Tech Info - IP addressing, classes and Stuff

Bit numbering can be very confusing with various standard bodies adopting different conventions. The following are all valid, and used, bit numbering conventions for describing an 8 bit byte (an octet).

Always check what convention is used on any specification. Where appropriate in the sections below we use the Power of 2 convention from the above table since we think its less confusing.

An IP v4 address is a 32 bit value which allows 4,294,967,296 unique addresses. Its a bit tough to remember numbers of this size so the conventional way of writing an IP address is in "dotted decimal" format e.g. "192.168.0.27".

A "dotted decimal" IP address is constructed like this:

• A 32 bit address contains 4 x 8 bit bytes (or octets)

• Each 8 bit byte (octet) may represent 256 ( 0 - 255) values. The internal (machine) representation of the byte (octet) is known as 'hexadecimal' and may contain the hexadecimal values 00 to FF.

• "dotted decimal" simply converts the 8 bit value for each byte (octet) to its decimal value (which is always in the range 0 to 255) and separates each value with a dot to make it more readable.

Each IP address has two components a network address and a host address (or id).

The boundary between the Network address part and the Host Address part was determined by the IP Address class and the NetMask or the SubnetMask. In a CIDR world it is determined exclusively by the NetMask.

Port Numbers

You will occasionally see IPv4 addresses written like this:

192.168.1.2:369

The : (colon) indicates the number following is a Port Number - in the above case 369. This format is typically only used where a service is available on a non-standard port number e.g. many web configuration systems (Samba swat) will use this feature to avoid clashing with a standard web server.

Before the advent of Classless Inter-Domain Routing (CIDR) the world was a simple place and we had four classes of IP v4 addresses, A, B, C and D (there is nominally a class E but for all practical purposes it is not used). The IP address Class is defined by the setting of the TOP 4 bits of the IP address (bits 28 - 31 in our power of 2 notation). The IP Class provides the separation between the host and the network part of the IP address as defined below:

Notes:

1. x = don't care

2. Class D addresses are used for Multi-casting protocols exclusively e.g. OSPF, IGMP etc.

3. Class A, B and C are routed IPs (but may be PUBLIC or PRIVATE - see NAT)

4. The term Netmask above refers to the standard mask for the address class. We will see later that different masks may be used with any IP Class.

5. The terms Netmask and Subnetmask are subtly different but we will use them as if they were synonymous.

The terms Netmask and Subnetmask simply refers to a way of separating the Network Address and the Host Address parts of the IP address. It is typically written as 255.255.255.0 or similar and is used in Routing Tables with Bitwise AND operations.

The process of routing IP address in the internet uses routing tables defined in each host (PC, Router or other device). A standard routing table may look something like this:

A routing process using the above table is deceptively simple and may be expressed as follows:

1. For each entry in the routing table:
   1. BITWISE AND the destination IP address with the Netmask (or subnetmask)
   2. Compare result with this network address if SAME and this is the local network - route direct to destination IP using, say, ARP
   3. Compare result with this network address if SAME and this is not the local network - route to 'next hop' (default gateway) using, say, ARP
   4. If result not same move to next routing table entry

Notes:

1. The default gateway entry is the magic that ensures that we will always get at least one match for every IP address that we test against this table.
2. The metric is nominally a way of tie breaking when we get multiple 'hits' in the same table but is rarely used
3. use 'route print' to display your PCs routing table from the command prompt

The term Bitwise AND simply means ANDing of two values to create a third (result), 'bitwise' indicates this is done at the bit level. The following illustrates bitwise ANDing using the first entry in our routing table above.

Example 1 destination IP 192.168.0.3 is local (we bitwise AND the destination IP address and the entry NetMask and compare it with the Network Address):

Example 2 destination IP 172.16.5.13 is NOT local:

If you run the same calculations against the default gateway entry you will ALWAYS get a match.

Subnets are simply an administrative convenience and allow a method of splitting the host part of the address into smaller pieces by changing the value of the Class Netmask. When this is done the Netmask is sometimes called a Subnetmask. In general we have two rules for Net/Subnetmasks:

1. If there is a 1 in the Net/Subnetmask it is part of the Network address, if there is a zero it is part of the host address
2. IETF standards now insist on contiguous bits in Net/Subnetmasks

Examples of Net/Subnetmasks include:

Notes:

1. To create a subnet of 32 addresses starting at 192.168.0.192 we would create a routing table entry of network address = 192.169.0.192 with a netmask of 255.255.255.224.

2. Every netmask loses two IP address for multi-casting and broadcasting. This is why the Netmasks 255.255.255.254 and 255.255.255.255 are missing from the above table.

Every network created by a Net/Subnetmask is defined by the standards to have two special (unuseable) IP addresses as follows:

1. A host address of all zeros is the multi-cast address for the network/subnetwork
2. A host address of all 1s is the broadcast address for the network/subnetwork

The following table illustrates this:

Notes:

1. Just to make things more interesting there is a difference between the multi-cast address for the subnet and multicasting Protocols which use an IPv4 Class D format address.

There are times when it useful to be able to find all hosts which have certain properties without knowing the IP address(es). This process is confusing called multicasting and hosts use specially assigned IPv4 Class D addresses - each IPv4 Class D address is assigned by IANA to a protocol or class of devices. Thus is is possible for a host to send the address 224.0.0.9 and receive a response from those hosts which have the required properties (or are members of the same class) - in this case they support the RIP2 routing protocol. The follwing are examples of Multicast addresses and their associated protocol or characteristics:

Notes:

1. Addresses in the range 224.0.0.0 - 239.255.255.255 are all multicast addresses.

2. Multicast is used widely for transmissions of audio or video conferences - in the above example Microsoft/MSNBC could use any of their Multicast addresses to create a specific conference (or transmission) using multicasting techniques and even run multiple concurrent conferences using any/all of the 64 addresses allocated to them.

