How to basic networking

From Smooth Brain

Jump to: navigation, search Now, this may be quite confusing, but the important thing to understand is that all networks are comprised of these layers. You may be asking, what in the world does this have to do with smooth wall ? Well, one of the most confusing thing to many newcomers to networking is how IP addresses and subnets work. So, lets look at that real quick.

Contents
[show] [edit]

IP Protocol
The IP(v4) protocol, which we saw earlier is in the network layer, uses a 32 bit number to determine how to get a message (packet) from one machine to another. These numbers are known as IP addresses. Each device on a IP compatible network must have an address, so that it can be accessed by other machines on the network. No two machines should ever share an IP address on the same network. This will cause serious issues. Computers, as you may or may not know, are based on the binary number system. This means that it uses only ones and zeros (or rather, voltage or no voltage in hardware) to represent any number. Each 1 or 0 in a binary number is called a bit. Thus, when I say that an IP address is 32 bit, it means that it is a binary number with 32 places. However, since it would be confusing to tell someone your address is 1010110100101001..., the number is split into 4 sections, called octets, because they each contain 8 bits. Each octet is a seperate number, and can be between 0 and 255 (the largest number that can be represented by 8 bits). In order to divide the various ranges up,(for both speed and efficiency reasons) the IP protocol uses what is called a subnet mask. A subnet mask is combined with the IP address to find out if a given IP address is within a given network segment. In other words, it is a way to determine whether or not they will have to be routed somewhere.

They can be represented two different ways. One common way is CIDR notation. In this notation, you give the subnet address (more on this later) followed by a slash and then the subnet mask. Subnet/Subnet Mask 192.168.1.0/24 Another way to represent them is something like an IP. For example, a /24 in CIDR notation is the same subnet mask as 255.255.255.0 . In both cases, the number refers to the number of 1's in the mask. To determine whether an address is local or not, the IP address will be ANDed together with the subnet mask. With binary, when you talk about ANDing something, you mean compare the bits, and if the respective bits on both numbers are 1, then the result in that location is 1 otherwise it is 0. For a concrete example, let's pretend that we are the computer that has the IP address of 192.168.1.2 with a subnet mask of 255.255.255.0 , and we wish to reach 192.168.1.3 (which also has a 255.255.255.0 subnet mask). So, we take the destination IP address
11000000.10101000.00000001.00000011

and AND it with its subnet mask

11111111.11111111.11111111.00000000 11000000.10101000.00000001.00000011 AND 11111111.11111111.11111111.00000000 ---------------------------------------------------------------------11000000.10101000.00000001.00000000

Which, in decimal representation is

192.168.1.0

This is the destination subnet. It is important to note the difference between the subnet, and the subnet mask. The subnet tells us what hosts are local, and which are remote. The subnet mask is used to get the subnet, BUT THEY ARE NOT THE SAME. Okay, back to our example. We calculated the destination subnet, now let's calculate our own. So, we take our IP address
11000000.10101000.00000001.00000010

and AND it with our subnet mask

11111111.11111111.11111111.00000000 11000000.10101000.00000001.00000011 AND 11111111.11111111.11111111.00000000 ---------------------------------------------------------------------11000000.10101000.00000001.00000000

Which, in decimal representation is

192.168.1.0

And since we got the same subnet as the destination machine, the two addresses are on the same subnet, and thus do not require any routing. In this case, the packets will be sent directly to the destination machine. You can use any subnet mask with any IP, in order to customize the number of addresses considered local to your network. The larger the subnet however, the more traffic that will clutter up your network. It is good to have a subnet size that reflects your needs accurately. For most home networks, it is wise to simply use the /24 or 255.255.255.0 subnet mask, thus allowing for up to 254 unique network hosts on your network.

[edit]

IP Ranges
Not every available number combination is a valid usable IP though. There are several ranges that are restricted for a specific use, and should ONLY be used for that purpose. Although a 32 bit number can represent alot of different computers, there is not enough IP addresses for every computer to have its own, so the notion of private IP ranges came into play. When used together with NAT (more on this later), this can allow every computer to connect to the internet, without ever having two machines with the same public IP. Basically a private IP is simply an IP address within a special range set aside for use in internal networks. It is very important to the working of the internet that users do not use public IPs (the rest of the IP addresses that are not reserved for anything else.) that do not belong to them. Thus you must ALWAYS only use one of the seperate private IPs within your internal network, unless you own a public IP to use. There are several IP ranges set aside for private use.
* 192.168.0.0/16 * 172.16.0.0/12 * 10.0.0.0/8

There also are a few other ranges set aside for other special uses.

* 169.254.0.0/16 (Reserved for the case when an IP cannot be automatically be obtained) * 224.0.0.0 - 239.255.255.255 (Multicast addresses) * 127.0.0.0/8 (A special loopback address. "Short circuits" and returns to the sender)

Most other values are acceptable public IP addresses. Public IP address ranges are owned by ISPs, and then given out to their users. You cannot simply choose your own IP address on the internet, you must use whatever is assigned to you by your ISP. Like I said earlier, you can use any subnet mask with any IP range, so even though the 192.168.0.0 subnet is listed as having a /16 subnet mask, you can make multiple smaller networks out of that by using a /24 mask. This will allow 256 unique networks, each having 254 unique IP addresses available. So, you could have a machine that has the IP address of 192.168.1.2/24 , and it will be on a different subnet than the machine with the IP address of 192.168.2.2/24 Now, what you CANNOT do is use a larger subnet mask than is listed. Otherwise you will be using valid public IPs instead of private ones as designed. 192.0.0.0/8 contains IPs in the public range, but 192.168.0.0/16 does not. The same things go for the other reserved private ranges. You must stay within the allowed ranges. Subdividing the ranges, however, is perfectly acceptable. [edit]

Routing
Ok, now that you understand how, using the IP address and subnet mask you can obtain the subnet, and determine if a particular address is local or not, let's see how non-local address can be reached. If a computer or other networking device realizes that an IP that they wish to reach is not in their local subnet, they search through their route table to find out how to get the message there. If there is no specific entry regarding that particular subnet or IP then it will fall through to the default gateway for that machine. Note that the gateway to a different subnet must always be within the current subnet, otherwise it will be unable to locate it. The gateway then forwards on the message by referencing its own route table, and this continues until the packet reaches the destination. Thus, if you request that a packet be sent to 12.44.51.23 (Made up IP) you search your own route table, send it to your router or other internet connection gateway, and it forwards it to your ISPs router, and so on until it reaches the IP. Please note that all routing is done in the network layer, and not in any other layer.

[edit]

Network Address Translation (NAT)

Another important concept is NAT. NAT is how private IPs can interact with public IPs. Because private IPs are only used in private LANs, and the same addresses are used by alot of different machines at one time, they cannot be used to identify the sender of the packet. NAT is simply a way of allowing multiple machines using private IP addresses to use only one public IP. This is useful if you have multiple machines that need internet, but only have one internet account. It works by acting as a sort of middleman for all of the connections, while keeping track of who is talking to who. Lets look at it more in depth. Suppose you have two internal machines, one with the private IP address 192.168.0.2 . The default gateway will be a NATing router, with an internal IP of 192.168.0.1, and an external public IP of 12.55.20.2 . Now say that the 192.168.0.2 machine wishes to talk to some other IP, say 12.55.20.4 . First, he finds out that the packet is not destined for his local subnet. He then looks through his routing table to find out where to send it. He sends it to his default gateway, which is 192.168.0.1 . That router then changes the source IP information in the packet so that it reads that it is from the external IP(12.55.20.2) and sends it to its destination. The destination machine will then respond to 12.55.20.2 and the router, having kept track of the conversation, would know that it was for 192.168.0.2 and would forward it appropriately.
o

Note that in order for this to work, you HAVE to have all of the different sides (depending on the device, there may be more than one inner interface or outer interface) of the router on different subnets!** This is a VERY common mistake that users make. This is true of Smoothwall as well as any other NATing device. The router will get confused otherwise and not know where to send the packets as the route table will indicate that there are two different ways to get to the subnet, and may choose the wrong one.

This is a work in progress... Will be updated soon to include more information. Stay tuned! Tim Ritzer