Understanding IP Address

Presented by

Bobby Agustinus Ginting

Microwave/IPRAN Manager
 Layers

Complex problems can be solved using the common divide and conquer principle. In this case the internals of
the Internet are divided into separate layers.
Makes it easier to understand Developments in one layer need not require changes in another layer
Easy formation (and quick testing of conformation to) standards
The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to describe the functions of a
networking system. The OSI model characterizes computing functions into a universal set of rules and requirements in
order to support interoperability between different products and software. In the OSI reference model, the
communications between a computing system are split into seven different abstraction layers: Physical, Data Link,
Network, Transport, Session, Presentation, and Application.
Created at a time when network computing was in its infancy, the OSI was published in 1984 by the International
Organization for Standardization (ISO). Though it does not always map directly to specific systems, the OSI Model is still
used today as a means to describe Network Architecture.
Two main models of layers are used:
 OSI (Open Systems Interconnection)
 TCP/IP
OSI MODEL
 OSI
The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to
communicate over a network. It was the first standard model for network communications, adopted
by all major computer and telecommunication companies in the early 1980s.
Conceptual model composed of seven layers, developed by the International Organization for
Standardization (ISO) in 1984.

Layer 7 – Application (servers and clients etc web browsers, httpd)

Layer 6 – Presentation (file formats e.g pdf, ASCII, jpeg etc)
Layer 5 – Session (conversation initialisation, termination, )
Layer 4 – Transport (inter host comm – error correction, QOS)
Layer 3 – Network (routing – path determination, IP[x] addresses etc)
Layer 2 – Data link (switching – media acces, MAC addresses etc)
Layer 1 – Physical (signalling – representation of binary digits)

Acronym: All People Seem To Need Data Processing

 The 7 Layers of the OSI Model
Physical Layer
The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw unstructured
data bits across the network from the physical layer of the sending device to the physical layer of the
receiving device. It can include specifications such as voltages, pin layout, cabling, and radio frequencies.
At the physical layer, one might find “physical” resources such as network hubs, cabling, repeaters,
network adapters or modems.

Data Link Layer

At the data link layer, directly connected nodes are used to perform node-to-node data transfer where data
is packaged into frames. The data link layer also corrects errors that may have occurred at the physical
layer.
The data link layer encompasses two sub-layers of its own. The first, media access control (MAC),
provides flow control and multiplexing for device transmissions over a network. The second, the logical link
control (LLC), provides flow and error control over the physical medium as well as identifies line protocols.

Network Layer
The network layer is responsible for receiving frames from the data link layer, and delivering them to their
intended destinations among based on the addresses contained inside the frame. The network layer finds
the destination by using logical addresses, such as IP (internet protocol). At this layer, routers are a crucial
component used to quite literally route information where it needs to go between networks.
Transport Layer
The transport layer manages the delivery and error checking of data packets. It regulates the
size, sequencing, and ultimately the transfer of data between systems and hosts. One of the
most common examples of the transport layer is TCP or the Transmission Control Protocol.

Session Layer
The session layer controls the conversations between different computers. A session or
connection between machines is set up, managed, and termined at layer 5. Session layer
services also include authentication and reconnections.

Presentation Layer
The presentation layer formats or translates data for the application layer based on the syntax
or semantics that the application accepts. Because of this, it at times also called the syntax
layer. This layer can also handle the encryption and decryption required by the application
layer.

Application Layer
At this layer, both the end user and the application layer interact directly with the software
application. This layer sees network services provided to end-user applications such as a web
browser or Office 365. The application layer identifies communication partners, resource
availability, and synchronizes communication.
TCP/IP Protocol Suite in Relation to the OSI Reference Model

TCP/IP Protocol Suite in Relation to the OSI Reference Model

 TCP/IP Technology
TCP/IP Technology

This section describes technical aspects of TCP, IP, related protocols, and the environments
in which these protocols operate. Because the primary focus of this document is routing (a
layer 3 function), the discussion of TCP (a layer 4 protocol) will be relatively brief.
TCP
TCP is a connection−oriented transport protocol that sends data as an unstructured
stream of bytes. By using sequence numbers and acknowledgment messages, TCP can
provide a sending node with delivery information about packets transmitted to a
destination node. Where data has been lost in transit from source to destination, TCP can
retransmit the data until either a timeout condition is reached or until successful delivery
has been achieved. TCP can also recognize duplicate messages and will discard them
appropriately. If the sending computer is transmitting too fast for the receiving computer,
TCP can employ flow control mechanisms to slow data transfer. TCP can also
communicates delivery information to the upper−layer protocols and applications it
supports. All these characteristics makes TCP an end−to−end reliable transport protocol.
TCP is specified in RFC 793 .
 IP
IP is the primary Layer 3 protocol in the Internet suite. In addition to
internetwork routing, IP provides error reporting and fragmentation
and reassembly of information units called datagrams for
transmission over networks with different maximum data unit sizes.
IP represents the heart of the Internet Protocol suite.

Note: The term IP in the section refers to IPv4 unless otherwise

stated explicitly.

IP addresses are globally unique, 32−bit numbers assigned by the

Network Information Center. Globally unique addresses permit IP
networks anywhere in the world to communicate with each other.
An IP address is divided into two parts. The first part designates the
network address while the second part designates the host
address.

Refer to the TCP section of Internet Protocols for more information

The IP address space is divided into different network classes.
Class A networks are intended mainly for use with a few very large networks, because they
provide only 8 bits for the network address field.
Class B networks allocate 16 bits, and Class C networks allocate 24 bits for the network address
field.
Class C networks only provide 8 bits for the host field, however, so the number of hosts per
network may be a limiting factor. In all three cases, the left most bit(s) indicate the network class.
IP addresses are written in dotted decimal format; for example, 34.0.0.1. In the figure below
shows the address formats for Class A, B, and C IP networks
 Classes of IP addresses
TCP/IP defines five classes of IP addresses: class A, B, C, D, and E.
Each class has a range of valid IP addresses. The value of the first octet determines the class. IP addresses
from the first three classes (A, B and C) can be used for host addresses. The other two classes are used for
other purposes – class D for multicast and class E for experimental purposes.
The system of IP address classes was developed for the purpose of Internet IP addresses assignment. The
classes created were based on the network size. For example, for the small number of networks with a very
large number of hosts, the Class A was created. The Class C was created for numerous networks with small
number of hosts.
Classes of IP addresses are:
 For the IP addresses from Class A, the first 8 bits (the first decimal number) represent the
network part, while the remaining 24 bits represent the host part. For Class B, the first 16 bits
(the first two numbers) represent the network part, while the remaining 16 bits represent the
host part. For Class C, the first 24 bits represent the network part, while the remaining 8 bits
represent the host part.
Consider the following IP addresses:

• 10.50.120.7 – because this is a Class A address, the first number (10) represents the network
part, while the remainder of the address represents the host part (50.120.7). This means that, in
order for devices to be on the same network, the first number of their IP addresses has to be the
same for both devices. In this case, a device with the IP address of 10.47.8.4 is on the same
network as the device with the IP address listed above. The device with the IP address 11.5.4.3
is not on the same network, because the first number of its IP address is different.
• 172.16.55.13 – because this is a Class B address, the first two numbers (172.16) represent the
network part, while the remainder of the address represents the host part (55.13). A device with
the IP address of 172.16.254.3 is on the same network, while a device with the IP address of
172.55.54.74 isn’t.

NOTE
The system of network address ranges described here is generally bypassed today by use of the Classless Inter-
Domain Routing (CIDR) addressing.
Special IP address ranges that are used for special purposes are:
• 0.0.0.0/8 – addresses used to communicate with the local network
• 127.0.0.0/8 – loopback addresses
• 169.254.0.0/16 – link-local addresses (APIPA)

Note:

(Automatic Private IP Addressing) The Windows function that provides DHCP autoconfiguration addressing. APIPA
assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client when a DHCP server is either permanently
or temporarily unavailable. Designed for small non-routable networks, if a DHCP server becomes available later, the APIPA
address is replaced with one from the DHCP server. For example, when a Windows Vista machine starts up, it waits only
six seconds to find a DHCP server before assigning an IP from the APIPA range. It then continues to look for a DHCP
server.
 Types of IP addresses
The IP addresses are divided into three different types, based on their operational characteristics:

1. unicast IP addresses – an address of a single interface. The IP addresses of this type are used for
one-to-one communication. Unicast IP addresses are used to direct packets to a specific host. Here is
an example:

In the picture above you can see that the host wants to communicate with the server. It uses the
(unicast) IP address of the server (192.168.0.150) to do so.
2. multicast IP addresses – used for one-to-many communication. Multicast messages
are sent to IP multicast group addresses. Routers forward copies of the packet out
to every interface that has hosts subscribed to that group address. Only the hosts
that need to receive the message will process the packets. All other hosts on the
LAN will discard them. Here is an example:

R1 has sent a multicast packet destined for 224.0.0.9.

This is an RIPv2 packet, and only routers on the network
should read it. R2 will receive the packet and read it. All
other hosts on the LAN will discard the packet.
3. broadcast IP addresses – used to send data to all possible destinations in the
broadcast domain (the one-to-everybody communication). The broadcast
address for a network has all host bits on. For example, for the network
192.168.30.0 255.255.255.0 the broadcast address would be 192.168.30.255*. Also,
the IP address of all 1’s (255.255.255.255) can be used for local broadcast. Here’s
an example:

R1 wants to communicate with all hosts on the network

and has sent a broadcast packet to the broadcast IP
address of 192.168.30.255. All hosts in the same
broadcast domain will receive and process the packet.

*This is because the subnet mask of 255.255.255.0

means that the last octet in the IP address represents the
host bits. And 8 one’s written in decimal is 255.
 Subnetting explained
Subnetting is the practice of dividing a network into two or more smaller networks. It increases routing
efficiency, enhances the security of the network and reduces the size of the broadcast domain.

Consider the following example:

In the picture above we have one huge network: 10.0.0.0/24. All hosts on
the network are in the same subnet, which has the following
disadvantages:

a single broadcast domain – all hosts are in the same broadcast domain. A
broadcast sent by any device on the network will be processed by all hosts,
creating lots of unnecessary traffic.
network security – each device can reach any other device on the network,
which can present security problems. For example, a server containing
sensitive information shouldn’t be in the same network as user’s
workstations.
organizational problems – in a large networks, different departments are
usually grouped into different subnets. For example, you can group all
devices from the Accounting department in the same subnet and then give
access to sensitive financial data only to hosts from that subnet.
The network above could be subnetted like this:

Now, two subnets were created for different departments:

10.0.0.0/24 for Accounting and 10.1.0.0/24 for Marketing.

Devices in each subnet are now in a different broadcast

domain. This will reduce the amount of traffic flowing on the
network and allow us to implement packet filtering on the
router.
 Subnet
An IP address is divided into two parts: network and host parts. For example, an IP class A address
consists of 8 bits identifying the network and 24 bits identifying the host. This is because the default
subnet mask for a class A IP address is 8 bits long. (or, written in dotted decimal notation, 255.0.0.0).
What does it mean? Well, like an IP address, a subnet mask also consists of 32 bits. Computers use it
to determine the network part and the host part of an address. The 1s in the subnet mask represent a
network part, the 0s a host part.

Computers works only with bits. The math used to determine a network range is binary AND.

Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8
bits (255.0.0.0).
First, we need to convert the IP address to binary:

IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001

Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000
Computers then use the AND operation to determine the network number:

The computer can then determine the size of the network. Only IP addresses that begins with 10 will be in
the same network. So, in this case, the range of addresses in this network is 10.0.0.0 – 10.255.255.255.

NOTE
A subnet mask must always be a series of 1s followed by a series of 0s.
 Create subnets
There are a couple of ways to create subnets. In this article we will subnet a class C address 192.168.0.0
that, by default, has 24 subnet bits and 8 host bits.

Before we start subnetting, we have to ask ourselves these two questions:

1. How many subnets do we need?

2x = number of subnets. x is the number of 1s in the subnet mask. With 1 subnet bit, we can have 21 or 2
subnets. With 2 bits, 22 or 4 subnets, with 3 bits, 23 or 8 subnets, etc.

2. How many hosts per subnet do we need?

2y – 2 = number of hosts per subnet. y is the number of 0s in the subnet mask.

Subnetting example

An example will help you understand the subnetting concept. Let’s say that we need to subnet a class C address 192.168.0.0/24.
We need two subnets with 50 hosts per subnet. Here is our calculation:

1. Since we need only two subnets, we need 21 subnet bits. In our case, this means that we will take one bit from the host part. Here is the
calculation:

First, we have a class C address 192.168.0.0 with the subnet mask of 24. Let’s convert them to binary:

192.168.0.0 = 11000000.10101000.00000000.00000000
255.255.255.0 = 11111111.11111111.11111111.00000000

We need to take a single zero from the host part of the subnet mask. Here is our new subnet mask:

255.255.255.128 = 11111111.11111111.11111111.10000000

Remember, the ones in the subnet mask represent the network.

2. We need 50 hosts per subnet. Since we took one bit from the host part, we are left with seven bits for the hosts. Is it enough for 50
hosts? The formula to calculate the number of hosts is 2y – 2, with y representing the number of host bits. Since 27 – 2 is 126, we have
more than enough bits for our hosts.

3. Our network will look like this:

192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range of IP addresses in this subnet is 192.168.0.0 –
192.168.0.127.

192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128. The range of IP addresses in this subnet is 192.168.0.128
– 192.168.0.255.
 CIDR (Classless inter-domain routing)
CIDR (Classless inter-domain routing) is a method of public IP address assignment. It was introduced in 1993 by Internet
Engineering Task Force with the following goals:
• to deal with the IPv4 address exhaustion problem
• to slow down the growth of routing tables on Internet routers

Before CIDR, public IP addresses were assigned based on the class boundaries:
• Class A – the classful subnet mask is /8. The number of possible IP addresses is 16,777,216 (2 to the power of 24).
• Class B – the classful subnet mask is /16. The number of addresses is 65,536
• Class C – the classful subnet mask is /24. Only 256 addresses available.

Some organizations were known to have gotten an entire Class A public IP address (for example, IBM got all the addresses
in the 9.0.0.0/8 range). Since these addresses can’t be assigned to other companies, there was a shortage of available IPv4
addresses. Also, since IBM probably didn’t need more than 16 million IP addresses, a lot of addresses were unused.

To combat this, the classful network scheme of allocating the IP address was abandoned. The new system was classsless –
a classful network was split into multiple smaller networks. For example, if a company needs 12 public IP addresses, it
would get something like this: 190.5.4.16/28.

The number of usable IP addresses can be calculated with the following formula:
2 to the power of host bits – 2
In the example above, the company got 14 usable IP addresses from the 190.5.4.16 – 190.5.4.32 range because there are
4 host bits and 2 to the power of 4 minus 2 is 14 The first and the last address are the network address and the broadcast
address,,respectively. All other addresses inside the range could be assigned to Internet hosts.
 TCP explained
One of the main protocols in the TCP/IP suite is Transmission Control Protocol (TCP). TCP provides reliable and
ordered delivery of data between applications running on hosts on a TCP/IP network. Because of its reliable
nature, TCP is used by applications that require high reliability, such as FTP, SSH, SMTP, HTTP, etc.

TCP is connection-oriented, which means that, before data is sent, a connection between two hosts must be
established. The process used to establish a TCP connection is known as the three-way handshake. After the
connection has been established, the data transfer phase begins. After the data is transmitted, the connection is
terminated.

One other notable characteristic of TCP is its reliable delivery. TCP uses sequence numbers to identify the order
of the bytes sent from each computer so that the data can be reconstructed in order. If any data is lost during the
transmission, the sender can retransmit the data.
 Because of all of its characteristics, TCP is considered to be complicated and costly in terms of
network usage. The TCP header is up to 24 bytes long and consists of the following fields:

• source port – the port number of the application on the host sending the data.
• destination port – the port number of the application on the host receiving the data.
• sequence number – used to identify each byte of data.
• acknowledgment number – the next sequence number that the receiver is expecting.
• header length – the size of the TCP header.
• reserved – always set to 0.
• flags – used to set up and terminate a session.
• window – the window size the sender is willing to accept.
• checksum – used for error-checking of the header and data.
• urgent – indicates the offset from the current sequence number, where the segment of non-urgent data begins.
• options – various TCP options, such as Maximum Segment Size (MSS) or Window Scaling.

NOTE
TCP is a Transport layer protocol (Layer 4 of the OSI model).
 UDP explained
One other important protocol in the TCP/IP site is User Datagram Protocol (UDP). This protocol is basically a scaled-
down version of TCP. Just like TCP, this protocol provides delivery of data between applications running on hosts on a
TCP/IP network, but, unlike TCP, it does not sequence the data and does not care about the order in which the segments
arrive at the destination. Because of this it is considered to be an unreliable protocol. UDP is also considered to be a
connectionless protocol, since no virtual circuit is established between two endpoints before the data transfer takes place.

Because it does not provide many features that TCP does, UDP uses much less network resources than TCP. UDP is
commonly used with two types of applications:
• applications that are tolerant of the lost data – VoIP (Voice over IP) uses UDP because if a voice packet is lost, by
the time the packet would be retransmitted, too much delay would have occurred, and the voice would be unintelligible.
• applications that have some application mechanism to recover lost data – Network File System (NFS) performs
recovery with application layer code, so UDP is used as a transport-layer protocol.
The UDP header is 8 bytes long and consists of the following fields:
Here is a description of each field:
source port – the port number of the application on the host sending the data.
destination port – the port number of the application on the host receiving the data.
length – the length of the UDP header and data.
checksum – checksum of both the UDP header and UDP data fields.

NOTE
UDP is a Transport layer protocol (Layer 4 of the OSI model).
 Ports explained
A port is a 16-bit number used to identify specific applications and services. TCP and UDP specify the source and
destination port numbers in their packet headers and that information, along with the source and destination IP addresses
and the transport protocol (TCP or UDP), enables applications running on hosts on a TCP/IP network to communicate.

Applications that provide a service (such as FTP and HTTP servers) open a port on the local computer and listen for
connection requests. A client can request the service by pointing the request to the application’s IP address and port. A
client can use any locally unused port number for communication. Consider the following example:

In the picture above you can see that a host with an IP address of
192.168.0.50 wants to communicate with the FTP server.
Because FTP servers use, by default, the well-known port 21, the
host generates the request and sends it to the FTP server’s IP
address and port. The host use the locally unused port of 1200
for communication. The FTP server receives the request,
generates the response,and sends it to the host’s IP address and
port.
 Port numbers are from 0 to 65535. The first 1024 ports are reserved for use by certain privileged services:

NOTE
The combination of an IP address and a port number is called a socket. In our example the socket would be 192.168.0.50:1200.
ARP (Address Resolution Protocol) explained

ARP (Address Resolution Protocol) is a network protocol used to find out the hardware (MAC) address of a
device from an IP address. It is used when a device wants to communicate with some other device on a local
network (for example on an Ethernet network that requires physical addresses to be known before sending
packets). The sending device uses ARP to translate IP addresses to MAC addresses.

The device sends an ARP request message containing the IP address of the receiving device. All devices on a
local network segment see the message, but only the device that has that IP address responds with the ARP
reply message containing its MAC address. The sending device now has enough information to send the packet
to the receiving device.

ARP request packets are sent to the broadcast addresses (FF:FF:FF:FF:FF:FF for the Ethernet broadcasts and
255.255.255.255 for the IP broadcast).
Here is the explanation otf the ARP process:
Let’s say that Host A wants to communicate with host B. Host A knows the
IP address of host B, but it doesn’t know the host B’s MAC address. In
order to find out the MAC address of host B, host A sends an ARP request,
listing the host B’s IP address as the destination IP address and the MAC
address of FF:FF:FF:FF:FF:FF (Ethernet broadcast). Switch will forward
the frame out all interfaces (except the incoming interface). Each device on
the segment will receive the packet, but because the destination IP
address is host B’s IP address, only host B will reply with the ARP reply
packet, listing its MAC address. Host A now has enough information to
send the traffic to host B.

All operating systems maintain ARP caches that are checked before
sending an ARP request message. Each time a host needs to send a
packet to another host on the LAN, it first checks its ARP cache for the
correct IP address and matching MAC address. The addresses will stay in
the cache for a couple of minutes. You can display ARP entries in Windows
by using the arp -a command:
TOOLS
 Ping explained
ping is perhaps the most commonly used tool to troubleshoot a network. Ping (Packet Internet
Groper) is included with most operating systems. It is invoked using a ping command and uses
ICMP (Internet Control Message Protocol) to reports errors and provides information related to IP
packet processing. Ping works by sending an ICMP echo request message to the specified IP
address. If the computer with the destination IP address is reachable, it responds with an ICMP
echo reply message.

A ping command usually outputs some other information about a network performance, e.g. a
round-trip time, a time to send an ICMP request packetand receive an ICMP reply packet.

Here is an output of the ping command from Windows 7:

In the example above we have pinged the ip address

10.10.100.1. By default, ping on Windows sends four ICMP
request packets. As you can see from the output above, the host
with the IP address of 10.10.100.1 is reachable and has replied
with four ICMP reply packets. You can also see that the remote
host has replied within 1 ms (time<1ms), which indicates that the
network is not congested.
 Traceroute explained
Traceroute is a command-line interface based tool used to identify the path used by a packet to reach its target. This tool
also uses ICMP messages, but unlike ping, it identifies every router in a path taken by the packets. Traceroute is useful
when troubleshooting network problems because it can help identify where exactly the problem is. You can figure out
which router in the path to an unreachable target should be examined more closely as the probable cause of the network’s
failure.

Traceroute sends a series of ICMP echo request packets to a destination. First series of messages has a Time to Live
(TTL) parameter set to 1, which means that the first router in a path will discard the packet and send an ICMP Time
Exceeded message. TTL is then increased by one until the destination host is reached and an ICMP echo reply message
is received. Originating host can then use received ICMP messages to identify all routers in a path.
NOTE
The traceroute command on Windows is named tracert. On Unix and Cisco IOS traceroute it is invoked using the traceroute
command.
Here is an example of using the tracert command in Windows:

In the output above you can see that the

traceroute command has listed the IP
addresses of all of the routers in the path.

Traceroute on Unix-like operating systems

Traceroute command on Unix works slighty

different than the Windows version. It uses
UDP packets with a large destination port
number (33434 to 33534) that is unlikely to
be used by any application at the destination
host. Like the Windows version of the
command, traceroute on Unix uses TTL to get
the IP addresses of the intermediary routers.
When a destination host is reached, it replies
with an ICMP port unreachable message.
 TCP/IP suite of protocols
The TCP/IP suite is a set of protocols used on computer networks today (most notably on the Internet). It provides an end-to-end
connectivity by specifying how data should be packetized, addressed, transmitted, routed and received on a TCP/IP network.
This functionality is organized into four abstraction layers and each protocol in the suite resides in a particular layer.

The TCP/IP suite is named after its most important protocols, the Transmission Control Protocol (TCP) and the Internet Protocol
(IP). Some of the protocols included in the TCP/IP suite are:

ARP (Address Resolution Protocol) – used to associate an IP address with a MAC address.
IP (Internet Protocol) – used to deliver packets from the source host to the destination host based on the IP addresses.
ICMP (Internet Control Message Protocol) – used to detects and reports network error conditions. Used in ping.
TCP (Transmission Control Protocol) – a connection-oriented protocol that enables reliable data transfer between two
computers.
UDP (User Datagram Protocol) – a connectionless protocol for data transfer. Since a session is not created before the data
transfer, there is no guarantee of data delivery.
FTP (File Transfer Protocol) – used for file transfers from one host to another.
Telnet (Telecommunications Network) – used to connect and issue commands on a remote computer.
DNS (Domain Name System) – used for host names to the IP address resolution.
HTTP (Hypertext Transfer Protocol) – used to transfer files (text, graphic images, sound, video, and other multimedia files) on the
World Wide Web.
The following table shows which protocols reside on which layer of the TCP/IP model: