The Network Layer protocol for TCP/IP is the Internet Protocol (IP). It uses IP addresses and the subnet mask to determine if the datagram is on a local or remote network. If it is on the remote network, the datagram is forwarded to the default gateway (which is a router that links to another network).
IP keeps track of the number of transverses through each router (that the datagram goes through to reach its destination). Each transvers is called a hop. If the hop count exceeds 255 hops, the datagram is removed, and the destination is considered unreachable. IP's name for the hop count is called Time To Live (TTL).
IP Addresses
IP addresses consist of a 32-bit number, and is represented by the dot-decimal format. For example: 142.110.237.1 is an IP address. There are 4 decimal digits separated by three dots. Each digit is allowed the range of 0 to 255. This range corresponds to 8 bits (one byte) of information.
A portion of an IP address represents the network address, and the remaining portion the host address. For example: 142.110.237.1 is the IP address of a firewall. The network that the firewall resides on is 142.110.237.0 (Note: IP addresses that end in a 0 represent network addresses). The host address of the firewall is 0.0.0.1 (Note: the network portion of the IP address is represented by 0s). Each host on the network--and Internet--must have a unique IP address. There are ways around having each host a unique IP address and they are discussed under firewalls.
The Network Information Center (NIC) assigns network addresses to the Internet. You must apply to receive a IP network address. Depending on the class of the IP address, you can then assign as many host IP addresses as are allowed (more on this later).
An alternative is to "rent" IP addresses from your local Internet Service Provider (ISP). They usually own the rights to a block of IP addresses, and will rent them out for a fee.
IP Address Classifications
There is a formal structure to the assignment of IP addresses. IP addresses are assigned by the Network Information Center (NIC), a central authority with the responsibility of assigning network addresses.
There are several classifications of IP addresses: they include network addresses and special purpose addresses.
Class A addresses
IP address range 1.0.0.0 to 127.0.0.0 Number of networks available:
125 (see special addresses below) Number of hosts per network:16,777,214
Net Mask:255.0.0.0 (first 8 bits are ones)Special Addresses:
10.0.0.0 is used for networks not connected to the Internet
127.0.0.0 is the loopback address for testing (see ping)
Class A addresses always have bit 0 set to 0; bits 1-7 are used as the network ID; bits 8-31 are used as the host ID.
Class A networks are used by very large companies, such as IBM, US Dept of Defense and AT&T. Appendix E: IP Protocol Address Space lists the IP addresses and the organizations that use them.
Class B addresses
IP addresses range from 128.0.0.0 to 191.0.0.0
Number of networks available:16,382 (see special addresses below)
Number of hosts per network:65,534 Net Mask:255.255.0.0 (first 16 bits are ones)
Special Addresses:172.16.0.0 to 172.31.0.0 are used for networks not connected to the Internet
Class B addresses always have bit 0 and 1 set to 10. Bits 2-15 are used as the network ID. Bits 16-31 are used as the host ID. Class B networks are assigned to large companies and universities.
Class C addresses
IP address range 192.0.0.0 to 223.0.0.0
Number of networks available: 2,097,150 (see special addresses below)
Number of hosts per network: 254Net Mask:255.255.255.0 (first 24 bits are ones)
Special Addresses:192.168.1.0 to 192.168.255.0
are used for networks not connected to the Internet
Class C addresses always have bits 0-2 set to 110. Bits 3-24 are used as the network ID. Bits 25-31 are used as the host ID. Class C network addresses are assigned to small companies and local Internet providers.
Class D Addresses
IP address range 224.0.0.0 to 239.0.0.0Use:Multicasting addresses
Class D addresses always have bits 0-3 set to 1110, bits 4-31 are used as the Multicast address.
Class D network addresses are used by multicasting. Multicasting is a method of reducing network traffic (rather than send a separate datagram to each host if multiple host require the same information). A special multicast address can be used where one datagram is read by many hosts. Appendix F: IP Multicast Addresses lists the assigned IP multicast address space.
