Understanding IP Addressing and Network Routing: A Comprehensive Guide, Assignments of Cryptography and System Security

Download Understanding IP Addressing and Network Routing: A Comprehensive Guide and more Assignments Cryptography and System Security in PDF only on Docsity! James's TCP/IP FAQ - Understanding IP Addresses Introduction The Internet is often referred to as a "TCP/IP" network. Every network uses a set of rules to govern how computers send and receive information. These rules are called "protocols." A set of protocols is sometimes referred to as a protocol "suite" or "stack" and all computers on a network have to use the same protocols if they want to talk to one another. "TCP/IP" is the name given to the protocol suite used by computers on the global Internet, and as such it is no surprise that most corporate and home networks are also using TCP/IP as well. There are many parts to a protocol suite. Some protocols govern the physical characteristics of the network hardware and wires. Some govern the way specific applications talk to one another. The name "TCP/IP" actually refers to two parts of a protocol suite which govern how packets of information get from one computer to another, and how they get to the correct application within a given computer. IP - Internetworking Protocol (From My House to Your House) When you send information out over the Internet, something magic happens - your transmission (usually) gets to the right computer out of the millions that make up the Internet. It is the job of the "network layer" protocols to see that this happens. The network layer protocol used on the Internet is called the Internetworking Protocol, or simply IP. The IP protocol works a lot like sending mail through the postal service. It makes use of addresses to tell where to send the "mail" which in this case is composed of information packets. We break down information into packets because we want lots of computers to be able to talk to one another at the same time, and so we make each computer break the message it has to send into small parts. Those parts are all intermingled together on the wire. Sometimes it is more appropriate to call the parts "frames" but it is most common to call them "packets" and that's what we'll use in this discussion. IP Addresses Just like the postal service sending a piece of mail, each packet has to have the address of the computer that is supposed to receive it (the destination address). For reasons we'll get to shortly, every packet also has to have the address of the computer that sent it as well (called the source address), just like putting a return address on a piece of postal mail. Therefore, we can say that each machine that wishes to talk on the network has to have an address - called an IP address. As a general rule, every machine has to have a unique address, although in my FAQ on connection sharing I will talk about ways to violate that rule. An IP address is made up of four 8-bit numbers. Each of these numbers is separated by a decimal point. Since an 8 bit number can represent the decimal values 0-255, each of the four parts of an IP address can only be in that range. A typical address might look like 209.176.20.69 (this is the IP address of the web server which sent you this page). Networks - Groups of IP Addresses IP addresses can be grouped together to form a logical unit called a "network" or a "subnetwork" or a "domain". Don't worry too much about which is correct for now - we'll call this kind of grouping a "network". We can tell whether a computer is part of our own local network by comparing the other computer's IP address to our own, and using something called a "subnet mask" or a "netmask." A netmask tells us that all the computers on our local network have a common set of numbers in the IP address. The netmask defines which part of the IP address identifies the local network, and which part identifies the individual machine. For example, let's say your computer's IP address is 192.168.1.1. You have a subnet mask of 255.255.255.0. This netmask says that all 8 bits in the first 3 numbers (called octets) are used to define the network, and all 8 bits in the 4th number are used to define individual machines on the network. If you are trying to reach 1 computer 192.168.1.5, the netmask tells us this is on the same network as your own machine. But a computer with IP address 192.168.6.10 would be on another network - notice that part of the first 3 numbers is different. The reason all this is important is that the computers use IP addresses in their packets, but they also use a different kind of "hardware" address at the wire level. If your computer determines from the netmask and destination IP address that another machine is on your local network, it can send a query out on the local network asking for the hardware address of the other machine and then send the packet. If it determines that the other machine is on a different network, your computer will need to send the packet to a router instead. A router is a device that interconnects two or more networks. More often than not, you'll have a single router that connects your network to the others. This router will be your "default gateway" to the rest of the world. Finding IP Addresses of Other Computers So - we have a lot of information that we need