Be aware of the following IPv4 address details:
- An IPv4 address is a 32-bit binary number represented as four octets (four 8-bit numbers). Each octet is separated by a period. IPv4 addresses can be represented in one of two ways:
- Decimal (for example 18.104.22.168). In decimal notation, each octet must be between 0 and 255.
- Binary (for example 10000011.01101011.00000010.11001000). In binary notation, each octet is an 8-character number.
- To convert from binary to decimal and vice versa, memorize the decimal equivalent to the following binary numbers:
10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001 128 64 32 16 8 4 2 1
- The subnet maskis a 32-bit number that is associated with each IPv4 address that identifies the network portion of the address.
- In binary form, the subnet mask is always a series of 1's followed by a series of 0's (1's and 0's are never mixed in sequence in the mask). A simple mask might be 255.255.255.0.
- In Classless Inter-Domain Routing (CIDR) form, the subnet mask appears as a slash (/) followed by the number of bits in the mask that are set to 1. A simple mask might be /24.
- IPv4 addresses have a default class. The address class identifies the range of IPv4 addresses and a default subnet mask used for the range. The following table shows the default address class for each IPv4 address range.
Class Address Range First Octet Range Default Subnet Mask CIDR Notation A 22.214.171.124 to 126.96.36.199 1-126 (00000001--01111110 binary) 255.0.0.0 /8 B 188.8.131.52 to 184.108.40.206 128-191 (10000000--10111111 binary) 255.255.0.0 /16 C 192.0.0.0 to 220.127.116.11 192-223 (11000000--11011111 binary) 255.255.255.0 /24 D 18.104.22.168 to 22.214.171.124 224-239 (11100000--11101111 binary) n/a n/a E 240.0.0.0 to 255.255.255.255 240-255 (11110000--11111111 binary) n/a n/a
A Network Address Translation (NAT) router translates multiple private addresses into the single registered IP address.
- The Internet is classified as a publicnetwork. All devices on the public network must have a registered IP address; this address is assigned by the ISP.
- The internal network is classified as a privatenetwork. All devices on the private network use private IP addresses internally, but share the public IP address when accessing the Internet.
- A NAT router associates a port number with each private IP address. Communications with the private hosts from the Internet are sent to the public IP address and the associated port number. Port assignments are made automatically by the NAT router.
- The private network can use addresses in the following ranges that have been reserved for private use (i.e. they will not be used by hosts on the Internet):
- 10.0.0.0 to 10.255.255.255
- 172.16.0.0 to 172.31.255.255
- 192.168.0.0 to 192.168.255.255
- A router running NAT modifies the source IP addresses contained within the IP packet. Private addresses in the packet are replaced with a public IP address.
- Technically speaking, NAT translates one address to another. Port address translation (PAT) associates a port number with the translated address.
- With NAT, you would have to have a public address for each private host. NAT would replace each private address with a unique public address.
- Port Address Translation (PAT), also called Network Address Port Translation (NAPT), associates a port number with each private host. This allows multiple private hosts to use the same public IP address. Private IP addresses are replaced with the public IP address and a unique port number that is associated with the host.
- DynamicNAT automatically maps internal IP addresses with a dynamic port assignment. Dynamic NAT allows internal (private) hosts to contact external (public) hosts, but not vice versa. External hosts cannot initiate communications with internal hosts.
- StaticNAT maps an internal IP address to a static port assignment or even to a specific public IP address. Using static mapping allows external hosts to contact internal hosts. Static NAT is typically used to take a server on the private network (such as a Web server) and make it available on the Internet. External hosts contact the internal server using the public IP address and the static port.
- Because NAT changes packet headers, IPSec might not work correctly through NAT. IPSec detects changes to packet headers as part of the security process.
- NAT shouldn't be considered a form of security, although it provides some security for the private network because it translates or hides the private addresses. For a more secure solution, combine NAT with packet filters or firewalls.
The current IP addressing standard, version 4, will eventually run out of unique addresses, so a new system is being developed. It is named IP version 6 or IPv6. The IPv6 address is a 128-bit binary number. A sample IPv6 IP address looks like: 35BC:FA77:4898:DAFC:200C:FBBC:A007:8973. The following list describes the features of an IPv6 address:
- The address is made up of 32 hexadecimal numbers organized into 8 quartets.
- The quartets are separated by colons.
- Each quartet is represented as a hexadecimal number between 0 and FFFF. Each quartet represents 16-bits of data (FFFF = 1111 1111 1111 1111).
- Leading zeros can be omitted in each section. For example, the quartet 0284 could also be represented by 284.
- Addresses with consecutive zeros can be expressed more concisely by substituting a double-colon for the group of zeros. For example:
- FEC0::78CD:1283:F398:23AB (concise form)
- If an address has more than one consecutive location where one or more quartets are all zeros, only one location can be abbreviated. For example, FEC2:0:0:0:78CA:0:0:23AB could be abbreviated as:
- FEC2::78CA:0:0:23AB or
- The 128-bit address contains two parts:
Component Description Prefix The first 64-bits is known as the prefix.
- The 64-bit prefix can be divided into various parts, with each part having a specific meaning. Parts in the prefix can identify the geographic region, the ISP, the network, and the subnet.
- The prefix length identifies the number of bits in the relevant portion of the prefix. To indicate the prefix length, add a slash (/) followed by the prefix length number. Full quartets with trailing 0's in the prefix address can be omitted (for example 2001:0DB8:4898:DAFC::/64).
- Because addresses are allocated based on physical location, the prefix generally identifies the location of the host. The 64-bit prefix is often referred to as the global routing prefix.
Interface ID The last 64-bits is the interface ID. This is the unique address assigned to an interface.
- Addresses are assigned to interfaces (network connections), not to the host. Technically, the interface ID is nota host address.
- In most cases, individual interface IDs are not assigned by ISPs, but are rather generated automatically or managed by site administrators.
- Interface IDs must be unique within a subnet, but can be the same if the interface is on different subnets.
- On Ethernet networks, the interface ID can be automatically derived from the MAC address. Using the automatic host ID simplifies administration.
- The IPv6 local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is not assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host.