Class E Addresses
IP addresses range from 240.0.0.0 to 255.0.0.0
Use: Reserved by the Internet for its own use.
If you try to ping a Class E address, you should get the error message that says it is an invalid IP address.
Reserved IP Addresses
The following IP addresses are reserved:
127.0.0.0Network addresses used for localhost mode (testing IP stack) 255.255.255.255
An IP address consisting of all 1s in binary (255). Broadcast addressx.x.x.0
An IP address with the host portion consisting of 0s. Used to indicate the network address.
Newer routers have the option of allowing these addresses. 224.0.0.0 - 255.0.0.0 Class D addresses.
Network Masking
The subnet mask is used to determine which portion of the IP address is the network address, and which is the host address. This means that the portions of network to host in an IP address can change. The most common subnet mask is 255.255.255.0. The simple explanation is that wherever there is a 255, this indicates that it is the network portion. Wherever there is a 0, this indicates the host portion. Later on, subnet masking will be explained more thoroughly. For now, though, this explanation will have to suffice.
If we examine our IP address of 142.110.237.1, and use a subnet mask of 255.255.255.0, it can be seen that the network portion of the IP address is 142.110.237 (and the host portion is 1). The network address is typically written 142.110.237.0 and the host is sometimes written 0.0.0.1.
Now if host 142.110.237.1 wanted to send a datagram to 142.110.237.21, it would look at the network portion of the IP address (of the destination), and determine that it is on the local network. It would then send out the datagram.
If host 142.110.237.1 wanted to send a datagram to 142.110.150.108, it would look at the network portion of the IP address (of the destination) and determine that it is not on the same network. It is on 142.110.150.0 network and it would send it to the default gateway. The default gateway is a router that knows how to reach the other networks.
Class Masking
Class A, B and C networks use masks, not subnet masks. Masks are similar to subnet masks, except that they are normally used in routers (not in workstations).
A Class A network has a mask of 255.0.0.0, which allows approximately 16.7 million host addresses. Also, a Class B network has a mask of 255.255.0.0, which allows approximately 65 thousand host addresses. Both classes of networks have too many hosts for one network to handle. Imagine 65,000 users trying to access a network service at the same time. The network would be swamped with requests, and would slow down to a crawl.
The solution is to divide the network up into smaller workable networks, called subnets. This is usually done by fooling the host machine into believing that it is on a Class C network (only 254 hosts). The "fooling" occurs by using a Class C mask 255.255.255.0, called the subnet mask.
Thus, for a Class A network using a subnet mask of 255.255.255.0, you can have roughly 65 thousand subnets (of 254 hosts). On a Class B network, using a subnet mask of 255.255.255.0, you can have roughly 254 subnets of 254 hosts.
Subnetting a network
Subnet masks can divide networks into smaller networks (smaller than the 254 hosts discussed previously). In order to understand this process, a discussion on binary-to-decimal number conversion is required.
The typical subnet mask 255.255.255.0 represents 4 bytes of data. Each number represents 1 byte, and is displayed as a decimal number. One byte of information can represent a range of 0 - 255. One byte consists of 8 bits, where 0000 0000 represents 0 (in decimal), and 1111 1111 represents 255 (in decimal).
Note: The convention for displaying bits is to group in nibbles (4 bits): this makes it easier to read.
Each bit position has a weighting, where the weighting is equal to 2 to the power of the position (starting at position 0, on the right). The easiest way to determine the decimal weighting is to start on the right with the number 1 (which is 2^0), and double it at each bit position. The weighting for each position is follows:
Each position has its weighting multiplied by the binary bit value (0 or 1). For example, if bit position 23 had its bit set to 0, its decimal value would be 0 x 8 = 0. If bit position 25 had its bit set to 1, its decimal value would be 1 x 32 = 32.
