IPv4 Addresses
IPv4 addresses are 32 bits long; like all
network-level addresses, they have a network portion and a host portion.
The network portion uniquely identifies a physical or logical link and
is common to all devices attached to that link. The host portion
uniquely identifies a particular device attached to the link.
There are several ways to represent the 32 bits of an IP address. For instance, the 32-bit IP address
00001010110101100101011110000011
can be represented in decimal as
181,819,267.
The binary format is cumbersome, and a decimal format of the entire 32-bit number is time-consuming to calculate.
Figure 1-4 shows a better format.
The 32 bits of the address comprise four octets, each
of which can be represented with a decimal number between 0 and 255,
with dots between the decimal representations. In
Figure 1-4, the 32-bit address is mapped into a dotted-decimal representation.
An important distinction to remember when working
with IPv4 addresses is that dotted decimal is just an easy way for
humans to read and write IP addresses. Always remember that the router
is not reading an address in terms of four octets; rather, the router
sees a 32-bit binary string. Many pitfalls can be avoided by keeping
this fact firmly in mind. If you have not worked with binary
numbersparticularly converting between binary and decimalyou might want
to read the tutorial in
Appendix A, "Tutorial: Working with Binary and Hex," before continuing on with this chapter.
Probably the most distinctive characteristic of IPv4
addresses is that unlike other network-level addresses, the network and
host portions can vary in size within the 32-bit boundaries. That is,
the network portion might take up most of the 32 bits, or the host
portion might, or they might divide the bits equally. Protocols such as
NetWare and AppleTalk were designed for use in relatively small
networks, and as a result their network-level addresses have
fixed-length network and host portions. This arrangement certainly makes
life easier; a receiving device knows to read a certain number of bits
into the address to find the network part, and the rest is host address.
TCP/IP, however, was designed from the first to be
flexible enough to be used in any network, from the tiny to the
colossal. This flexibility makes IP addresses more difficult to manage.
The basics of administering IP addresses are presented in this section,
and
then some more advanced techniques are introduced in
Chapter 6, "RIPv2, RIPng, and Classless Routing."
First Octet Rule
Without putting too fine a point on it, it can be
said that there are three sizes of networks as measured by the number of
hosts: big, medium, and small:
Big networks, by definition, have a huge number of hosts. Relatively few big networks exist.
Small
networks are just the opposite. Each one is small because it has a
small number of hosts; a huge number of small networks exist.
Medium
networks are just that: a medium number of them (in relation to big and
small ones) and a medium number of hosts in each one.
This high level of addressing focus requires three typesclassesof
network address for the three sizes of networks. Addresses for big
networks need to be capable of addressing many hosts, but because so few
big networks exist, only a few big-network addresses are required.
The situation is reversed for small networks. Because
there are many small networks, a large number of small-network
addresses are needed. But because a small network has a small number of
hosts, each of the many network addresses only requires a few host
addresses.
For medium-sized networks, a medium number of network
addresses and a medium number of host addresses will be available for
each network address.
Figure 1-5 shows how the network and host portions of IPv4 addresses are divided up for these three classes.
The big, medium, and small networks described thus far map to address classes as follows:
Class A IPv4
addresses are for big networks. The first octet is the network portion,
and the last three octets are the host portion. Only 256 numbers are
available in the eight-bit network part, but 224 or 16,777,216 numbers are available in the host part of each of those network addresses.
Class B
addresses are for medium-size networks. The first two octets are the
network portion, and the last two octets are the host portion. There are
216 or 65,536 available numbers in the network part and an equal number in the host part.
Class C
addresses are just the opposite of Class A. The first three octets are
the network portion, and the last octet is the host portion.
Because all IPv4 addresses are 32-bit binary strings,
a way of distinguishing the class to which a particular address belongs
is necessary. The
first octet rule, demonstrated in
Table 1-3, provides the means to make such a distinction and can be described as follows:
Table 1-3. First octet rule.
