Glossary

2.4 IP addressing and subnetting

8 min readaugust 20, 2024

IP addressing and subnetting are crucial for network communication and security. These concepts allow devices to be uniquely identified and located on a network, enabling efficient routing and communication between devices.

Understanding IP addressing and subnetting is essential for network security professionals. It enables them to properly configure networks, troubleshoot issues, and implement security measures to protect against unauthorized access and potential threats.

IP addressing fundamentals

  • IP addressing is a critical component of network communication, allowing devices to be uniquely identified and located on a network
  • Understanding IP addressing is essential for network security professionals to properly configure, troubleshoot, and secure networks

IPv4 vs IPv6

Top images from around the web for IPv4 vs IPv6

1 of 3

Top images from around the web for IPv4 vs IPv6

1 of 3
  • uses 32-bit addresses, allowing for approximately 4.3 billion unique addresses (192.168.0.1)
  • uses 128-bit addresses, providing a vastly larger address space to accommodate the growing number of devices (2001:0db8:85a3:0000:0000:8a2e:0370:7334)
  • IPv6 includes built-in security features, such as IPsec, which provides encryption and authentication for network traffic

Structure of IP addresses

  • IP addresses are divided into network and host portions, determined by the
  • The network portion identifies the network to which the device belongs, while the host portion identifies the specific device within that network
  • IP addresses are typically represented in dotted-decimal notation (IPv4) or hexadecimal notation (IPv6)

Network vs host portions

  • The network portion of an IP address is used for routing, determining the destination network for a packet
  • The host portion is used to identify the specific device within the destination network
  • The subnet mask determines the boundary between the network and host portions of an IP address

Public vs private IP addresses

  • Public IP addresses are globally unique and can be accessed directly from the Internet (e.g., 8.8.8.8)
  • Private IP addresses are used within local networks and are not globally unique (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
  • is used to translate between private and public IP addresses, allowing devices with private addresses to communicate with the Internet

Subnetting concepts

  • Subnetting is the process of dividing a larger network into smaller subnetworks, enabling more efficient use of IP address space and improved network performance
  • Understanding subnetting is crucial for network security professionals to properly design, implement, and troubleshoot network architectures

Purpose of subnetting

  • Subnetting allows for more efficient use of IP address space by dividing a larger network into smaller, more manageable subnetworks
  • It enables better network performance by reducing broadcast traffic and allowing for more targeted network management
  • Subnetting also enhances security by allowing for the creation of separate network segments with different access controls and security policies

Subnet masks

  • A subnet mask is a 32-bit number that determines the boundary between the network and host portions of an IP address
  • It is used in conjunction with the IP address to determine which part of the address represents the network and which part represents the host
  • Subnet masks are typically represented in dotted-decimal notation (255.255.255.0) or (/24)

CIDR notation

  • Classless Inter-Domain Routing (CIDR) notation is a compact way of representing a subnet mask
  • It specifies the number of bits in the network portion of an IP address, written as a suffix to the IP address (192.168.0.0/24)
  • CIDR notation allows for more flexible and efficient allocation of IP addresses compared to the traditional class-based system

Default subnets for address classes

  • In the traditional class-based system, IP addresses were divided into five classes (A, B, C, D, and E), each with a default subnet mask
  • addresses (0.0.0.0 to 127.255.255.255) have a default subnet mask of 255.0.0.0 (/8)
  • addresses (128.0.0.0 to 191.255.255.255) have a default subnet mask of 255.255.0.0 (/16)
  • addresses (192.0.0.0 to 223.255.255.255) have a default subnet mask of 255.255.255.0 (/24)

Subnetting techniques

  • Various subnetting techniques are used to divide networks into smaller subnetworks, each with its own set of rules and calculations
  • Network security professionals must be proficient in these techniques to effectively design and manage network architectures

Basic subnetting steps

  1. Determine the number of required subnets and hosts per subnet
  2. Choose an appropriate subnet mask based on the requirements
  3. Calculate the network address, broadcast address, and range of usable host addresses for each subnet
  4. Assign IP addresses to devices within each subnet