To determine the decimal value of a binary number, add up all of the decimal weighting values (wherever there is a 1 in the binary number). For the following binary number 1111 1111, the decimal value would equal 255:
For the binary number 0000 0000, the decimal value would equal 0:
For the binary number 1010 1001, the decimal value would equal 169:
The significance of the decimal weighting to network routing becomes more evident when the method of rolling over the binary count is examined. For example, the decimal number 63 compared to 64 in binary produces an interesting observation:
Decimal 63=0011 1111; Decimal 64=0100 0000
The decimal number 63 is represented by all 1s in the first 6 bit locations. The decimal number 64 is represented by only bit 6 being a logical 1. If the count was further increased, similar relationships would occur, as shown below:
Decimal 127=0111 1111; Decimal 128=1000 0000
and
Decimal 191=1011 1111; Decimal 192=1100 0000
and
Decimal 255=1111 1111; Decimal 0=0000 0000
Notice that bit 7 and 6 are the only bits that are changing from the initial example of 63 and 64. What this means is that the network can be subdivided into 4 logical networks (of 64 hosts each). In fact, the number is 62 hosts because address 0 is not allowed (network address), and address 63 is not allowed (broadcast address).
In the introduction to subnetting, the portion of the IP address (that corresponded to the network portion) was easily identified as being the portion of the subnet mask (that corresponded to the decimal number 255). This is really only for the convenience of the dot decimal format (of the IP address). In fact, the IP address is a 32-bit address, and doesn't have byte "boundaries" (as implied by the dot decimal notation). For example:
192.168.1.0 = 1100 0000 1010 1000 0000 0001 0000 0000
This means that the portion of the subnet mask that corresponds to the network address can be further broken down on the host bit positions.
A Class C network address of 192.168.1.0 has 254 hosts available to it. If your network consisted of 4 different physical locations, each with a maximum of 50 hosts, then subnetting the network would be required. The locations could be different buildings or cities.
Bit 7 and bit 6 of the host portion can be used to describe the network portion of the subnet. The subnet masking would be:
1111 1111 1111 1111 1111 1111 1100 0000 = 255.255.255.192
The 4 subnets for Class C address 192.168.1.0 would be 192.168.1.0, 192.168.1.64, 192.168.1.128 and 192.168.1.192 (with the following range of IP addresses):
SubnetHost RangeBroadcast address192.168.1.0192.168.1.1
to 192.168.1.62192.168.1.63192.168.1.64192.168.1.65
to 192.168.1.126192.168.1.127192.168.1.128192.168.1.129
to 192.168.1.190192.168.1.191192.168.1.192192.168.1.193
to 192.168.1.254192.168.1.255
In this manner, a router with 4 interfaces could be configured with subnet masks of 255.255.255.192. This would allow for subdividing of the Class C network into 4 smaller networks.
Theoretically, all of the host bits--up to bit 1 and 0--can be used to make up to 64 subnets (of 2 hosts each). In this case, 128 IP addresses would be lost to the network IP address and the broadcast IP address. The following table lists the number of hosts and networks that can implemented using subnet masking (for a Class C network):
Subnet maskNumber of subnetsNumber of hosts per subnet
255.255.255.1282126255.255.255.192462255.255.255.224830
255.255.255.2401614255.255.255.248326255.255.255.252642
The above example is based on subnetting a Class C network. Subnetting can get extremely complicated if you are subnetting assigned IP addresses that are in the middle of a Class C network, such as when they are rented from an ISP. Fortunately, there are many Subnet Mask Calculators that are available off the Internet. They are designed to determine the correct subnet mask for your network.
