Internet Protocol Suite
Internet Protocol (IP)
To be ROUTABLE, a protocol must specify a NETWORK ADDRESS for each device that exists on the network. The network address usually consists of a network number and a host or workstation number.
All TCP/IP enabled devices connected to the Internet have an Internet Protocol (IP) address thathelps to uniquely identify a user of the system. The Internet Assigned Numbers Authority (IANA) is the organization responsible for assigning IP addresses to Internet Service Providers (ISPs) and deciding which ones should be used for the public Internet and which ones should be used on private networks.
IP Addresses
(IP) Version 4 addresses consist of 4 numbers valued 0-255 separated by periods; so called “dotted quad” notation. IP addresses are in reality a string of 32 binary digits or bits. For ease of use, network engineers often divide these 32 bits into four sets of 8 bits (or octets), each representing a number from 0 to 255. Each number is then separated by a period (.) to create the familiar dotted decimal notation, so-called dotted quad notation is for readability. This “dotted quad” number contains both the network and host number delineated by a subnet mask. An example of an IP address that follows these rules is 97.65.25.12.
Network numbers are specified by a “class” designated by the value of the first number in the address. The network number encompasses one or more of the octet values as indicated by the NETWORK MASK, host portion is indicated by the zero position.
Below table specifies IP network classes
Class / First Octet Value / Network Mask / # of Networks / # of HostsA / 0-127 / 255.0.0.0 / 126 / 16 million
B / 128-191 / 255.255.0.0 / 16384 / 65534
C / 192-223 / 255.255.255.0 / 2 Million / 254
D / 224-240 / 255.255.255.0 / 1 Million / 254
E / 241-255 / 255.255.255.0 / 1 Million / 254
Internet Protocol Suite
IP Address Rules
-Network addresses 0, 127 and 255 are reserved values; 0 and 255 are broadcast; 127 is for local loopback. Network addresses starting with 224 – 239 are reserved for IGMP processes.
-Host addresses 0 (or all zeros) and 255 (all 1’s) are not allowed as they are reserved for broadcast
-IP network addresses 10.0.0.0, 172.16.0.0 – 172.27.31.255, 192.168.0.0 and 169.254.0.0 are reserved for private Intranets
-All other class A-C addresses are available for use on the public Internet. Except the Private IP address range.
Only IP network classes A, B and C are of concern for host addressability. Class D and E are special purpose
network address classes.
Private IP Addresses
Some of IP addresses are reserved for use only in private networks and are not routed over the Internet. These private IP addresses and have the following ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
127.0.0.0 (Loopback)
169.254.0.0 – 169.254.255.255 (APIPA)
192.168.0.0 - 192.168.255.255
Whether or not your computer has a network interface card it will have a built-in IP address with which network-aware applications can communicate with one another. This IP address is defined as 127.0.0.1 and is frequently referred to as localhost. This concept is important to understand, and will be revisited in many later chapters. Private addresses cannot the Internet (not routed). This this problem is overcome by Network Address Translation - NAT.
Internet Protocol Suite
Subnet Masks - "Dotted Decimal" And "Slash" (CIDR) Subnet Mask Notations
Most office and home networks use networks with 255 IP addresses or less in which the subnet mask starts with the numbers 255.255.255. This is not a pure networking text, so I'll not discuss larger networks because that can become complicated, but in cases where less than 255 IP addresses are required a few apply. There are only seven possible values for the last octet of a subnet mask. These are 0, 192, 128, 224, 240, 248 and 252. You can calculate the number of IP addresses for each of these by subtracting the value from 256.
In many cases the subnet mask isn't referred to by the dotted decimal notation, but rather by the actual number of bits in the mask. So for example a mask of 255.255.255.0 may be called a /24 mask instead. A list of the most commonly used masks in the office or home environment is presented in the following table:
Dotted Decimal Format / Slash Format / Available Addresses255.255.255.0 / /24 / 256
255.255.255.128 / /25 / 128
255.255.255.192 / /26 / 64
255.255.255.224 / /27 / 32
255.255.255.240 / /28 / 16
255.255.255.248 / /29 / 8
255.255.255.252 / /30 / 4
So called “subnetting” allows the number of networks to be expanded by “borrowing” bits from the host portion of the IP address; this is usually used in Class A and Class B addresses where there are too many hosts and not enough networks. In this case, the network mask is referred to as a “subnet mask” to indicate the network portion of the IP address.
