The IP address is a 32-bit number that is split into two parts bitwise. Yet it is never represented as a binary value. It is not even represented as a hex value which would have helped at least somewhat. Instead it is represented as a decimal value for each byte within it. So the binary IP address: 00110011 11110000 01010111 11010110 would be written as each 8-bit byte converted to decimal and then each of these numbers separated by periods: 51.240.87.214 This notation method for representing IP addresses is referred to as the dotted decimal notation. It is perfectly fine except for the fact that bits within it cannot be easily distinguished, yet the IP address is split along an arbitrary dividing line within it into the network number containing all of the bits to the left and the node number composed of all of the bits to the right of where they are divided. This leads to network and node numbers that are not immediately obvious especially if the split is not at the edge of two bytes (at one of the periods).
The fact that the network number portion and the node number portion of the IP address are not fixed in size within the 32-bit IP address is one of the major sources of confusion for the networking novice. The reason that the dividing point is different from one number to another was to allow for greater flexibility in the size of networks when TCP/IP was first created. Since a 32-bit number was chosen which in theory can uniquely identify over 4 billion network nodes, this was at the time larger than the world's population. Now obviously the number is inadequate which is why IP version 6 is being developed and endorsed by the computing industry. IPv6 as it is called uses a 128-bit node address. This allows for a total of 2128 which is roughly 340,000,000,000,000,000,000,000,000,000,000,000,000 (almost enough for each windows DLL to have its own IP address) IPv6 addresses are expressed in hex with colons separating each four hex digits such as: 1234:CA99:B402:EEFF:00CD:A120:84D4:368A. The move to IPv6 has however stalled because so many existing systems only understand IPv4 and the cost to convert especially in hardware like routers has proven to be prohibitive. All new equipment and software (i.e. Windows Vista) does include optional IPv6 support.
Nevertheless, continuing the line of thought; if the IP address had been assigned a fixed width of 16-bits for the network number and then 16-bits for the node number, this would have allowed the world only 65,536 total IP networks. In other words, only 65,536 businesses, governments, committees, non-profit organizations, etc. would be allowed on the Internet. There are this many in any big city alone. Furthermore, the 16-bit node number would allow each agency to have up to 65,536 nodes. Certainly way too many for most businesses especially single office based businesses. But, some companies and agencies do need that many node addresses, in fact many need even more than that. Others need far fewer than this and this is why the sliding network number-vs-node number size was implemented in IP addressing from the beginning.
To solve the problem IP addressing was originally divided into classes. If an IP address falls within a certain number range it is considered a certain class of address. Some classes allow for very large numbers of nodes while others are allow for small numbers of nodes. The classes were not chosen arbitrarily but were instead based on the values of certain bits within the network number of IP address itself. Again these clearly defined values are not easily discernable when the numbers are converted to decimal. All class "A" IP network address numbers begin with the leftmost bit, the highest place value digit within the number, also known as the "Most Significant Bit" or MSB of the entire 32-bit IP address number equal to zero. This is very clear in binary: 00110011 11110000 01010111 01010110 of the example above is easily seen to be a class "A" address when viewed in binary as the routers view it. But when viewed in dotted decimal notation: 51.240.87.214 this fact is not nearly so abundantly clear (that the MSB bit is a zero).
The range of possible first octets that have a zero as the topmost bit is: 00000000 to 01111111 or when converted to decimal: 0 to 127. Zero is understood in IP addressing to refer to a missing node number leaving only the network number and since the network number starts from the leftmost bit down, the top octet cannot be zero since there would be no number at all to the left of it to specify the network number. In other words, there is no valid network number of zero. The network number 127 has been reserved for the local host's internal adapter address for testing purposes and is not a valid IP address and routers will reject it if they receive a packet with a destination of 127.x.x.x. So this leaves the numbers 1 to 126 as valid class "A" starting octet values. Class "A" licenses are intended for very large networks, as such they were divided such that the top 8-bits define the network number and the bottom 24-bits define the node number. This means that there are exactly 126 class "A" networks and all of these are already in use on the Internet. Each of these networks can support up to 16,777,214 nodes or computers within the network. We'll see why that's 16,777,214 rather than 16,777,216 nodes momentarily. Some examples of owners of class "A" IP network licenses are General Electric who owns 3.x.x.x, IBM owns 9.x.x.x, M.I.T. owns 18.x.x.x, and the United Stated Postal Service owns 56.x.x.x.
Modern IP addressing has moved to CIDR - Classless Inter-Domain Routing, style of addressing. In CIDR the 32-bit IP address can be divided at any point not just at the full octet boundaries like the old class addressing scheme. Then the bits to the left of the division point are the network number and the bits to the right are the node number. Overall the CIDR address must fall within the general category of the old class addressing scheme or else the whole thing would collapse. This means that the old class "A", "B", and "C" IP addressing licenses are in essence CIDR 8, CIDR 16 and CIDR 24 licenses. Since all class "A" and "B" licenses are gone and the number of "C" licenses is dwindling rapidly, the only CIDR licenses available will be higher than CIDR 24. "CIDR Slash 24" means that the top 24 bits are the network number and the bottom 8 bits are the host number, so a "CIDR Slash 24" network is equivalent to the class "C" license of the old IP address licensing system. A "CIDR Slash 26" network means the top 26 bits represent the network number leaving the bottom 6 for the host number. This means that the remaining class "C" licenses are in effect being subnetted and the subnets are being sold to the Internet customers who want them. With a "Slash 26" network leaving a 6-bit node address there are: 26 = 64 numbers are available for use, but all zeros represents the network itself and is not a valid host number and all 1's represents the broadcast address for the network and is also not a valid host number. This leaves 62 hosts for the Internet customer that purchases a CIDR "Slash 26" license. Here is an example of a 26-bit CIDR address range license:
The CIDR 26 ("Slash 26") Network Number (206.149.11.64):
11001110 10010101 00001011 01000000
The lowest valid host number (206.149.11.65):
11001110 10010101 00001011 01000001
The highest valid host number (206.149.11.126):
11001110 10010101 00001011 01111110
The broadcast address for this network (206.149.11.127):
11001110 10010101 00001011 01111111
The yellow bits are the 26 bits that form the network number portion of the CIDR IP address class license, they borrow the top two bits of the classic class "C" host number (the fourth byte) so this particular CIDR network number has a non-zero fourth byte value in it. Note how the decimalized IP address numbers reflect the presence of the used bits in the network number forming unusual network number, lowest available host address, highest available host address, and broadcast addresses for this network.
Since the network number and the node number are not fixed in size within the IP address, how can the machines tell what part is the network number and what part is the node number? This is done with the second essential component of the IP configuration of any IP network node: the subnet mask (the first essential component of a node's IP configuration is its IP address).
The subnet mask is used by the machine to determine which part of the IP address is the network number and which part is the node number. This is done by using the subnet mask to perform a logical AND operation on the IP address using the subnet mask. For example, the logical AND operator's truth table looks like this:
AND Truth Table |
Inputs | Output |
A | B | X |
0 | 0 | 0 |
0 | 1 | 0 |
1 | 0 | 0 |
1 | 1 | 1 |
AND is a "bitwise" operator. It can be done with large binary numbers and the AND is done only to the bits in the columns and does not need borrows or carries like addition or subtraction. Now an AND mask works like this: any bits that you want stripped away from a number are AND'ed with zero and any bits that you want to keep are AND'ed with one. So given the byte 01010101 if the bottom four bits need to be stripped away the AND mask would be 11110000:
01010101
AND 11110000
01010000
The subnet mask is in fact a plain and simple AND mask. For a class "A" license, the subnet mask must retain the first dotted octet, while stripping the 2nd, 3rd and 4th so it must be: 11111111.00000000.00000000.00000000 or in decimal dotted octet notation: 255.0.0.0 and when applied to any class "A" license, this subnet mask will strip away the host number. For example:
IP Address: 120.120.120.120
Subnet Mask: 255.0.0.0
IP Address in binary: 01111000.01111000.01111000.01111000
Subnet Mask in binary: 11111111.00000000.00000000.00000000
AND "sum" 01111000.00000000.00000000.00000000
AND "sum" in decimal: 120.0.0.0
So the subnet mask tells the machine which part of the IP address is the network number and which part is the host number. The machine can quickly perform this AND "sum" operation on any IP address and compare the network number to its own. If they match, then the address is a "local" one, the address belongs to another node on its own network. If they do not match, then the node is a "foreign" one, it belongs to a node on a different network.
The classic subnet masks are then:
Class "A" - 11111111.00000000.00000000.00000000 = 255.0.0.0
Class "B" - 11111111.11111111.00000000.00000000 = 255.255.0.0
Class "C" - 11111111.11111111.11111111.00000000 = 255.255.255.0
The CIDR subnet masks are a little more tricky. The only good way to figure them out so that they make sense, is to figure them out in binary, and then convert them to decimal. Let's figure out a "slash 26" CIDR subnet mask: "Slash 26" means that the leftmost 26 bits are the network number so; these must be ones, and the rest to the right must be zeros that make it a 32-bit number. We will put the periods in every 8 bits to make the final conversion to decimal easy:
CIDR "slash 26" Network number bits:
11111111.11111111.11111111.11
Now the remaining bits are zeros and must make it exactly 32-bits wide:
11111111.11111111.11111111.11000000
Now convert each octet to decimal:
255.255.255.192
This is the correct subnet mask for any CIDR "slash 26" network.
In IP networks, nodes assume that they can send a packet directly to any node on their own network and they also assume that they CANNOT send a packet to a "foreign" node that resides on a different network. Whenever the machine sets up a transmission of a network layer IP packet, the target address is first checked by AND'ing it with the subnet mask, the network number is then checked with its own network number. If the target of the transmission is determined to be a foreign node, then the machine will NOT just go ahead and transmit the packet. It will assume that this is impossible because the target is on a different IP network. Instead the machine will send the packet to the local router whose job is to forward foreign traffic to other routers that will ultimately get the packet to the correct foreign network. This means that the machine needs the third essential element of its IP configuration in place: the address of the local router which is called the default gateway in IP terminology.
Any time a machine attempts to send packets to a foreign address it will check its own configuration for the address of the default gateway. If this value is left blank, it can cuase considerable delays and the failure to make any transmissions addressed to foreign network nodes. To properly configure IP on any node then it must have at the very least these three essential configuration elements set:
Minimum Functional IP Configuration for any node:
1) IP Address - must be unique in the network, in fact in the world if the machine
is to be connected directly to the Internet
2) Subnet Mask - must conform to the class license of the local machine's IP address
whether it is a classic license or a CIDR license
3) Default Gateway - allows the machine to transmit packets to foreign nodes, even if
there is no local router, the machine can have this set to itself,
this allows it to quickly determine what to do with foreign packets
(i.e. discard them because it knows it is not a router) and many
commands and functions look for the value of this parameter and will
fail if it is left blank.
Now for the gory details. Here is the structure of an IP packet:
Bit0
|
4
|
8
|
12
|
16
|
20
|
24 Bit31
|
IP Version
|
IHL
|
TOS
|
Total Length
|
Identification
|
Flags
|
Fragment Offset
|
TTL
|
Protocol
|
Header Checksum
|
Source IP Address
|
Destination IP Address
|
Options
|
Padding
|
Data
|