Introduction
Without question, the TCP/IP suite is the most widely implemented
protocol on networks today. As such,
it is an important topic on the Network+ exam. To pass the exam,
you definitely need to understand the material presented in this chapter.
This chapter deals with the individual protocols within the protocol
suite. It looks at the functions of the individual protocols and their purposes. It starts by discussing one of the more complex
facets of TCP/IP—addressing.
IP Addressing
IP addressing is one of the most challenging aspects
of TCP/IP. It can leave even the most seasoned network
administrators scratching their heads. Fortunately,
the Network+ exam requires only a fundamental knowledge of IP
addressing. The following sections look at how IP addressing works for both
IPv4 and the newest version of IP, IPv6.
To communicate on a network
using TCP/IP, each system must be
assigned a unique address. The address defines both the number of the network
to which the device is attached and the number of the node on that network. In
other words, the IP address provides two pieces of information. It’s a bit like a street name and house number
in a person’s home address.
Each device on a logical
network segment must have the same network
address as all the other devices
on the segment. All the devices on that network
segment must then have different node addresses.
In IP addressing, another set of numbers,
called a subnet mask, is used to define
which portion of the IP address refers to the network address and which refers to the node address.
IP addressing is different in IPv4 and IPv6. We’ll begin our discussion by look- ing at IPv4.
IPv4
An IPv4 address is composed
of four sets of 8 binary bits, which are called octets.
The result is that IP addresses are 32 bits long. Each bit in each octet is assigned a decimal value. The leftmost bit
has a value of 128, followed by 64, 32, 16, 8,
4, 2, and 1, left to right.
Each bit in the octet can be either a 1 or a 0. If the value is 1, it is
counted as its decimal value, and if it is 0, it is ignored. If all the bits
are 0, the value of the octet is 0. If all the bits in the octet are 1, the
value is 255, which is 128+64+32+16+8+4+2+1.
By using the set of 8 bits and manipulating the 1s and 0s, you can obtain
any value between 0 and 255 for each octet.
Decimal Value
|
Binary Value
|
Decimal Calculation
|
10
|
00001010
|
8+2=10
|
192
|
11000000
|
128+64=192
|
205
|
11001101
|
128+64+8+4+1=205
|
223
|
11011111
|
128+64+16+8+4+2+1=223
|
IP Address Classes
IP addresses are grouped into logical divisions called classes. The IPv4 address space has
five address classes (A through E), although only three (A, B, and C) are used to assign
addresses to clients.
Class D is reserved for multicast address- ing, and Class E is reserved for
future development.
Of the three classes available for address assignments, each uses a
fixed-length subnet mask to define the separation between
the network and the node address.
A Class A address uses only the first octet to represent the network portion, a
Class B address uses two octets, and a Class
C address uses the first
three octets. The upshot
of this system
is that Class
A has a small number
of network address- es, but each Class
A address has a very large number
of possible host addresses.
Class B has a larger number of networks, but each Class B address has a small-
er number of hosts. Class C has an
even larger number of networks, but each Class C address has an even smaller number of hosts.
Address Class
|
Range
|
Number of
Networks
|
Number of
Hosts Per Network
|
Binary Value of First Octet
|
|
A
|
1 to 126
|
126
|
16,777,214
|
0xxxxxxx
|
B
|
128 to 191
|
16,384
|
65,534
|
10xxxxxx
|
C
|
192 to 223
|
2,097,152
|
254
|
110xxxxx
|
D
|
224 to 239
|
N/A
|
N/A
|
1110xxxx
|
E
|
240 to 255
|
N/A
|
N/A
|
1111xxxx
|
Subnet Mask Assignment
Like an IP address, a subnet mask is most commonly expressed in 32-bit dotted- decimal format. Unlike an IP
address, though, a subnet mask performs just one function—it defines which
parts of the IP address refer to the network address and which refer to the
node address. Each class of IP address used for address assignment has a
default subnet mask associated with it. Table
5.3 lists the default subnet masks.
Address Class
|
Default Subnet Mask
|
A
|
255.0.0.0
|
B
|
255.255.0.0
|
C
|
255.255.255.0
|
Subnetting
Now that you have looked at how IP addresses are used, you can learn the
process of subnetting. Subnetting
is a process by which the node portions of an IP address
are used to create more networks than you would have if you used the
default subnet mask.
