have borrowed three bits from the host ID and used them to create a subnet ID. Effectively we partitioned our class C network into smaller networks. Summary In this page we saw the default subnet mask of each class and also introduced the classful and classless IP addresses, which are a result of using various subnet masks. When we use IP addresses with their default subnet masks, e.g. 192.168.0.10 is a class C IP address so the default subnet mask would be 255.255.255.0, then these are "classful IP addresses." On the other hand, classless IP addresses have their subnet mask modified in a way so that there is a "subnet ID". This subnet ID is created by borrowing bits from the host ID portion. The picture below shows us both examples:


Analysis of Subnets We have already covered subnetting in some depth, but there is still much to learn. We are going to explain the available subnet masks and analyze a class C network using a specific subnet mask. It's all pretty simple, as long as you understand the logic behind it. Understanding and analyzing different subnet masks We haven't spoken about the different values they take, and the guidelines we need when we use them. You cannot take any subnet mask you like and apply it to a computer or any other device, because depending on the random subnet mask you choose, it will either create a lot of routing and communication problems, or it won't be accepted at all by the device you're trying to configure. For this reason, we'll look at the various subnet masks so you know exactly what you need to use, and how to use it. Most important, we are going to make sure we understand why you need to choose specific subnet masks depending on your needs. Common subnet masks In order to keep this place tidy, we are going to see the common subnet masks for each class. Looking at each class's subnet mask is possibly the best and easiest way to learn them.

Number of bits Class A Class B Class C

0 (default mask) 255.0.0.0 (default_mask)

255.255.0.0 (default_mask) 255.255.255.0 (default_mask)

1 255.128.0.0 (default +1) 255.255.128.0 (default+1) 255.255.255.128 (default+1)

2 255.192.0.0 (default+2) 255.255.192.0 (default+2) 255.255.255.192 (default+2)





7 255.254.0.0 (default+7) 255.255.254.0 (default+7) 255.255.255.254 (default+7) * Only 1 Host per subnet

8 255.255.0.0 (default+8) 255.255.255.0 (default+8) 255.255.255.255 (default+8) * Reserved for Broadcasts

The trick to understanding the pattern of the above table is to think of it in the following way: Each class has its default subnet mask, which I have noted using the green color, and all we are doing is borrowing a bit at a time (starting from 1, all the way to 8) from the host ID portion of each class. The various colors show the decimal numbers that we get each time we borrow a bit from the host ID portion Each time we borrow a bit from the Host ID, we split the network into a different number of networks. For example, when we borrowed three bits in the class C network, we ended up partitioning the network into eight smaller networks.


We are going to do an analysis using the class C network and three bits which we took from the host ID. The analysis will take place once we convert our decimal numbers to binary, something that's essential for this type of work. We will see how we get eight networks from such a configuration and their ranges. In this first part, we can see clearly where the eight networks come from. The rule applies to all types of subnets, no matter what class they are. Simply take the subnet bits and place them into the power of two and you get your networks. The IP address and subnet mask is show in binary format. We focus on the last octet which contains all the information we are after. The last octet has two parts, the subnet ID and host ID. When we want to calculate the subnets and hosts, we deal with them one at a time. Once that's done, we put the subnet ID and host ID portion together so we can get the last octet's decimal number. We know we have eight networks (or subnets) and, by simply counting or incrementing our binary value by one each time, we get to see all the networks available. So we start off with 000 and finish at 111. On the right hand side I have also put the equivalent decimal number for each network. Next we take the host ID portion, where the first available host is 0 0001 (1 in Decimal), because the 0 0000 (0 in Decimal) value is reserved as it is the network address (see IP classes page), and the last value which is 1 1111 (31 in decimal) is used as a broadcast address for each subnet.


Summing up, these are the ranges for each subnet in our new network: The example is one of the simplest type, which is why I chose a class C network, they are the easiest to work with. If you did find it somewhat difficult, try to read over it slowly. After a few times, you will get to understand it. Communication between subnets After reading all the previous pages about subnetting, let me ask you the following: Do you think computers that are on the same physical network but configured to be on separate subnets are able to communicate? No, because you must keep in mind that we are talking about the communication between two different networks! Looking at our example of the class C network on the previous page, the fact is that one computer is part of the network 192.168.0.0 and the other one part of network 192.168.0.32, and these are two different networks. In our example, from the moment we modified the default subnet mask from 255.255.255.0 to 255.255.255.224, we split that one network to 8 smaller ones.


Testing between the subnets That's the network we have to play with. I have put on the diagram the results of a few simple pings from each host and, as you can see, they all came out nice: PASS. In order to proceed to phase two of our experiment, I modified the subnet mask of my workstation to 192.168.0.35 / 255.255.255.224 , Slackware Linux Firewall to 192.168.0.1 / 255.255.255.224 (internal Network Interface Card) NetWare 6 server to 192.168.0.10 / 255.255.255.224 as shown in the diagram : As you can see, the results for my workstation were devastating -- alone and totally unaware that the other two servers are still there. When my workstation tries to ping the Linux Firewall, it will get no reply, because its gateway is a host which belongs to another network, something that we knew would never work. We have concluded that there cannot be any sort of communication between the computers of network 1 and network 2. How can two hosts in two different subnets talk to each other? That's what we are going to cover. Building the bridge There is a way to allow the communication between my workstation and my servers and the Internet. We are not interested in the best solution at the moment, we just want to know the ways in which we can establish communication between the two subnets. Considering that subnets are smaller networks, you would remember that we use routers to achieve communications between two networks. We need a router which will route packets from one network to the other. Let's have a look at the different ways we can solve this problem:


Method 1: Using a server with two network cards Our first option is to use one of the servers, or a new Server which has at least two network cards installed. By connecting each network card to one of our networks and configuring the network cards so that each one belongs to one subnet/network we can route packets between them: The diagram shows everything that's needed. The second network card has been installed and it's been assigned an IP address that falls within our network 1 range and therefore can communicate with my workstation. On the other hand the NetWare server now acts as a gateway for network 1, so my workstation is reconfigured to use it as its gateway. Any packets from network 1 to network 2 or the Internet will pass through the NetWare server Method 2: Binding two IP addresses to the same network card This method is possibly the best and easiest way around our problem. We use the same network card on the NetWare server and bind another IP address to it. This second IP address will obviously fall within the network 1 IP range so that my workstation can communicate with the server As noted on the diagram, the only problem we might encounter is the need for the operating system of the server to support this type of configuration, but most modern operating systems would comply. Once configured, the server takes care of any routing between the two networks.


Method 3: Installing a router The third method is to install a router in the network. My workstation in this setup would forward all packets to its gateway, which is the router's interface and is connected to network 1 and it will be able to see all other servers and access the Internet. It's a similar setup to Method 1 but instead of a server we have a dedicated router. The hub which both of the router's interfaces connects to would be replaced by some type of WAN link. That completes our discussion on Subnet routing and communication The number of problems that can occur in a network are numerous, and -- believe it or not -- most of them can be avoided if the initial design and installation of the network are done properly.

ip communication explained

Documents

destination ip address

ip header

computers ip address

simple ip address

unique ip address

assigned ip

ip needs

ip addresses