Subnetting formulas and calculations

  • Subnetting involves various formulas and calculations to determine the number of available subnets, hosts per subnet, and the range of usable IP addresses
  • Key formulas include:
    • Number of subnets: 2n2^n, where n is the number of borrowed bits
    • Number of hosts per subnet: 2m22^m - 2, where m is the number of remaining bits in the host portion
    • Block size: 256subnetmask256 - subnet\:mask

Variable Length Subnet Masking (VLSM)

  • VLSM allows for the creation of subnets with different sizes within the same network, enabling more efficient use of IP address space
  • It involves borrowing bits from the host portion of an IP address to create additional subnets of varying sizes
  • VLSM is useful when a network has subnetworks with different requirements for the number of hosts

Classless Inter-Domain Routing (CIDR)

  • CIDR is a method of allocating IP addresses and routing IP packets more efficiently than the traditional class-based system
  • It allows for the creation of subnets of arbitrary size, rather than being limited to the default subnet masks of classes A, B, and C
  • CIDR notation is used to specify the network prefix and the number of bits in the network portion of an IP address

IP address allocation

  • IP address allocation is the process of assigning IP addresses to devices on a network, which can be done statically or dynamically
  • Understanding the different methods of IP address allocation and their associated protocols is essential for network security professionals

Static vs dynamic allocation

  • Static IP address allocation involves manually assigning a fixed IP address to a device, which remains constant over time
  • Dynamic IP address allocation uses a protocol, such as , to automatically assign IP addresses to devices from a pool of available addresses
  • Static allocation is useful for devices that require a consistent IP address, while dynamic allocation is more flexible and easier to manage for larger networks

DHCP protocol and operation

  • Dynamic Host Configuration Protocol (DHCP) is a network protocol used to automatically assign IP addresses and other network configuration parameters to devices
  • DHCP operates on a client-server model, with the DHCP server managing the pool of available IP addresses and the DHCP client requesting an address from the server
  • The DHCP process involves four main steps: DHCP Discover, DHCP Offer, DHCP Request, and DHCP Acknowledgement

DHCP server configuration

  • Configuring a DHCP server involves defining the pool of available IP addresses, setting lease durations, and specifying any additional network parameters (default gateway, DNS servers)
  • DHCP servers can be configured to assign addresses based on various criteria, such as device MAC address or network port
  • Proper DHCP server configuration is essential to ensure efficient and secure IP address allocation

DHCP relay and IP helpers

  • DHCP relay, also known as IP helper, is a feature that allows DHCP requests to be forwarded across different subnets
  • It enables a single DHCP server to manage IP address allocation for multiple subnets, simplifying network management
  • DHCP relay agents receive DHCP broadcasts from clients and forward them to the DHCP server, then return the server's response to the client

IP address management

  • IP address management (IPAM) is the process of planning, tracking, and controlling the allocation and use of IP addresses within a network
  • Effective IPAM is crucial for maintaining network performance, security, and scalability

Planning IP addressing schemes

  • Planning an IP addressing scheme involves determining the number of required subnets, the size of each subnet, and the allocation of IP addresses within each subnet
  • Factors to consider include the current and future size of the network, the types of devices and services, and any security or regulatory requirements
  • A well-planned IP addressing scheme enables efficient use of address space and simplifies network management

Documenting IP address assignments

  • Documenting IP address assignments is essential for keeping track of which devices are using which IP addresses, and for troubleshooting network issues
  • Documentation should include the device name, MAC address, assigned IP address, subnet mask, and any relevant notes
  • Tools such as spreadsheets, databases, or specialized IPAM software can be used to maintain IP address documentation

Tools for IP address management

  • Various tools are available to assist with IP address management, ranging from simple spreadsheets to comprehensive IPAM software suites
  • These tools can automate IP address allocation, track address usage, and provide reporting and visualization capabilities
  • Examples of IPAM tools include Microsoft Excel, Open-AudIT, SolarWinds IP Address Manager, and Infoblox NetMRI

Best practices for IP address management

  • Implement a consistent and hierarchical IP addressing scheme that aligns with the network architecture and business requirements
  • Use DHCP for dynamic IP address allocation, reserving static addresses for devices that require them
  • Regularly audit IP address usage to identify and reclaim unused or misallocated addresses
  • Maintain accurate and up-to-date documentation of IP address assignments
  • Use access controls and authentication to secure access to IPAM tools and data

