IPv4 Addresses and Subnets
An IP address is a unique 32-bit number assigned to a specific network node. Some IP addresses are more or less permanent, such as those assigned to vital servers; others change as required, such as those used by desktop clients. Individual machines on a shared network use IP addresses from a range of addresses assigned to that network.
Rather than expressing that 32-bit address as a single number, an IP address is divided into four 8-bit numbers, usually expressed as decimals. While 192.0.2.1 and 11000000.00000000.00000010.00000001 represent the same address, the first option is easier for our feeble little brains to grasp.
Internet service providers (ISPs) issue IP addresses in blocks. These blocks are the smallest allocation that they can get away with giving you—say, 16 or 32 addresses. If your system is on a server farm, you might get only a few IP addresses out of a block of 256.
A netmask indicates the size of the block of IP addresses assigned to your local network. The size of your IP block determines your netmask—or, your netmask determines how many IP addresses the network has.
ISPs issue IP addresses by prefix length, commonly called a slash. You’ll see IP address blocks described in forms like 192.0.2.128/26. Everyone who has worked with networking has seen the netmask 255.255.255.0, and most know that it’s associated with a block of 256 IP addresses. That netmask is also called a /24. The number after the slash is the number of fixed bits in the netmask. Remember, an IPv4 address is a 32-bit number; on a /24 network, 24 of those bits will never change.
This isn’t a textbook on binary math, so I won’t quiz you on the conversions, but think of an IP address as a string of 32 binary digits. On your networks, you can change the bits on the far right, but not the bits on the far left. But where is the line that separates right from left?
Netmasks have traditionally been split on 8-bit boundaries, but there’s no hard rule that says they must be. A /25 network has 25 fixed bits—one more fixed bit than what used to be called a class C network—leaving you with 7 bits to play with. The netmask’s fixed bits are set to 1, and your network bits are set to 0, as in the following example of a /25 netmask:
11111111.11111111.11111111.10000000
The first three blocks are set to the binary 11111111, which is 255 in decimal. The last block is set to 1000000, which is 128. Mash these together, and your resulting netmask is 255.255.255.128.
If you reduce netmasks to binary, they’re simple to figure out. While you won’t need to work with this every day, if you don’t understand the underlying concepts, the decimal conversion looks like total gibberish. With a little practice, you’ll recognize certain decimal strings as legitimate netmasks.
So now that you know how netmasks work, what the heck does all this mean in the real world?
IP addresses are issued in multiples of 2. If you have 4 bits to play with, you have 16 addresses (24=16). If you have 8 bits to play with, you have 256 addresses (28=256). If someone says that you have exactly 17 IP addresses, you’re either sharing a network with other people or they’re wrong.
It’s common to see a host’s IP with the netmask attached, such as 192.0.2.130/26. This gives you everything you need to attach the host to the local network. (Finding the default gateway is a separate issue, but it’s usually the top or bottom address in the block.)
Calculating a Decimal IPv4 Netmask
Converting from binary to decimal to binary is error-prone and mildly annoying. Here’s how to calculate your netmask while remaining in decimal land.
Find how many IP addresses you have on your network. This will be a multiple of 2, almost certainly smaller than 256. Subtract the number of IP addresses you have from 256. This is the last number of your netmask. You still need to recognize legitimate network sizes, however. If your IP address is 192.0.2.251/26, you’ll need to know that a /26 is 26 fixed bits, or 64 IP addresses. Your netmask is 255.255.255.192 (256–64=192).
And I should also mention that netmasks occasionally appear in hexadecimal.
Before you travel to my house to bludgeon me repeatedly with this book, Table 11-1 shows netmasks, IP information, and related information for /24 and smaller networks.
|
Prefix |
Binary Mask End |
Decimal Mask |
Hex Mask |
Available IPs |
|
/24 |
00000000 |
255.255.255.0 |
0xffffff00 |
256 |
|
/25 |
10000000 |
255.255.255.128 |
0xffffff80 |
128 |
|
/26 |
11000000 |
255.255.255.192 |
0xffffffc0 |
64 |
|
/27 |
11100000 |
255.255.255.224 |
0xffffffe0 |
32 |
|
/28 |
11110000 |
255.255.255.240 |
0xfffffff0 |
16 |
|
/29 |
11111000 |
255.255.255.248 |
0xfffffff8 |
8 |
|
/30 |
11111100 |
255.255.255.252 |
0xfffffffc |
4 |
|
/31 |
11111110 |
255.255.255.254 |
0xfffffffe |
2 |
When you don’t feel like doing the math, you can refer to Table 11-1 or install the ipcalc package for quick netmask calculations. Don’t say I never take pity on my readers.[28]
Viewing IPv4 Addresses
Display IP addresses with ifconfig(8). If you run ifconfig without any arguments, it displays all interfaces on the machine.
$ ifconfig fxp0
…
inet 192.0.2.226 netmask 0xfffffff0 broadcast 192.0.2.239
inet 192.0.2.231 netmask 0xffffffff
…
The lines starting with inet are IPv6 addresses. This interface has the primary IPv4 address of 192.0.2.226 and a secondary, or alias, address of 192.0.2.231. You can also see the netmask of each of these addresses and the broadcast address for the subnet.
Unusable IPv4 Addresses
Every block of IPv4 addresses reserves the first and last IP addresses for use by the network:
-
The first IP address in a block is the network address, used for separating networks (and on primordial BSD systems, the broadcast address). On a /24 network, this would be an address ending in .0.
-
The last IP address in the block is the broadcast address. On a /24 network, the broadcast address ends in .255.
Note
According to the IP specifications, every machine on a network is supposed to respond to a request to the broadcast address. Unfortunately, in the late 1990s, this feature was used as an attack technique: All you needed to do was ping the broadcast address on any given network, and you would have a list of all IP addresses currently in use. Consequently, this functionality is now disabled by default on most operating systems and network appliances.
You cannot assign the first or the last IP address in a network to a device without risking network problems. Some systems fail gracefully, others fail painfully, and a rare few make it work. Although OpenBSD won’t object if you use the top and bottom network addresses, prepare for mayhem the first time you plug in a commodity printer or other embedded device. It takes only one inflexible device to ruin your whole day.
Special IPv4 Addresses
Quite a few blocks of IPv4 addresses are set aside for specific purposes. Although you don’t need to know all of them, there are two groups you’ll see pretty often. For a complete list of IPv4 subnets reserved for special purposes, read RFCs 5735 and 6598.
Localhost
The address range 127.0.0.1/8 is set aside for localhost, a machine’s address for itself. Every Unix-like system—and most other operating systems—attaches 127.0.0.1/8 to a loopback interface. Everything knows that the localhost address is local to the specific machine. Packets to or from 127.0.0.0/8 should never cross the network; likewise, daemons bound only to 127.0.0.1 can be accessed on only the local machine.
Private Networks
Internet standard RFC 1918 sets aside three networks for use on private networks and behind network address translation (NAT) devices: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. While public IP addresses must be issued by an ISP, anyone can use addresses within these three blocks as long as those hosts are not directly exposed to the public Internet. If you have a network where hosts do not have access to the Internet, or if you provide Internet access through a proxy server or NAT, you can use an RFC 1918 network.
IPv4 Addressing Pitfalls
Common wisdom dictates that each computer on a network is assigned a single IP address for each of its network interfaces. One computer, one network card, one IP address—simple, right?
Not always. Some special-purpose interfaces (such as those dedicated to packet sniffing) function as intended without an IP address, and many operating systems will allow you to assign multiple IP addresses to a single network interface through a process called aliasing. You can also bond multiple physical cards into a single network interface, giving the computer one large virtual interface. While you might not deal with these configurations every day, keep them in mind when troubleshooting.