Subnet masks that match the class are called “classfull”. However subnet masks can, and usually are specified where they do not match the address class in so-called, subnetting or “supernetting” especially in the private IP address range (below). For example: 10.1.1.0 / 255.255.255.0 indicate Class A network 10.1.1.0 with a Class C subnet.
Internet Protocol Suite
Defining an IP Network
At least 3 values are required for IP network addressability:
–an IP address
–a subnet mask
–and a gateway address.
The subnet mask indicates the network portion of the IP address; which is the network number the host address is attached to. The gateway address indicates the network and host address of the device that knows the route(s) out of the local network to the outside world (a “router”). The host will communicate directly with any device on it’s network; and go to the gateway device to get to any other network(s). A “default” gateway is the gateway used for getting to networks that don’t have specific paths.
IP Routing
In the broader networking sense, a "route" refers to the path data takes to traverse from its source to its destination. Each router along the way may also be referred to as a hop. Usually when we speak about a route on a Linux box, we are referring to the IP address of the first hop needed to reach the desired destination network. It is assumed that this first hop will know how to automatically relay the packet.
Routers are designed to exchange routing information dynamically, and can therefore intelligently redirect traffic to bypass failed network links. Home Linux boxes frequently don't run a dynamic routing protocol and therefore rely on "static" routes issued by the system administrator at the command line or in configuration files to determine the next hop to all desired networks.
Default Gateways – How do I get out of here?
IP addressed devices will communicate directly with others on the same local network as defined by the network address range and subnet mask. ARP is the mechanism for locating a local device. If a target device is on another network, the local device will locla it will locate the default gateway for the local network.
A default gateway is the router that is used when no alternative devices can be found to relay the traffic. They are often called "routers of last resort".
Say for example you have two routers R1 and R2. R1 is connected to both your SOHO home network and the Internet. R2 is connected to SOHO home network and is capable of relaying data to other corporate networks with addresses starting with 10.X.X.X via another NIC card.
ou could put a route on your SOHO servers that states:
Go to network 10.0.0.0 255.0.0.0 via router R2
Go to everything else via router R1. R1 therefore would be considered your default gateway
For most home networks, your default gateway would be the router/firewall connected to the Internet.
Internet Protocol Suite
IP on the LAN - Address Resolution Protocol
LANs use MAC (Media Access Control) FRAMES to deliver data to individual PC’s identified by their MEDIA ACCESS CONTROL address (a 12 digit hexadecimal number burned into each Network Interface Card – NIC) within the same Ethernet segment. When Ethernet hosts talk to each other on the same network segment, data is deleivered in Ethernet MAC frames.
The Internet Protocol was developed as a WAN protocol. It has become the de facto LAN protocol as well.
When IP hosts communicate they use their IP address and subnet mask and the IP address of the remote host to determine whether they are both on the same network. If not, they attempt to communicate with each other via routers that interconnect their LANs (i.e. default gateway).
The protocol interface between IP (Layer 3) address and LAN (Layer 2) address is the Address Resolution Protocol. (ARP) The in-memory ARP table is used to map MAC addresses to network IP addresses. A typical ARP table entry looks like this:
arp -a
Interface: 10.218.186.109 --- 0x2
Internet Address Physical Address Type
10.218.186.6 00-d0-01-e4-c4-00 dynamic
When a IP host communicates to another host on the same IP subnet, it will check it’s local ARP table to see if it has an entry for that IP address. If not, the host will issue an ARP Request with a MAC level broadcast ff.ff.ff.ff.ff.ff.- all 1’s in a Ethernet frame Destinmation Address and the destination IP address. The destination host will see the broadcast ARP request and respond (ARP Response) by reversing the source and destination IP and MAC addersses, substituting it’s own MAC address for for the broadcast AMC.
If the destination IP address is not in the same network, the host ARPs for the gateway to that network as indicated by it’s own internal routing table (every IP host has one displayed by the “netstat –rn” command.
