|News||Certifications||Recommended links||Lecture notes for RHSCA certification for RHEL 7||Curriculum||Reference||Reviews||Notes on RHCSA Certification for RHEL 7|
|RH133 (old, RHEL6 based info)||Red Hat Linux Essentials||New Page 1||Sysadmin Horror Stories||Understanding and using essential tools||Access a shell prompt and issue commands with correct syntax||Finding Help||Managing files in RHEL||Working with hard and soft links|
|Working with archives and compressed files||Using the Midnight Commander as file manager||Text files processing||Using redirection and pipes||Use grep and extended regular expressions to analyze text files||Finding files and directories; mass operations on files||Connecting to the server via ssh, using multiple consoles and screen command||Introduction to Unix permissions model||Managing users and groups|
|RHCSA: Managing local users and groups||RHCSA: Introduction to Unix permissions model||Introduction to Process Management||Configuring network in RHEL7||Installation and configuration of KVM in RHEL7||Tips||Unix History with some Emphasis on Scripting||Humor||Etc|
Originally, IP addresses were assigned via /etc/hosts.
Conceptually IP address which has the length of 4 bytes is split into two parts networking part and host part. The place of split is determined by a special parameter called network mask which specifies number of bits in networking part of the address. Network mask is provided in two forms
As you can see netmask notations /24 and 255.255.255.0 are equivalent and both translate into bit mask
So the notation 10.10.10.10/24 means that network part (or as it is often called network number) of this IP address consists of 24 bits and correspondingly host part (or as it often is called host number) consists of 8 bit.
If Server 1 with IP1 wants to communicate with server2 with IP2 two situations are possible
The Internet contains around a billion computers with IPv4 addresses. As you understand that creates a challenge of assigning them in such a way so that no two devices share the same public IP address. To this purpose an organization called the Internet Assigned Numbers Authority (IANA) was formed to track and it assigns block of IP addresses to large organizations, countries. Initially handled by a single person (the famous Jon Postel) until 1998, the IANA has grown dramatically and now oversees a number of Regional Internet Registries (RIRs) that parcel out IP addresses to large ISPs and major corporations within a particular country. The RIR for North America is called the American Registry for Internet Numbers (ARIN). The vast majority of end users get their IP addresses from their respective ISPs. IANA passes out IP addresses in contiguous chunks called class licenses, which are outlined in the following table:
Under so called "classful network addressing", the 32-bit IPv4 address space was partitioned into 5 classes (A-E) and network mask was determined automatically from the first bits of the IP address.
Classes as shown in the following tables.
|Class||Leading bits||Netmask||Size of host part of IP address||Number of networks||Addresses per network||Total addresses in class||Start address||End address||Default subnet mask in dot-decimal notation||CIDR notation|
|Class A||0||/8||24||128 (27)||16,777,216 (224)||2,147,483,648 (231)||0.0.0.0||127.0.0.0[a]||255.0.0.0||/8|
|Class B||10||/16||16||16,384 (214)||65,536 (216)||1,073,741,824 (230)||220.127.116.11||18.104.22.168||255.255.0.0||/16|
|Class C||110||/24||8||2,097,152 (221)||256 (28)||536,870,912 (229)||192.0.0.0||22.214.171.124||255.255.255.0||/24|
|Class D (multicast)||1110||not defined||not defined||not defined||not defined||268,435,456 (228)||126.96.36.199||188.8.131.52||not defined||not defined|
|Class E (reserved)||1111||not defined||not defined||not defined||not defined||268,435,456 (228)||240.0.0.0||255.255.255.255||not defined||not defined|
Today, IP addresses are associated with a subnet mask. This was not required in a classful network because the mask was implied by the address itself
CIDR (Classless Inter Domain Routing) is the term that is used for the ability to specify arbitrary boundary between network part of IP address and host part of the IP address using netmask. This concept is also known as subnetting: taking a single class of IP addresses and chopping it up into multiple smaller subsets.
If is obvious that subnetting enables a much more efficient use of IP addresses compared to old class licenses. For example, it enables you to separate a networks into segments for security (separating for example address used for remote controls such as DRAC or ILO from addresses that are used by the server itself. That improved security as some attacks are directly on DRAC and ILO.