Rule
|
Minimum and Maximum
|
Decimal Range
|
Class A: First bit is always 0
|
00000000 = 0
01111111 = 127
|
1126
|
Class B: First two bits are always 10
|
10000000 = 128
10111111 = 191
|
128191
|
Class C: First three bits are always 110
|
11000000 = 192
11011111 = 223
|
192223
|
So
far IPv4 addressing doesn't seem so difficult. A router or host could
easily determine the network part of an IP address by using the first
octet rule. If the first bit is 0, then read the first eight bits to
find the network address. If the first two bits are 10, then read the
first 16 bits; and if the first three bits are 110, then read 24 bits in
to get the network address. Unfortunately, things are not that easy.
Address Masks
The address for an entire data linka
non-host-specific network addressis represented by the network portion
of an IP address, with all host bits set to zero. For instance, an
addressing authority might assign to an applicant an address of 172.21.0.0.
This address is a Class B address because 172 is between 128 and 191,
so the last two octets make up the host bits. Notice that they are all
set to zero. The first 16 bits (172.21.) are assigned, but address
owners are free to do whatever they please with the host bits.
Each device or interface will be assigned a unique,
host-specific address such as 172.21.35.17. The device, whether a host
or a router, obviously needs to know its own address, but it also needs
to be able to determine the network to which it belongsin this case,
172.21.0.0.
This task is accomplished by means of an
address mask.
The address mask is a 32-bit string, one bit for each bit of the IPv4
address. As a 32-bit string, the mask can be represented in
dotted-decimal format just like an IPv4 address. This representation
tends to be a stumbling block for some beginners: Although the address
mask can be written in dotted decimal, it is not an address.
Table 1-4 shows the standard address masks for the three classes of IPv4 address.
Table 1-4. Address masks for Class A, B, and C IPv4 addresses.
Class
|
Mask
|
Dotted Decimal
|
A
|
11111111000000000000000000000000
|
255.0.0.0
|
B
|
11111111111111110000000000000000
|
255.255.0.0
|
C
|
11111111111111111111111100000000
|
255.255.255.0
|
For
each bit of the IPv4 address, the device performs a Boolean (logical)
AND function with the corresponding bit of the address mask. The AND
function can be stated as follows:
Compare two bits and derive a
result. The result will be one, if and only if, both bits are one. If
either or both bits are zero, the result will be zero.
Figure 1-6
shows how, for a given IPv4 address, the address mask is used to
determine the network address. The mask has a one in every bit position
corresponding to a network bit of the address and a zero in every bit
position corresponding to a host bit. Because 172.21.35.17 is a Class B
address, the mask must have the first two octets set to all ones and the
last two octets, the host part, set to all zeros. As
Table 1-4 shows, this mask can be represented in dotted decimal as 255.255.0.0.
A logical AND is performed on the IPv4 address and its mask for every bit position; the result is shown in
Figure 1-6.
In the result, every network bit is repeated, and all the host bits
become 0s. So by assigning an address of 172.21.35.17 and a mask of
255.255.0.0 to an interface, the device will know that the interface
belongs to network 172.21.0.0. Applying the AND operator to an IPv4
address and its address mask always reveals the network address.
An address and mask are assigned to an interface of a
Cisco router (in this example, the E0 interface) by means of the
following commands:
Smokey(config)# interface ethernet 0
Smokey(config-if)# ip address 172.21.35.17 255.255.0.0
But why use address masks at all? So far, using the first octet rule seems much simpler.
Subnets and Subnet Masks
Never
lose sight of why network-level addresses are necessary in the first
place. For routing to be accomplished, each and every data link
(network) must have a unique address; in addition, each and every host
on that data link must have an address that both identifies it as a
member of the network and distinguishes it from any other host on that
network.
As defined so far, a single Class A, B, or C address
can be used only on a single data link. To build a network, separate
addresses must be used for each data link so that those networks are
uniquely identifiable. If a separate Class A, B, or C address were
assigned to each data link, fewer than 17 million data links could be
addressed before all IPv4 addresses were depleted. This approach is
obviously impractical,
as is the fact that to make full use of the host address space in the
previous example, more than 65,000 devices would have to reside on data
link 172.21.0.0!