Troubleshooting IP addressing issues

  • IP addressing issues can cause various network problems, from connectivity failures to performance degradation
  • Network security professionals must be skilled in identifying and resolving these issues to maintain network availability and security

Common IP addressing problems

  • Duplicate IP addresses, causing IP conflicts and connectivity issues
  • Misconfigured subnet masks, leading to incorrect routing and communication failures
  • Exhaustion of available IP addresses within a subnet
  • Incorrect default gateway settings, preventing devices from communicating across subnets
  • Misconfigured DNS settings, causing name resolution failures

Ping, traceroute, and other diagnostic tools

  • Ping is a basic network diagnostic tool that tests the reachability of a device by sending ICMP echo request packets and awaiting a response
  • Traceroute maps the network path between a source and destination device, showing the sequence of routers through which packets travel
  • Other diagnostic tools include ipconfig/ifconfig (displaying IP configuration), nslookup (testing DNS resolution), and Wireshark (analyzing network traffic)

Resolving IP conflicts

  • IP conflicts occur when two devices on the same network are assigned the same IP address, causing communication issues
  • To resolve an IP conflict:
    1. Identify the devices involved using tools like ipconfig or
    2. Determine which device should retain the IP address based on network requirements
    3. Assign a new IP address to the other device, either manually or through DHCP
    4. Update any relevant documentation and DNS records

Identifying and fixing misconfigurations

  • Misconfigurations in IP settings, such as incorrect subnet masks or default gateways, can cause various network issues
  • To identify and fix misconfigurations:
    1. Review the device's IP configuration settings, comparing them to the network's documented IP addressing scheme
    2. Use diagnostic tools like ping and traceroute to test connectivity and identify any anomalies
    3. Correct any identified misconfigurations, such as updating the subnet mask or default gateway
    4. Test connectivity again to verify that the issue has been resolved
    5. Document the changes made and update any relevant network diagrams or configurations

Key Terms to Review (19)