ARP table dynamic entries typically have a limited lifespan – typically 10 minutes. ARP entries can also be hardcoded, but this is usually done only in network devices or “secure” hosts.
You may experience connectivity problems if you change the MAC address assigned to an IP address as when you a NIC card or replace a server but retain the IP address of the old. Changing the NIC, while retaining the IP address can cause problems as the router will continue to send frames onto the network with the correct target IP address but the old target MAC address. The server with the new NIC won't respond as the frame's target MAC doesn't match it's own.
This problem can be fixed in one of two ways. You can delete all the ARP entries in the router's cache (CLEAR ARP cache). The second solution is to log into the server's console and ping it's gateway. The router will detect the MAC to IP address matching.
Internet Protocol Suite
Transmission Control Protocol (TCP)
TCP is the main protocol for applications and runs “on top” of IP. A TCP/IP “session” consists of a pair of socket or port #’s; one on the client (requestor), one on the server. Socket or port #’s range from 1 – 65535.
The socket # on the client is a random number; usually assigned sequentially above the “reserved” socket numbers; normally 1 – 1024; or 1-4096 or 8192 depending on the TCP/IP protocol stack. The reserved socket #’s define the application on the server. Common application and port #’s are: FTP – 21, Telnet – 23, SMTP (E-Mail) - 25, HTTP (Web) – 80.
Session establishment is via “3-way handshake” where the client contacts the server with a “SYN”; server responds with a “SYN/ACK” and the client responds with a “ACK”. The “SYN” in this case SYNchronizes the Send/Receive packet sequence numbers in both directions on the session,. The ACK is an ACKnowledgement of the previous packet(s). In this way the TCP/IP “session” establishes a connection, keeps track of bytes sent and received and guarantees data delivery in a TCP/IP application session.
User Datagram Protocol (UDP)
UDP is an application transport protocol similar to TCP; with two differences: there is no “3-way handshake” to establish a session; hence no session; thus data delivery is not guaranteed. Words used to describe UDP are “connectionless”, non-guaranteed and “stateless” (i.e. – next packet doesn’t depend on the state of prior packets). UDP uses the same port or socket #’s as TCP/IP and most UDP applications have TCP/IP equivalents. Probably the most common UDP application is Trivial File Trnasfer Protocol (TFTP) and Domain Name Services (DNS).
TCP/IP Application Suite
Common TCP/IP applications are:
TELNET (port 23) – Command line terminal; emulartion
File Transfer Protocol (FTP) (port 20, 21) – data transfer from/to a client to/from a server.
Simple Mail Transport Protocol (port 25, SMTP or Internet E-Mail) – server only
Hyper Test Transport Protocol (port 80, HTTP or Web Services).
Domain Name Services (port 53, DNS) – changes Internet “Names” into Internet Protocol Addresses
Post Office Protocol (port 110, POP) - Internet E-Mail client
All common public Internet Protocol applications (indeed all IP based activity) is based on a Request for Comment (RFC) documents; which a is a published document used to define a proposed IP standard. If accepted, the RFC becomes an IP standard and anything that conforms to the RFC standard is called “RFC compliant”.
Internet Protocol Suite
TCP/IP stack Utilities – used to analyze and debug the TCP/IP suite are as follows:
-PING - used to determine the ability to contact a specific IP address.
-TRACEROUTE – used to display gateway address(es) when passing thru multiple networks to get to a specific IP address (PING)
-ARP – used to determine which IP addresses map to whicm MAC address on the LAN (local IP network only)
-NETSTAT - is used to display network statistics (-s), Ethernet Statistics (-e), TCP/UDP connections (-a) and routing information (-r).
-NSLOOKUP - return an IP address for a domain name
-FINGER – obtain local/remore user information
-HOSTNAME – local hostname
-IPCONFIG/IFCONFIG – local IP configuration information
-ROUTE - for displays, same as NETSTAT –r; otherwise updates local route table
Common Internet Protocol Stack Files
The files common to most Operating System TCP/P protocol stacks are:
/etc/networks – contains pre-defined network numbers
/etc/services – contains pre-defined or “reserved” application port #’s local to the host
/etc/protocol – supported IP protocols
/etc/hosts – pre-defined host name to IP address mappings