The only way to make Class A, B, or C addresses
practical is by dividing each major address, such as 172.21.0.0, into
subnetwork addresses. Recall two facts:
Figure 1-7
shows a network to which the major Class B address 172.21.0.0 has been
assigned. Five data links are interconnecting the hosts and routers,
each one of which requires a network address. As it stands, 172.21.0.0
would have to be assigned to a single data link, and then four more
addresses would have to be requested for the other four data links.
Notice what was done in
Figure 1-7.
The address mask is not a standard 16-bit mask for Class B addresses;
the mask has been extended another eight bits so that the first 24 bits
of the IP address are interpreted as network bits. In other words, the
routers and hosts have been given a mask that causes them to read the
first eight host bits as part of the network address. The result is that
the major network address applies to the entire network, and each data
link has become a subnetwork, or subnet. A
subnet is a subset of a major Class A, B, or C address space.
The IPv4 address now has three parts: the network part, the subnet part, and the host part. The address mask is now a
subnet mask,
or a mask that is longer than the standard address mask. The first two
octets of the address will always be 172.21, but the third octetwhose
bits are now subnet bits instead of host bitsmight range from 0 to 255.
The network in
Figure 1-6 has subnets 1, 2, 3, 4, and 5 (172.21.
1.0 through 172.21.
5.0). Up to 256 subnets might be assigned under the single Class B address, using the mask shown.
Two
words of caution are in order. First, not all routing protocols can
support subnet addresses in which the subnet bits are all zeros or all
ones. The reason is that these protocols, called
classful protocols, cannot differentiate between an all-zero subnet and the major network number. For instance, subnet 0 in
Figure 1-7 would be 172.21.0.0; the major IP address is also 172.21.0.0. The two cannot be distinguished without further information.
Likewise, classful routing protocols cannot
differentiate a broadcast on the all-ones subnet from an all-subnets
broadcast address. For example, the all-ones subnet in
Figure 1-7
would be 172.21.255.0. For that subnet, the all-hosts broadcast address
would be 172.21.255.255, but that is also the broadcast for all hosts
on all subnets of major network 172.21.0.0. Again, the two addresses
cannot be distinguished without further information.
RIP version 1 and IGRP are both classful routing protocols;
Chapter 7, "Enhanced Interior Gateway Routing Protocol (EIGRP)," introduces
classless routing protocols, which can indeed use the all-zeros and all-ones subnets.
The second caution has to do with the verbal
description of subnets and their masks. Subnetting the third octet of a
Class B address, as is done is
Figure 1-7,
is very common; also common is hearing people describe such a subnet
design as "using a Class C mask with a Class B address," or "subnetting a
Class B address into a Class C." Both descriptions are wrong! Such
descriptions frequently lead to misunderstandings about the subnet
design or to a poor understanding of subnetting itself. The proper way
to describe the subnetting scheme of
Figure 1-6 is either as "a Class B address with 8 bits of subnetting," or as "a Class B address with a 24-bit mask."
The subnet mask might be represented in any of the following three formats:
Dotted decimal: 255.255.255.0
Bitcount: 172.21.0.0/24
Hexadecimal: 0xFFFFFF00
Dotted decimal is commonly used in software that has
been around for a while, although the bitcount format is becoming
increasingly preferred. Compared to dotted decimal, the bitcount format
is easier to write. (The address is followed by a forward slash and the
number of bits that are masked for the network part.) In addition, the
bitcount format is more descriptive of what the mask is really doing and
therefore avoids the type of semantic misunderstandings described in
the previous paragraph. Some UNIX systems use the hexadecimal format.
Although the address mask must be specified to Cisco
routers in dotted decimal, using the command shown previously, the mask
might be displayed by various show commands in any of the three formats by using the command ip netmask-format [decimal| hexadecimal| bit-count] in line configuration mode. For example, to configure a router to display its masks in bitcount format, use
Gladys(config)# line vty 0 4
Gladys(config-line)# ip netmask-format bit-count
Designing Subnets
As established in the previous section, subnet bits
cannot be all zeros or all ones in classful environments. Likewise, an
IPv4 host address cannot have all its host bits set to zerothis setting
is reserved for the address that routers use to represent the network or
subnet itself. And the host bits cannot be set to all ones, as this
setting is the broadcast address. These restrictions apply to the host
bits with no exceptions and are starting points for designing subnets.
