An Introduction to TCP/IP and Subnet Masking

A Study Guide for Microsoft Exam #70-059

With respect to most of the other Study Guides I have prepared, the guide for TCP/IP is somewhat unique in that Microsoft lists fewer objectives for this exam. Therefore, it is imperative to have an understanding of many concepts pertaining to TCP/IP and Internetworking in general before proceeding in the traditional format. This document will begin with somewhat of a "TCP/IP primer," before addressing the actual Study Guide.

TCP/IP Basics

TCP/IP is much more than the two protocols implied by its name (Transmission Control Protocol and Internet Protocol). It is actually a suite of hundreds of protocols and utilities, which combine to provide the most widely used, and easily adaptable, protocol to date. As we know, for interconnectivity between any two systems, two components are required, a redirector, and a protocol. Obviously, the protocol requirement is met by TCP/IP itself. However, the redirector component is satisfied through the numerous utilities included in the TCP/IP suite. Utilities such as FTP (File Transfer Protocol), TelNet (Terminal Emulation), SMTP (Simple Mail Transfer Protocol), NFS (Network File System), and many others, combine to provide the same functionality and interoperability of redirectors such as CSNW (Client Services for NetWare) or Services for Macintosh. An understanding of reference models, such as the Open Systems Interconnection Model (OSI), the DOD Model, or the Microsoft Model, can greatly facilitate your understanding of exactly how the TCP/IP suite accomplishes its task of establishing and maintaining effective communications between computer systems.

IP Addressing

One of the most fundamental concepts of implementing TCP/IP is that of IP addressing. IP addresses uniquely identify each machine on a network, and the network itself. In comparison, think of your mailing address. The zip code identifies which postal station mail destined for you should be delivered to. The street address tells the Mail Carrier which street your mailbox is on, and the final piece of information tells the Carrier which box to place your mail in. This is referred to as a hierarchical addressing scheme, as opposed to a "flat" addressing scheme (such as Social Security numbering). Each piece of information in the address narrows the scope more until the final destination is reached. IP addressing is based on the same hierarchical approach and, as with Postal addressing, each computer (or intelligent device) on a TCP/IP network must have a unique address.

We need to define a couple of terms before continuing. A bit (binary digit) is defined as the smallest unit of information a computer can hold. A byte consists of 8 bits

IP addresses consist of 4 bytes of information (32 bits) most commonly written in dotted-decimal notation, where each byte is separated by a period. For example, an IP address of 132.114.16.32 would dictate an IP address whose first byte has a decimal value of 132. The second byte would have a decimal value of 114, and so forth. Before we look at what each byte is telling us, we should examine the mathematical computation of IP addresses. As you probably know, computers deal with data in binary form. The binary system is based on the powers of 2, and there are only two numbers, 1 and 0. One way to understand the binary system is to think of a concept of "switches." When we look at data in binary form, it is displayed as a series of 1s and 0s. By applying this concept of "switches" in which 1 dictates that the switch is in the "on" position, and 0 designates "off," we can begin to make sense of the binary system.

For example, look at this binary number:

0100

If we apply our "switch" theory, we can deduce that the 2^nd bit is "on," and all other bits are "off." Now let's look at a byte (8 bits) of information.

01100100

Remember that the binary system is based on the powers of 2. Each bit corresponds to the value of a power of 2. The first bit (leftmost) specifies whether or not the switch for 128 (2 to the 7th power) is on or off. The second bit specifies the position for 2 to the 6th power, and so on until we reach the eighth (rightmost) bit which specifies whether or not 2 to the 0 power (1) is on or off. Applying this to our example of 01100100, we can deduce that the bits for 2 to the 6th (64), 2 to the 5th (32), and 2 to the 2nd (8) are on. By adding these values together (64+32+8), we can deduce that the decimal value of 01100100 is 104. Look at this example:

11010011

Immediately we should know that the decimal equivalent should be an ODD number, as the last bit (2 to the 0 power) is on. Performing the math yields:

128+64+16+2+1 which equals 211.

This Table should help you make the conversions easily.

Table 1.1

There are some simple rules that apply to valid IP addressing. Some addresses have been designated to have "generic" meaning, and some have been reserved for specific purposes. Table 1.2 should help you remember these values.

Table 1.2

Understanding the construct and requirements of IP addressing, we can begin to investigate how IP addresses are assigned on the Internet. Remember that every computer (called a host on a TCP/IP network) must have a unique address. On the average LAN, this is not nearly as great a problem as it is on the Internet, where there are literally millions of users connected at any one time. (Remember that on a LAN that is NOT connected to the Internet, you may use whatever scheme you like, so long as there are no conflicts with other networks you may connect with). Someone must be responsible for insuring that no two computers are assigned the same IP address. That "someone" is The Network Information Center (InterNIC). InterNIC is the body through which Internet IP addresses are assigned. When a user wants to obtain an Internet address (for hosting a website, or general Internet connectivity), they much purchase a domain (an IP address) from InterNIC (more commonly today, this task is handled indirectly through an ISP). Perhaps you can already see the problem here. Since each machine connected to the Internet requires a unique IP address, and the length of current IP addresses is fixed at 32 bits, there is a finite number of IP addresses available. As TCP/IP was evolving, perhaps the developers and contributors did not foresee a future in which nearly every household in the world would have an Internet connection (that day will come). Perhaps to them, the 32-bit scheme seemed to offer more than enough unique addresses. No one could have predicted the astonishing growth that the Internet has experienced.

To further complicate the problem, Internet addresses were divided into classes to provide connectivity to organizations based on the number of clients that would need access to the Internet. Because of the numerical structure of IP addresses, there are also a finite number of available addresses in each class. Look at the table below and compare the different classes with the maximum networks, and the number of "nodes" (an address assigned to uniquely identify a host) that can be assigned.

Table 1.3

Huge organizations such as GE, and IBM received Class A addresses in order to accommodate the number of users that needed Internet connectivity. Once all of those were gone, InterNIC began to assign Class B addresses to larger organizations. Currently there are no Class A or Class B licenses available, and unused Class C addresses are disappearing quickly. The next incarnation of TCP/IP (IP6) will use a 128-bit addressing scheme and will help to eliminate the problems we currently face on the Internet.

Note: You should be aware that there are Class D and Class E addresses as well. Class D addresses are reserved for multicast transmissions (broadcasts to multiple destinations). Class E has been reserved for future use.

Subnet Masking

Each class of IP address is also assigned a default subnet mask, which is used to determine what portion of the address identifies the network, and what portion identifies the host. The default subnet mask hides (masks) the network portion of the address and identifies what bits may be used to assign addresses to hosts. Think of the old 3-D mazes and puzzles we used to see in comic books and on cereal boxes. In order to see the solution, you had to wear a special pair of (usually red) colored glasses that would filter out the answer. This is exactly what a subnet mask does. By applying the mask to the IP address, we can filter out the bits that are available for host assignment from the bits designating the network. The default subnet masks are:

Table 1.4

A typical IP address in binary form would look like this:

00001100. 00000010. 00000000. 11111101

or 12.2.0.253 decimal (my apologies to whoever actually owns this address).

By applying the subnet mask to the IP address, we can determine what portion of the address designates the network, and what portion is available for assigning host addresses. 0's "mask" the bit position and 1's allow the bits to "show through." What "shows through" is the NETWORK portion of the address. For example, we'll apply the default subnet mask for our 12.2.0.253 address (Class A) as so:

00001100.00000010.00000000.11111101 Address

11111111.00000000.00000000.00000000 +Subnet Mask

00001100. Network Address "Shows Through"

From this we can deduce that the network portion of this address is 12 (all the bits that were not masked) and the host address is 2.0.253. Therefore, the address of this machine is 2.0.253 on the 12 network.

Another example using a Class C address (192.16.130.23) and subnet mask:

11000000.00010000.10000010.00010111 Address

11111111.11111111.11111111.00000000 +Subnet Mask

11000000.00010000.10000010. Network Address "Shows Through"

Here we see that the network portion of the address is 192.16.130 and the host address is 23. The address of this machine is 23 on the 192.16.130 network.

