image
IPv4 - In-depth Inspection
IPv4 - In-depth Inspection
Difficulty
Advanced
Duration
34m
Students
1458
Ratings
4.7/5
Description

We dive into the internals of IPv4, describing in detail the individual parts that make up the IPv4 framework. We will take an in-depth look at the following components of IPv4: Addressing Notation, Classful Addressing, Classless Inter-Domain Routing, Reserved Addresses, Subnetting, Addressing Modes (Unicast, Broadcast, and Multicast), and Route Summarisation. Additionally, we present IPv4 subnetting formulas and perform several sample subnetting calculations.

Transcript

Let's now start with the IPv4 protocol. In the TCP/IP model, IPv4 is used to provide logical addressing at layer two, the internet layer. As hinted, a major function of the IPv4 protocol is to provide an addressing scheme to identify hosts on a network. The internet to date has used IPv4 predominantly to route IP packets across its networks. IPv4 was standardized in the early '80s with the designers settling on a 32-bit-based binary addressing scheme, which provides two to the power of 32 unique IP addresses. or approximately 4.3 billion individual addresses. At the time, this number was considered future-proofed with the designers not foreseeing the explosive growth of addressable devices connected to the internet. The successor to the IPv4 protocol is the IPv6 protocol. We'll discuss IPv6 in detail in its own course, but for now let's maintain our focus on IPv4. 

An IPv4 address is composed of 32 binary bits grouped into 4 octets. Octets are separated by dots. Each individual octet is itself composed of eight binary bits. Each octet, when rendered in decimal format, aids in user comprehension. With this in mind, IP addresses in written form are often referred to as being expressed in dotted decimal format. 2 to the power of 32 gives us a total of 4,294,967,296 possible unique IP addresses. The value in each octet ranges 0 0 0 0 0 0 0 0 to 1 1 1 1 1 1 1 1 in binary form, or zero to 255 in decimal form. Examples of an IP address stated in dotted decimal format are 192.168.10.1 127.0.0.1 8.8.8.8 255.255.255.255 0.0.0.0 

Let's now deconstruct the structure and makeup of an individual IPv4 address, starting with its form in dotted decimal format. An IPv4 address in dotted decimal format is constructed using binary arithmetic. In binary arithmetic, each bit within a group represents a power of two, specifically the first bit in a group represents two to the power of zero. The second bit represents two to the power of one. The third bit represents two to the power of two, and so on. Binary format is simple, because each successive bit in a group is exactly twice the value of the previous bit. 

In this, our example on the slide, we convert our IP address 172.16.254.1 into its equivalent binary form. Starting with the leftmost octet, 172 converts to its binary value of 1 0 1 0 1 1 0 0. Likewise, the next octet, 16, converts to its binary value of 0 0 0 1 0 0 0 0. Again, the next octet, 254, converts to its binary value of 1 1 1 1 1 1 1 0. Finishing with the final octet, 1 converts to its binary value of 0 0 0 0 0 0 0 1. The composition of an IPv4 address is made up of two parts: the network part and the host part. The network part identifies the network that the host part belongs to, while the host part identifies the actual connected device. With this in mind, the original IPv4 design set aside just the leftmost octet as the network identifier, meaning that there were a maximum of 254 possible networks. It became clear early on that this would not scale. 

As a consequence, the Internet Protocol Specification evolved by next introducing the concept of address classes or a Classful System, which has itself been made obsolete in favor of the current Classless Inter-Domain Routing system, pronounced CIDR in short form. Although the IPv4 Classful system is now obsolete as mentioned earlier, replaced in favor of Classless Inter-Domain Routing, we'll review them briefly to provide some background as to how and why we got to CIDR. The Classful system introduced five different classes, named A through E, by utilizing the first four most significant bits of an IP address. 

