Saturday, October 3, 2009

TCP/IP Addressing Fundamentals

Today I'll cover the following:

1. How does the OSI Model and TCP/IP relate?
2. Understanding the two address concepts
3. IP address format
4. Default IP Address classes
5. Public vs Private addresses

Let us begin with the model of TCP/IP...its most commonly referred to the 'Department of Defense model'.....If you find out why that is, please let me know....

The first three layers of the OSI model that we discussed earlier map to the application layer in the TCP/IP model. As for the the other layers, they are fairly straightforward in their conversion.....see the image below.


Actually back in the day, the OSI model used to compete with the TCP/IP model...but the TCP/IP model won out in the end in terms of usage; however the OSI model is what is still used to describe network communication.

Let's move into to some more TCP/IP details....

First thing to remember is that TCP/IP is not just one protocol...its a team!

Take a car manufacturer for example. There are plants that make the parts, there are assembly lines, there are delivery trucks, there are sales lots and then there are maintenance shops....its a giant team!

Just like that TCP/IP is a suite of protocols....see below:

We have application layer protocols such as Telnet, FTP, SMTP and then we have transport layer protocols such as TCP and UDP.

However today we will focus on the IP part of TCP/IP....that's our main goal for today.

Lets begin by trying to understand what an IP address consists of:

I'm sure you know by now, but each IP address consists of 4 numbers. Each number can range from 0-255. Some people call each of these 4 numbers an octet....so hence there are 4 octets in an IP address.

This gives us many possible combinations for IP addresses but we are still running low in the world today!! That's the reason for IPv6....but that's much later on.

In any event, an IP address is always combined with a subnet mask and typically a default gateway. We'll come back later to the default gateway which is labeled as 'gw' in the image above.

Now the subnet mask represents which portions of the IP address represent the 'network' and which represent the 'host'. Are you confused yet?

A good way to understand the subnet mask is to tell yourself that whenever you see 255 anywhere in the subnet mask, that represents the network and wherever you see a 0 in the subnet mask, that represents the host.

Simple isn't it?

In the example above, the network at the bottom has two machines on its local network. You'll see that their first 3 octets are the same....172.30.5.x. This means they are on the same network.

The benefit for this is that its much easier for them to speak as they are right next door to each other! There is no router needed for them to speak. Think of it as your family members in your home....you can just yell out loud and your sibling in the room over can hear you.

Now as mentioned earlier, the last octet will determine which part of your IP address is the host. In our example in the image above we have two hosts: 82 and 83.

How is any of this helpful? Why do I need to know this?

Well the goal is to try to break up your network into smaller networks as networks get larger and larger. This is because a large network will eventually reach a point where if you have too many members connected, there will be too much chatter and no one would be able to communicate.

If you grew up in a house with lots of family members, I'm sure you'll understand. When you have 10 or so brothers or sisters and everyone is yelling at once in the house, it makes it hard for anyone to understand anything.

This touches on the concept of the broadcast domain which we will come across later.

Now let us re-emphasize the usefulness of the two address concept; that is the IP address and the Ethernet MAC address....let's work on a little story together.

Here is how the story goes....I'll show an image towards the end of the story to visualize everything a bit.

  • We are giong to be using a subnet mask of 255.255.255.0 for all the networks in our story. Yes we are going to have multiple networks, but don't be scared!
  • This will mean that the first 3 octets will represent the network and the last octet will represent the host on that network You'll notice in the image below that we have a different network across each router. That's because (you guessed it) routers are a layer 3 device which represent different networks.
  • In the story we are telling, we have a Cisco router in our home which has the IP address of 10.1.1.1.
  • You want to share a file from 10.1.1.10 to 10.1.1.11. Let us assume you want to share a file called file.zip
  • So the local machine you're on asks itself: "Is the machine I want to send the file to on the same network as me??"....and indeed since the first 3 octets match on 10.1.1.10 and 10.1.1.11, the two machines are indeed on the same network.
  • Now what? What do we do now? Take a breather for now.....
  • Well we found out that guy we want to send the file to is really just our neighbor. So what would you do in real life if you wanted to tell your neighbor something? How would you tell your sibling in your house something? That's right....you'd yell out loud! That yelling protocol is known as ARP or the Address Resolution Protocol.
  • Now how does ARP work? Well ask yourself how yelling works. When you yell out loud, no one else can talk while you're yelling....and your loud voice can (usually) reach everyone.
  • What happens next? We'll since your yelling out loud and looking for host 11....(think of calling out your brother's name in the house because you're looking for him).....host 11 will eventually hear your yell and will respond back by saying "Ooo that's me!" and it will respond to you by giving you its MAC address.
  • Now we have a direct line to host 11. So so so cooooool...........
  • It may seem kind of odd.....why do we need to do this? We have the IP of the destination, so why do we go through this yelling business to find the MAC address? Well its because computers can't speak using IP, they can only speak using a MAC address.....that is layer 2 addresses.
  • Now obviously there is a source and destination IP address in the packet, but layer 2 is where the transfer of information actually occurs.
  • Layer 2 will then use layer 1 to psychically carry of your file.zip to your destination.

Now lets move onto a different story, this time we'll generate a bit of a twist....