ARP: ARP, or Address Resolution Protocol, is a network protocol used to find the hardware address of a host from its IP address within a local area network. It serves as a critical link between the IP layer and the data link layer in the TCP/IP model, facilitating the communication between devices on the same subnet. By converting IP addresses into MAC addresses, ARP ensures that data packets are properly directed to their intended destinations.
CIDR Notation: CIDR notation, or Classless Inter-Domain Routing notation, is a method for allocating IP addresses and routing Internet Protocol packets that uses a combination of the IP address and a suffix indicating the network prefix length. This system allows for more efficient allocation of IP addresses than traditional classful addressing by permitting variable-length subnet masking, which helps to reduce wastage of IP addresses.
Class A: Class A refers to a category of IP addresses that allows for a vast number of host devices on a single network, making it ideal for large organizations and networks. Class A addresses are characterized by their leading bits of '0', which means the first octet ranges from 1 to 126. This classification enables efficient routing and subnetting, playing a crucial role in how internet traffic is managed across different networks.
Class B: Class B refers to a range of IP addresses that are designated for medium-sized networks, capable of accommodating up to 65,534 hosts. This class uses a subnet mask of 255.255.0.0, which allows for a significant number of addresses in the network while maintaining efficient routing. Understanding Class B is crucial in managing IP addressing and subnetting as it helps network administrators allocate resources effectively and avoid IP conflicts.
Class C: Class C refers to a category of IP addresses that are primarily used for small networks and can accommodate a significant number of devices, with addresses ranging from 192.0.0.0 to 223.255.255.255. This class allows for a maximum of 254 usable host addresses per subnet, making it ideal for smaller organizations or network segments where a limited number of devices are connected. Class C addresses also utilize the first three octets to identify the network, while the last octet is used for host identification.
DHCP: Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automate the process of assigning IP addresses and other network configuration parameters to devices on a network. By utilizing DHCP, devices can receive their IP addresses dynamically rather than having them manually configured, which streamlines network administration and reduces the risk of errors associated with static IP address assignments. This protocol plays a critical role in managing IP addressing and ensuring efficient communication within local networks.
Host Availability: Host availability refers to the readiness and ability of a computer or network device to accept connections and serve requests over a network. It encompasses the uptime of systems, ensuring that they are operational and accessible to users or applications when needed. This concept is closely linked to the configuration of IP addresses and subnetting, as proper allocation and management of resources directly impact the ability of hosts to communicate effectively.
IP Spoofing: IP spoofing is a technique used to send Internet Protocol (IP) packets from a false (or 'spoofed') source address in order to disguise the origin of the packet. This tactic is often employed by attackers to bypass security measures, carry out malicious activities, or perform denial-of-service attacks. Understanding this technique requires knowledge of how data packets travel through networks and how IP addressing plays a crucial role in identifying the source and destination of these packets.
Ipv4: IPv4, or Internet Protocol version 4, is the fourth version of the Internet Protocol and serves as the backbone of data communication over the internet. It uses a 32-bit addressing scheme which allows for approximately 4.3 billion unique addresses. This version is fundamental in enabling devices to communicate and is essential for routing traffic across networks, linking devices worldwide and facilitating data transfer.
Ipv6: IPv6, or Internet Protocol version 6, is the most recent version of the Internet Protocol designed to replace IPv4. It was developed to address the limitations of IPv4, particularly the exhaustion of available IP addresses, by providing a vastly larger address space and improved routing efficiency. This transition is essential for supporting the growing number of devices connected to the internet, particularly in the context of modern networking, addressing schemes, and the Internet of Things (IoT).
Network Address Translation (NAT): Network Address Translation (NAT) is a method used in networking to modify IP address information in IP packet headers while in transit across a traffic routing device. NAT is primarily employed to enable multiple devices on a private network to share a single public IP address, enhancing security and conserving the limited supply of IPv4 addresses. It acts as an intermediary between private networks and the internet, allowing internal IP addresses to remain hidden from external entities.
Network Identifier: A network identifier is a unique part of an IP address that specifies a particular network segment within a larger network. It helps in distinguishing different networks from each other, allowing devices to communicate effectively within their own network and with external networks. This identifier is crucial for routing data packets, ensuring that they reach the correct destination across diverse and interconnected networks.
Private IP address: A private IP address is a non-routable IP address used within a private network that allows devices to communicate with each other without being exposed to the public internet. These addresses are part of designated ranges set by the Internet Assigned Numbers Authority (IANA) and are essential for enabling internal communication in homes and organizations while conserving public IP addresses.
Public IP address: A public IP address is a unique address assigned to a device that is directly connected to the internet, allowing it to communicate with other devices and networks. These addresses are routable over the internet, meaning that they can be reached from any other internet-connected device, enabling global communication. Public IP addresses are essential for accessing websites, online services, and communicating with other systems over the internet.
Routing prefix: A routing prefix is a part of an IP address that indicates a group of IP addresses that share the same network portion. This concept is essential in understanding how routing works, as it helps routers determine where to send packets based on the destination address. The routing prefix plays a crucial role in IP addressing and subnetting by allowing for efficient allocation and organization of IP addresses within a network.
Subnet mask: A subnet mask is a 32-bit number used in networking to divide an IP address into two parts: the network portion and the host portion. By doing this, it helps define the range of addresses available within a specific subnet, allowing devices on a local network to communicate effectively. This segmentation enhances routing efficiency and security by isolating different segments of a network.
Subnetting calculations: Subnetting calculations involve the process of dividing a single IP network into smaller, manageable sub-networks or subnets. This practice is crucial for efficient IP address management, optimizing network performance, and enhancing security by isolating network segments.
Supernetting: Supernetting is a technique used in IP addressing that allows multiple contiguous subnets to be aggregated into a larger single subnet. This process simplifies routing by reducing the number of entries in a routing table, which can lead to improved network performance and easier management. It is often utilized to optimize address space utilization and streamline the administration of IP networks.
Variable-Length Subnet Masking (VLSM): Variable-length subnet masking (VLSM) is a technique used in IP addressing that allows network administrators to create subnets of varying sizes from a single IP address space. This flexibility enables efficient use of IP addresses by allocating subnet sizes according to the specific needs of different segments of a network, reducing waste and improving overall network performance. By using VLSM, organizations can optimize their address allocation and better manage the hierarchical structure of their networks.
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Back
Practice QuizGlossary
Practice QuizGlossary
Next guide