TCP/IP is a protocol suite consisting of Transmission Control Protocol (TCP) and Internet Protocol (IP). TCP is a connection-oriented protocol designed for reliable end-to-end communications. IP is an internetworking protocol that is used to route packets of data called datagrams over a network. An IP datagram consists of an IP header and an IP payload. The IP header contains information about routing the datagram, including source and destination IP addresses. The IP payload contains the actual data being sent over the network.
TCP/IP is the backbone for Microsoft Windows networks. It is required for internetwork communications and for accessing the Internet. Before you can implement TCP/IP networking, you should understand IP addressing conventions, subnetting options, and name resolution techniques—all of which are covered in this chapter.
The most important thing IP gives us is the IP address. It is the existence of IP addresses that allows information to be routed from point A to point B over a network. An IP address is a 32-bit logical address that has two components: a network address and a node address. Typically, IP addresses are divided into four 8-bit values called octets and written as four separate decimal values delimited by a period (referred to as a dot). The binary values are converted to decimal equivalents by adding the numbers represented by the bit positions that are set to 1. The general way to write this value is in the form w.x.y.z, where each letter represents one of the four octets.
IP addresses can be used in three ways:
Unicast Unicast IP addresses are assigned to individual network interfaces that are attached to an IP network and are used in one-to-one communications.
Multicast Multicast IP addresses are addresses for which one or multiple IP nodes can listen on the same or different network segments and are used in one-to-many communications.
Broadcast Broadcast IP addresses are designed to be used by every IP node on a particular network segment and are used for one-to-everyone communications.
Each of these IP addressing techniques is discussed in the sections that follow.
Tip
IPv4 and IPv6
The primary version of IP in use today on networks, including the Internet, is IP version 4 (IPv4). IPv4 has 32-bit addresses and is the version of IP discussed in this chapter. The next version of IP is IP version 6 (IPv6). IPv6 has 128-bit addresses. Windows Server 2003 fully supports IPv6, and you can install IPv6 in much the same way as you installed TCP/IP.
Unicast IP addresses are the ones you'll work with the most. These are the IP addresses that are assigned to individual network interfaces. In fact, each network interface that uses TCP/IP must have a unique unicast IP address. A unicast IP address consists of two components:
A network ID The network ID or address identifies a specific logical network and must be unique within its boundaries. Typically, IP routers set the boundaries for a logical network, and this boundary is the same as the physical network defined by the routers. All nodes that are on the same logical network must share the same network ID. If they don't, routing or delivery problems occur.
A host ID The host ID or address identifies a specific node on a network, such as a router interface or server. As with a network ID, it must be unique within a particular network segment.
Address classes are used to create subdivisions of the IP address space. With unicast IP addresses, the classes A, B, and C can be applied. Each describes a different way of dividing a subset of the 32-bit IP address space into network addresses and host addresses.
Note
Classes D and E are defined as well. Class D addresses are used for multicast, as discussed in the next section of this chapter. Class E addresses are reserved for experimental use. Class D addresses begin with a number between 224 and 239 for the first octet. Class E addresses begin with a number between 240 and 247 for the first octet. Although Windows Server 2003 supports the use of Class D addresses, it does not support Class E addresses.
Class A networks are designed for when you need a large number of hosts but only a few network segments and have addresses that begin with a number between 1 and 127 for the first octet. As shown in Figure 24-1, the first octet (the first 8 bits of the address) defines the network ID, and the last three octets (the last 24 bits of the address) define the host ID. As you'll learn shortly, the Class A address 127 has a special meaning and isn't available for your use. This means that there are 126 possible Class A networks and each network can have 16,277,214 nodes. For example, a Class A network with the network address 100 contains all IP addresses from 100.0.0.0 to 100.255.255.255.
Class B networks are designed for when you need a moderate number of networks and hosts and have addresses that begin with a number between 128 and 191 for the first octet. As shown in Figure 24-2, the first two octets (the first 16 bits of the address) define the network ID, and the last two octets (the last 16 bits of the address) define the host ID. This means that there are 16,384 Class B networks and each network can have 65,534 nodes.
Class C networks are designed for when you need a large number of networks and relatively few hosts and have addresses that begin with a number between 192 and 223 for the first octet. As shown in Figure 24-3, the first three octets (the first 24 bits of the address) define the network ID, and the last octet (the last 8 bits of the address) defines the host ID. This means that there are 2,097,152 Class C networks and each network can have 254 nodes.
When using any of the IP address classifications, there are certain rules that must be followed. The network ID cannot begin with 127 as the first octet. All IP addresses that begin with 127 are reserved as loopback addresses. Any packets sent to an IP address beginning with 127 are handled as if they've already been routed and reached their destination, which is the local network interface. This means any packets addressed to an IP address of 127.0.0.0 to 127.255.255.255 are addressed to and received by the local network interface.
In addition, some addresses in the ranges are defined as public and others as private. Public IP addresses are assigned by Internet service providers (ISPs). ISPs obtain allocations of IP addresses from a local Internet registry (LIR) or national Internet registry (NIR) or from their appropriate regional Internet registry (RIR). Private addresses are addresses reserved for organizations to use on internal networks. Because they are nonroutable, meaning they are not reachable on the Internet, they do not affect the public Internet and do not have to be assigned by an addressing authority.
The private IP addresses defined are as follows:
Class A private IP addresses 10.0.0.0 through 10.255.255.255
Class B private IP addresses 172.16.0.0 through 172.31.255.255
Class C private IP addresses 192.168.0.0 through 192.168.255.255
Because hosts on an organization's private network shouldn't be directly connected to the Internet, they should be indirectly connected using Network Address Translation (NAT) or a gateway program such as a proxy. When NAT is configured on the organization's network, a device, such as a router, is responsible for translating private addresses to public addresses, allowing nodes on the internal network to communicate with the nodes on the public Internet. When proxies are configured on the organization's network, the proxy acts as the go-between. It receives requests from nodes on the internal network and sends the requests to the public Internet. When the response is returned, the proxy sends the response to the node that made the original request. In both cases, the device providing NAT or proxy services has private addresses on its internal network interface and public addresses on its Internet interface.
Multicast IP addresses are used only as destination IP addresses and allow multiple nodes to listen for packets sent by a single originating node. In this way, a single packet can be delivered to and received by many hosts. Here's how it works: A sending node addresses a packet using a multicast IP address. If the packet is addressed to the sending node's network, nodes on the network that are listening for multicast traffic receive and process the packet. If the packet is addressed to another network, a router on the sending node's network forwards the packet as it would any other packet. When it is received on the destination network, any nodes on the network that are listening for multicast traffic receive and process the packet.
The nodes listening for multicast packets on a particular IP address are referred to as the host group. Members of the host group can be located anywhere—as long as the organization's routers know where members of the host group are located so that the routers can forward packets as appropriate.
One address class is reserved for multicast: Class D. Class D addresses begin with a number between 224 and 239 for the first octet.
Multicast IP addresses in the range of 224.0.0.0 through 224.0.0.255 are reserved for local subnet traffic. For example, the address 224.0.0.1 is an all-hosts multicast address and is designed for multicasting to all hosts on a subnet. The address 224.0.0.2 is an all-routers multicast address and is designed for multicasting to all routers on a subnet. Other addresses in this range are used as specified by the Internet Assigned Numbers Authority (IANA). For details, see the IANA Web site at http://www.iana.org/assignments/multicast-addresses.
Broadcast IP addresses are used only as destination IP addresses and allow a single node to direct packets to every node on the local network segment. When a sending node addresses a packet using a broadcast address, every node on that network segment receives and processes the packet.
To understand how broadcasts are used, you must understand the difference between classful networks and nonclassful networks. A classful network is a network that follows the class rules as defined, meaning a Class A, B, or C network is configured with network addresses and host addresses as described previously. A nonclassful network is a network that doesn't strictly follow the class rules. Nonclassful networks might have subnets that don't follow the normal rules for network and host IDs. You'll learn more about subnets in the section entitled "Using Subnets and Subnet Masks" later in this chapter.
Note
A nonclassful network can also be referred to as a classless network. However, classless interdomain routing (CIDR) and all it implies are specifically spelled out in Request For Comments (RFCs), such as RFC 1812. RFC 1812 provides rules that supersede those of some previous RFCs, such as RFC 950, which prohibited the use of all-zeros subnets.
All nodes listen for and process broadcasts. Because IP routers usually do not forward broadcast packets, broadcasts are generally limited by router boundaries. The broadcast address is obtained by setting all the network or host bits in the IP address to 1 as appropriate for the broadcast type. Three types of broadcasts are used:
Network broadcasts Network broadcasts are used to send packets to all nodes on a classful network. For network broadcasts, the host ID bits are set to 1. For a nonclassful network, there is no network broadcast address, only a subnet broadcast address.
Subnet broadcasts Subnet broadcasts are used to send packets to all nodes on non-classful networks. For subnet broadcasts, the host ID bits are set to 1. For a classful network, there is no subnet broadcast address, only a network broadcast address.
Limited broadcasts Limited broadcasts are used to send packets to all nodes when the network ID is unknown. For a limited broadcast, all network ID and host ID bits are set to 1.
Tip
DHCP uses limited broadcasts
Limited broadcasts are sent by nodes that have their IP address automatically configured as is the case with Dynamic Host Configuration Protocol (DHCP). With DHCP, clients use a limited broadcast to advertise that they need to obtain an IP address. A DHCP server on the network acknowledges the request by assigning the node an IP address, which the client then uses for normal network communications.
Note
Previously, a fourth type of broadcast was available called an all-subnets-directed broadcast. This broadcast type was used to send packets to all nodes on all the subnets of a nonclassful network. Because of the changes specified in RFC 1812, all-subnets-directed broadcasts have been deprecated, meaning they are no longer to be supported.