Basic Networking Help

[ABlipInContinuity]

Can someone help explain the following to me.

I asked the question:

Why I can access IP addresses starting 158 addresses and not 192 addresses like everyone else?

The answer came:


Quote
Because 158.234 are real publically addressable ip addresses 192.168.x.x are private subnet addresses and probably occur multiple times in the company. You have to be specially routed ( 192.168.x.x and the other two provate ip address ranges 10.x.x.x and ....) are not routable with the default algorithms.


I think I could do with some general background reading on IP addresses and network routing. Any pointers?

I've not really gone beyond setting up a router at home and switching off dynamic IP addressing and settting up static addresses on machines before.

Thanks
ABIC
 

[tiermat]

OK, lets cover a few basics:

RFC1918 covers non-routeable addresses (i.e. those that you use inside a firewall/router for your local LAN)
These address are in reserved ranges, which tend to be:
192.168.0.0/16, but are usually used as a /24 and
10.0.0.0/8

There are more, but those are the most commonly used ones.

If your PC has a RFC1918 address then it MUST go via a router/firewall to get to the outside world.
If you are directly connected to the internet (either via a cable modem, or via USB ADSL modem, or even just plain old dialup), then you will not have an RFC1918 address, unless your ISP is doing NATing for you.

NAT stands for Network address translation, which is a way of RFC1918 address access the outside world by having a device translate your IP address to the one of the public facing device, and tracking the connection so that it knows where the data is to go to, when it returns from the big bad world.

Make sense?

[pcolbeck]

Certain IP address are reserved for "private addressing" these address ranges are

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

There is nothing special about these ranges except that they have been reserved (see rfc 1918).

Now we come to what a private address is. The idea of private addressing is that anyone making a test network they can merrily use this address space and it wont bork anything else. This is because all the Internet routers are setup (or should be) to simply drop any packets to or from any addresses in those ranges.

Now with the explosion of use of the Internet there are not enough public IP addresses to go around so what normally happens is a company or individuals network is multiplexed through one or more publ;ic IP addresses using network address translation. You can have the situation where thousands of PCs on a companies LAN are all hidden behind a single public IP address. It's usually the company firewall that does this or at home it will be your ADSL router.

Now comes the question what addresses should we use behind the NAT device. Well in theory anything will work but with a gotcha that if you happen to choose something that is actually the public address space of say BTs web servers you wont be able to reach any of their web sites as your local LAN will think that they are on it not the Internet. Say a server you were trying to reach resolved via DNS to 158.1.1.54 and your PC was 158.1.1.3 your PC would not send packets for 158.1.1.54 to its default router but instead would arp locally for 158.1.154 since it would assume it was on the same LAN.
So behind NAT we normally use the private address space as then we can be certain that we are not using the public address space of someone else.

Now some companies got some rather large allocations of public address space in the past and continue to use it internally and don't bother with NAT between them and the Internet. Each PC has a proper public address. These companies will most likely have their routers setup to dump packets to and from the private address space to a black hole just like the Internet routers do. Lets them have play networks that don't do any damage to the main network.

Regards

Pat

[LEE]

Very simply, it's like an internal telephone number on your company switchboard.

Your company telephone switch recognises it as such and will treat it as internal only.  Similarly your IP router recognises 192.168.n.n as 'internal only' and keeps it on your local company LAN.

[TimO]

If you want to read up on networking, one of the The books, is "Stevens" aka TCP/IP Illustrated, Volume 1: The Protocols, by the late Richard Stevens.  It is possibly not the easiest book in the world to read, but I've always found it quite useful.

Just to attempt to clarify what has been said, pretty well, by others above;  The machine in front of you will be on a "local" subnet, ie a network where you can "see" all the other machines on this network.  To get any further, the router will redirect any other packets onto other routers and so forth until they hit the required destination machine.

Your machine will generally know whether an IP address is in it's local network or not by the Subnet Mask, which will often be something like 255.255.255.0.  This is used to mask the address of your local machine, and the address of the required destination machine.  If the masked values are the same, then both machines are on the local sub-network, and can talk directly to each other, if not, then the packet will be forwarded onto your router (ie Gateway in windows terminology) and it will then have to decide what to do with the packet.

With most home ADSL connections, all the router will do is forward the packet onto the ISPs router.  The ISP will have much more complex algorithms implemented on their routers, which together with the rest of the Internet will get your packets where they need to be.  The details of routing packets is a very big and complex topic.

[drossall]

Is this making any sense to you? I'm interested in the wording of your question that you can access 158.* addresses (which sounds normal, all things being equal) but not 192.* addresses "like everyone else". For all the reasons explained by others, 192.* addresses would be in a private subnet (there's nothing inherently special about 192.* addresses but they had to choose something, just as they had to choose some number for the emergency services and went for 999).

Since 192.* addresses are in a private subnet, you'd only expect to be able to access them if you were also in that subnet, which doesn't quite match with everyone else being able to access them, and not you.

Edit: Sorry, typo corrected - the OP said 192 and I unaccountably wrote 127 which, as TimO points out, is generally used for the different special purpose of loopbacks.

[TimO]

Using 127 isn't a good idea, the subnet 127.0.0.0/8 is another special case.  For most people they will only see the particular case 127.0.0.1, which for most machines is localhost, ie the machine itself.  As far as the RFCs are concerned any IP starting with 127 is going to be localhost.  I'm not 100% sure how routers are set up to deal with a localhost address, but I suspect it'll just be another case of it disappearing into a black hole.

[pcolbeck]

Most routers don't have a concept of 127.0.0.1 being localhost (they use loopback addresses for a similar purpose but these normally have a normal IP address) and would actually route it by default. A well setup router though will have a filter that dumps packets to or from this address into the proverbial /dev/null

[ABlipInContinuity]

Thanks all.

I think my problem stems from the way servers are set up on my project, using private 192.xxx.xxx.xxx IPs. My project is based down south somewhere, and I'm accesing servers from a remote site up north somewhere.

I'm guessing, when I connect to the companies LAN, I'm connecting to a different subnet and the 192.xxx.xxx.xxx IPs I can see are different to the ones the rest of my project can see.

Some of the servers have multiple IP addresses... I thought one network card meant one IP address, but apparently you can have three assigned to one network card?

Anyway, some machines on the subnet down there are assigned private 192.xxx.xxx.xxx address and also 158.xxx.xxx.xxx addresses that I can see from up here.

I hope, very roughly speaking, I've got the right end of the stick.

I think I could do with doing some further reading on this at some point, just cos I'm interested like. Thanks to everyone who has posted on this thread. I will save the URL as a point of reference!

[TimO]

You can have as many IPs assigned to a physical network device as you wish, so long as you make sure the routing is all sorted out correctly (although I imagine most OSs would have some limit, if nothing else, no more than 4294967296 on an IPv4 network ).

I've got a server at work which has two IP addresses, so that at some future date we can split some of the functionality onto two different machines with absolutely no changes in any remote configurations.

I've also had machines with two IPs, one a "real" internet one, and the other on a 192.168.0.0/24 subnet, so that they could communicate to both other machines on the internet, and to a load of machines on that 192.168 subnet.  We needed a lot of machines to communicate locally, but most of them didn't need access to the internet proper, so they all had 192.168 addresses only, and it avoided having to ask for a lot of IPs on our own subnet (which admittedly has a lot of addresses available, but for boring reasons would have caused problems).