Sie sind auf Seite 1von 16

IP Communications

lessons learned
2005
DOSCH & AMAND Research GmbH & Co KG
V1.2

1 Introduction to the Internet Protocol

Perhaps one of the most important and well known protocols is Internet Protocol, or IP. IP gives us the ability to
uniquely identify each computer in a network or on the Internet. When a computer is connected to a network or
the Internet, it is assigned a unique IP address. If you're connecting to the Internet, chances are you're given an
IP automatically by your ISP. If you're connecting to a LAN, then you're either given the IP automatically or you
manually configure the workstation with an assigned IP.

If you really want to know how network communications work, it most important to fully understanding IP. DNS,
FTP, SNMP, SMTP, HTTP and a lot of other protocols and services rely heavily on IP in order to function
correctly, so you can immediately see that IP is more than just an address on your workstation.

IP Address

The above example shows an IP address in decimal notation, which we understand more easily. This IP address
(192.168.0.1) is then converted to Binary, which is what the computer understands. You can see how big the
number gets. It's easier for us to remember four different numbers than 32 zeros or ones.

An IP address is a 32 Bit address

Now we're going to look at how the conversion works between decimal and binary. This is an important step,
because you'll probably find yourself in need of such a conversion when dealing with complex subnets.

The picture below shows an IP address that we are going to convert to Binary. We are now going to convert the
first octet in the IP address 192.168.0.1 to Binary. In other words, we take the "192" and convert it to Binary.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
In our example, we used the 192. We needed bits 8 and 7 and this gave us the Binary number of 11000000,
which is 192 in decimal.

Using this method, you will convert decimal to Binary without the need for complex mathematical calculations.

Example decimal number 168

Here again you can see that we needed to choose bits 8, 6 and 4 in order to get a decimal value of 168. So the
Binary value of 10101000 is equal to the decimal value of 168.

Internet protocol header


Just like every other protocol, IP has a place in the OSI model. Because it's such an important protocol and other
protocols depend upon it, IP needs to be placed before them in the OSI model.

IP = Layer 3

When a computer receives a packet from the


network, the computer will first check the
destination MAC address of the packet at the
Datalink Layer (2). If it passes, it's then passed on
to the Network layer.

At the Network layer, it will check the packet to see


if the destination IP address matches the
computer's IP address.

If the packet is a broadcast, it will pass the network


layer anyway.

From there, the packet is processed as required by


the upper layers.

On the other hand, the computer may be generating a packet to send to the network. Then, as the packet travels
down the OSI model and reaches the Network layer, the destination and source IP address of this packet are
added in the IP header.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
The IP header
Now we are going to analyze the Internet protocol header, so you can see the fields it has and where they are
placed. In here you will find the destination and source IP address field which is essential to every packet using
the protocol.

It's worth noting that the 9th field, which is the "Protocol" field, contains some important information that the
computer uses to find out where it must pass the datagram once it strips off the IP header.

TCP and UDP exist on Layer 4 of the OSI Model, which is the transport layer. When data arrives at a computer
and the packet is processed by each layer, it needs to know whereabouts above to pass the data. This protocol
field tells the computer to give the remaining data to either the TCP or UDP protocol, which is directly above it.

The destination IP address is another important field which contains the IP address of the destination machine.

No matter which way you convert, from Decimal to Binary or Binary to


Decimal, the same method is used. If you understood the above, you should
be able to convert any Binary or Decimal number.

Internet Protocol classes - Network and host ID


Every protocol suite defines some type of addressing that identifies
computers and networks. IP addresses are no exception to this rule. There
are certain values that an IP address can take; these have been defined by
the IEEE committee.

A simple IP address is a lot more than just a number. It tells us the network
of which the workstation is part and the node ID.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
IP address classes and structure
When the IEEE committee sort out the range of numbers that were going to be used by all computers, they came
up with five different ranges or "classes" of IP addresses.

When someone applies for IP addresses they are given a certain range within a specific class depending on the
size of their network.

In the above table, you can see the five


classes.

The first three classes (A, B and C) are used


to identify workstations, routers, switches
and other devices, whereas the last two
classes (D and E) are reserved for special
use.

