0blivion nº2:(TCP.txt):15/03/2000 << Back To 0blivion nº 2
_____________________________________________________ / Oblivion Underground Magazine \ / Issue 2 15/04/2000 \ ▌ IP Addressing ▌ \ by Slider / \_____________________________________________________/ - SOF - IP Addressing Internetworking and Transport Layer Protocols This text provides an overview of the most important and common protocols of the TCP/IP internetwork and transport layers, which are the following: - Internet Protocol (IP) - Internet Control Message Protocol (ICMP) - Address Resolution Protocol (ARP) - Reverse Address Resolution Protocol (RARP) - User Datagram Protocol (UDP) - Transmission Control Protocol (TCP) These protocols perform datagram addressing, routing and delivery, provide connection-oriented and connectionless services to applications, and resolve internetwork layer addresses to network interface layer addresses and vice versa. - Internet Protocol (IP) IP is a standard protocol with STD number 5. That standard also includes ICMP and IGMP. The current IP specification can be found in RFCs 791, 950, 919 and 922, with updates in RFC 1349. IP is the protocol that hides the underlying physical network by creating a virtual network view. It is an unreliable, best-effort and connectionless packet delivery protocol. Note that best-effort means that the packets sent by IP may be lost, out of order, or even duplicated, but IP will not handle these situations. It is up to the higher layer protocols to deal with these situations. One of the reasons for using a connectionless network protocol was to minimize the dependency on specific computing centers that used hierarchical connection-oriented networks. The DoD intended to deploy a network that would still be operational if parts of the country were destroyed. During earthquakes, this has been proved to be true for the Internet. - IP Addressing IP addresses are represented by a 32-bit unsigned binary value which is usually expressed in a dotted decimal format. For example, 9.167.5.8 is a valid Internet address. The numeric form is used by the IP software. The mapping between the IP address and an easier-to-read symbolic name, for example myhost.ibm.com, is done by the Domain Name System. We first look at the numeric form, which is called the IP address. - The IP Address The standards for IP addresses are described in RFC 1166. To be able to identify a host on the Internet, each host is assigned an address, the IP address, or Internet Address. When the host is attached to more than one network, it is called multi-homed and it has one IP address for each network interface. The IP address consists of a pair of numbers: IP address = <network number><host number> The network number part of the IP address is centrally administered by the Internet Network Information Center (the InterNIC) and is unique throughout the Internet. IP addresses are 32-bit numbers usually represented in a dotted decimal form (as the decimal representation of four 8-bit values concatenated with dots). For example, 128.2.7.9 is an IP address with 128.2 being the network number and 7.9 being the host number. The rules used to divide an IP address into its network and host parts are explained below. The binary format of the IP address 128.2.7.9 is: 10000000 00000010 00000111 00001001 IP addresses are used by the IP protocol to uniquely identify a host on the Internet. (Strictly speaking, an IP address identifies an interface that is capable of sending and receiving IP datagrams, and one system can have multiple such interfaces. However, both hosts and routers must have at least one IP address, so this simplified definition is acceptable.) IP datagrams (the basic data packets exchanged between hosts) are transmitted by a physical network attached to the host and each IP datagram contains a source IP address and a destination IP address. To send a datagram to a certain IP destination, the target IP address must be translated or mapped to a physical address. This may require transmissions on the network to find out the destination's physical network address. The first bits of the IP address specify how the rest of the address should be separated into its network and host part. The terms network address and netID are sometimes used instead of network number, but the formal term, used in RFC 1166, is network number. Similarly, the terms host address and hostID are sometimes used instead of host number. There are five classes of IP addresses. * Class A addresses use 7 bits for the <network> and 24 bits for the <host> portion of the IP address. That allows for 2 7 -2 (126) networks with 2 24 -2 (16777214) hosts each; a total of over 2 billion addresses. * Class B addresses use 14 bits for the <network> and 16 bits for the <host> portion of the IP address. That allows for 2 14 -2 (16382) networks with 2 16 -2 (65534) hosts each; a total of over 1 billion addresses. * Class C addresses use 21 bits for the <network> and 8 bits for the <host> portion of the IP address. That allows for 2 21 -2 (2097150) networks with 2 8 -2 (254) hosts each; a total of over half a billion addresses. * Class D addresses are reserved for multicasting (a sort of broadcasting, but in a limited area, and only to hosts using the same class D address). * Class E addresses are reserved for future use. It is clear that a Class A address will only be assigned to networks with a huge number of hosts, and that class C addresses are suitable for networks with a small number of hosts. However, this means that medium-sized networks (those with more than 254 hosts or where there is an expectation that there may be more than 254 hosts in the future) must use Class B addresses. The number of small- to medium-sized networks has been growing very rapidly in the last few years and it was feared that, if this growth had been allowed to continue unabated, all of the available Class B network addresses would have been used by the mid-1990s. This is termed the IP Address Exhaustion problem. One point to note about the split of an IP address into two parts is that this split also splits the responsibility for selecting the IP address into two parts. The network number is assigned by the InterNIC, and the host number by the authority which controls the network. As we shall see in the next, the host number can be further subdivided: this division is controlled by the authority which owns the network, and not by the InterNIC. - Special IP Addresses Any component of an IP address with a value all bits 0 or all bits 1 has a special meaning: all bits 0 Stands for this: this host (IP address with <host address>=0) or this network (IP address with <network address>=0). When a host wants to communicate over a network, but does not yet know the network IP address, it may send packets with <network address>=0. Other hosts on the network will interpret the address as meaning this network. Their reply will contain the fully qualified network address, which the sender will record for future use. all bits 1 Stands for all: all networks or all hosts. For example, the following means all hosts on network 128.2 (class B address): <128.2.255.255> This is called a directed broadcast address because it contains both a valid <network address> and a broadcast <host address>. Loopback The class A network 127.0.0.1 is defined as the loopback network. Addresses from that network are assigned to interfaces that process data inside the local system and never access a physical network (loopback interfaces). - IP Subnets Due to the explosive growth of the Internet, the principle of assigned IP addresses became too inflexible to allow easy changes to local network configurations. Those changes might occur when: * A new type of physical network is installed at a location. * Growth of the number of hosts requires splitting the local network into two or more separate networks. * Growing distances require splitting a network into smaller networks, with gateways between them. To avoid having to request additional IP network addresses in these cases, the concept of subnets was introduced. The assignment of subnets can be done locally, as the whole network still appears to be one IP network to the outside world. The host number part of the IP address is subdivided again into a network number and a host number. This second network is termed a subnetwork or subnet. The main network now consists of a number of subnets and the IP address is interpreted as: <network number><subnet number><host number> The combination of the subnet number and the host number is often termed the local address or the local part. Subnetting is implemented in a way that is transparent to remote networks. A host within a network that has subnets is aware of the subnetting but a host in a different network is not; it still regards the local part of the IP address as a host number. The division of the local part of the IP address into subnet number and host number parts can be chosen freely by the local administrator; any bits in the local part can be used to form the subnet. The division is done using a subnet mask which is a 32 bit number. Zero bits in the subnet mask indicate bit positions ascribed to the host number, and ones indicate bit positions ascribed to the subnet number. The bit positions in the subnet mask belonging to the network number are set to ones but are not used. Subnet masks are usually written in dotted decimal form, like IP addresses. The special treatment of all bits zero and all bits one applies to each of the three parts of a subnetted IP address just as it does to both parts of an IP address that has not been subnetted. For example, a subnetted Class B network, which has a 16-bit local part, could use one of the following schemes: * The first byte is the subnet number; the second byte is the host number. This gives us 2 8 -2 (254 with the values 0 and 255 being reserved) possible subnets, each having up to 2 8 -2 (254) hosts. The subnet mask is 255.255.255.0. * The first 12 bits are used for the subnet number and the last four for the host number. This gives us 2 12 -2 (4094) possible subnets but only 2 4 -2 (14) hosts per subnet. The subnet mask is 255.255.255.240. There are many other possibilities. In fact, the number of subnets and hosts and future requirements should be taken into consideration before defining a subnet. In the above example, for a subnetted Class B network, there are 16 bits left for the subnet number and the host number fields. The