Being able to identify the network is critical to successful communication on a TCP/IP network. If a packet is addressed to a machine on the same network, it will be directed to that machine. In order to accomplish this, the computer sending the packet must have some way of determining if the intended address is on the same network and subnet (segment, or portion of a network) as itself. By comparing its own network address with the network address of the destination computer, it can make the determination. If the network portions of the IP addresses match, it will send the packet directly. If they do not, it will send the packet on to the default gateway. The default gateway is nothing more than the address that a packet will be sent to if it is destined for an address that is not on the same (this) subnet. The sending machine assumes that the default gateway will know how to route a packet that is destined for a different network. The default gateway performs the same "masking determination" as the sending machine, and if able, directs the packet to its destination. If the default gateway determines that the address is on yet another network, it sends the packet to its own default gateway, where process begins again. Eventually, the packet will reach the correct network and finally, the intended host. The default gateway is typically a router.

Now ask yourself this, "what if I need to connect more than one network to the Internet?" "How can I do that with a single IP Address?" The answer lies in the art of custom subnet masking. Subnet masking is the manipulation of the default subnet mask to provide for additional network segments (subnets) or nodes (hosts). In effect, we "borrow" bits from the host portion(s) of the address to use in assigning network addresses.

Suppose you have been assigned an IP address of 130.100.0.0. We have six networks within our organization that (for whatever reason) need to remain distinct from one another, and all require Internet access. (At this point, we are only concerned with creating segments for access to the Internet. Assume that all six networks operate behind proxy servers, with a single access point from each network.) Upper management has instructed us to accomplish this task without incurring any additional expenses (we aren't allowed to purchase any additional IP addresses.) By creating a custom subnet mask, we can meet all the requirements using only our current IP address.

From Table 1.1, we can identify 130.100.0.0 as a Class B IP address because the first byte value (130) is between 128 and 192. Knowing that it is a Class B address tells us that the first two bytes designate the network, and the remaining two bytes designate hosts on the network. From Table 1.4, we find that the default subnet mask is 255.255.0.0, and the maximum number of hosts that can be assigned is 65,534, more than enough to accommodate our organization. Look at the default subnet mask in binary form:

11111111.11111111.00000000.00000000

Using this subnet mask yields one network with 65,534 hosts. We have been directed to accommodate six networks. As we said earlier, in order to provide more subnets, we will need to "borrow" bits from the host portion of our IP address to use as network (subnet) addresses. Logically, this will reduce the number of hosts we can accommodate. In order to determine the number of bits you need to borrow, use the following formula:

Therefore, we need to borrow 3 bits from the host portion of our IP address to use in our network address. Now look at the binary value of the subnet mask after borrowing the 3 bits:

11111111.11111111.11100000.00000000

Converting back to decimal form, we get a value of:

255.255.224.0, which becomes our custom subnet mask. Because we have borrowed bits from the host portion of our IP address, we can no longer assign the full 65, 534 host addresses. In order to determine the number of available hosts, we must recalculate using the formula:

Subnet 1: 130.100.32.0

Subnet 2: 130.100.64.0

Subnet 3: 130.100.96.0

Subnet 4: 130.100.128.0

Subnet 5: 130.100.160.0

Subnet 6: 130.100.192.0

Now we can begin to assign host addresses on each subnet. The valid host addresses on our networks are those that fall in between the subnet addresses. For example, on subnet 1, the valid host addresses would be 130.100.32.1 through 130.100.32.254. (Remember that host addresses of all "0"s or all "1"s are not allowed {from Table 1.2}.) For subnet 2, the valid addresses would be 130.100.64.1 through 130.100.64.254, and so on for the remaining subnets.

With a Class C address, the subnetting process is identical. However, it can be confusing, as we do not see the subnet when entering an IP address. Remember that computers use the IP address and subnet mask to determine whether or not a machine is located on the same subnet. When subnetting a Class C address, the host bits in the address of the destination will tell the sending machine to which subnet to send the packet. Suppose we have subnetted a Class C address (using the exact process as above) into 6 subnets with the mask of 255.255.255.224. The subnet addresses would then be 32, 63, 96, 128, 160, and 192. The host addresses would then be the numbers that fall between those subnet numbers. For example, the addresses on the 32 subnet would be 33 through 62. On the 64 subnet, 65 through 94, etc. It is very important at this stage to remember that the host portion of an address cannot end in all 1s or 0s. This is the reason that the 63 address on subnet 32 is invalid (in binary form 63 = 111111, and would not be valid), as well as the 95 address on subnet 64. The last byte (host address) of a Class C address will designate (by host number) which subnet the destination machine resides on.