An IP address consists of 32 Bits, which means it's four Bytes long. The first octet (first eight bits or first byte) of
an IP address is enough for us to determine the class to which it belongs. And, depending on the class to which
the IP address belongs, we can determine which portion of the IP address is the network ID and which is the node
ID.

For example, the first octet of an IP address is "168," then, using the above table, you would notice that it falls
within the 128-191 range, which makes it a class B IP address.

Understanding the classes


Earlier mentioned that companies are assigned different IP ranges within these classes, depending on the size of
their network. For instance, if a company required 1000 IP addresses, it would probably be assigned a range that
falls within a class B network rather than a class A or C.

The class A IP addresses were designed for large networks, class B for medium size networks and class C for
smaller networks.

Introducing network ID and node ID concepts


We need to understand the network ID and node ID concept because it will help us to fully understand why
classes exist. Putting it as simply as possible, an IP address gives us two pieces of valuable information:

1) It tells us which network the device is part of (network ID).

2) It identifies that unique device within the network (node ID).

Think of the network ID as the suburb you live in and the node ID as your street in that suburb. You can tell
exactly where someone is if you have their suburb and street name. In the same way, the network ID tells us to
which network a particular computer belongs and the node ID identifies that computer from all the rest that reside
in the same network.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
The picture below gives you a small example to help understanding the concept:

In the picture, you can see a small network.

We have assigned a class C IP range for


this network.

Class C IP addresses are for small


networks.

Host A, you will see that its IP address is


192.168.0.2.

The network ID portion of this IP address is


in blue, while the host ID is in orange.

How do I figure out which portion of the IP


address is the network ID and which is the
host ID?

The network and node ID of each class


The network class helps us determine how the four byte, or 32 bit, IP address is divided between network and
node portions. The table below shows you (in binary) how the Network ID and Node ID changes depending on
the class:

Explanation
The table above might seem
confusing at first but it's actually very
simple.

We will take class A as an example


and analyze it so you can understand
exactly what is happening here:

Any class A network has a total of 7


bits for the Network ID (bit 8 is always
set to 0) and 24 bits for the Host ID.
Now all we need to do is calculate
how much seven bits is:

27 = 128 networks and


24
2 = 16.777.216 hosts

in each network, of which two cannot


be used because one is the Network Address and the other is the Network Broadcast Address.

Therefore when calculating the "valid" hosts in a network we have to subtract "2". Therefore you can have a on
class A network 16.777.214 hosts and not 16.777.216.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Maximum possible hosts

The same story applies for the other two


classes we use, that's class B and class
C, the only difference is that the number of
networks and hosts changes because the
bits assigned to them are different for
each class.

Class B networks have 14 bits for the


network ID (Bits 15, 16 are set and can't
be changed) and 16 bits for the host ID,
that means you can have up to '2 to the
power of 14' = 16,384 networks and '2 to
the power of 16' = 65,536 hosts in each
network, of which two cannot be used
because one is the network address and
the other is the network broadcast address

Class C networks have 21 bits for the


network ID (Bits 22, 23, 24 are set and
can't be changed) and eight bits for the
host ID, that means you can have up to
221 = 2.097.152 Networks and '
228 = 256 hosts in each network, of which
two cannot be used because one is the
network address and the other is the
network broadcast address

Therefore "valid" hosts on class C network


are 254 and not 256.

Now, even though we have three classes of IP addresses that we can use, there are some IP addresses that
have been reserved for special use.

This doesn't mean you can't assign them to a workstation but in the case that you did, it would create serious
problems within your network.

For this reason it's best to avoid using these IP addresses.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
The following table shows the IP addresses that you should avoid using:

IP address Function
Refers to the default route. This route is to simplify routing tables used
Network 0.0.0.0 by IP.
Reserved for Loopback. The Address 127.0.0.1 is often used to refer
Network 127.0.0.0 to the local host. Using this Address, applications can address a local
host as if it were a remote host.
IP Address with all host bits set to "0" (Network Refers to the actual network itself. For example, network 192.168.0.0
Address) can be used to identify network 192.168. This type of notation is often
e.g. 192.168.0.0 used within routing tables.
IP Addresses with all node bits set to "1" are local network broadcast
IP Address with all node bits set to "1" (Subnet / addresses and must NOT be used.
Network Broadcast) Some examples: 125.255.255.255 (Class A), 190.30.255.255 (Class
e.g. 192.168.255.255 B), 203.31.218.255 (Class C). See "Multicasts" & "Broadcasts" for
more info.
IP Address with all bits set to "1" (Network The IP Address with all bits set to "1" is a broadcast address and must
Broadcast) NOT be used. These are destined for all nodes on a network, no
e.g. 255.255.255.255 matter what IP address they might have.

Subnets
Subnetting is one of my favorite subjects. It can be as simple as 1, 2, and 3 or as complex as trying to get free
tech support from Microsoft.

Subnetting is a very important topic

When we subnet a network, we basically split it into smaller networks. For example, when a set of IP addresses is
given to a company, the company might want to "break" (the correct term is "partition") that one network into
smaller ones, one for each department. This way, the technical department and management department can
each have a small network of their own. By subnetting the network, we can partition it to as many smaller
networks as we need.

This also helps reduce traffic and hides the complexity of the network.

By default, all type of classes (A, B and C) have a subnet mask; we call it the default subnet mask. You need to
have one because:

1) All computers need the subnet mask field filled when configuring IP
2) You need to set some logical boundaries in your network
3) You should at least enter the default subnet mask for the class you're using

Compared to IP classes, network IDs and host IDs, the subnet mask is what determines the network ID and host
ID portion of an IP address.

The table below shows clearly the subnet mask that applies for each network class.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
When dealing with subnet masks in the real world, we are free to use any type of subnet mask in order to meet
our needs. If, for example, we require one network which can contain up to 254 computers, then a class C
network with its default subnet mask will do fine. If we need more, then we might consider a class B network with
its default subnet mask.

Note that the default subnet masks have been set by the IEEE committee, the same guys that set and approve
the different standards and protocols.

Partitioning one network into smaller ones by using different subnet masks.
The picture below shows our example network (192.168.0.0). All computers here have been configured with the
default class C subnet mask (255.255.255.0):

Because of the subnet mask we used, all these


computers are part of the one network marked in
blue. This also means that any one of these
hosts (computers, router and server) can
communicate with each other.

If we now wanted to partition this network into


smaller segments, then we would need to
change the subnet mask appropriately so we can
get the desired result. Let's say we needed to
change the subnet mask from 255.255.255.0 to
255.255.255.224 on each configured host.

The picture below shows us how the computers


will see the network once the subnet mask has
changed:

In reality, we have just created eight networks


from the one large (blue) network we had, but for
simplicity reasons we only show two of these
smaller networks because of understanding the
concept of subnetting the subnet mask.

There are a few different ways to approach


subnetting, and it can get confusing because of
the complexity of some subnets and the flexibility
they offer. For this reason I created this little
paragraph to let you know how we are going to
approach and learn subnetting.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Default subnet masks of each class
Each class has its DEFAULT subnet mask, which we can change to suit our needs.

The picture below shows our three network classes with their respective default subnet masks:

The effect of a subnet mask on an IP address


In the IP classes page we analyzed and showed how an IP address consists of two parts,
1) The network ID and
2) The host ID.

This rule applies for all IP addresses that use the default subnet mask, so we call them classful IP addresses.

We can see in the picture below, where the IP address is analyzed in binary, because this is the way you should
work when dealing with subnet masks:

We are looking at an IP
address with its subnet mask
for the first time. What we have
done is take the decimal
subnet mask and converted it
to binary, along with the IP
address.

It is essential to work in binary


because it makes things
clearer and we can avoid
making silly mistakes.

The ones (1) in the subnet


mask "lock" or, if you like,
define the network ID portion. If
we change any bit within the
network ID of the IP address,
then we immediately move to a
different network.

So in this example, we have a


24 bit subnet mask.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
NOTE:
All class C classful IP addresses have a 24 bit subnet mask (255.255.255.0)
All class B classful IP addresses have a 16 bit subnet mask (255.255.0.0)
All class A classful IP addresses have an 8 bit subnet mask (255.0.0.0)

On the other hand, the use of an IP address with a subnet mask other than the default results in the standard host
bits (the Bits used to identify the HOST ID) being divided in to two parts: a subnet ID and Host ID. These types of
IP addresses are called classless IP addresses.

