ip101

IP 101: All About IP Addresses

By Chris Lewis The key to understanding IP, and all of the issues related to IP, is knowing what a routing table looks like and the effects each IP topic has on the entries in a routing table. To begin with, let's review the basics. IP addresses are 32 bit numbers, most commonly represented in dotted decimal notation

(xxx.xxx.xxx.xxx). Each decimal number represents eight bits of binary data, and therefore can have a decimal value between 0 and 255. IP addresses most commonly come as class A, B, or C. It's the value of the first number of the IP address that determines the class to which a given IP address belongs. Class D addresses are used for multi-cast applications.

(For a full explanation of class D addresses, refer to "Diving Through the Layers".) The range of values for these classes are given below.

Class Range Allocation

A 1-126 N.H.H.H

B 128-191 N.N.H.H

C 192-223 N.N.N.H

D 224-239 Not applicable

N=Network

H=Host

Note 1: 127.0.0.0 is a class A network, but is reserved for use as a loopback address (typically 127.0.0.1).

Note 2: The 0.0.0.0 network is reserved for use as the default route.Note 3: Class D addresses are used by groups of hosts or routers that share a common characteristic: e.g. all OSPF devices respond to packets sent to address 224.0.0.2

Note 4: Class E addresses exist (244-255), but are reserved for future use

The class of an address defines which portion of the address identifies the Network number and which portion identifies the Host, as illustrated above, as N and H.So, without any subnetting (which we will come to a little later), a routing table will keep track of a) network numbers, b) the next hop router to use to get to that network, and c) the interface this next hop router is reachable through. A simple network with the corresponding routing table for a Cisco router is illustrated below.

C 199.2.2.0 directly connected Ethernet 0

C 10.0.0.0 directly connected Token-ring 1

C 152.8.0.0 directly connected Ethernet 1

I 200.1.1.0 via 152.8.1.2 Ethernet 1

Note that the first column of the routing table indicates how the network number was discovered, C stands for Connected and I indicates the network was learned from the IGRP routing protocol. For a full description of the routing table as it appears in a UNIX host and a Cisco router, refer to "Should RIP Rest In Peace".

The important thing to realize is that while a routing table keeps track of network numbers, no one assigns a network number to any piece of equipment. Every interface of a router or host connected on the network must have an IP address and a subnet mask defined (many pieces of equipment will assign a default subnet mask if none is applied). From this IP address and subnet mask, the network number is derived by the IP stack and tracked in the routing table.

(This is the exact opposite of what happens in a NetWare network. In NetWare, you assign a network number to a server LAN card, which is used by all workstations on that wire. The workstations use MAC addresses as IPX node numbers.)

Many large routers, particulary internet routers, use a method called Classless Interdomain Routing (CIDR) to reduce the number of entries a router needs in its routing table. If we imagine, for instance, that all the Class C addresses that start with the value 194 are allocated for use in Europe, it would significantly reduce the number of entries in Internet routers in the US if there was only one entry for all these class C addresses, rather than a separate entry in the routing table for each one. CIDR works if (as in this example) all the networks with the first octet value of 194 are physically located in one area of the network. IP addresses are used to deliver packets of data across a network and have what is termed end-to-end significance. This means that the source and destination IP address remains constant as the packet traverses a network. Each time a packet travels through a router, the router will reference it's routing table to see if it can match the network number of the destination IP address with an entry in its routing table. If a match is found, the packet is forwarded to the next hop router for the destination network in question (note that a router does not necessarily know the complete path from source to destination--it just knows the next hop router to go to). If a match is not found, one of two things happens. The packet may be forwarded to the router defined as the default gateway, or the packet may be dropped by the router. (In the language of TCP/IP, a gateway is a router.) Packets are forwarded to a default router in the belief that the default router has more network information in its routing table and will therefore be able to route the packet correctly on to its final destination. This is typically used when connecting a LAN with PCs on it to the Internet. Each PC will have the router that connects the LAN to the Internet defined as its default gateway.A default gateway is seen in a routing table of a host as follows: the default route 0.0.0.0 will be listed as the destination network, and the IP address of the default gateway will be listed as the next hop router.

If the source and destination IP addresses remain constant as the packet works its way through the network, how is the next hop router addressed? In a LAN environment this is handled by the MAC (Media Access Control) address. The key point is that the MAC addresses will change every time a packet travels though a router, however, the IP addresses will remain constant.

Subnet Masks

Subnet masks are essential tools in network design, but can make things more difficult to understand. Subnet masks are used to split a network into a collection of smaller subnetworks. This may be done to reduce network traffic on each subnetwork, or to make the internetwork more manageable as a whole. To all intents and purposes, each subnetwork functions as if it were an independent network, as far as entries in the routing table are concerned. The illustration below shows how a routing table looks when subnet masks are used on a network.

Interface configuration for router 1

Interface IP Address Subnet mask

E0 150.4.2.1 255.255.255.0

E1 150.4.3.1 255.255.255.0

E2 150.4.1.1 255.255.255.0

150.4.0.0 is subnetted with three subnets

c 150.4.1.0 directly connected Ethernet 2

c 150.4.2.0 directly connected Ethernet 0

c 150.4.3.0 directly connected Ethernet 1

As you can see, the routing table notes that the class B network is subnetted, and recognizes each subnet as a separate entry in the routing table.

As the subnet mask is the area that causes most confusion, let's look more closely at how the subnet mask works.

Communication between a node on a local subnetwork and a node on a different subnetwork is like communication between nodes on two different networks. To a user, routing between subnetworks is transparent. Internally, however, the IP software recognizes any IP addresses that are destined for a subnetwork and sends those packets to the gateway for that subnetwork.

When subnet masks are used, an IP address is interpreted as follows:

[IP address] = [Network address][Subnetwork address][Host address]

This shows that when a network is divided into subnetworks, the host address portion of the IP address is divided into two parts, the subnetwork address and the host address.

For example, if a network has the Class B IP network address portion 129.47, the remainder of the IP address can be divided into subnetwork addresses and host addresses. This division is controlled by the network administrator to allow the most flexibility for network development at the site. A subnet mask is the mechanism that defines how the host portion of the IP address is divided into subnetwork addresses and local host address portions. The subnet mask is a 32-bit, (four byte) number, just as an IP address is.

To understand the mechanics of the subnet mask, it is important to know a little of binary arithmetic. We will go through the process of working out how subnet masks work longhand, then show a shortcut.In binary numbers, the only digits available are 0 and 1. The rightmost digit of a binary number represents the amount of ones in the number (either 0 or 1). The next number represents the amount of twos, either 0 or 1, the next number, the amount of fours etc. Thus to convert the eight bit binary number 01101001, to the more familiar decimal, we need to use the map below:

128 64 32 16 8 4 2 1

0 1 1 0 1 0 0 1

Thus, the binary number 01101001 is in fact 105 in the more familiar decimal notation. If you have eight zeroes in a binary number, the decimal value is obviously zero. If you have eight ones, the decimal value is 255.

To see how a subnet mask splits up the host portion into subnet address and host address, it is necessary to convert both the IP address and the subnet mask to binary numbers. Once the IP address and subnet mask have been converted to binary, a logical AND is performed between the address and subnet mask (which means the resultant value is 1 if both IP and subnet mask value are a 1; otherwise the result is zero). Let's look at an example:

IP Address : 201.222.5.121

Subnet Mask : 255.255.255.248

201.222.5.121 : 11001001.11011110.00000101.01111 001

255.255.255.248 : 11111111.11111111.11111111.11111 000

Subnet : 11001001.11011110.00000101.01111 000

201. 222. 5. 120

Thus, the resultant subnet address is 201.222.5.120. This subnet mask is said to have five bits in the subnet field, which leaves three bits to define hosts. (Note that the last three bits of the fourth byte are separated off to show the effect of the subnet mask.) With three binary bits, there are eight possible values (0 through7). However, there are only six of these addresses that can be used for hosts on this subnet. This is because the first and last values are reserved. The first is reserved as identifying the subnet number itself and the last is the broadcast address for that subnet. This is shown for our example IP address and subnet mask below:

IP address = 210.222.5.121

Subnet Mask = 255.255.255.248

Subnet Address = 201.222.5.120

Usable Host Addresses on Subnet = 201.222.5.121 - 201.222.5.126

Subnet Broadcast Address = 201.222.5.127

It is good to work through a few example to understand how it works.

Try to work out the subnet address, usable host addresses and broadcast address for the following:

IP address = 164.2.34.35

Subnet mask = 255.255.255.224

IP address = 101.2.3.18

Subnet Mask = 255.255.0.0

(The answers are given at the end of this article.)

For subnetting the last octet (which is the most common task) the quicker way to work it out is as follows: subtract the value of the last octet of the subnet mask from 256, and that will tell you how many IP addresses there are in the subnet.

For example, with a subnet mask of 255.255.255.224, take 224 from 256 and you get 32. This tells you that for a subnet mask ending in 224, you are splitting the network number into subnets that have 30 usable IP addresses in them (remembering that the first and last IP address in a subnet is not useable for host addressing).

An alternate method that works for subnets that extend in to the third octet (such as 255.255.192.0) starts with writing down the subnet mask in binary.Look at the decimal value of the rightmost 1 in the subnet mask.This decimal value tells you what increment in the IP address puts you into a new subnet.This is best explained by using an example. Let's say we have a subnet mask of 255.255.255.224; converting this to binary, we get:

11111111.11111111.11111111.11100000

We can see that the ones end in the spot that represents the number of 32's we have in the number. This means that with every increment of 32 in the IP address, we go in to a new subnet. We can illustrate this by applying this subnet mask to the following IP address:

150.2.3.56

With the 255.255.255.224 subnet mask we get a new subnet every 32 addresses, so the subnets will start at:

150.2.3.0

150.2.3.32

150.2.3.64

150.2.3.96

150.2.3.128

150.2.3.160

150.2.3.192

150.2.3.224

So, for the address 150.2.3.56, with a subnet mask of 255.255.255.24, the subnet address is 150.2.3.32.

The following tables show how many hosts per subnet, and total subnets result when a range of subnet masks are applied to both class B and C networks.

Class B Subnetting

#Subnet Bits Subnet Mask #Subnets #Hosts

2 255.255.192.0 4 16382

3 255.255.224.0 8 8190

4 255.255.240.0 16 4094

5 255.255.248.0 32 2046

6 255.255.252.0 64 1022

7 255.255.254.0 128 510

8 255.255.255.0 256 254

9 255.255.255.128 512 126

10 255.255.255.192 1024 62

11 255.255.255.224 2048 30

12 255.255.255.240 4096 14

13 255.255.255.248 8192 6

14 255.255.255.252 16384 2

Class C Subnetting

#Subnet Bits Subnet Mask #Subnets #Hosts

2 255.255.255.192 4 62

3 255.255.255.224 8 30

4 255.255.255.240 16 14

5 255.255.255.248 32 6

6 255.255.255.252 64 2

RFCs 760, 791 and 1812 caution against the use of the first and last subnet, and in some installations, either the last subnet, or the first and last subnet are unavailable. Whether these subnets are usable depends on the routing protocols in use on the network and the IP implementation on the routing devices on the network.In practice an RFC is a guideline--not an officially sanctioned standard--and vendors are free to implement workarounds to problems highlighted in RFCs. If your network uses UNIX hosts and RIP version 1 as its routing protocol, you cannot use the first and last subnet. (In this instance, the number of subnets listed in the tables needs to be reduced by two in each case.) If your network consists of Cisco routers using OSPF or EIGRP, you can use the first and last subnet. If you are using Cisco routers and IGRP, you can always use the first subnet, but not always the last. Of course, there are other combinations that will or will not work--either refer to the documentation of your specific devices, or refer to the manufacturer to see if the first and last subnet can be used.If you are at all unclear on whether your combination will work with the first and last subnet, avoid their use. However, if you are short on available IP addresses and your configuration supports it, there is no reason not to use them.What defines whether a routing protocol will support use of the first and last subnet correctly is whether the routing protocol in use sends subnet mask information in route updates. RIP and other distance vector protocols do not, link state and hybrid protocols (such as EIGRP and OSPF) do. The reason this is so, is best illustrated with an example. Suppose you have a Class C network of 200.200.200.0, using a subnet mask of 255.255.255.192 and allocate an interface on a router with an IP address of 200.200.200.195. This is in the last subnet in the network which starts at 200.200.200.192. The broadcast address for this subnet is 200.200.200.255, which also happens to be the broadcast address for the whole class C network. If the value of the subnet mask is not sent in routing updates, a remote router that has the 200.200.200.192 subnet listed in its routing table may not know if a packet addressed to 200.200.200.255 is meant for just that subnet or the whole class C.As if all this was not enough, there are other issues that need to be considered, that make the definition of hard and fast rules complex.