What if you need to speak to a host on a different network? Let's say your on 10.1.1.10 and you want to speak to your file server located on another network at 10.5.5.100? Just as before you want to send file.zip over.....Here is what happens:
  • Your local machine will say: "Hey I want to copy a file over to 10.5.5.100"
  • Just as before your local machine will check to see if the destination is on the same network as itself. It will be sad to find out that 10.5.5.x does not match 10.1.1.x.....what now?
  • We can't yell anymore......meaning we can't use the ARP protocol from earlier. Remember that only worked if the destination was on your local network, which its not in this case.
  • What happened if you tried to yell? Well in simple terms, the router would just prevent your voice from reaching any other network...that's the router's main job. It's go to prevent the broadcast domain from stretching from one network to another. Hence the wisdom of using routers to reduce your network....so that the yelling domain (broadcast domain) can be reduced.
  • Now since you can't yell past the router, we simply have be to be nice and hand off our request to the router (our default gateway). He is the main man who can propagate our yelling request to the outside world in a nice manner.
  • Our default gateway (router) is located at 10.1.1.1. This is the 'default' place to go if you don't know how to find the MAC address of your destination. How does our local machine know what the default gateway's IP address is beforehand? Simple, its configured!
  • As we said before all network devices must have a MAC address, so even our router has a MAC address. Now we can use the yelling process (ARP request) to find out the MAC address of our router. This is just like the process we used to find the MAC address of the destination in our previous story when it existed our same network.
  • The router will respond back and say: "Hey that's me! Here is my MAC address. You can forward all your traffic for different networks through me!!!"
  • So how will our packet look like now? The source IP will be 10.1.1.10 and the destination IP will be 10.5.5.100. What will our MAC addresses be? The source MAC address will be our local burned MAC address and the destination MAC address will be the router's MAC address.
  • So now as the packet is sent out to router. The router will then open up the packet to inspect it and it will see "Hey this MAC address is for me, that's so cool, I feel so flattered". However this flattery will not last long when the router sees that the destination IP address is not the IP address for the router. Remember the IP address for the router is different then the destination IP address mentioned in the packet.
  • The router then says "Awww shucks, he's just using me to try to reach someone else. It's okay though I'll help him out. Lots of people use me to reach someone else"
  • Next, the router will say "I want to help this brother out, but I am not plugged into the 10.5.5.x network. I'm only plugged into the 10.1.1.x network and the 10.2.2.x network. However I have a plan...."
  • You may ask what secret plan does the router have....let's read on....
  • The router says "Well I want to help this guy out, and though I can't directly reach this network, I have a buddy of mine who told me he can reach this network. Therefore I'll forward this packet to him. He's over at 10.2.2.2"
  • Before the router sends the packet over to 10.2.2.2, he will strip off the layer 2 source and destination MAC addresses and replace them with different MAC addresses.
  • The source MAC address will be of the interface located at 10.2.2.1 and the destination MAC address will be of the interface located at 10.2.2.2.
  • This process will repeat itself until you reach the network of where your destination IP address resides. At this point the source MAC address will be from the router interface that plugs into the destination's network and the destination MAC address will be your destination's physical MAC address.
Here is a image with the some garbled details from the story I was referring to:


-----

Story time is over for now...lets move into some IP addressing basics.

There are three different default address classes:

Class A:
- First octet of IP address is 1-126
- Example is 10.5.1.1
- Has subnet mask 255.0.0.0
- Leads to 16,777,214 hosts on your network (not a good idea...Cisco recommends not to exceed 500 hosts per network because then the broadcast chatter reaches too high)

Class B:
- First octet of IP address is 128-191
- Example is 150.51.233.1
- Has the subnet mask 255.255.0.0
- Leads to around 65,536 hosts per network...still high

Class C:
- First octet of ip address is 192-223
- Example is 220.1.50.63
- Has the subnet mask 255.255.255.0
- Gives you aruond 254 hosts per network
- Most common type

If you look at an IP address you can tell what class your IP address is by default....just run ipconfig (in Windows) and look at the first octet:


Here we have a Class B address followed by a couple of Class C addresses. The 172 in the first one makes it a Class B address and the 192 in the subsequent addresses make them Class C addresses.

If you can, try to memorize the octet ranges, its very helpful later on.

-----

Its been a long post so let's move into the last thing for today.

Public vs Private addresses:


Public addresses are usable on the internet as they allow the world to be able to see you. How do you get one? Typically they are acquired from a service provider (Spring, AT&T, etc...)

Service providers typically buy blocks of IP addresses from the government.

Private addresses are usable only on internal networks. Their ranges are shown above.

If you are in an organization, 99% of the time you will be assigned a private address.

This begs the question, if everyone has a private address, how does anyone at work surf the web? Believe me, people have to surf the web at work....how will we make it through otherwise?

This is where a concept called NAT comes into the picture. It allows several people to 'share' a public IP address.

The most obvious example is your home. Think of the small Linksys or Dlink box you have that connects your house to your high speed connection.

All the devices in your house use a private IP address (usually along the lines of 192.168.1.x). However when you send traffic out of your house, the router will auto-magically hide your private IP address and make it seem as though you are communicating using your public IP address.

Up to several thousand people can shared a single public IP address....

Last few notes here from the image above:

The Loop back range is used for testing and its range is 127.x.x.x.....don't worry about this for now.

The Auto-configuration range is 169.254.x.x....don't worry about this for now either....it's just a call for help so that the machine using this address can be assigned an IP address....

That's all for now, and I apologize for the long posts. However there is always detail involved so I am trying my best to make it fun!

Tune in next time.....
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Followers