In order to understand what a "classless IP address" is without getting confused, we are going to take the same
IP address as above, and make it a classless IP address by changing the default subnet mask:

Looking at the picture above you will now notice that we have a subnet ID, something that didn't exist before. As
the picture explains, we have borrowed three bits from the host ID and used them to create a subnet ID.
Effectively we partitioned our class C network into smaller networks.

Summary
In this page we saw the default subnet mask of each class and also introduced the classful and classless IP
addresses, which are a result of using various subnet masks.

When we use IP addresses with their default subnet masks, e.g. 192.168.0.10 is a class C IP address so the
default subnet mask would be 255.255.255.0, then these are "classful IP addresses."

On the other hand, classless IP addresses have their subnet mask modified in a way so that there is a "subnet
ID". This subnet ID is created by borrowing bits from the host ID portion.

The picture below shows us both examples:

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Analysis of Subnets
We have already covered subnetting in some depth, but there is still much to learn. We are going to explain the
available subnet masks and analyze a class C network using a specific subnet mask. It's all pretty simple, as long
as you understand the logic behind it.

Understanding and analyzing different subnet masks


We haven't spoken about the different values they take, and the guidelines we need when we use them.

You cannot take any subnet mask you like and apply it to a computer or any other device, because depending on
the random subnet mask you choose, it will either create a lot of routing and communication problems, or it won't
be accepted at all by the device you're trying to configure.

For this reason, we'll look at the various subnet masks so you know exactly what you need to use, and how to use
it. Most important, we are going to make sure we understand why you need to choose specific subnet masks
depending on your needs.

Common subnet masks


In order to keep this place tidy, we are going to see the common subnet masks for each class. Looking at each
class's subnet mask is possibly the best and easiest way to learn them.

Number of bits Class A Class B Class C

255.0.0.0
0 (default mask) 255.255.0.0 (default_mask) 255.255.255.0 (default_mask)
(default_mask)
1 255.128.0.0 (default +1) 255.255.128.0 (default+1) 255.255.255.128 (default+1)
2 255.192.0.0 (default+2) 255.255.192.0 (default+2) 255.255.255.192 (default+2)
3 255.224.0.0 (default+3) 255.255.224.0 (default+3) 255.255.255.224 (default+3)
4 255.240.0.0 (default+4) 255.255.240.0 (default+4) 255.255.255.240 (default+4)
5 255.248.0.0 (default+5) 255.255.248.0 (default+5) 255.255.255.248 (default+5)
6 255.252.0.0 (default+6) 255.255.252.0 (default+6) 255.255.255.252 (default+6)
255.255.255.254 (default+7) *
7 255.254.0.0 (default+7) 255.255.254.0 (default+7)
Only 1 Host per subnet
255.255.255.255 (default+8) *
8 255.255.0.0 (default+8) 255.255.255.0 (default+8)
Reserved for Broadcasts

The trick to understanding the pattern of the above table is to think of it in the following way:

Each class has its default subnet mask, which I have noted using the green color, and all we are doing is
borrowing a bit at a time (starting from 1, all the way to 8) from the host ID portion of each class.

The various colors show the decimal numbers that we get each time we borrow a bit from the host ID portion

Each time we borrow a bit from the Host ID, we split the network into a different number of networks.

For example, when we borrowed three bits in the class C network, we ended up partitioning the network into eight
smaller networks.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
We are going to do an analysis using the class C network and three bits which we took from the host ID. The
analysis will take place once we convert our decimal numbers to binary, something that's essential for this type of
work. We will see how we get eight networks from such a configuration and their ranges.

In this first part, we can see


clearly where the eight networks
come from. The rule applies to all
types of subnets, no matter what
class they are.

Simply take the subnet bits and


place them into the power of two
and you get your networks.

The IP address and subnet mask


is show in binary format. We
focus on the last octet which
contains all the information we
are after.

The last octet has two parts, the


subnet ID and host ID. When we
want to calculate the subnets and
hosts, we deal with them one at a
time. Once that's done, we put
the subnet ID and host ID portion
together so we can get the last
octet's decimal number.

We know we have eight networks


(or subnets) and, by simply
counting or incrementing our
binary value by one each time,
we get to see all the networks
available. So we start off with 000
and finish at 111. On the right
hand side I have also put the
equivalent decimal number for
each network.