Routing Protocols

As the routing table is the center of what goes on for a routed network, there are routing protocols implemented to keep it updated automatically. Unfortunately, the behavior of these routing protocols is different enough that you need to be aware of what they will do to the routing table under various conditions.If a router learns of two ways to get to a remote subnet via RIP, the route with the lowest metric will be selected and placed in the routing table. If the metrics are equal, how the router behaves varies from vendor to vendor. The router may place either of the routes in the routing table, however, with RIP, you are sure that only one route will be used.If a router learns of two ways to get to a remote subnet via IGRP, things are different. If the two routes have equal metric, they will both be put in the routing table and traffic split between them. If the metric for the two routes is within a pre-defined variance, traffic will be split between them in proportion to their metric values. If the difference between the metrics is greater than the pre-defined variance, the route with the lowest metric alone will be entered in to the routing table. For IGRP the default variance is 1.In multi-protocol networks, there may be more than one routing protocol in use. If a router learns of the same network number from two different routing protocols, how does it select which set of information to put in the routing table? In this case comparing metrics is useless as RIP uses a different metric calculation than IGRP, which is different again from OSPF. The way this problem is handled in a Cisco environment is to assign an administrative distance to each protocol, and prefer the information from the protocol with the lowest administrative distance. RIP has an administrative distance of 120, OSPF of 110, IGRP of 100, EIGRP of 90. Static roues have an administrative distance of 1 and directly connected networks of 0.The next issues to consider are Autonomous Systems and OSPF areas. In the thinking presented so far, the network number is the highest level in the IP address hierarchy, which may or may not have subnets allocated underneath it. With RIP version 1 as a routing protocol, this remains true. With more modern protocols, the concept of an Autonomous System (AS) comes in to play. An AS is a collection of network numbers under a common administration. By default, routers will process route updates that originate from the same AS and will disregard updates from other ASes. The AS that a particular router is configured for is set when the routing process is enabled.So, with an IGRP router, the IP address hierarchy starts with Autonomous System number, then network number, then subnet number.With an OSPF system, another level of hierarchy is introduced, which is the Routing Area. Each OSPF system has to have at least one Area configured. As link state routing protocols maintain a topological database of all network numbers, which is used to calculate entries to the routing table, there needs to be some way to reduce the size of the topological database to make it manageable for a large network. This is achieved by splitting an OSPF system into multiple areas, each of which are inter-connected via Area 0, the backbone area.

So, with an OSPF system, the hierarchy is Autonomous System, OSPF Area, network number, subnet number.With link state and hybrid routing protocols, there is the option to use Variable Length Subnet Masks (VLSM). With a distance vector protocol such as RIP or IGRP, only one subnet mask value can be used on a network, as subnet mask values are not sent in routing updates. In this situation, the routing protocol looks to see the mask used on the interface it received the routing update on and assumes that mask value is in use throughout the network. In link state and hybrid protocols, subnet mask information is sent in routing updates, which allows a different subnet mask value to be used in different parts of the network. This adds a measure of flexibility in assigning subnet masks, but does add complexity. Next, an issue that continually causes confusion, and that is route summarization for distance vector protocols (link state protocols can be configured to enable or disable route summarization). What route summarization means is that when a router connects two different network numbers together, subnet information is not passed between the two networks. This is best illustrated with an example.