Beyond these starting points, network designers need to choose the most
appropriate subnetting scheme in terms of matching the address space to
the particulars of a network.
When designing subnets and their masks, the number of
available subnets under a major network address and the number of
available hosts on each subnet are both calculated with
the same formula: 2
n 2, where
n
is the number of bits in the subnet or host space and 2 is subtracted
to account for the unavailable all-zeros and all-ones addresses. For
example, given a Class A address of 10.0.0.0, a subnet mask of
10.0.0.0/16 (255.255.0.0) means that the 8-bit subnet space will yield 2
8 2 = 254 available subnets and 2
16
2 = 65,534 host addresses available on each of those subnets. On the
other hand, a mask of 10.0.0.0/24 (255.255.255.0) means that a 16-bit
subnet space is yielding 65,534 subnets and an 8-bit host space is
yielding 254 host addresses for each subnet.
The following steps are used to subnet an IPv4 address:
Step 1.
|
Determine how many subnets are required and how many hosts per subnet are required.
|
Step 2.
|
Use the 2n
2 formula to determine the number of subnet bits and the number of
host bits that will satisfy the requirements established in Step 1. If
multiple subnet masks can satisfy the requirements, choose the one that
will best scale to future needs. For example, if the network is most
likely to grow by adding subnets, choose more subnet bits; if the
network is most likely to grow by adding hosts to existing subnets,
choose more host bits. Avoid choosing a scheme in which either all
subnets or all host addresses within the subnets will be used up
immediately, leaving no room for future growth.
|
Step 3.
|
Working
in binary, determine all available bit combinations in the subnet
space; in each instance, set all the host bits to zero. Convert the
resulting subnet addresses to dotted decimal. These are the subnet
addresses.
|
Step 4.
|
For
each subnet address, again working in binary, write all possible bit
combinations for the host space without changing the subnet bits.
Convert the results to dotted decimal; these are the host addresses
available for each subnet.
|
The importance of doing the last two steps in binary
cannot be overemphasized. The single greatest source of mistakes when
working with subnets is trying to work with them in dotted decimal without understanding what is happening at the binary level.
Again, dotted decimal is for convenience in reading and writing IPv4
addresses. Routers and hosts see the addresses as 32-bit binary strings;
to successfully work with these addresses, they must be seen the way
the routers and hosts see them.
The previous paragraph might seem a bit overzealous
in light of the examples given so far; the patterns of subnet and host
addresses have been quite apparent without having to see the addresses
and masks in binary. The next section uses the four design steps to
derive a subnet design in which the dotted-decimal representations are
not so obvious.
Breaking the Octet Boundary
In the examples given so far, the subnet spaces have
fallen on octet boundaries. This arrangement is not always the most
practical or efficient choice. What if, for instance, you
need
to subnet a Class B address across 500 data links, each with a maximum
of 100 hosts? This requirement is easily met, but only by using nine
bits in the subnet field: 2
9 2 = 510 available subnets, leaving seven bits for the host field, and 2
7 2 = 126 available hosts per subnet. No other bit combination will satisfy this requirement.
Notice, also, that there is no way to subnet a class C
address on an octet boundarydoing so would use up all of the last byte,
leaving no room for host bits. The subnet bits and host bits must share
the last octet, as the following example shows.
Figure 1-8 shows the network of
Figure 1-7 but with a Class C address of 192.168.100.0 assigned.
There are five data links; therefore, the address
must be subnetted to provide for at least five subnet addresses. The
illustration also indicates the number of hosts (including router
interfaces) that need to be addressed on each subnet. The maximum host
address requirement is 25 for the two Ethernets. Therefore, the full
subnetting requirements are at least five subnets and at least 25 host
addresses per subnet.
