MANAGING IP ADDRESSES
Each IP datagram destination includes an IP address and a destination port or socket number. They allow for successful delivery to any host on your LAN or, if connected to the Internet, potentially to any location in the world.
An IPv4 address is a 32-bit number, usually represented as a four-part decimal number with each of the four parts separated by a period or decimal point. For example 192.168.10.1
You may hear this method of representation called dotted decimal notation. In the IPv4 address, each individual byte, or octet as it is usually called, can have a decimal value of 0 through 255.
The Internet Corporation of Assigned Names and Numbers (ICANN) is responsible for registering and maintaining IP address and Internet domain name registrations. In theory, you could get an IP address from ICANN. In real-world applications, you will most likely have to ask your Internet service provider (ISP) to secure an IP address on your behalf. However, registered addresses are only required if you are connecting to the Internet, and you need an address that is recognized by the Internet.
For your local network, you have the option of using addresses that have been set aside as private addresses. Internet routers don’t recognize private addresses, so a computer with a private address cannot directly access the Internet. Services like Network Address Translation (NAT) and Internet proxy servers come into play then. As shown in Figure 7-2, they replace the computer’s private address with a valid Internet address on outgoing packets. As packets come in destined for a local host, the Internet address is replaced with the host’s private address.
To get a better understanding of these processes, let’s take a look at each of these separately.
NAT is the process of converting between one set of public IP addresses that are viewable from the Internet and a second set of private IP addresses that are hidden from people outside of the organization. NAT is transparent, in that no computer knows it is happening. If external intruders on the In- ternet can’t see the private IP addresses inside your organization, they have a more difficult time attacking your computers.
Most routers and firewalls today have NAT built into them, even inexpensive routers designed for home use.
Similarly, Internet proxy servers act as an intermediary between systems to route requests to the appropriate system. A proxy server is a server that sits between a client computer and a real server. The proxy server intercepts packets that are intended for the server and processes them.
As you can see, having different classes of addresses, private and public, is helpful to securing a network. For IPv4 addresses, the internal bits assigned to each segment of the decimal-dot address help identify the network and the host. How these bits are used varies according to the network class of the address.
Class A was designed for very large networks only. The default network portion for Class A networks is the first 8 bits, leaving 24 bits for host identification. The high-order bit is always binary 0, which leaves 7 bits defining 127 networks. The remaining 24 bits of the address allow each
Class A network to hold as many as 16,777,214 hosts.
Class B was designed for medium-sized networks. The default network
portion for Class B networks is the fi rst 16 bits, leaving 16 bits for host
identifi cation. The 2 high-order bits are always binary 10, and the remain-
ing 14 bits defi ne 16,384 networks, each with as many as 65,534 hosts
attached. Class B networks are generally regarded as unavailable, but ad-
dress conservation techniques have allowed some of these addresses to
become available from time to time over the years.
Class C was designed for smaller networks. The default network portion
for Class C networks is the fi rst 24 bits, leaving 8 bits for host identifi ca-
tion. The 3 high-order bits are always binary 110, and the remaining
21 bits defi ne 2,097,152 networks, but each network can have a maximum
of only 254 hosts.
Class D is the multicast address range and cannot be used for networks.
These addresses have no network/host structure.
Class E is reserved for experimental purposes. The fi rst 4 bits in the
address are always 1111.