Addressing Technologies: subnetting, classful vs classless, NAT, PAT, SNAT, public vs private, DHCP
In computer networks that use Internet Protocol, a subnet is a range of IP addresses in the assigned address space. For example, if you are assigned the 192.168. space, 192.168.1.1 through 192.168.1.255 could be one potential subnet you use. You will often hear “what is your subnet mask?” asked in regards to IP addressing – what you are being asked is used to denote what address space is being used.
Subnetting is a method by which network administrators can take a single network and split it into several smaller network portions.
A subnet mask is truly “masking” the network information – it becomes clearer if you look at it in binary. Look at this example from Wikipedia:
Dot-decimal Address |
Binary |
|
Full Network Address |
192.168.5.10 |
11000000.10101000.00000101.00001010 |
Subnet Mask |
255.255.255.0 |
11111111.11111111.11111111.00000000 |
Network Portion |
192.168.5.0 |
11000000.10101000.00000101.00000000 |
Host Portion |
0.0.0.10 |
00000000.00000000.00000000.00001010 |
In the example above, the 1s designate the part of the address being part of the network partition and the 0s designate the part of the address being the host address. A classful network is a network which has a subnet mask of 255.0.0.0, 255.255.0.0, or 255.255.255.0.
Subnet masks are often expressed in a shorter form known as Classless Inter-Domain Routing (CIDR) notation. This provides an address followed by a slash (“/”) and the number of 1 bits in the binary notation of the netmask. For example, 192.168.1.22/24 indicates an IP address where the first 24 bits are used as the network address (aka 255.255.255.0).
Unlike the Cisco exams, you are not required to subnet on the Network+ exam, but you do need to understand what a subnet is, what the subnet mask is, and why network administrators use subnetting.
IPv4 Address Class Ranges
Class A – 1.0.0.0 to 126.0.0.0
Class B – 128.0.0.0 to 191.255.0.0
Class C – 192.0.1.0 to 223.255.255.0
Class D (Multicast) – 224.0.0.0 to 239.255.255.255
Class E (Multicast) – 240.0.0.0 to 255.255.255.255
Network Address Translation
Addresses in the IPv4 space are running low, so network gear provides and network administrators are using NAT to use private addresses internally and map them to an Internet accessible address. Network address translation (NAT) maps one set of addresses onto another and often uses IP masquerading to map an entire range of addresses into a single address.
At your house, it is likely you have a home router between your PC and the Internet. If you have multiple PCs at your house, you use an internal network of addresses assigned by your router (e.g. 192.168.1.100, 192.168.1.101, 192.168.1.102) for your internal network and they are all map to single external IP address provided by your ISP (such as 205.23.57.102). Your network is using two techniques: NAT and IP (or network) masquerading.
Most companies now use the same technique as they are not provide a class of Internet routable IP addresses for internal use.
Port Address Translation
Using the same example with your home router, you can also setup certain ports to forward to an internal device on a different port. Using Port Address Translation (PAT), you could translate an http request on port 8080 (or 205.23.57.102:8080 as it is commonly notated), to an internal server at 192.168.1.100 on port 80 (traditional HTTP port, aka 192.168.1.100:80).
Using PAT, you could have multiple connections to the external IP address on different ports to use the same servers. For example, you could set port 1020, 1022, 1380 to all accept SMTP traffic and forward to email servers in the environment. Any device connecting would have to know to connect to those ports for SMTP, but it could be setup this way.
Secure NAT (SNAT)
Secure NAT (aka Stateful NAT) is a secure way of performing Network Address Translation. SNAT enables access control for protocols like FTP, ICMP, H.323, and PPTP.
Public versus Private
Several sets of addresses have been set aside for private, internal network use including:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
All of the other addresses detailed in the IPv4 Address list above are publicly routable on the Internet.
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP) is a protocol used by network devices and clients to retrieve settings for network configuration (such as IP address, Subnet mask, Gateway, and more), reducing the need for manual configuration.
A DHCP server or device assigns addresses to ensure no duplicates exist on the network.
There are two modes for DHCP in a network: dynamic and automatic.
In dynamic mode, the DHCP server provides an address and a lease on that address to the client. The lease is a period of time set by an administrator that the client can “own” the IP address until it needs to return it to the pool of available addresses. If your network has a lot of mobile clients and you seem to run out of IP addresses frequently, you can shorten the lease period that a client “owns” the IP address so you have more frequent turnover of addresses.
Automatic mode is also referred to as DHCP reservation. DHCP reservation assigns an IP address to a MAC address so it receives the same IP each time it requests an IP. This mode is commonly used to set devices which do not change frequently, but you still want to centrally configure them. An example is to set all of your printers with a DHCP reservation (versus statically assigning IP addresses to each one manually).
There is an additional way for a client to receive an IP address (not using a DHCP server to deliver it) and that is manual configuration. This is not a recommended solution as it is labor intensive and not friendly to central administration of the network.