In this example, the 180.5.0.0 network has a subnet mask of 255.255.255.0 in use. Because of route summarization, router 2 and router 3 will both advertise 180.5.0.0 without subnet information to router 1. Router 1 will therefore have two equal cost routes to the 180.5.0.0 network. Any packets that router 1 needs to send to the 180.5.1.0 subnet will be split between router 2 and router 3, as all router 1 knows about is the 180.5.0.0 network. Potentially, this could cause only half the packets to be delivered to a host on the 180.5.1.0 subnet.

The routing protocols discussed so far have been interior gateway routing protocols. Exterior protocols also exist. These protocols are designed to regulate what traffic can travel between different Autonomous Systems (AS) and protect each from any bugs in another AS. The mechanisms we will examine here are static routing, the Exterior Gateway Protocol and the Border Gateway Protocol. An AS is a collection of network numbers and equipment that is under a common administration. Routing processes like IGRP and OSPF are initiated with as AS number in the router configuration and only accept updates from other routers within the same AS. Different AS numbers are used on the Internet

Static Routing Usually an experienced network administrator will seek to minimize any manual configuration. In the case of Exterior routing, this may be different, as static routing offers a number of advantages when routing between Autonomous Systems. These advantages can be summarized as follows:

Complete flexibility over the advertisement of subnet's and their next hop routers

No routing protocol traffic travels over the link connecting

Autonomous Systems.

As no routing protocol is operating over the inter-AS link, there is no possibility of a faulty router in one AS affecting the other AS.

The downsides are obvious. Static routes do not adapt to link failures, and manual configuration can be a headache to maintain. Despite these downsides, static routing is often a popular choice for connecting internetworks that do not "trust" each other. Let’s say Autonomous System 1 consists of network numbers 45.0.0.0 and 46.0.0.0, and Autonomous System 2 consists of network numbers

47.0.0.0 and 48.0.0.0.

To complete static routing for connecting these two autonomous systems together, use the following commands:

RouterA(config)#ip route 47.0.0.0 255.0.0.0 80.4.4.5

RouterA(config)#ip route 48.0.0.0 255.0.0.0 80.4.4.5

RouterB(config)#ip route 45.0.0.0 255.0.0.0 80.4.4.4

RouterB(config)#ip route 46.0.0.0 255.0.0.0 80.4.4.4

This tells each Autonomous System how to get to networks in the other Autonomous System.

Exterior Gateway Protocol

As its name suggests, the Exterior Gateway Protocol, or EGP, was the first example of an exterior gateway protocol. EGP has three components, Neighbor acquisition, Neighbor reachability and routing information. EGP was designed to add a measure of automation to the configuration of routes between different Autonomous Systems. The routing information of EGP is similar to distance vector protocols, but it omits the metric for routes advertised. EGP was implemented like this because it was designed for the Internet, when it was assumed that there would be a core network, with separate routing domains connected to this core by one router. The major problem with using EGP in a more generalized network is that, since no use is made of metrics, if there is more than one path to a destination, packets can very easily get caught in routing loops. EGP has been superseded by the Border Gateway Protocol, BGP.

Border Gateway Protocol - BGP

BGP was introduced to improve upon EGP. The main features of BGP are that it introduced a reliable transport protocol, to ensure that route updates are received. BGP also implements a keepalive mechanism, ensuring that BGP routers know if neighboring BGP routers fail. BGP does not transmit metrics with it's route updates, but does transmit a path for each AS that lists the AS's to be visited on the way to the destination AS. BGP thus avoids the circulating packet problem of EGP.

BGP works on the principle of enforcing policies. A policy is manually configured and allows a BGP enabled router to rank possible routes to other Autonomous Systems, selecting the best path.

Configuring BGP

We can use an example to discuss how to configure BGP on a router. In this example, let's take router R6. To configure BGP we will perform the following:

Define BGP as a routing process

Define the networks internal to this AS that are going to be advertised

Define the relationships that this router will have with its neighbors

Assign administrative weights to paths to control the path selection process

This is a basic configuration for BGP, there are however many many further configuration customizations that can be made. For a fuller discussion of BGP configuration, refer to "Multi-Homing Your Internet Service With BGP".

The following commands are entered in to router R6.