Domain Names
IP addresses are difficult for humans to remember: they're great for PCs! Domain names were invented to make it easier to navigate the Internet. A domain name is a vaguely descriptive name that's separated by dots. For example: www.Linuxhq.org
Every machine that runs TCP/IP has a text file called hosts. It is a simple lookup table that the network stack (IP) checks: it looks to see if it has a match between a domain name and an IP address. It is easily modified with a text editor, and the contents look like the following:
127.0.0.1localhost142.110.237.1e237
-firewall.tech.el.sait.ab.ca142.110.237.2e237
-bridge.tech.el.sait.ab.ca142.110.237.3ashley.tech.el.sait.ab.ca
142.110.237.4mariah mariah.tech.el.sait.ab.ca
The IP address is listed on the left, and the domain name is listed on the right. The actual registered domain name is sait.ab.ca (Southern Alberta Institute of Technology). The domain name el.sait.ab.ca (electronics dept.) is a subnet of sait.ab.ca. The domain name tech.el.sait.ab.ca (technical) is a subnet of el.sait.ab.ca.
The machine names are e237-firewall, e237-bridge, ashley and mariah. Mariah's entry is unique in that both the domain name mariah and mariah.tech.el.sait.ab.ca would be recognized by the IP stack as 142.110.237.4.
The problem with the hosts file is that each machine must have a current up to date copy of the network. For a small network (25 or less) that is not connected to the Internet, this is not a problem to manage. If the network is larger, then problems can occur when trying to keep everyone updated.
Another solution is Unix's Network Information Service (NIS) (formerly called Yellow Pages until there was a copyright conflict with the Telcos). A central NIS server shares a master hosts file to all the clients. In this way, only one file exists (and is updated). This works well for a network that's not connected to the Internet.
If you are connected to the Internet, then a Domain Name Server (DNS) is used. A DNS is a special server that communicates with other servers, and keeps an up-to-date look-up table. This table matches IP addresses to domain names for the complete Internet. It is a hierarchical system, where each DNS is authorative for the domain underneath it. This means that each server knows the domain name to IP address mapping of the network underneath it.
Domain Name Structure
Domain names tend to follow a loose structure (giving a description of the network). For example, sait.ab.ca uses the Canada extension ca, preceded by the province of Alberta extension ab, and then the abbreviation SAIT (for the Southern Alberta Institute of Technology). This is a geographically-designed domain name that follows the ISO-3166 country code structure (as listed in Appendix K: ISO 3166 Country Codes). Examples of country codes are shown below:
brBrazilcaCanadafiFinlandgbUnited Kingdomna
NambianzNew ZealandtwTaiwanusUnited States
There are top level domain (TLD) names extensions that attempt to describe the purpose of the domain. It is broken down into these seven basic categories:
com- Commercial domains that are a business.edu- Educational institutesnet-
This is for computers of network providers such as Internet Service Providersorg- Standard organizations
or non profit organizationsint- Organizations that have been established by international treaties.gov-
Municipal, federal, provincial, state governments.mil- United States military
All in all, it is often quite difficult to establish where a domain is physically located (or what it actually does) from just the domain name itself. But it makes remembering locations easier than attempting to remembering an IP address.
Domain Name Look-up Procedure
When a domain name is used, the IP stack doesn't understand domain names. It says "what is this? Is not an IP address!". The only thing the IP stack understands is IP addresses. The look-up order is as follows:
The IP stack checks the hosts file to see if there is a domain name match to IP address. If there is, the IP address is used.
If there is no match, the IP stack will look for a NIS server with its host file shared. If this service is not installed, the IP stack will jump to the next step.
If there is still no match, the IP stack will send out a request to the domain name server configured during the network configuration to see if it knows whose IP address belongs to the domain name.
If the domain name server doesn't know, it may make an enquiry to the next level up domain name server to see if it knows whose IP address belongs to the domain name and so on.