As part of the moves to free up and maximise utilisation of the available stock of IPv4 addresses in the mid-late '90s the IETF took a number of steps of which the following were the most significant:

1. Classless Inter-Domain Routing (CIDR) which essentially removed the IP address Class boundaries.
2. Allocation of Private Addresses that could be reused many times over
3. Network Address Translation (NAT) - allowing conversion from Private to Public when passing through a NAT gateway.

Classless Inter-Domain routing (CIDR) essentially removes the idea of Class from IP addresses and allows administrations to allocate and route any valid subnet from any convenient base IP irrespective of its Class. The idea being that if you want a group of 128 IP addresses whether you take them from an IP Class C address or from an IP class B address is NOT important. You simply want 128 IP addresses. The table below shows two 32 address subnets, one from a nominal Class B range the other from a nominal Class C range - spot the difference!

In short the key factors in a CIDR world become the Network (base) IP address and the Netmask.

To simplify writing IP addresses it has now become common practice to define a list of IP addresses using a slash (more properly IP Prefix) notation. The IP address to the LEFT of the SLASH (/) is the Network (base) IP address and the number (1 to 32) to the RIGHT of the SLASH (/) is the NUMBER OF CONTIGUOUS 1 BITS IN THE NETMASK. The following table illustrates this notation:

Notes:

1. In the above examples - if you are not asleep - you will see that we have extracted multiple Class C addresses from a Class C IP address and subnetted sub-class C addresses from a Class B address just to illustrate how flexible CIDR has allowed us to become.

The IETF has defined a series of IP ranges which may be freely used by any user/organization on their PRIVATE network. These addresses may not be used on the PUBLIC internet and all PUBLIC INTERNET gateways (routers) will silently discard the traffic (or unusually reject with an ICMP message).

Clearly on large user networks PRIVATE IP addresses may well pass through routers while still inside a PRIVATE network.

The use of PRIVATE address means that the same IP addresses may be reused by many organisations (saving millions of IPv4 addresses) and only when the traffic is sent to the PUBLIC network must it be translated (via NAT) to a PUBLIC address.

Freely useable PRIVATE (not PUBLIC INTERNET routable) Addresses

Which range you use is ENTIRELY up to you. Go on, spoil yourself (and be like Apple) have a whole class A address to yourself! The full list of reserved and allocated IP address ranges is defined in RFC 3330 (you can get RFCs from the IETF).

Network Address Translation (NAT) refers to the process by which a PRIVATE IP address (which may be freely used and routed in a user's Private network) may be mapped (or translated) to one or more PUBLIC IP addresses which can be routed across the PUBLIC INTERNET.

The NAT process is usually located in a Router or Proxy function at the edge of the network. The original NAT RFC (RFC 1631) is a deceptively small specification which revolutionised the way IP addresses are used. Unlimited numbers of PRIVATE IP addresses can be mapped (or translated) to a single IP address if required. Or a limited number of PUBLIC IPs can be used to map a large number of PRIVATE IP addresses.

A well written NAT system also acts as a 'poor mans' firewall since it has the additional advantage that Internal IP addresses are not VISIBLE from outside the organisation AND EVEN IF THEY WERE INTERNET ROUTERS SHOULD DISCARD PACKETS ADDRESSED TO PRIVATE IP ADDRESSES. NAT is generally a 'good thing'™ for the tradional client server style applications of the Internet such as web access, FTP and email.

Note: As the Internet moves more to peer-to-peer applications such as IM and VoIP which require permaent visibility of a directly addressable IP that is stable for a reasonable period of time, NAT is becoming increasingly contentious. It is fair to say there is serious gulf between those that see NAT as having saved the Internet by providing re-use of the limited IPv4 address space and those who see it as inherently evil because it hides the end user forcing all kinds of gruesome kludges such as STUN.

You may also see the term PAT (Port Address Translation) used in conjunction with NAT. This refers to the process by which a NAT service can map a port number to a specific PRIVATE IP address. This allows a single PUBLIC IP to support a range of PUBLIC services (Web, email, FTP etc.) on internal (PRIVATE IP) hosts. Example:

Note: The External IP:Port shown above uses a PRIVATE address to avoid the need to publish an allocated PUBLIC IP address and have some amateur hacker smash the poor IP address to death - the principle remains true.

IP addresses may be either statically allocated or dynamically allocated by a service provider. A dynamic IP address has the following characteristics:

1. A single IP address is allocated when the user connects to the internet.

2. The service provider will normally change the IP address periodically - between every 12 and 24 hours is typical.

3. Dynamic IP addresses can be used for outgoing (client-server) activities such as Web browsing, collecting email and similar activities.

4. Dynamic IP addresses cannot be used (well there are 'kludges' that allow this) to host Web sites and email services that require a fixed IP defined in a DNS.

Static (Fixed) IP address(es) have the following characteristics:

1. One or more fixed IP address(es) are permanently assigned to a user (and will normally incur a cost).

2. Static IP addresses do not change (unless you change your service provider).

3. Static IP addresses can be used for outgoing (client-server) activities such as Web browsing, collecting email and similar activities.

4. Static IP addresses can be used to host Web sites and email services that require a fixed IP defined in a DNS.

5. A limited number of static address can be used in conjunction with NAT to map many PRIVATE to PUBLIC addresses.