administrator has the choice of defining either a larger number of subnets with a small number of hosts in each, or a smaller number of subnets with many hosts. While the administrator is completely free to assign the subnet part of the local address in any legal fashion, the objective is to assign a number of bits to the subnet number and the remainder to the local address. Therefore, it is normal to use a contiguous block of bits at the beginning of the local address part for the subnet number because this makes the addresses more readable. (This is particularly true when the subnet occupies 8 or 16 bits.) With this approach, either of the subnet masks above are *good* masks, but masks such as 255.255.252.252 and 255.255.255.15 are not. (In fact, hardly any TCP/IP implementation supports non-contiguous subnet masks, and their use is commonly discouraged, especially in CIDR environments that would become non-functional by choosing non-conventional subnet masks or network prefixes.) - Types of Subnetting There are two types of subnetting: static and variable length. Variable length is the more flexible of the two. Which type of subnetting is available depends upon the routing protocol being used; native IP routing supports only static subnetting, as does the widely used RIP protocol. However, RIP Version 2 supports variable length subnetting as well. Static Subnetting: Static subnetting means that all subnets in the subnetted network use the same subnet mask. This is simple to implement and easy to maintain, but it implies wasted address space for small networks. For example, a network of four hosts that uses a subnet mask of 255.255.255.0 wastes 250 IP addresses. It also makes the network more difficult to reorganize with a new subnet mask. All hosts and routers are required to support static subnetting. Variable Length Subnetting: When variable length subnetting is used, the subnets that make up the network can use different subnet masks. A small subnet with only a few hosts needs a subnet mask that accommodates only these few hosts. A subnet with many hosts attached may need a different subnet mask to accommodate the large number of hosts. The possibility to assign subnet masks according to the needs of the individual subnets will help conserve network addresses. Also, a subnet can be split into two parts by adding another bit to the subnet mask. Other subnets in the network are unaffected by the change. Variable length subnetting allows you to divide the network so that it is possible to define adequate hosts for each subnet by changing the subnet mask for each network. This can be achieved by configuring the routers accordingly. Please note that not every host and router supports variable length subnetting. With static subnetting each subnet has the same number of hosts. If it is required to have different numbers of hosts for each network, then variable length subnetting should be used. Only networks of the size needed will be allocated and routing problems will be solved by isolating networks with routers that support variable subnetting. A host that does not support this kind of subnetting would have to route to a router that supports variable subnetting. Mixing Static and Variable Length Subnetting: At first sight, it appears that the presence of a host that only supports static subnetting would prevent variable length subnetting from being used anywhere in the network. Fortunately this is not the case. Provided that the routers between subnets with different subnet masks are using variable length subnetting, the routing protocols employed are able to hide the difference between subnet masks from the hosts in a subnet. Hosts can continue to use basic IP routing and offload all of the complexities of the subnetting to dedicated routers. - A Variable Length Subnetting Example Consider a corporation that was assigned a Class C network 165.214.32.0, and it has the requirement to split this address range into five separate networks. The required number of hosts for each subnet are following: * 1. Subnet: 50 hosts * 2. Subnet: 50 hosts * 3. Subnet: 50 hosts * 4. Subnet: 30 hosts * 5. Subnet: 30 hosts This cannot be achieved by using static subnetting. For this case, the static subnetting can only divide the network into four subnets with 64 hosts each or eight subnet with 32 hosts each. This method would not meet the requirement. To be able to divide the network into five subnets, multiple masks should be defined. Using a mask of 255.255.255.192, the network will be divided into four subnets with 64 hosts each. After that, the last subnet can be further divided into two subnets with 32 hosts each by using a mask of 255.255.255.224. There will be three subnets with 64 hosts each and two subnets with 32 hosts each. This would meet the requirements. - Obtaining a Subnet Mask Usually, hosts will store the subnet mask to be used in a configuration file. However, sometimes this cannot be done, as for example in the case of a diskless workstation. The ICMP protocol includes two messages, address mask request and address mask reply, that allow hosts to obtain the correct subnet mask from a server. - Addressing Routers and Multi-homed Hosts Whenever a host has a physical connection