To illustrate subnetting, let’s use an example. Suppose that you
have been assigned the Class B address
150.150.0.0. Using this address and the default
sub- net mask, you could have a single network (150.150) and use the
rest of the address as node addresses. This would give you a large number
of possible node addresses, which in reality
is probably not very useful.
With subnetting, you use
bits from the node portion of the address to create more network addresses.
This reduces the number of nodes per network, but you probably will still have more than enough.
There are two main reasons for subnetting:
. It allows you to use IP address
ranges more effectively.
. It
makes IP networking more secure and manageable by providing a mechanism to
create multiple networks rather than having just one. Using multiple networks
confines traffic to the network that it needs to be on, which reduces
overall network traffic
levels. Multiple subnets
also create more broadcast domains, which in turn reduces network-wide broadcast traffic.
Identifying the Differences Between IPv4 Public and
Private Networks
IP addressing involves many considerations, not the least of which are
public and private networks.
A public network is a network to which anyone can connect. The best (and perhaps only pure)
example of such a network is the Internet. A private network is any network to which access
is restricted. A corporate network and a network in a school
are examples of private networks.
The main difference between public and private networks, apart from the
fact that access to a private network is tightly controlled and access to a
public net- work is not, is that the addressing of devices on a public network
must be con- sidered carefully. Addressing on a private network
has a little more latitude.
As already discussed, in order for hosts on a network to communicate by
using TCP/IP, they must have unique
addresses. This number defines the logical net- work that each host belongs to and the host’s
address on that network. On a pri- vate network with, say, three logical networks and 100 nodes
on each network, addressing is not a particularly difficult task. On a network
on the scale of the Internet, however,
addressing is complex.
If you are connecting a system to the Internet, you need to get a valid registered IP address. Most commonly, you obtain this address from your ISP. Alternatively, if you wanted
a large number
of addresses, for example, you could
contact the organization responsible for address assignment in your area. You can determine who the regional numbers
authority for your area is by visiting the
IANA website.Because of the nature of their business, ISPs have large blocks of IP
addresses that they can assign to their clients. If you need a registered IP
address, getting one from an ISP will almost certainly be a simpler process
than going through a regional numbers authority. Some ISPs’ plans actually
include blocks of regis- tered IP addresses, working on the principle that businesses will want some kind
of permanent presence on the Internet. Of course, if you discontinue your serv-
ice with the ISP, you can no longer
use the IP address it provided.
Private Address Ranges
To provide flexibility in addressing and to prevent
an incorrectly configured net- work from polluting the Internet, certain
address ranges are set aside
for private use. These address ranges are called private ranges because they are designated for use only on private
networks. These addresses are special because Internet routers are configured
to ignore any packets they see that use these addresses. This means that if a
private network “leaks” onto the Internet, it won’t
get any farther than the first router
it encounters. So a private
address cannot be on the Internet, because it cannot
be routed to public networks.
Three ranges are defined in RFC 1918—one
each from Classes A, B, and C. You can use whichever range you want,
although the Class A and B address ranges offer more addressing options
than Class C. Table 5.4 defines the address ranges for Class A, B, and C addresses.
Table 5.4
|
Private Address Ranges
|
|
Class
|
Address Range
|
Default Subnet Mask
|
A
|
10.0.0.0 to 10.255.255.255
|
255.0.0.0
|
B
|
172.16.0.0 to 172.31.255.255
|
255.255.0.0
|
C
|
192.168.0.0 to 192.168.255.255
|
255.255.255.0
|
Classless Interdomain Routing (CIDR)
Classless interdomain routing (CIDR)
is a method of assigning addresses out- side the standard Class A, B, and C structure. Specifying the number of bits in the subnet mask offers
more flexibility than the three
standard class definitions.
Using CIDR, addresses are assigned using a value known as the slasft.
The actu- al value of the slash depends on how many bits of the subnet mask are
used to express the network
portion of the address. For example, a subnet mask that uses all 8 bits from the first octet and
4 from the second would be described as /12, or “slash 12.” A subnet mask that
uses all the bits from the first three octets would be called /24. Why the
slash? In actual addressing terms, the CIDR value is expressed after the address, using
a slash. So the address
192.168.2.1/24 means that the node’s
IP address is 192.168.2.1, and the subnet
mask is 255.255.255.0.
Default Gateways
Default gateways are the means
by which a device can access hosts
on other net- works for which it does not have a
specifically configured route. Most worksta- tion configurations actually
default to just using default gateways rather than having any static routes
configured. This allows workstations to communicate with other network segments,
or with other networks, such as the InternetWhen a system wants to communicate with another device, it first
determines whether the host is on the local network or a remote network. If the
host is on a remote network,
the system looks
in the routing table to determine whether
it has an entry for the network on which the remote host resides. If it does, it uses that route. If it does not, the data
is sent to the default gateway.In essence, the default gateway is simply the
path out of the network for a given device. Figure 5.1 shows how a default gateway fits into a network
infrastructure.On the network, a default gateway could be a router, or a computer with net- work interfaces for all segments to which it is connected. These interfaces have local IP addresses for the respective segments.
If a system is not configured with any static
routes or a default gateway, it is lim- ited to operating on its own network segment.
On the network, the default
gate- way could be a physical
router or a computer with network interfaces for all seg- ments to which it is connected. These
interfaces have local IP addresses for the respective segments.
IPv4 Address Types
IPv4 has three primary
address types:
. Unicast: With unicast addresses, a
single address is specified. Data sent with unicast addressing is delivered to
a specific node identified by the address. It is a point-to-point address link.
. Broadcast: A broadcast address is at
the opposite end of the spectrum from a unicast
address. A broadcast
address is an IP address
that you can use to target all systems on a subnet
or network instead of single hosts. In other words, a broadcast
message goes to everyone on the network.
. Multicast: Multicasting is a mechanism by which groups of network
devices can send and receive
data between the members of the group
at one time, instead of sending messages to each device in the group
sepa- rately. The multicast grouping
is established by configuring each device with
the same multicast IP address.
It is important to be able to distinguish between these three types of
IPv4 addresses.
IPv6 Addressing
Internet Protocol Version 4
(IPv4) has served as the Internet’s protocol
for almost 30 years. When IPv4 was in development 30 years ago, it would have
been impossible for its creators to imagine or predict the future demand for IP
devices and therefore IP addresses. Where have all
the IPv4 addresses gone?
IPv4 uses a 32-bit addressing scheme. This gives IPv4 a total of
4,294,967,296 possible unique addresses that can be assigned to IP devices.
Over 4 billion addresses might sound like a lot, and it is. However, the number of IP-enabled devices increases
daily at a staggering rate. It is also important
to remember that
not all of these addresses can be used by public
networks. Many of these address- es are reserved and are
unavailable for public use. This reduces the number of addresses that can be allocated as public Internet
addresses.
The IPv6 project started in the mid-1990s, well before the threat of IPv4
limi- tations was upon us. Now network hardware
and software are equipped for and
ready to deploy IPv6 addressing. IPv6 offers a number of improvements. The
most notable is
its ability to
handle growth in
public networks. IPv6
uses a 128-bit addressing scheme, allowing a huge number
of possible addresses:
340,282,366,920,938,463,463,374,607,431,768,211,456
Identifying IPv6 Addresses
As previously discussed, IPv4 uses a dotted-decimal format—8
bits converted to its decimal equivalent and separated by periods. An example of an IPv4 address
is 192.168.2.1.
Because of the 128-bit structure of the IPv6 addressing scheme, it looks
quite a bit different. An IPv6 address is divided along 16-bit boundaries, and
each 16- bit block is converted into a four-digit hexadecimal number and
separated by colons. The resulting representation is called colon-hexadecimal. Let’s look at how it works. Figure 5.2 shows
the IPv6 address 2001:0:4137:9e50:2811:34ff:3f57:febc from a Windows Vista system.
An IPv6 address can be simplified by removing the leading 0s within each
16- bit block. Not all the 0s can be removed, however,
because each address block must have at least a single digit. Removing the 0 suppression, the address repre- sentation becomes
2001:0000:4137:9e50:2811:34ff:3f57:febc
Some of the IPv6 addresses
you will work with have sequences of 0s. When this
occurs, the number is often abbreviated to make it easier to read. In the preced- ing example you saw that a single
0 represented a number set in hexadecimal form. To further simplify the representation of IPv6 addresses, a
contiguous sequence of 16-bit blocks set to 0 in colon hexadecimal format can
be com- pressed to ::, known as the double colon.
For example, the
link-local address of 2001:0000:0000:0000:3cde:37d1:3f57:fe93
can be compressed
to 2001::3cde:37d1:3f57:fe93.
Of course, there are limits on how the IPv6 0s can be reduced. 0s within
the IPv6 address cannot be eliminated when they are not first in the number sequence. For instance,
2001:4000:0000:0000:0000:0000:0000:0003 cannot be compressed as 2001:4::3. This
would actually appear
as 2001:4000::3.
When you look at an IPv6 address that uses a double colon, how do you
know exactly what numbers are represented? The formula is to subtract the
number of blocks from 8 and then multiply
that number by 16. For example, the address
2001:4000::3 uses three blocks—2001, 4000, and 3. So the formula is as follows:
(8 – 3) * 16 = 80
Therefore, the total number of bits represented by the double colon in
this example is 80.
IPv6 Address Types
Another difference between
IPv4 and IPv6 is in the address
types. IPv4 address- ing was discussed in detail earlier
in this chapter. IPv6 addressing offers
several types of addresses:
. Unicast
IPv6 addresses: As you might deduce from the name, a unicast address specifies a single interface. Data packets sent to a unicast destina- tion travel from the sending host to the destination host.
It is a direct line of
communication. A few types of addresses fall under the unicast banner:
. Global unicast addresses: Global unicast
addresses are the
equiva- lent of IPv4 public addresses. These addresses are routable and travel
throughout the network.
. Link-local addresses: Link-local
addresses are designated for use on a single local network. Link-local
addresses are automatically config- ured on all interfaces. This automatic configuration
is comparable to the 169.254.0.0/16 APIPA automatically
assigned IPv4 addressing scheme. The prefix used for a link-local address is
fe80::/64. On a sin- gle-link IPv6 network with no router, link-local addresses
are used to communicate between devices
on the link.
. Site-local addresses: Site-local
addresses are equivalent to the IPv4 private
address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). As with
IPv4, in which private address ranges are used in private net- works, IPv6 uses site-local addresses that do not interfere
with global unicast addresses. In addition, routers
do not forward site-local traffic outside the site. Unlike
link-local addresses, site-local addresses are not automatically configured and
must be assigned through either stateless or stateful address configuration
processes. The prefix used for the site-local address is FEC0::/10.
. Multicast addresses: As with IPv4 addresses, multicasting sends and receives data between groups
of nodes. It sends IP messages to that
group rather than to every node on the LAN (broadcast) or just one other node (unicast).
. Anycast addresses: Anycast addresses represent the middle ground between unicast
addresses and multicast addresses. Anycast delivers mes- sages to any one node in the multicast group.
Comparing IPv4
and IPv6 Addressing
Table
5.5 compares IPv4 and IPv6 addressing.
Table 5.5 Comparing
IPv4 and IPv6
Address Feature
|
IPv4 Address
|
IPv6 Address
|
Loopback address
|
127.0.0.1
|
0:0:0:0:0:0:0:1 (::1)
|
Network-wide addresses
|
IPv4 public address ranges
|
Global unicast IPv6 addresses
|
Private network addresses
|
10.0.0.0
|
Site-local address ranges
|
|
172.16.0.0
|
(FEC0::)
|
|
192.168.0.0
|
|
Autoconfigured addresses
|
IPv4 automatic private IP
addressing (169.254.0.0)
|
Link-local addresses of
the FE80:: prefix
|
Assigning IP Addresses
Now that you understand the need for each system on a TCP/IP-based network to have a unique address, the
following sections examine how those systems receive
their addresses.
Static Addressing
Static addressing refers to the
manual assignment of IP addresses to a system. This approach has two main problems:
. Statically
configuring one system with the correct address is simple, but in the course of
configuring, say, a few hundred
systems, mistakes are likely to be made. If the IP addresses are entered incorrectly, the system probably won’t be able to connect to other systems
on the network.
. If
the IP addressing scheme for the organization changes, each system must again
be manually reconfigured. In a large organization with hun- dreds or thousands of systems, such a reconfiguration could take a con-
siderable amount of time. These drawbacks of static addressing are so
significant that nearly all networks
use dynamic IP addressing.
Dynamic Addressing
Dynamic addressing refers to the automatic
assignment of IP addresses. On mod-
ern networks, the mechanism used to do this is Dynamic Host Configuration
Protocol (DHCP). DHCP, part of the
TCP/IP suite, enables a central system to provide client systems with IP addresses. Assigning addresses automatically with DHCP alleviates the burden of address configuration and
reconfiguration that occurs with static
IP addressing.
The
basic function of the DHCP service is to automatically assign IP addresses to client systems. To do this, ranges of IP addresses, known as scopes, are defined
on a system
that is running
a DHCP server application. When another system configured as a DHCP
client is initialized, it asks the
server for an address. If all
things are as they should
be, the server
assigns an address
to the client for a pre-
determined amount of time, which
is known as the lease, from the scope.
A DHCP server
typically can be configured to assign more
than just IP address-
es. It often is used to assign
the subnet mask,
the default gateway, and Domain
Name System (DNS) information.
Using DHCP means that administrators do not have to manually configure
each client system with a TCP/IP address. This removes the common problems
asso- ciated with statically assigned addresses, such as human error. The potential problem of assigning
duplicate IP addresses is also eliminated. DHCP also removes the need to reconfigure systems
if they move from one subnet to anoth-
er, or if you decide to make a
wholesale change in the IP addressing structure.
Configuring Client Systems for TCP/IP
Configuring a client for TCP/IP can be relatively complex, or it can be simple.
Any complexity involved is related
to the possible need to configure TCP/IP manually.
The simplicity is related to the fact that TCP/IP configuration can
occur automatically via DHCP or through APIPA. At the least,
a system needs an
IP address and
subnet mask to log on to a network. The
default gateway and DNS server IP information is
optional, but network functionality is limited without them. The
following list briefly explains the IP-related settings used to connect to a TCP/IP network:
. IP address: Each system
must be assigned
a unique IP address so that it can communicate on the network.
. Subnet mask: The subnet mask allows
the system to determine what portion of the IP address
represents the network
address and what por-
tion represents the
node address.
. Default gateway: The default
gateway allows the
system to communi- cate on a remote network, without
the need for explicit routes to be defined.
. DNS server addresses: DNS servers allow dynamic hostname resolu- tion
to be performed. It is common practice to have two DNS server addresses defined so that if one server becomes unavailable, the other can be used.
BOOT Protocol (BOOTP)
BOOTP was originally created so that diskless workstations could obtain
infor- mation needed to connect to the network, such as the TCP/IP address,
subnet mask, and default
gateway. Such a system
was necessary because
diskless work- stations had no way to store
the information.
When a system configured to use BOOTP is powered up, it broadcasts for a
BOOTP server on the network. If such a server exists, it compares the MAC
address of the system issuing the BOOTP request with a database of entries.
From this database, it supplies the system with the appropriate information. It
can also notify the workstation about a file that it must run on BOOTP.
In the unlikely event that you find yourself using BOOTP, you should be aware that, like DHCP, it is a broadcast-based system.
Therefore, routers must be con- figured to forward BOOTP broadcasts.
APIPA
Automatic Private IP Addressing (APIPA)
was introduced with Windows 98, and it has been included in all
subsequent Windows versions. The function of APIPA
is that a system can give itself an IP address in the event that it is
inca- pable of receiving an address dynamically from a DHCP server. In such an event, APIPA assigns
the system an address from the 169.254.0.0 address range and
configures an appropriate subnet mask (255.255.0.0). However, it doesn’t configure the system with a default
gateway address. As a result,
communication is limited to the local
network.
The idea behind APIPA is that
systems on a segment can communicate with each other in the event of DHCP
server failure. In reality, the
limited usability of APIPA makes
it little more than a last resort.
For example, imagine
that a sys- tem is powered on while the DHCP server is operational and
receives an IP address of 192.168.100.2. Then the DHCP server fails. Now, if the other sys- tems on the segment
are powered on and are unable to get an address from the
DHCP server because it is down, they would self-assign addresses in the
169.254.0.0 address range
via APIPA. The systems
with APIPA addresses would
be able to talk to each other, but
they couldn’t talk to a system that
received an address from the DHCP server. Likewise,
any system that received an IP address via DHCP would be unable to talk to
systems with APIPA-assigned addresses. This, and the absence of a default gateway, is why APIPA is of limit- ed use in real-world environments.
Identifying MAC Addresses
This book many times refers to MAC addresses and how certain devices use
them. However, it has not yet discussed why MAC addresses exist, how they are
assigned, and what they consist of. Let’s do
that now. A MAC address is a 6-byte (48-bit) hexadecimal address that allows a NIC
to be uniquely identified on the network. The MAC address forms the basis of
net- work communication, regardless of the protocol used to achieve network
con- nection. Because the MAC address is so fundamental to network communica-
tion, mechanisms are in place
to ensure that duplicate addresses cannot be used.
To combat the possibility of
duplicate MAC addresses being assigned, the Institute of Electrical and
Electronics Engineers (IEEE) took over the assign- ment of MAC addresses. But
rather than be burdened with assigning individual addresses, the IEEE decided
to assign each manufacturer an ID and then let the manufacturer further
allocate IDs. The result is that in a MAC address, the first 3 bytes
define the manufacturer, and the last 3 are assigned by the manufacturer.
For example, consider the MAC address of the computer on which this book
is being written: 00:D0:59:09:07:51. The first 3 bytes (00:D0:59) identify the man- ufacturer of the card; because only
this manufacturer can use this address, it is known as the Organizational Unique
Identifier (OUI). The last 3 bytes (09:07:51) are called the Universal LAN MAC address: They make this interface unique.
You can find a complete
listing of organizational MAC address assignments at http://standards.ieee.org/regauth/oui/oui.txt.
NAT, PAT, and SNAT
This chapter has defined many acronyms,
and we will continue with three more—NAT, PAT, and SNAT.
Network Address Translation (NAT)
The basic principle of NAT is
that many computers can “hide” behind a single IP address. The main reason we
need to do this (as pointed out earlier, in
the section “IP Addressing”) is because there simply aren’t enough IP addresses
to go around. Using NAT means that
only one registered IP address is needed on the system’s external interface, acting as the gateway between the
internal and external networks. NAT allows you to use whatever
addressing scheme you like on your internal networks, although it is common
practice to use the private address ranges, which were discussed earlier
in the chapter.
When a system is performing NAT, it
funnels the requests given to it to the Internet. To the remote host, the request looks like it is originating from
a sin- gle address. The system performing the NAT
function keeps track of who asked for
what and makes
sure that when the data is returned, it is directed
to the cor- rect system. Servers that provide NAT functionality do so in different ways. For example, it is possible
to statically map a specific
internal IP address
to a specif- ic external one (known as the one-to-one NAT metftod) so that outgoing
requests are always tagged with the same IP address. Alternatively, if you have a group of
public IP addresses, you can have the NAT system assign addresses to devices on a first-come, first-served basis.
Either way, the basic function of NAT is the same.
PAT and SNAT
NAT allows administrators to
conserve public IP addresses and, at the same time, secure the internal
network. Port Address Translation (PAT) is a variation on NAT. With
PAT, all systems on the LAN are
translated to the same IP address, but with a different port number
assignment. PAT is used when multi-
ple clients want to access the Internet. However,
with not enough public IP addresses available, you need to map the
inside clients to a single public IP address. When packets come back into the
private network, they are routed to their destination with a table within PAT that tracks the public and private port
numbers.
When PAT is used, there is a
typically only a single IP address exposed to the public network and multiple
network devices access the Internet through this exposed IP address. The
sending devices, IP address, and port number are not exposed. As an example,
an internal computer
with the IP address of 192.168.2.2
wants to access a remote
Web server at address
204.23.85.49. The request
goes to the PAT router where
the sender’s private IP and port
number are modified and a mapping is added to the PAT table. The remote web server sees the request coming from the
IP address of the PAT router and not
the computer actually making the request. The web server will send the reply to
the addressand port number
of the router. Once received, the
router will check its table to see the packets
actual destination and forward it.Static NAT is a simple form of NAT. SNAT maps
a private IP address directly to a static unchanging public IP address.
This allows an internal system,
such as a mail server,
to have an unregistered (private) IP address and still be reachable
over the Internet. For example,
if a network uses a private address
of 192.168.2.1 for a mail server, it can be statically linked to a public IP address such as 213. 23.
213.85.
.
No comments:
Post a Comment