Beruflich Dokumente
Kultur Dokumente
Contents
[show] [edit]
IP Protocol
The IP(v4) protocol, which we saw earlier is in the network layer, uses a 32 bit number to determine how to get a message (packet) from one machine to another. These numbers are known as IP addresses. Each device on a IP compatible network must have an address, so that it can be accessed by other machines on the network. No two machines should ever share an IP address on the same network. This will cause serious issues. Computers, as you may or may not know, are based on the binary number system. This means that it uses only ones and zeros (or rather, voltage or no voltage in hardware) to represent any number. Each 1 or 0 in a binary number is called a bit. Thus, when I say that an IP address is 32 bit, it means that it is a binary number with 32 places. However, since it would be confusing to tell someone your address is 1010110100101001..., the number is split into 4 sections, called octets, because they each contain 8 bits. Each octet is a seperate number, and can be between 0 and 255 (the largest number that can be represented by 8 bits). In order to divide the various ranges up,(for both speed and efficiency reasons) the IP protocol uses what is called a subnet mask. A subnet mask is combined with the IP address to find out if a given IP address is within a given network segment. In other words, it is a way to determine whether or not they will have to be routed somewhere.
They can be represented two different ways. One common way is CIDR notation. In this notation, you give the subnet address (more on this later) followed by a slash and then the subnet mask. Subnet/Subnet Mask 192.168.1.0/24 Another way to represent them is something like an IP. For example, a /24 in CIDR notation is the same subnet mask as 255.255.255.0 . In both cases, the number refers to the number of 1's in the mask. To determine whether an address is local or not, the IP address will be ANDed together with the subnet mask. With binary, when you talk about ANDing something, you mean compare the bits, and if the respective bits on both numbers are 1, then the result in that location is 1 otherwise it is 0. For a concrete example, let's pretend that we are the computer that has the IP address of 192.168.1.2 with a subnet mask of 255.255.255.0 , and we wish to reach 192.168.1.3 (which also has a 255.255.255.0 subnet mask). So, we take the destination IP address
11000000.10101000.00000001.00000011
This is the destination subnet. It is important to note the difference between the subnet, and the subnet mask. The subnet tells us what hosts are local, and which are remote. The subnet mask is used to get the subnet, BUT THEY ARE NOT THE SAME. Okay, back to our example. We calculated the destination subnet, now let's calculate our own. So, we take our IP address
11000000.10101000.00000001.00000010
And since we got the same subnet as the destination machine, the two addresses are on the same subnet, and thus do not require any routing. In this case, the packets will be sent directly to the destination machine. You can use any subnet mask with any IP, in order to customize the number of addresses considered local to your network. The larger the subnet however, the more traffic that will clutter up your network. It is good to have a subnet size that reflects your needs accurately. For most home networks, it is wise to simply use the /24 or 255.255.255.0 subnet mask, thus allowing for up to 254 unique network hosts on your network.
[edit]
IP Ranges
Not every available number combination is a valid usable IP though. There are several ranges that are restricted for a specific use, and should ONLY be used for that purpose. Although a 32 bit number can represent alot of different computers, there is not enough IP addresses for every computer to have its own, so the notion of private IP ranges came into play. When used together with NAT (more on this later), this can allow every computer to connect to the internet, without ever having two machines with the same public IP. Basically a private IP is simply an IP address within a special range set aside for use in internal networks. It is very important to the working of the internet that users do not use public IPs (the rest of the IP addresses that are not reserved for anything else.) that do not belong to them. Thus you must ALWAYS only use one of the seperate private IPs within your internal network, unless you own a public IP to use. There are several IP ranges set aside for private use.
* 192.168.0.0/16 * 172.16.0.0/12 * 10.0.0.0/8
There also are a few other ranges set aside for other special uses.
* 169.254.0.0/16 (Reserved for the case when an IP cannot be automatically be obtained) * 224.0.0.0 - 239.255.255.255 (Multicast addresses) * 127.0.0.0/8 (A special loopback address. "Short circuits" and returns to the sender)
Most other values are acceptable public IP addresses. Public IP address ranges are owned by ISPs, and then given out to their users. You cannot simply choose your own IP address on the internet, you must use whatever is assigned to you by your ISP. Like I said earlier, you can use any subnet mask with any IP range, so even though the 192.168.0.0 subnet is listed as having a /16 subnet mask, you can make multiple smaller networks out of that by using a /24 mask. This will allow 256 unique networks, each having 254 unique IP addresses available. So, you could have a machine that has the IP address of 192.168.1.2/24 , and it will be on a different subnet than the machine with the IP address of 192.168.2.2/24 Now, what you CANNOT do is use a larger subnet mask than is listed. Otherwise you will be using valid public IPs instead of private ones as designed. 192.0.0.0/8 contains IPs in the public range, but 192.168.0.0/16 does not. The same things go for the other reserved private ranges. You must stay within the allowed ranges. Subdividing the ranges, however, is perfectly acceptable. [edit]
Routing
Ok, now that you understand how, using the IP address and subnet mask you can obtain the subnet, and determine if a particular address is local or not, let's see how non-local address can be reached. If a computer or other networking device realizes that an IP that they wish to reach is not in their local subnet, they search through their route table to find out how to get the message there. If there is no specific entry regarding that particular subnet or IP then it will fall through to the default gateway for that machine. Note that the gateway to a different subnet must always be within the current subnet, otherwise it will be unable to locate it. The gateway then forwards on the message by referencing its own route table, and this continues until the packet reaches the destination. Thus, if you request that a packet be sent to 12.44.51.23 (Made up IP) you search your own route table, send it to your router or other internet connection gateway, and it forwards it to your ISPs router, and so on until it reaches the IP. Please note that all routing is done in the network layer, and not in any other layer.
[edit]
Note that in order for this to work, you HAVE to have all of the different sides (depending on the device, there may be more than one inner interface or outer interface) of the router on different subnets!** This is a VERY common mistake that users make. This is true of Smoothwall as well as any other NATing device. The router will get confused otherwise and not know where to send the packets as the route table will indicate that there are two different ways to get to the subnet, and may choose the wrong one.
This is a work in progress... Will be updated soon to include more information. Stay tuned! Tim Ritzer