IP addresses 101

We always talk about IP addresses, however I'm pretty sure most people (including me) has a lot to learn about this subject. There is a lot to tell, let me introduce you the basic knowledge about it. Before going any further, I must warn you that if have heard about IP address classes that this concept is obsolete: since 1993 it's not in use anymore, therefore we won't talk about it at all and you can forget it.

What is an IP address?

On a network, every machine have at least one IP address. This address is like your postal address, it's unique on the network and when you wish to send a message to a machine, just send it to it's address (the others layers of the network will do the "post office" job). Currently, two versions of the Internet Protocol (IP) exists, version 4 and version 6. Those two different version are not compatibles and addresses are very different, that's why we will differentiate IPv4 and IPv6 addresses.

IPv4

Structure of an IPv4 address

An IPv4 address is a sequence of 32 bits (0 and 1). Seriously, it's just 32 0 and 1 in the memory, nothing more.

Notation of an IPv4 address

Ok, a bunch of 0 and 1 isn't user-friendly, that's why we, humans, uses a different notation. The 32 bits are divided in 4 groups of 8 bits. Each 8 bits group can be represented in a decimal (base 10) number between 0 and 255 :

0:   00000000
1:   00000001
2:   00000010
...
254: 11111110
255: 11111111

Therefore, a classic notation for an IPv4 address is to write the 4 numbers separated with dots (eg: 192.168.1.42).

IPv4 address exhaustion

Of course those 32 bits can accept only a limited number of different IP addresses (and some special addresses cannot be allocated), and it is a problem. Quite quickly after the rise of internet the number of available IP addresses was critically low. Some very clever tricks saved us from the disaster:

  • New rules for addresses attributions. The old rules relied on IP classes, it's not the case anymore and I will detail it later.
  • Network Address Translation (NAT).

Let's talk about NAT. Do you remember the old times, with a 56k (or lower) modem when you could connect only one machine to internet? This way, if you have 5 machines in your house, each one has a different public IP address, that's not very convenient. Now we uses a very clever trick based on NAT. First, let's create a private local network. No need to be an expert to do so, let's just use a switch and plug every computer on it with ethernet cables. Keep in mind that in this local network, each machine must have one IP, however those IPs are taken from special sets reserved for local networks (such IPs cannot be used on internet). Then, one (and only one) machine from this network will also be connected to internet via the modem. NAT allows every machine on the local network to use the one connected to internet as a gateway. This way, only one public IP address is needed. Connecting local networks to internet with NAT reduces the number of needed public addresses.

However, even if for years everything went fine, we are currently running out of IPv4 addresses. The only solution is to use IPv6 which can handle millions of addresses per inch square of the earth surface. However, IPv4 and IPv6 are not compatible each others, so there's 2 internet, one for each. There is several tricks to connect IPv4 and IPv6 networks but it's not enough. ISPs and others important actors in the web are reluctant to plan a switch to IPv6, but in a few years they won't have the choice...

IPv6

Structure of an IPv6 address

Nothing new here except for the length... an IPv6 address is made of 128 bits.

Notation of an IPv6 address

Just like IPv4, the bits are separated in groups. But this time, we have 8 groups of 16 bits and the numbers are not in decimal (base 10) but in hexadecimal (base 16) and the separation character is the colon. Example: fe80:0000:0000:0000:0202:b3ff:fe1e:8329.
There is several ways to shorten this address. One of the tricks is to remove the unnecessary 0. Lets apply it on the previous example: fe80:0:0:0:202:b3ff:fe1e:8329.
For more compact addresses, one (and only one) series of consecutive 0 can be completely removed: fe80::202:b3ff:fe1e:8329. The two colons indicates the part where the 0s have been removed. And yes, 0000:0000:0000:0000:0000:0000:0000:0001 can be shortened as ::1.

Networks and IPs ranges

You might have noticed there is several sets and sub-sets. There is one set per network ans it is possible to create sub-networks. A given network will have only IPs within defined range. Let's take a famous example: IPv4 addresses from 192.168.0.0 to 192.168.255.255. Those addresses are one of the 3 IPv4 sets reserved for local networks (every single internet router is configured to drop any packet with a source of destination address within those ranges). This set has 2 special addresses:

  • 192.168.0.0: Address of the network itself.
  • 192.168.255.255: Broadcast address, it is used to send a message to every machine on this network.

Of course none of those two addresses can be allocated to machines. We can easily represent such a set of IPs using the CIDR notation. The range will be defined by the network's address followed by a slash and the number of bits (from the left) that cannot change. For IPs between 192.168.0.0 and 192.168.255.255, the first 16 bits cannot change, the CIDR notation is 192.168.0.0/16. In this case it's quite simple because 16 bits is the size of 2 numbers (192.168), but is some other cases it's not that easy. Let's take an other example and try the reverse operation:
What does 199.36.72.0/21 represents? Let's have a look at the binary representation:

199.36.72.0 -> 11000111.00100100.01001000.00000000
                                     ^
                                     21th bit

Obviously it's the network address (first address of the range): all the last bits are 0s. For the broadcast address (last address of the range), all of them are 1s :

11000111.00100100.01001111.11111111 -> 199.36.79.255 
                      ^
                      21th bit

And that's how we know the broadcast address from the CIDR notation. Now we know that 199.36.72.0/21 represents every IPs from 199.36.72.0 to 199.36.79.255.

How an IP address is attributed?

Ip addresses are allocated in a pyramidal way: at the top level there is one authority, the IANA (it used to be independent, but now it's part of the ICANN, the internet big boss). The IANA give the management of some IP ranges to smaller authorities called Regional Internet Registries (RIR). There is only 5 RIRs in the world, each with a specific geographic area. Those RIR allocates sub-ranges to more smaller authorities named Local Internet Registries (LIR). Typically, every ISP is a LIR. Those LIR allocate IPs to final users.

Obviously, sometimes there is some specific case. For examples, some countries have specific authorities between the RIR and LIRs. As well, the pyramid can go deeper, the final user can be allocated a bloc instead of only one IP, therefore he decides how to allocate the IPs within the range he has been given.

Special addresses

Not all IPs are routable on internet, some blocs are reserved for some specific usages. The most famous example is ranges reserved for IPv4 local networks:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Most of people have a their private network configured with the 192.168.0.0/16 range. Check your own, just for fun. And yes, you can change the configuration to use one of the two others.

There is a lot of others special ranges (for IPv4 as well as for IPv6), but it would be quite useless to list them here. Just keep in mind their existence.

How to get informations from an IP address

The best way to get informations about an IP is to ask to it's RIR. The RIR is able to provide you the IP range where this IP is located as well as informations about the LIR. Of course you don't have to guess which RIR the IP belongs to, there is tool for those purposes.

Those who uses an UN*X like system can simply use the whois command:

whois 192.168.1.42

Others tools exists, including web-based ones like DNSstuff. Just have a look to the "IP Information" section.

Tags