IP addressing

Because of the dominance of TCP/IP on modern networks, it is important to understand the address scheme used by IP. The original address structure called for 32-bit addresses, divided into four octets of 8 bits each. This form of addressing in known as IPv4. Thus, when expressed in base-10 form, the addresses are expressed as four base-10 numbers—for example, 192.168.1.1. IP addresses are further divided into a network address (or prefix) and a node address. The network address is the portion of the address that identifies each network it is, and can be determined by the subnet mask. For example, if our subnet mask is 255.255.255.0, then the first 24 bits of the address form the network portion of the address. Thus, our network address would be 192.168.1.0, and we would be able to determine whether nodes are on the same network or different networks.

In the early days of the internet, the network portion of an IP address was determined by the first octet of the address. Networks were divided into class A, B, and C networks, as indicated in the following table:

 

Class A networks were reserved for large organizations, class B networks were reserved for medium-sized organizations, and class C networks were reserved for small organizations. Although this scheme was adequate, it had some shortcomings. For example, if we need 1 million addresses, it is too many addresses for a class B network, but significantly fewer addresses than a class A network. The broad alternatives in this case are acquiring a class A network (in which case, we would have more addresses than we need), or acquiring multiple class B networks.

Partially because of this inflexibility, and partially because this original address scheme did not anticipate the rapid growth of the internet, the Internet Engineering Task Force (IETF), the group responsible for promoting and developing internet standards, saw the exhaustion of the IPv4 address space as an inevitability. Thus, the IETF adopted a two-pronged approach to solve this problem. The long-term solution was to increase the number of bits in the address from 32 bits to 128. This address scheme eventually became standardized as IPv6. The IETF also adopted two measures in 1993 that greatly increased the life span of IPv4: private networks and classless subnetting.

A more detailed description of IPv6 addressing, and the differences between IPv6 and IPv4, can be found in Chapter 3, Configuring pfSense.

Private networks are networks that use private IP address space. These addresses cannot be routed through the public internet, and are designated by the Institute of Electrical and Electronics Engineers' (IEEE) Request For Comments (RFC) 1918. The designations are as follows:

 

Classless subnetting, or Classless Inter-Domain Routing (CIDR), replaces the classful network design. As with classful networks, the most significant bits of the address form the network portion of the address (or prefix) and the least significant portion of the address represents the node address (or node identifier). But with classless subnetting, the network prefix is not determined by the first octet, but can be arbitrarily defined to meet our needs.

To demonstrate how this works, consider the case of the private class C network, 192.168.1.0. Assume that we need to have two smaller networks, each able to accommodate about 100 nodes. We could have two separate private class C networks (for example, 192.168.1.0 and 192.168.2.0), but unless we anticipate the rapid growth of our network, this would represent a waste of address space.

By dividing 192.168.1.0 into two networks, we can have two smaller networks without wasting address space. We can divide our original network, which could accommodate 254 nodes (256 minus 1 for the network identifier or zero minus 1 for the broadcast address) into two networks which can accommodate 126 nodes (128 minus 1 minus 1). The network prefix of the first network is 192.168.1.0/25, and the network prefix of the second network is 192.168.1.128/25. Note that we have extended the network prefix by one bit so that we can partition the network. Also note that now that we can arbitrarily define the number of bits in the prefix, the number of bits in the prefix might not align on an octet boundary, and therefore we must specify the number of bits in the prefix, which we do by appending a forward slash and the number of bits (in this case, /25). This is called CIDR notation.

Because of classless subnetting, we can have a maximum of 1,048,576 nodes on a class B private network. This is because we only need 12 bits for the 172.16.0.0 private network. By moving the boundary for the prefix from 16 bits to 12, this leaves 4 more bits for the node identifier, or 20 bits (2^20 = 1,048,576).

It is worth noting that IPv4 has three different address types:

  • Unicast: With this type of address, a single address is specified. Thus, these addresses are used for point-to-point communications.
  • Broadcast: This is the opposite of a unicast address. By using a broadcast address, we can target everyone on a subnet instead of a single node. The broadcast address is typically the last address in a subnet; for example, 192.168.1.255 is the broadcast address for the 192.168.1.0 network.
  • Multicast: With this type of address, a group of nodes can send and receive data between the members of the group at one time by sending it to the multicast IP address. All members of the multicast group have the same multicast address.

Whereas hubs and switches allow network traffic within a network segment, inter-network communication requires specialized hardware. Such hardware devices are called routers, and in most cases, a router forwards a packet to another router, since there are typically several steps (or hops) between the source and destination. It is commonplace to have a router at the boundary between a private network and the public internet. Since connecting to the public internet raises security concerns, it is also common to place a firewall—a network device that controls incoming and outgoing traffic—on this boundary as well. Some hardware devices (such as a pfSense device) can function as both a firewall and a router, although a network may also have a dedicated firewall and a dedicated router.

If a node is communicating with a node on the same network segment, it can find the node via ARP without having to use a router. If the node is not on the local network, however, there are two ways the sending node can find a route to it. It might have a statically configured route to the host, otherwise known as a static route, in its routing table. If not, however, it can send the packet to the default gateway, assuming that a default gateway is configured. Such a gateway enables nodes to communicate with nodes on other network segments and other networks.

In general, hubs operate on the physical layer of the OSI model; switches operate on the data link layer, and routers operate on the network layer. There are, however, devices known as layer 3 switches, which incorporate some routing functions.

Although this section is by no means an exhaustive guide to networking fundamentals, we have at least outlined the world of networking as it exists today. Ethernet is the dominant standard for networking hardware, and Gigabit Ethernet has supplanted Fast Ethernet as the de facto standard. On the networking and transport levels, TCP/IP is the dominant standard and although the roll out of IPv6 has been a slow one, it is gradually replacing IPv4.