On the Internet, there are 13 top level root domain name servers. The current addresses and domain names are found at ftp://internic.net/domain/named.cache (also called named.ca and named.root)
Domain NameIP AddressDescription A.ROOT-SERVERS.NET198.41.0.4
formerly NS.INTERNIC.NETB.ROOT-SERVERS.NET128.9.0.107
formerly NS1.ISI.EDUC.ROOT-SERVERS.NET192.33.4.12
formerly C.PSI.NETD.ROOT-SERVERS.NET128.8.10.90
formerly TERP.UMD.EDUE.ROOT-SERVERS.NET192.203.230.10
formerly NS.NASA.GOVF.ROOT-SERVERS.NET192.5.5.241
formerly NS.ISC.ORGG.ROOT-SERVERS.NET192.112.36.4
formerly NS.NIC.DDN.MILH.ROOT-SERVERS.NET128.63.2.53
formerly AOS.ARL.ARMY.MILI.ROOT-SERVERS.NET192.36.148.17
formerly NIC.NORDU.NETJ.ROOT-SERVERS.NET198.41.0.10
temporarily housed at NSI (InterNIC)K.ROOT-SERVERS.NET193.0.14.129
housed in LINX, operated by RIPE NCC L.ROOT-SERVERS.NET198.32.64.12
temporarily housed at ISI (IANA)M.ROOT-SERVERS.NET202.12.27.33
housed in Japan, operated by WIDE
These are controlled by InterNIC, which is the primary agency responsible for registering domain names. At the time of this writing, there are several new agencies that are taking over the domain registration process for different parts of the world.
IP Header
The IP datagram is traditional represented by many rows of 32 bits (4 octets or bytes). Each 32 bit word is stacked on top of each other as per the following diagram for the IP header:
FieldDescriptionVersion (4 bits)The IP version, currently it is version 4.
0 Reserved
1-3 Unassigned
4 IP Internet Protocol
5 STST Datagram Mode
6 SIP Simple Internet Protocol
7 TP/IXTP/IX: The Next Internet
8 PIP The P Internet Protocol
9 TUBA TUBA
10-14 Unassigned
15 Reserved IHL (4 bits) Internet Header Length, the length of the IP header in 32 bit words.
Type of ServiceFlags to indicate precedence, delay, throughput and (8 bits) reliability parameters.
Bit 0-2: Precedence000 - Routine001 - Priority010 - Immediate011 - Flash100
- Flash override101 - CRITIC / ECP110 - Internet control111 - Network
controlBit 3:0 = Normal delay, 1 = Low delayBit 4:0 = Normal throughput, 1 =
High throughputBit 5:0 = Normal reliability, 1 = High reliabilityBit
6-7:Reserved for future use.Total LengthTotal length in bytes of the IP
datagram (IP header and data) (16 bits) Minimum length = 576, Maximum length
= 65,535 IdentificationUnique identifying number for this datagram(16
bits)Flags (3 bits) Options that indicate if fragmentation s permitted
and/or usedBit 0:Reserved, allways set to 0Bit 1:0 = May fragment, 1 = Don't
fragmentBit 2:0 = Last fragment, 1 = More fragmentsFragment OffsetIndicates
where in the entire datagram, this particular fragment (13 bits)belongs.
Measured in 64 bit units from the beginning of the initial datagram. Time to
live (TTL)Measured in hop counts or seconds. Every transverse through(8
bits)a router or gateway will decrement the hop count. When the TTL equals
0, the datagram is discarded. This stops datagrams from circulating the
network forever. Starts at TTL = 255.ProtocolIdentifies the next protocol
that follows the IP header.
Examples are:
Decimal Protocol Description
0 Reserved
1 ICMP Internet Control Message
2 IGMP Internet Group Management
6 TCP Transmission Control
37 DDP Datagram Delivery Protocol
46 RSVP Reservation Protocol
93 AX.25 AX.25
Frames Header Checksum A 32 bit Cyclic Redundacy Check that may be checked
at each (32 bit)gateway.
Source Address An IP address indicating the sender. Ex. 142.110.237.1(32 bit)
Destination Address An IP address indicating the receiptient. Ex. 142.110.237.2(32 bit)
Options Options from the sender such as route specifications.(variable)
Padding Ensures that the IP header ends on a 32 bit boundary.
No comments:
Post a Comment