The five different classes each differentiated where the network portion of an IP address ended and the host part started. This was done as a way to distribute the IP address space as best as possible at the time, but for which has now been significantly improved on with the current CIDR system. Of the five classes created, only classes A, B, and C were only ever used in practice. As you can see, the following network and host capacities existed for each of the address classes. Class A could be divided into a maximum of 126 networks with a maximum of 16,777,214 hosts per network. Class B could be divided into a maximum of 16,384 networks with a maximum of 65,534 hosts per network. Class C could be divided into a maximum of 2,097,152 networks with a maximum of 254 hosts per network. 

We'll now review the particulars of each of the five classes. Class A addresses are classified by the leading most bit in pattern zero, that is if the first bit of an IPv4 address is 0, then the address is determined to be that of a Class A address. Class A addresses use eight bits for the network segment and range from 0.0.0.0 to 127.255.255.255. Class A IPv4 addresses are used for very large networks. Class B addresses are classified by the leading most bit pattern one zero. That is, if the first four bits of an IPv4 address are of the sequence 1 0, then the address is determined to be that of a Class B address. Class B addresses use 16 bits for the network segment and range from 128.0.0.0 to 191.255.255.255. Class B IPv4 addresses are used for medium-sized networks. 

Class C addresses are classified by the leading most bit pattern 1 1 0; that is, if the first bits of an IPv4 address were 1 1 0, then the address is determined to be that of a Class C address. Class C addresses use 24 bits for the network segment and range from 192.0.0.0 to 223.255.255.255. Class C IPv4 addresses are used for smaller sized networks. Class D addresses are reserved for IP multicast addresses. The four high order bits in a Class D address are always set to binary 1 1 1 0. Class E is an experimental address that is reserved for future use. The high order bits in a Class E address are set to 1 1 1 1. 

As earlier mentioned, the Classful system was deprecated in the early 1990s in favor of the Classless Inter-Domain Routing scheme. The CIDR scheme introduced in 1993 provided significant advantages over the Classful scheme, addressing shortcomings such as the inefficient treatment and delegation of the IP address space. The Classful system was too coarse in the way that it was used to distribute our IP addresses. Large contiguous blocks of IPs were going to waste. The global routing tables were running out of room. As the number of networks on the internet increased, so did the number of routes. The Classful system did not provide reasonable methods to perform route summarization, of which CIDR could. 

For example, suppose we required a network with 4096 hosts. We would either have needed to apply for 16 Class C addresses, which would be bad for the global routing table because each of them would need to have a separate individual route entry, or alternatively we would need to acquire one Class B block, which would involve wasting a huge amount of addresses, but at least only require one individual route entry in the global routing table. Both problems were solved by the introduction of CIDR. Firstly, CIDR removed the constraint whereby the address itself would dictate the mask. When you look at it closely, the Classful addressing system only supported three masks for unicast, /8, /16, and /24. CIDR, on the other hand, allows the masks to be any value from /0 to /32. Basically CIDR provides a far more granular approach to the distribution of IP addresses and therefore is far more efficient. Secondly, CIDR provides a method to perform route summarization. Far fewer routing entries were required in the internet global routing tables, freeing up space and allowing it to continue to scale and support many more networks. 

We'll go over route summarization in more detail towards the end of this course. The IPv4 specification reserves several IP ranges, reserved for various networking features. Let's cover the commonly used reserved blocks. 127.0.0.0/8, reserved for hosts to test networking against itself, often expressed by using the first address in this range, 127.0.0.1. 169.254.0.0/16, reserved for Link Local addresses between two hosts on a single link. 224.0.0.0/4, reserved for network multicast messages. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, RFC 1918 reserved for local private communications within a private network. 

We'll next review the importance of the last three network ranges as they collectively make up the so-called private IPv4 address space covered by the RFC 1918 specification. Private IP addresses, or RFC 1918, were defined in an effort to prevent the depletion of the IPv4 address space, a possibility given the unforeseen exponential growth of the internet. RFC 1918 allocates the following three network ranges, which collectively are considered private and therefore cannot be routed over the internet. The RFC 1918 IPv4 address base is often used in conjunction with Network Address Translation technology, to allow devices on private networks to communicate out over the internet. NAT translates a private IP address used within the private network to a public address as used out on the Internet, and vice versa in the reverse direction. 

We'll now go over the concept of subnetting. Subnetting plays an important role in making IPv4 networks functional and maintainable. Subnetting is the strategy used to split a single network into many smaller subnets. As previously mentioned, an IP address is composed of a network part and a host part. Subnets are designed by borrowing bits from the host part and using these bits to create a number of smaller sub networks inside the original network. Subnetting networks provide several advantages, such as improvements to overall network performance and speed, reduction of network congestion, and increased network security, for example, by isolating departmental traffic. 

This slide provides a quick overview of the subnet mask in decimal, CIDR, and binary forms. Keep in mind the Class A, B, and C boundaries, or /8, /16, and /24. /8 represents the contiguous masking of the leftmost octet only, also represented as 255.0.0.0 in decimal form. /16 represents the contiguous masking of the leftmost two octets only, also represented as 255.255.0.0 in decimal form. /24 represents the contiguous masking of the leftmost three octets only, also represented as 255.255.255.0 in decimal form. 

Considering the important role that subnetting plays in managing IPv4 networks, we'll spend the next few slides detailing the internals of subnetting, providing formulas, tips, and tricks to help you with understanding and applying subnetting. To begin with, we'll state a number of important rules. Rule 1, the First Octet rule, determines the class and the default network mask of an IP address. The table on this slide shows the three byte ranges, Class A, B, and C, with their respective default net masks of /8, /16, and /24. Rule 2 is used to calculate the total number of possible subnets. This rule stipulates that the total number of possible subnets is equal to two to the power of s, where s is the number of bits borrowed from the host part to make up the subnet mask. Rule 3 is used to calculate the total number of possible hosts per subnet. This rule stipulates that the total number of possible hosts is equal to two to the power of H, where H is the number of unmasked host bits. The calculation is completed by subtracting two from the result, one each for the subnet and broadcast reserved addresses. 

Rule 4 is used to identify the subnet and broadcast addresses. Basically, the first and last addresses in any subnet are reserved for the subnet and broadcast addresses. Subnet address: When all host bits of a given IP address are zeroed out, then this IP address represents the network or subnet address. Note, this is a reserved address that cannot be allocated to a host. Broadcast address: When all host bits of a given IP address are all set to one, then this IP address represents the broadcast address. Note, this is a reserved address, and cannot be allocated to a host. With our subnetting rules set in place, let's apply them to a few subnetting examples. In our first example, we have the prefix 192.168.5.0/27. How many subnets and hosts per subnet are possible? In the next slide, we'll guide you through to the answer, but for now, pause the video and give it a go yourself using the rules that we previously stipulated. 

So let's walk through the process of calculating both the number of subnets and hosts per subnet, using the rules we covered off earlier. In this slide, we represent the address in decimal and binary form, highlighting important demarcation points. Firstly, we note by Rule 1, the First Octet rule, that the address is Class C and as such, has a 24 bit default network mask, color coded in blue. Next we borrow an extra 3 bits from the host part, colored in red, leaving us with a total of 5 bits for the host part, color coded in green. We now apply Rule 2 to calculate the total number of subnets. This rule stipulates that the total number of possible subnets is equal to two to the power of s, where s is number of bits borrowed from the host part to make the subnet mask. 

In this example we have borrowed three bits from the host part, therefore our answer is two to the power of three, which equals a total of eight subnets. Next, apply Rule 3 to calculate the total number of hosts per subnet. This rule stipulates that the total number of possible hosts is equal to two to the power of H, where H is the number of unmasked host bits, finally subtracting two for the reserved addresses. In this example, we have five host bits left over. Therefore, our answer is two to the power of five equals 32. Subtracting two from 32 leaves us with our answer, which is 30 hosts per subnet. 