Router6(config)#router bgp 3

Router6(config-router)#network 147.30.0.0

Router6(config-router)#network 150.1.0.0

Router6(config-router)#neighbor 147.30.1.1 remote-as 3

Router6(config-router)#neighbor 160.4.5.5 remote-as 2

The first line in this configuration defines BGP for Autonomous System 3 on router 6. The next two lines define the network numbers internal to AS 3 that will be advertised via BGP. The fourth line defines an internal neighbor, that is in the same AS. The BGP process on router 6 will now exchange information with a BGP process defined on R5. The fifth line defines the neighbor in a different AS that router 6 will exchange information with.

The effect of this configuration is that R6 will share information about networks 147.30.0.0 and 150.1.0.0 with the two specified routers via BGP updates.

The last thing left to do in our basic configuration of BGP, is to assign administrative weights to control the path selection process.

In the following example, a weight of 40,000 is assigned to the path to router R4

Router6(config-router)#neighbor 160.4.5.5 40000

This administrative weight can vary between 0 and 65535, the default being 32768. The effect of increasing the weight to R4 is to make it less attractive when R6 is calculating which paths to use.

Redistributing Route Information Between Protocols

If you have the opportunity of building a network from scratch, and could design it such that the only devices to run routing protocols are routers, you could choose your favorite protocol and use that exclusively. Typically, though, the situation is that there is an existing network with an existing routing protocol in place, and more often than not, UNIX machines have some routing responsibilities in a network. As many UNIX machines only support RIP and it is unlikely that RIP will be the best choice of routing protocol for an internetwork of any size, the question arises how more than one routing protocol can co-exist on an internetwork, either permanently, or during a period of migration.

The answer is Redistribution. A router can be configured to run more than one routing protocol and Redistribute route information between the two protocols. The idea is that there will be multiple domains on the internetwork, each operating with a different routing protocol. At the border between these domains, one router has the responsibility of running both routing protocols and informing each domain about the other's networks in the appropriate routing protocol.

In this example, router 1 has to run both RIP and IGRP, then inform Domain A about the networks in Domain B with RIP updates and inform Domain B about Domain A's networks using IGRP updates. The router in this figure will only be able to assign one metric to all the routes that it redistributes from one Domain to another. It cannot translate metrics between protocols. At first this may seem to be a drawback, that all networks are redistributed with the same metric value, no matter where they are located in the other Domain. In reality this is not a problem, since to get from Domain A to Domain B, all connections have to go through the same router, so the initial part of the journey is identical when sending packets between Domains.

In this example, a packet destined for Domain A, originating in Domain B reaches router 1. Router 1 then has a routing table filled with entries for the networks in Domain A that have been calculated using RIP updates. The packet will then follow the best path to it's destination network.

The following is an example of how the routing protocol processes could be configured on router 1, to redistribute routes between the RIP and IGRP Domains.

Given a basic configuration for both RIP and IGRP, the redistribute commands are in bold:

router igrp 12

timers basic 15 45 0 60

network 164.8.0.0

network 193.1.1.0

no metric holddown

metric maximum-hop 50

redistribute rip

default - metric 300 344 200 200 200

router rip

network 150.1.0.0

network 120.0.0.0

redistribute igrp 12

default-metric 3

This assumes that Domain A has network numbers 150.1.0.0 and 120.0.0.0 in it and Domain B has networks 164.8.0.0 and 193.1.1.0 in it.

The five values following the default-metric entry in the router IGRP section are the metrics that will be sent out in IGRP updates, for routes learned about via RIP. In the router RIP section, routes learned from IGRP updates will be advertised with a metric of 3. It must be noted that the numbers shown here are random. In most instances this does not matter, as all cross domain traffic has to go through router 1 as previously explained.

As you can see, once you start to configure subnets and use multiple network numbers, autonomous systems and redistribution, life can get tricky! The best advice we can leave you with is to be careful out there!

Answers to subnet questions

Subnet 164.2.34.32

Usable host addresses 164.2.34.33 to 164.2.34.62

Broadcast address 164.2.34.63

Subnet 101.2.0.0

Usable host addresses 101.2.0.1 to 101.2.255.254

Broadcast address 101.2.255.255