to multiple networks or subnets, it is described as being multi-homed. All routers are multi-homed since their purpose is to join networks or subnets. A multi-homed host always has different IP addresses associated with each network adapter, since each adapter is in a different subnet or network. - IP Routing An important function of the IP layer is IP routing. It provides the basic mechanism for routers to interconnect different physical networks. This means that a host can function as a normal host and a router simultaneously. A basic router of this type is referred to as a router with partial routing information, because the router only has information about four kinds of destinations: * Hosts that are directly attached to one of the physical networks to which the router is attached * Hosts or networks for which the router has been given explicit definitions * Hosts or networks for which the router has received an ICMP redirect message * A default destination for everything else The last two items allow a basic router to begin with a very limited amount of information and to increase its information because a more sophisticated router will issue an ICMP redirect message if it receives a datagram and it knows of a better router on the same network for the sender to use. This process is repeated each time a basic router of this type is restarted. Additional protocols are needed to implement a full-function router that can exchange information with other routers in remote network. Such routers are essential except in small networks. There are two types of IP routing: direct and indirect. - Direct Routing If the destination host is attached to a physical network to which the source host is also attached, an IP datagram can be sent directly, simply by encapsulating the IP datagram in the physical network frame. This is called direct delivery and is referred to as direct routing. - Indirect Routing Indirect routing occurs when the destination host is not on a network directly attached to the source host. The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably for a system that actually performs the duties of a router.) The address of the first of these gateways (the first hop) is called an indirect route in the context of the IP routing algorithm. The address of the first gateway is the only information needed by the source host. In some cases there are multiple subnets defined on the same network. Even if the destination host is on the same network with the source host, if the they are on different subnets, then indirect routing is used. Thus, there is a need for a router that forwards the traffic between subnets. - IP Routing Table The determination of available direct routes is derived from the list of local interfaces available to IP and is composed by IP automatically at initialization. A list of networks and associated gateways (indirect routes) needs to be configured to be used with IP routing if required. Each host keeps the set of mappings between the following: * Destination IP network address(es) * Route(s) to next gateway(s) These are stored in a table called the IP routing table. Three types of mappings can be found in this table: 1. The direct routes, for locally attached networks 2. The indirect routes, for networks reachable via one or more gateways 3. The default route, which contains the (direct or indirect) route to be used in case the destination IP network is not found in the mappings of type 1 and 2 above - Intranets (Private IP Addresses) Address Allocation for Private Internets. Briefly, it relaxes the rule that IP addresses are globally unique by reserving part of the address space for networks that are used exclusively within a single organization and that do not require IP connectivity to the Internet. There are three ranges of addresses that have been reserved by IANA for this purpose: 10 A single Class A network 172.16 through 172.31 16 contiguous Class B networks 192.168.0 through 192.168.255 256 contiguous Class C networks Any organization can use any addresses in these ranges without reference to any other organization. However, because these addresses are not globally unique, they cannot be referenced by hosts in another organization and they are not defined to any external routers. Routers in networks not using private addresses, particularly those operated by Internet service providers, are expected to quietly discard all routing information regarding these addresses. Routers in an organization using private addresses are expected to limit all references to private addresses to internal links; they should neither advertise routes to private addresses to external routers nor forward IP datagrams containing private addresses to external routers. Hosts having only a private IP address do not have IP layer connectivity to the Internet. This may be desirable and may even be a reason for using private addressing. All connectivity to external Internet hosts must be provided with application gateways. This text can be found on my website www.SliderSecurity.Co.Uk, i would of liked to include it within Oblivion Mag, but it was published in another mag. Slider. - EOF - This took fucking ages to write, dont diss it. Shouts : Anyone that knows me.