Separate subnets also can be used for bandwidth control (separating a heavily used LAN from one that’s not so heavily used).
Let’s look at the subnet mask /24 for the IP 10.194.181.50 -- 10.194.181.50/24:
Before going even one step further, you need to answer this question: On a /24 network, how many hosts can you have? Well, if you used dotted decimal notation you might say
192.168.4.1 to 192.168.4.254 = 254 hosts
But do this from the binary instead. In a /24 network, you have eight last zeroes in network mask so 8 bit area assigned to the host ID. So the formula 28 – 2 and we get the same number:
28 – 2 = 254
Similarly if you have a /16 subnet mask you have 16 bits assigned to the host part of the address which will get
216 – 2 = 65,534 total hosts.
Lots of folks use TCP/IP in networks that either aren’t connected to the Internet or want to hide their computers from the rest of Internet. Certain groups of IP addresses, known as private IP addresses, are available to help in these situations. All routers destroy private IP addresses. Those addresses can never be used on the Internet, making them a handy way to hide systems. Anyone can use these private IP addresses, but they’re useless for systems that need to access the Internet—unless you use NAT (see below)
There are three special classes of IP addresses that are designed for use in internal networks only.
All other IP addresses are public IP addresses. Typically corporations use 10.0.0.0/8 for their internal networks and 192.168.0.0/16 networks, 172.16.0.0/12 is often used for computational clusters.
NOTE: No device on Internet can have those IP addresses. In other word they are not routable:
When you communicate with Internet using for example I.e. web browser, the problem arises that you can sent packets to the target host but the host can't send you anything back as those addresses are not routable. to solve this problem corporation use special software on internet facing router which accepts on one end internal address translated it into specific port and send request from this port to the Internet from its Internet facing address. Then it receives reply it consults special table called NAT address translation table and convert port into internal IP address and send packet from its internal interface to the corresponding host on the internal network.
This mechanism is called Network Address Translation (NAT) is often used. In NAT, the nodes use a private IP address, but when accessing the Internet, this private IP address is replaced with the IP address of the NAT router or Proxy. Hence, nodes on the Internet think that they are communicating with the public IP but in reality they are communicating with internal IP belonging to subnet 10.0.0.0/8 .
In other words, the NAT router uses tables to keep track of all connections that are currently existing for the hosts in the network. Based on this table, the NAT router helps make it possible for computers with a single internet facing address to connect multiple hosts on the home network. The use of NAT now is so common that is embedded in most routers that are used in home and small business networks to connect computers and other devices in those networks to the Internet.
So web host things that it is communicating with the specific IP address but in reality it communicated with hidden private IP address on the internal corporate
But corporations want to keep track of who is who accessing what and also what the capability to block certain sites. So instead they typically use another. more specialized device called Internet proxy which words similarly: it access non-routable IP on internal corporate network and perform WEB request from public IP on internet facing interface of this device (and of course write a log on your accesses for the analysis by the security group ;-)
In Internet proxy is used installation of software for various sites on Internet became considerably more complex and involved as some of those sites can be blocked. One rule of thumb is that if you see and access site from your Pc you can always access it from the server using the credentials you use for you PC. Still a lot of time and efforts is wasted for "fight with proxy" type of activities.
Similarly home routers usually use 192.168.0.0/16 (256 Class C networks) to provide 252 addresses for you home network. In this case there is no web proxy and router itself performs address translation service as NAT device.
There are subnet calculators that do it for you. For example
When you line up an IP address with a corresponding subnet mask in binary, the portion of the IP address that aligns with the ones of the subnet mask is the network ID portion of the IP address. The portion that aligns with the zeroes is the host ID. With simple IP addresses, you can see this with dotted decimal, but you’ll want to see this in binary for a true understanding of how the computers work.
When talking about network addresses, you use a 4-byte number, as well, in which the node address is set to 0. So in the example of 192.168.10.100/24, the network address is 192.168.10.0. In IPv4 networks, there is also always a broadcast address. This is the address that can be used to address all nodes in the network. In the broadcast address, all node bits are set to 1, which makes for the decimal number 255 if an entire byte is referred to. So in the example of the address 192.168.10.100/24, the broadcast address is 192.168.10.255.