Applying the 2n 2 formula, three subnet bits and five host bits will satisfy the requirements: 23 2 = 6 and 25 2 = 30. A Class C mask with three bits of subnetting is represented as 255.255.255.224 in dotted decimal.
Figure 1-9
shows the derivation of the subnet bits. The subnet mask derived in
Step 2 is written in binary, and the IP address is written below it.
Vertical lines are drawn as markers for the subnet space, and within
this space all possible bit combinations are written by counting up from
zero in binary.
In
Figure 1-10,
the unchanged network bits are filled in to the left of the subnet
space and the host bits, which are all zeros in the subnet addresses,
are filled in to the right of the subnet space. The results are
converted to dotted decimal, and these are the six subnet addresses
(remembering that the first and last addresses, which have 000 and 111
in the subnet space, cannot be used).
The last step is to calculate the host addresses
available to each subnet. This step is done by choosing a subnet and,
keeping the network and subnet bits unchanged, writing all bit
combinations in the host space by counting up from zero in binary.
Figure 1-11 shows this step for subnet 192.168.100.32.
Notice the patterns in the results: The first
address, in which the host bits are all zero, is the subnet address. The
last address, in which the host bits are all one, is the broadcast
address for subnet 192.168.100.32. The host addresses count up from the
subnet address to the broadcast address, and if the sequence were to
continue, the next address would be the second subnet, 192.168.100.64.
The importance of understanding subnetting at the
binary level should now be clear. Presented with an address such as
192.168.100.160, you cannot be sure whether it is a host address, a
subnet address, or a broadcast address. Even when the subnet mask is
known, things are not always readily apparent.
Readers
are encouraged to calculate all host addresses for all the remaining
subnets in the example and to observe the patterns that result in the
addresses. Understanding these patterns will help in situations such as
the one presented in the next section.
Troubleshooting a Subnet Mask
The necessity frequently arises to "dissect" a given
host address and mask, usually to identify the subnet to which it
belongs. For instance, if an address is to be configured on an
interface, a good practice is to first verify that the address is valid
for the subnet to which the subnet is connected.
Use the following steps to reverse-engineer an IP address:
Step 1.
|
Write the given subnet mask in binary.
|
Step 2.
|
Write the IPv4 host address in binary.
|
Step 3.
|
Knowing
the class of the host address, the subnet bits of the mask should be
apparent. Using the mask bits as a guide, draw a line between the last
network bit and the first subnet bit of the address. Draw another line
between the last subnet bit and the first host bit.
|
Step 4.
|
Write
the network and subnet bits of the address, setting all host bits to
zero. The result is the address of the subnet to which the host address
belongs.
|
Step 5.
|
Again
write the network and subnet bits of the address, this time setting all
host bits to one. The result is the broadcast address of the subnet.
|
Step 6.
|
Knowing
that the subnet address is the first address in the sequence and that
the broadcast address is the last address in the sequence, you also know
that all addresses between these two are valid host addresses.
|
Figure 1-12 shows these steps applied to 172.30.0.141/25.
The address is a Class B, so it is known that the
first 16 bits are the network bits; therefore, the last nine bits of the
25-bit mask mark the subnet space. The subnet address is found to be
172.30.0.128, and the broadcast address is 172.30.0.255. Knowing that
the valid host addresses for the subnet are bounded by these two
addresses, it is determined that the host addresses for subnet
172.30.0.128 are 172.30.0.129 through 172.30.0.254.
Several things about this example tend to bother
folks who are new to subnetting. Some are bothered by the third octet of
the address, which is all zeros. Some are bothered by the single subnet
bit in the last octet. Some think that the broadcast address looks
suspiciously invalid. All of these uneasy feelings arise from reading
the addresses in dotted decimal. When the addresses and the mask are
seen in binary, these suspicions are assuaged and everything is seen to
be legitimate; the mask sets a nine-bit subnet spaceall of the third
octet, and the first bit of the fourth octet. The moral of the story is
that if everything is known to be correct in binary, don't worry if the
dotted-decimal representation looks funny.