to know in order to send packets to another machine. We need to know the IP address of the destination computer, the IP address of our own computer (the source), the subnet mask that defines our local network, and the IP address of the router that acts as our default gateway. How do we find out all of these pieces of information? Let's start with the IP address of the OTHER computer. When you want to look at my web site, you don't type in 209.176.20.69 on the URL bar in your web browser. You type in www.camden411.com, or perhaps you click on a link in another web page that points to that name. Most of the machines we need to reach on the Internet have these "names" that are more like plain English than a collection of numbers. Somehow your computer translates from the name to the IP address. There is no real magic here - it's a straightforward lookup in a file somewhere that says "www.camden411.com = 209.176.20.69". This file can be resident locally on your computer, but that wouldn't be practical on a huge Internet with millions of possible computers for us to talk to. Instead, we usually put these files on special servers called Domain Name Service (DNS) servers. Each network runs its own DNS servers with the lookup tables for all the local machines. Further, a properly configured DNS server also knows how to reach other DNS servers on the Internet for information it doesn't have in the local tables. You tell your computer the IP address of the DNS servers, and whenever you try to get to another machine by name, your computer will ask the DNS server to find out the IP address for you. Although using DNS servers relieves us from having to know the IP addresses of all those potential destination machines, it does require us to know something in addition to the information we listed above - that is, we have to know the IP addresses of the DNS servers themselves. So now, our list of things we have to know is:  Source IP Address (our own computer)  Subnet Mask (defines our local network)  Default Gateway IP Address (the router to everything else)  DNS Server Addresses (to look up destination IP addresses) Finding Our Own IP Address (And Other Stuff) Where do we get all that information? There are two general methods for defining all this stuff. The first is a manual process of assigning all these numbers and configuring them on the local machine. This works fine for small networks with only a handful of computers, and for people who know how to do the configuration without screwing up their computers. For larger networks, and for end-users who may not have the knowledge to manually configure everything, there are automated or "dynamic" methods of having it done for us. The most common on business networks is called DHCP - Dynamic Host Configuration Protocol. If your computer is configured to use DHCP, every time it is booted the computer will send out a request on the network asking for the basic network configuration settings. A special server (a DHCP server) will respond with an IP address for the computer to use, the subnet mask, the gateway router address, and the DNS server addresses. On dialup networks such as those run by many Internet Service Providers, we connect using PPP (Point-to- Point Protocol) which does something similar to DHCP, except that the user is normally required to supply a 2 In order for two packets to be considered part of the same "session" all four of the above items have to match. If any one of those items is different, the two packets are part of different sessions. Once a client application "finishes" using a port number and a particular session is closed, the port number is reserved for a short period of time, and then is returned to the "pool" of available port numbers. This scheme, while confusing, has some strong advantages. For example, imagine a web page with a single HTML text file and 5 graphics. Downloading that "page" requires 6 TCP/IP sessions, and thus uses 6 client- side port numbers. Assume for a moment that a temporary problem on the Internet causes one of the graphics to fail to come in cleanly. Since these are all separate sessions, the page can still be displayed in the browser using the pieces that arrived safely. When A Client Is Really A Server... In general, there is a clear line drawn between a client and a server. Server software sits and listens for connections; it does not initiate connections on its own. Server software has to be up and running all the time in order to be useful. Client software is used to access information on servers; it is used to initiate connections to servers. Client software only has to be running at the moment you want to use it. But some of the newer applications available for use on the Internet are blurring the line between client and server. These are sometimes called "peer-to-peer" applications, and effectively operate as both client AND server. Examples include Napster (which allows for peer-to-peer file sharing) and just about any instant- messaging software you can name (AOL Instant Messenger, ICQ, etc.). These programs not only allow you to connect to someone else, but they also "listen" for incoming connections just like a server. There are also an increasing number of games that can be operated in a "server" mode for multiplayer gaming. You can be a client connecting to someone