Let's repeat this exercise with a second example. In this example, we have the prefix 10.10.0.0/17. How many subnets and hosts per subnet are possible? In the next slide, we'll guide you through to the answer but for now, pause the video and give it a go, using the rules that we previously stipulated. Firstly, we note by Rule 1, the First Octet rule, that the address is a Class A, and as such, has an 8-bit default network mask, color coded in blue. Next, we borrow an extra nine bits from the host part, color coded in red, leaving us with a total of fifteen bits for the host part, color coded in green. We now apply Rule 2 to calculate the total number of subnets. In this example, we have borrowed nine bits from the host part, therefore, our answer is two to the power of nine, which equals a total of 512 subnets. Next, apply Rule 3 to calculate the total number of hosts per subnet. In this example, we have 15 host bits left over, therefore our answer is two to the power of 15, equaling 32,768. Subtracting two from the 32,768 leaves us with our answer, which is 32,766 hosts per subnet. 

Next, we'll move on to discussing how we convert subnet masks from binary to decimal, and vice-versa. Recall from our earlier discussions that we have eight binary bits per octet. The table on this slide shows how the subnet masks are calculated, using the base-2 values from left to right. For example, suppose we have a /27 subnet net mask. We first factor out as many 8-bit blocks. In our case, we have three, leaving us with three bits left over, therefore our subnet net mask in decimal form would be 255.255.255.224. Repeating this again, let's start with a /20 subnet net mask. We again start off with factoring out as many 8-bit blocks. 

In this case we have two, leaving us with four bits left over. Therefore, our subnet net mask in decimal form would be 255.255.240.0. Spend some time getting familiar with the binary and decimal values presented in this slide. The conversion process becomes trivial the more time and practice you spend doing it. A quick tip to remember is this. The value 240 equals the first four leftmost decimal values, and from this, you can calibrate your binary summing calculations, left and right. For example, if you need to calculate the value for just the three leftmost bits, then this will equal 240 minus 16 equaling 224, or in the opposite direction, say you needed to calculate the value for the six leftmost bits, then this will equal 240 plus eight plus four, equalling 252. 

In this example, we start with the prefix 192.168.100.0/24, and we want to determine the length of the subnet mask, allowing up to 12 subnets. In the next slide, we'll walk you through how to derive the answer but for now, pause the video and give it a go, using the rules and tables that we previously stipulated. The address belongs to the class C and uses its default network mask. That leaves us with eight bits to play with, the last byte. Before we change anything, our address and network mask, when converted into binary notation, looks like that as shown. In order to create twelve subnets, we must extend the existing length of the network mask by four bits, which provides us up to 16 subnets. 

If we try to extend it by 3 bits only, the maximum subnets allowed would only be 8 subnets, therefore we need to borrow at least 4 bits and as such the result is 192.168.100.0/28, or 255.255.255.240. Let's now try something that appears, on the surface, to be tricky, but if we apply our subnetting rules, we can break the question down into a set of simple steps. So let's now propose the next question. If we start with the following host address of 192.168.10.133/28, what are the subnet and broadcast addresses? 

In the next slide, we'll walk you through the steps required to derive the answer, but for now, pause the video and give it a go, using everything we know so far about subnetting. Okay, so in order to determine the subnet and broadcast addresses of the subnet for the host 192.168.10.133/28, we first need to examine the length of its default network mask. Since we're dealing with a /28, we can factor out three octets, or three times eight bits, with four bits left over. This tells us that the last byte of the address has borrowed four bits from the host part, leaving us four host bits. We've now positioned ourselves ready to refer back to Rule 4, knowing how to identify and work with subnet and broadcast addresses. Let's convert the last octet, 133, into binary form. To do so, we use a method known as descending powers of two and subtraction. Let's perform this now in the next slide. 

First, let's lay down our powers of two table for eight bits. We then start off by finding the largest power of two number that fits into 133. 128 is the greatest power of two that goes into 133, so we mark a one beneath the number 128. We repeat the same process with the remainder, that is 133 minus 128 equals five. Four is the greatest power of two that goes into five, so we mark a one beneath the number four. We repeat the same process with the remainder, that is five minus four equals one, and so on, until we've reached the end of the number. Remember to mark a one beneath each number that goes into your new number and zero beneath those that don't. So, as you can see, the final binary form for the decimal 133 is 1 0 0 0 0 1 0 1. Now we're ready to apply Rule 4, that is identifying and determining the subnet and broadcast addresses. 