Next we take the host ID portion, where the first available host is 0 0001 (1 in Decimal), because the 0 0000 (0 in
Decimal) value is reserved as it is the network address (see IP classes page), and the last value which is 1 1111
(31 in decimal) is used as a broadcast address for each subnet.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Summing up, these are the ranges for each subnet in our new network:

The example is one of the simplest type, which


is why I chose a class C network, they are the
easiest to work with.

If you did find it somewhat difficult, try to read


over it slowly. After a few times, you will get to
understand it.

Communication between subnets


After reading all the previous pages about
subnetting, let me ask you the following:

Do you think computers that are on the same


physical network but configured to be on
separate subnets are able to communicate?
No, because you must keep in mind that we
are talking about the communication between
two different networks!

Looking at our example of the class C network


on the previous page, the fact is that one
computer is part of the network 192.168.0.0
and the other one part of network
192.168.0.32, and these are two different
networks. In our example, from the moment we
modified the default subnet mask from
255.255.255.0 to 255.255.255.224, we split
that one network to 8 smaller ones.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Testing between the subnets

That's the network we have to play with. I have


put on the diagram the results of a few simple
pings from each host and, as you can see, they
all came out nice: PASS.

In order to proceed to phase two of our


experiment, I modified the subnet mask of my
workstation to 192.168.0.35 / 255.255.255.224 ,

Slackware Linux Firewall


to 192.168.0.1 / 255.255.255.224
(internal Network Interface Card)

NetWare 6 server
to 192.168.0.10 / 255.255.255.224

as shown in the diagram


:

As you can see, the results for my workstation


were devastating -- alone and totally unaware
that the other two servers are still there.

When my workstation tries to ping the Linux


Firewall, it will get no reply, because its gateway
is a host which belongs to another network,
something that we knew would never work.

We have concluded that there cannot be any sort


of communication between the computers of
network 1 and network 2. How can two hosts in
two different subnets talk to each other? That's
what we are going to cover.

Building the bridge


There is a way to allow the communication
between my workstation and my servers and the
Internet.

We are not interested in the best solution at the


moment, we just want to know the ways in which
we can establish communication between the
two subnets.

Considering that subnets are smaller networks,


you would remember that we use routers to
achieve communications between two networks.

We need a router which will route packets from one network to the other. Let's have a look at the different ways
we can solve this problem:

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Method 1: Using a server with two network cards

Our first option is to use one of the servers, or a new Server which has at least two network cards installed. By
connecting each network card to one of our networks and configuring the network cards so that each one belongs
to one subnet/network we can route packets between them:

The diagram shows everything that's needed.

The second network card has been installed and


it's been assigned an IP address that falls within
our network 1 range and therefore can
communicate with my workstation.

On the other hand the NetWare server now acts


as a gateway for network 1, so my workstation is
reconfigured to use it as its gateway. Any
packets from network 1 to network 2 or the
Internet will pass through the NetWare server

Method 2: Binding two IP addresses to the same network card

This method is possibly the best and easiest way


around our problem.

We use the same network card on the NetWare


server and bind another IP address to it.

This second IP address will obviously fall within the


network 1 IP range so that my workstation can
communicate with the server

As noted on the diagram, the only problem we


might encounter is the need for the operating
system of the server to support this type of
configuration, but most modern operating systems
would comply.

Once configured, the server takes care of any


routing between the two networks.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de
Method 3: Installing a router

The third method is to install a router in the network.

My workstation in this setup would forward all


packets to its gateway, which is the router's
interface and is connected to network 1 and it
will be able to see all other servers and access
the Internet.

It's a similar setup to Method 1 but instead of a


server we have a dedicated router.

The hub which both of the router's interfaces


connects to would be replaced by some type of
WAN link.

That completes our discussion on Subnet


routing and communication

The number of problems that can occur in a


network are numerous, and -- believe it or not -
- most of them can be avoided if the initial
design and installation of the network are done
properly.

© 2005-2006 DOSCH&AMAND Research GmbH & Co.KG all datas subject to change
Moosacherstr. 56a D-80809 Munich GERMANY offer on request
Fax +49.89.3589.8519 Email info@da-research.de