else's game, or you can run your own game server allowing others to connect to you. For "normal" Internet connections, these distinctions may seem irrelevant, but when you begin looking at sharing an Internet connection they will assume more importance. TCP or UDP? I mentioned earlier that there are a couple of different transport layer protocols commonly used that both make use of port numbers. You will not normally need to be concerned about when to use TCP and when to use UDP - this will be defined by the application you're using. Your client or server software will automatically use whichever is most appropriate. However, there are a couple of rare cases where it might be useful to know the difference. This will mainly be with streaming media applications, like RealAudio, where you may be allowed to choose one or the other. TCP is oriented towards reliability. It uses not only the port numbers, but also sequence numbers and frequent acknowledgment packets to ensure that packets arrive intact and in order. This is usually desirable, but it can create some overhead on the connection, especially if there are a lot of errors or latency on the network. By contrast, UDP is oriented towards raw throughput. For example, applications that can do all their work in a single packet don't need to worry about sequencing. DNS is a good example of a message that can go over the network in a single packet. Another place where UDP is appropriate is streaming audio and video. You don't WANT to drop a lot of packets, but neither do you want to constantly stop and ask for packets to be re-sent. Using UDP for this kind of connection allows your computer to ignore dropped packets and play back the stream, warts and all. So...our example was RealAudio - which would you choose? Under most circumstances, UDP would give you the best chance of listening to a live data stream. BUT - if you planned to "record" a copy of that data stream on your computer, TCP would let you guarantee that every packet is recorded for best quality. James's TCP/IP FAQ - Understanding Network Hardware Introduction In the first two parts of this primer, I talked about IP addressing and routing, and network application port numbers. That may be all the information you need. But if you're interested in learning about how to share an 5 Internet connection, there may be some terms that are new to you (or you may have heard them but not understood what they mean). I will start with some slightly more advanced information about routing - then we'll describe the hardware. A Little More About Routing Earlier I talked about routing on an IP network using IP addresses, subnet masks, and router addresses. That all happens at the "network layer" but there are layers below that which come into play. Mainly, the "data link" layer specifies how machine put information on the wire and how they take it in for processing. Just as we use IP addresses to identify computers on an IP network, we also use Media Access Control addresses (MAC) to identify the actual hardware interface of each device on the network. It's not just a case of every computer having an address - every network interface must have a unique MAC address. And unlike IP addresses which people can easily configure at will, MAC addresses are generally "burned into" the device by the manufacturer. With few exceptions, a MAC address is permanent and unique. The nice part of all this is that human beings rarely need to concern themselves with knowing MAC addresses - they are used by underlying layers of protocol stacks and we are insulated from having to deal with them directly. Here's an example: Your machine has IP address 192.168.1.1. You want to send information to a machine with IP address 192.168.1.2. Your subnet mask of 255.255.255.0 tells you that your computer is on the same local network segment as the other. Your computer then sends out what is called an Address Resolution Protocol broadcast (ARP) asking for the MAC address of the computer with IP address 192.168.1.2 (and you include your own MAC address in the request). Every machine on the local network sees the broadcast. The machine that "owns" the IP address 192.168.1.2 will send its MAC address back to your machine. Your machine will then formulate a packet containing your own MAC as the source MAC address and the destination computer's MAC address as well (the packet will also still have to show the source and destination IP addresses and port numbers - the MAC addresses are just additional information that has to be there). Even if you are on some type of shared network media, no other machines will bother to accept the packet, because the MAC address will identify the specific machine that should deal with it. If the destination computer is not on the local subnet (as defined by the IP address and subnet mask), your computer will do one of two things. If you have a route statement configured (such as a default gateway setting), your computer will send a directed ARP request to the router asking for the MAC address of the router's interface on the local network. Once you have retrieved that, you send the packet directly to the router. If you don't have a specific or default route to a router that can carry the traffic, you go back to the broadcast method - sometimes a router can still answer with its MAC address if it is configured to do something called "proxy arp." Now what was the point of all that? Simply that from the standpoint of the hardware, routing happens at the data link layer using MAC addresses. IP addresses are things that can be configured, changed, etc. - but MAC addresses are fixed and unique. And now, the hardware... Hubs A hub is a passive network appliance that shares all incoming packets with every attached device, creating a common network segment. Basically, it is usually a small box with a bunch of network ports where you can plug in computers or other network devices. There is a common wiring bus that connects all those ports together. Whenever a packet is sent by any computer or device on the hub, every other computer or device "sees" the packet. The only thing that keeps everything straight is MAC addresses - computers ignore packets unless the MAC address matches their own. Advantages of hubs are that they are cheap and simple. You can get an 8 port unit for well under $50, and there is literally no configuration to do - just plug in your computers and go. Hubs can be "daisy-chained" together to get additional ports on the local network segment as well, providing cheap and easy expansion to an existing segment. The main disadvantage of a hub is that with every packet being seen by every device, there is an increased chance of collisions (when two machines try to talk at once on the network). A few 6 collisions aren't a problem since the computers can retransmit data if needed, but over a certain threshold they begin to degrade performance. Switches A switch is an active, intelligent network appliance that creates a common network segment, but which segregates attached devices into separate collision domains. Think of a hub that actually routes packets only to the machines that are supposed to see them - that's a switch. A switch usually makes use of MAC addresses to figure out where to send the packets. Advantages of switches are that they tend to prevent collisions, allowing network traffic to be driven at substantially higher rates. Disadvantages are that switches are more expensive, and require configuration making them more complex. Routers Hubs and switches provide for a local network segment. A router is a device that actually connects two networks together. A router will have multiple network interfaces, at least two - each network interface will have an IP address and subnet mask making it part of the network where it is plugged in. Generally, each of a router's network interfaces will be plugged into a hub or switch. Routers accept incoming packets from an interface, and then make decisions about where to forward them. Those decisions are made based on routing "tables" which are just basic text lists of routes. A router will often have a default route (just like the default gateway setting on a computer) that tells it where to send packets destined for a network where it doesn't have a specific route. There's really no sense in talking about the pros and cons of routers - they are what they are. If you need to connect two or more networks together, a router is a must. However, you might be interested to know that a router does not have to be a "black box" network appliance - it could simply be a computer with multiple network cards and some routing software. Windows NT and most versions of Unix (including Linux) include routing functions, and those functions can be added to most other operating systems like Windows 95/98. Routers can do more than just route - they can do filtering based on source and destination IP addresses and port numbers, blocking all traffic except what you decide to allow (or allowing all but the traffic you decide to block). This is the basic principle behind a firewall. And many routers can do Network Address and Port Translation (NAT, PAT, NAPT) allowing a router to "hide" the real addresses and port numbers of the computers on one side of the router from the network on the other side. This can be useful both for security and for sharing a connection to the Internet. Firewalls As mentioned above, a firewall is basically a router with the ability to filter traffic based on IP addresses and port numbers. The kinds of firewalls used in corporations tend to be special purpose devices that are not used as normal routers and have more capabilities than simple packet filtering. But most any router can act as a basic firewall, and there is even software available for home use on a single machine to "firewall" the traffic coming in and out of the computer. Bridges I almost didn't mention bridges because they are pretty rare, especially in small networks such as in the home. A bridge is simply a device that extends a local network segment over some kind of intervening link (like a wide area link or an ATM network). Simply put, you can have a computer across town with an IP address and subnet mask that makes it part of a local network segment, even though that computer is not directly plugged into the local hub or switch. I mention bridges here because that is the basic functionality provided by the type of "ADSL modem" used with TDS Telecom's local ADSL service. Your computer gets an IP address on the TDS local network segment, and the ADSL device acts as a bridge to connect your machine to their network. 7