First up, let's determine the subnet address. As per Rule 4, the subnet address has all of its host bits zeroed out. Recall that we determined we have borrowed four bits, leaving the last four bits for the host part. So taking our binary form of 133, 1 0 0 0 0 1 0 1, and zeroing out the last four bits gives us a result of 1 0 0 0 0 0 0 0, which in turn converts back to a decimal value, 128. Therefore the full subnet address for the host 192.168.10.133/28 is 192.168.10.128. Next, let's attack the broadcast address. Again, we refer back to Rule 4. In this case, the broadcast address has its host bits all set to one. So, taking our binary form of 133, 1 0 0 0 0 1 0 1, and converting each of the last four bits to one, gives us a result of 1 0 0 0 1 1 1 1, which in turn converts back to the decimal value 143. 

Therefore, the full broadcast address for the host 192.168.10.133/28 is 192.168.10.143. So hopefully, in walking through these few subnetting exercises, we provided you with a solid understanding into the internals and mechanics of subnetting. Once you familiarize yourself with the base-2 number system and its application as used within subnetting, you'll quickly realize that subnetting is actually quite simple. Next, we discuss different IPv4 transmission modes. 

We have three different modes available for message transmission. One, unicast, two, broadcast, three, multicast. First up is unicast. Unicast is considered to be a one-to-one association where a sender generates traffic which is directed at a single network host. All other network hosts will ignore unicast traffic not directing explicitly to themselves. In this example. the IP source address equals to 192.168.1.1 and the IP destination address equals 192.168.1.2. Next up is broadcast. Broadcast is considered to be a one-to-many association where a sender generates traffic with the intent of it being heard by all hosts on a particular network segment. ARP requests are a good example of broadcast traffic. The destination address field contains a special broadcast address, 255.255.255.255. When a host sees this packet on a network, it's bound to process it. 

In this example, the IP source address equals 192.168.1.1, and the IP destination address equals 192.168.1.255. Last is multicast. Multicast is considered to be a one-or-many-to-many association. This mode is a mixture of the previous two methods, i.e., the packet sent is neither destined to a single host nor all the hosts on the segment. In this packet, the destination address contains a special address which starts with 224.X.X.X, and can be entertained by more than one host. 

In this example, the IP source address equals 192.168.1.1, and the IP destination address equals 224.10.10.10. Our final IPv4 topic we'll cover is route summarization. Root summation, also known as route aggregation, is the process by which several routes are replaced with a single route advertisement, using a smaller CIDR subnet mask. The diagram as presented here displays a local area network composed of four smaller departmental networks, 192.168.100.0/24, 192.168.101.0/24, 192.168.102.0/24, and 192.168.103.0/24. Each of these departmental networks are connected directly to Router R1. Router R1 advertises a single summarized route of 192.168.100.0/22 to Router R2. Route summation provides the following benefits. Reduces the number of IP addresses or routing entries required within a router's routing table. Reduces routing administration and simplifies routing configuration. 

We'll now walk you through the process of creating route summaries. In this example, we'll first examine the routes in binary form. We do this to provide a thorough understanding as to how route summarization works under the covers. First of all, let's start with our four individual networks. Route one, 192.168.100.128/27. Route two, 192.168.100.160/27. Route three, 192.168.100.192/27. And route four, 192.168.100.224/27. Looking at them, we can immediately see that all routes have the same first three octets, 192.168.100, so we can start our route summary mask with an eight plus eight plus eight equaling /24. We now apply our focus on the last differing octet of each route by converting the decimal into its equivalent binary form. Examining the binary forms, we start from the leftmost bit. We see that the leftmost bit is where the commonality starts and ends, therefore we can complete our summary mask calculation as eight plus eight plus eight plus one, equaling a /25 summary mask, or 255.255.255.128 in dotted decimal form.

About the Author
Students
143914
Labs
71
Courses
109
Learning Paths
209

Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.

Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).