Once again about IP-addresses, subnet masks and in general.

March 7, 2019 | Views: 1852

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

A little literacy. Inspired by previous copy-paste of various rubbish on this topic. Forgive the nosing staff. 

The IP address (v4) consists of 32-bit. Any self-respecting administrator, and indeed an IT specialist (I’m silent about network engineers), being awakened in the middle of the night or in a state of severe alcoholic intoxication, correctly answer the question “how many bits does an IP address consist of?” Generally desirable about IPv6 too: 128 bits. 

The first circumstance. In total, theoretically, IPv4 addresses can be: 
232 = 210 * 210 * 210 * 22 = 1024 * 1024 * 1024 * 4 ≈ 1000 * 1000 * 1000 * 4 = 4 billion. 
Below we will see that quite a lot of them are “eaten” under all garbage.

They write down the IPv4 address, I think everyone knows how. Four octets (the same as byte, but if you want to flash, then say “octet” – you will immediately leave your own) in decimal representation without leading zeros, separated by dots: “192.168.11.10”. 

In the header of an IP packet, there are the source IP and destination IP fields: the source address (who sends) and the destination (to). As in the mail envelope. Inside the packets, the IP addresses do not have any masks. There are no separators between octets either. Just 32-bits to the destination address and another 32 to the source address. 

However, when the IP address is assigned to the interface (network adapter or whatever it is called) of the computer or router, then in addition to the address of this device, it is also assigned a subnet mask. Once again: the mask is not transmitted in the headers of IP packets.

Computers need a subnet mask to define the boundaries – never guess what – the subnet. So that everyone could determine who is with him on one [under] the network, and who is outside it. (Actually, we can simply say “networks”, often this term is used precisely in the sense of “IP subnet”.) The fact is that within one network computers exchange packets “directly”, and when you need to send a packet to another network, you send their default gateway (the third parameter in the network properties, if you remember). We will understand how this happens. 

The subnet mask is also 32-bit. But unlike IP addresses, zeros and ones in it cannot alternate. Always first comes some units, then some zeros. The mask cannot be 

120.22.123.12 = 01111000.00010110.01111011.00001100. 

But maybe a mask

255.255.248.0 = 11111111.11111111.11111000.00000000. 

First N units, then 32-N zeros. It is easy to guess that this form of recording is redundant. A number N, called the mask length, is quite enough. So they do: they write 192.168.11.10/21 instead of 192.168.11.10 255.255.248.0. Both forms carry the same meaning, but the first is much more convenient. 

To determine the boundaries of the subnet, the computer does a bitwise multiplication (logical AND) between the IP address and the mask, getting the output address with zero bits in the mask zero positions. Consider the example of 192.168.11.10/21: 

11000000.10101000.00001011.00001010 
11111111.11111111.11111000.00000000 
———————————— ——–— 
11000000.10101000.00001000.00000000 = 192.168.8.0

The second circumstance. Any self-respecting administrator must be able to translate IP addresses from decimal to binary and back in mind or on paper, and also be proficient in binary arithmetic.

The address 192.168.8.0, with all bits zeroed at positions corresponding to the zeros in the mask, is called the subnet address. It cannot (usually) be used as an address for the interface of a particular host. If, on the contrary, these bits are set to ones, then the address 192.168.15.255 is obtained. This address is called Directed Broadcast (Broadcast) for this network. Its meaning in modern times is very small: it was once believed that all hosts on the subnet should respond to it, but that was a long time and not true. However, this address cannot also (usually) be used as a host address. Total two addresses in each subnet – in the trash. All other addresses in the range from 192.168.8.1 to 192.168.15.254 inclusive are full addresses of hosts within the subnet 192.168.8.0/21, they can be used for assignment on computers.

Thus, that part of the address, which correspond to the units in the mask, is the address (identifier) ​​of the subnet. It is also often called the word prefix. And the part that corresponds to the zeros in the mask is the host identifier inside the subnet. The subnet address in the form of 192.168.8.0/21 or 192.168.8.0 255.255.248.0 can be found quite often. It is with the prefixes that the routers operate, plotting the routes of traffic transmission over the network. Only the default gateway of this subnet (using one or another data link layer technology), but not transit routers, knows about the location of the hosts inside the subnets. But the host address in isolation from the subnet is not used at all. 

The third circumstance. The number of hosts on a subnet is defined as 232-N-2, where N is the mask length. The longer the mask, the fewer the hosts in it.

From this circumstance, in particular, it follows that the maximum mask length for a subnet with hosts is N = 30. The / 30 networks are most often used for addressing on point-to-point links between routers. 

And although most modern routers work fine with masks / 31, using the subnet address (zero in the one-bit host part) and Broadcast (one) as the interface addresses, administrators and network engineers often simply fear this approach, preferring to be guided by the principle “.

But the mask / 32 is used quite often. First, for all sorts of official needs in addressing the so-called. loopback interfaces, secondly, from curvature: / 32 is a subnet consisting of a single host, that is, no network, in essence. The more often the network administrator operates not with groups of hosts, but with individual machines, the less the network is scalable, the more snot, mess and unclear rules for anyone. The exception, perhaps, is the writing of firewall rules for servers, where specificity is a good thing. But with users it is better to treat not individually, but in a crowd, whole subnets, otherwise the network will quickly become uncontrollable. 

The interface on which the IP address is configured is sometimes called the IP interface or the L3 interface (“el-three”, see. OSI Model).

Before sending an IP packet, the computer determines whether the destination address is in its “own” subnet. If it hits, it sends the packet “directly”, if not, it sends it to the default gateway (router). As a rule, although this is not at all necessary, the default gateway is assigned the first host address on the subnet: in our case, 192.168.8.1 is for beauty.

Fourth circumstance. From what has been said in particular, it follows that the router (the gateway and the router are one and the same) with the interface address 192.168.8.1 know nothing about the traffic transmitted between, for example, hosts 192.168.8.5 and 192.168.8.7. A very common mistake of novice administrators is the desire to block or otherwise control traffic through a gateway between hosts within the same subnet. For traffic to pass through the router, the addressee and the sender must be on different subnets. 

Thus, the network (even the smallest enterprise) usually has several IP subnets (2+) and a router (more precisely, a firewall, but in this context we can consider these words as synonyms) that route and control traffic between subnets.

The next step is to split the subnets into smaller subnets. The 192.168.8.0/21 network we love can be divided into 2 subnets / 22, four subnets / 23, eight / 24, etc. The general rule, as it is not difficult to guess, is: K = 2X-Y, where K is the number of subnets with a mask length of Y, which fits in a subnet with a mask length of X. 

Fifth circumstance. Like any decent IT person, the network administrator, if only he receives a salary not for his beautiful eyes, it is necessary to know by heart the degrees of two from 0 to 16.

The process of combining small prefixes (with a long mask, in which there are few hosts) into large ones (with a short mask, in which there are many hosts) is called aggregation or summatization (that’s not summation!). This is a very important process, which allows minimizing the amount of information needed by the router to find a transmission path in the network. So, let’s say, providers give out to clients thousands of small blocks of type / 29, but the entire Internet does not even know about their existence. Instead, each provider is assigned large prefixes such as / 19 and larger. This allows reducing the number of entries in the global Internet routing table by orders of magnitude.

The sixth circumstance. The greater the length of the mask, the smaller the subnet can be hosts, and the greater the share is the “devouring” of addresses to the addresses of the subnet, the directional brodcast and the default gateway. In particular, in the subnet with a mask / 29 (232-29 = 8 combinations) there will be only 5 addresses available for actual use (62.5%). Now imagine that you are a provider issuing thousands of units to corporate clients / 29. Thus, competently splitting IP space into subnets (making an address plan) is a whole little science, including the search for compromises between various complex factors.

If there is a sufficiently large range of addresses, usually from blocks for private use 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16, of course, it is convenient to use masks that coincide in length with the boundaries of octets: / 8, / 16 , / 24 or, respectively, 255.0.0.0, 255.255.0.0 and 255.255.255.0. Using them, you can facilitate the work of the brain and the calculator, eliminating the need to work with the binary system and bits. This is the right approach, but do not forget that the abuse of relaxer is rarely good. 

And the last. The notorious classes of addresses. Dear comrades, forget this word in general! Totally. Already 20 years from now (!), There are no classes. Exactly since it became clear that the length of the prefix can be any, and if you distribute addresses in blocks of / 8, then no Internet will work.

Sometimes “experienced specialists” like to flash with the words “network of such-and-such class” in relation to a subnet with a particular mask length. Say, you can often hear the word “class C network” about something like 10.1.2.0/24. The network class (when it was) had nothing to do with the mask length and was determined by very different factors (combinations of bits in the address). In turn, the class addressing required to have masks only prescribed length for this class. Therefore, the specified subnet 10.1.2.0/24 never belonged and will not belong to class C.

But all this is better not to remember. The only thing you need to know is that there are different global conventions gathered under the same roof in RFC3330 about the special meaning of certain address blocks. So, for example, the mentioned blocks 10/8, 172.16 / 12 and 192.168 / 16 (yes, it is possible to write prefixes in this way, completely discarding the host part) are defined as ranges for private use that are not allowed for routing on the Internet. Everyone can use them for private purposes at their discretion. Block 224.0.0.0/4 is reserved for multicast, etc. But these are only conventions designed to facilitate administrative interaction. And although I personally highly recommend you not to violate them (except for reliably isolated laboratory tests), nobody technically prohibits the use of any addresses for any purpose.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel