IP, NAT and PAT

Total Page:16

File Type:pdf, Size:1020Kb

IP, NAT and PAT IP, NAT and PAT Table of Contents IP ..................................................................................................................................................... 2 IP Classes ......................................................................................................................................... 5 IP Addresses of Note ....................................................................................................................... 7 NAT and PAT ................................................................................................................................... 9 Notices .......................................................................................................................................... 11 Page 1 of 11 IP IP Internet Protocol (OSI Layer 3) • Sends packets over a network, used for addressing and routing • No guarantee of delivery, only best effort IP addressing • IPv4 address is 32-bits in length • 192.168.1.1 11000000 . 1010100 . 00000001 . 00000001 • Each number between periods is an “octet” between 0 and 255 • Reflects both the network, and the host address — These numbers are separated out by the subnet mask 128 **128 We're talking about first Internet protocol. Now, we're talking about Internet protocol version four at this moment in time, which is at layer three. We're also going to switch over to IPv6 in just a second. In v4, you have to know how big the address is in bits. Even though it's converted into decimal form, you need to think about it in terms of bits because then when we deal with subnet masking and when we deal with routing tables, we have to know how this conversion works in our head. So, when we convert this what we do is we do it in octets. That's four sets Page 2 of 11 of eight. And each IP address piece, each octet, is a number between two fifty-five and zero. Now, we don't use two fifty-five. And we don't use zero. That's the first and the last address because we use them for something else. But all of the other addresses area valid. And by the way, two fifty- five would be ones all the way across the bits. And zero would be zero all the way across the bits in that octet. So, right here we have an example of 192.168.1.1. Well, the first two bits are turned on in a thirty-two bit address. That's the one twenty-eight bit is the first bit. And the second bit is the sixty-four bit. Sixty-four plus one twenty-eight equals one hundred and ninety-two. The math works. The one sixty-eight address, the first bits turned on. That's one hundred twenty-eight. We'll keep that in our head. The second one is turned off, so we skip over the sixty four. And then the next bit is thirty-two. And that one's turned on. Well, not all of them are turned off. So, we've got one twenty-eight plus thirty-two. Let's see one twenty-eight plus thirty- two, that's a hundred and sixty. We count down a couple more bits, and we get to the third bit in that list. It's turned on. That's the eight bit. So, eight plus one hundred and sixty is one hundred and sixty-eight. Hey look, the math works. And then the other two, one and one. I mean we don't have to worry about those two, right? We're good for that. You get the idea that we have to know this and convert this in our head every Page 3 of 11 once and a while, not often, but every once and a while. So, we're also looking at the network address and the host address, and which are the portions here one versus the other. And these numbers are separated by the subnet mask. In this case, for a 192.168.1.255, that would be the network address. And what that says is all the numbers, the first three octets must stay the same. The subnet mask for this to tell us that this is a particular network is going to be 255.255.255, and what that says is-- I'm sorry, 255.255.255.0. That says everything in this octet has to be the same. Everything in the next octet has to be the same. Everything in the next octet has to be the same. So, if we want to communicate on the same network, you better be in the 192.168.1 and then change the numbers in the last octet. Page 4 of 11 IP Classes IP Classes Number Addresses Start Class End address of networks per network address Class A 128 (27) 16,777,216 (224) 0.0.0.0 127.255.255.255 Class B 16,384 (214) 65,536 (216) 128.0.0.0 191.255.255.255 Class C 2,097,152 (221) 256 (28) 192.0.0.0 223.255.255.255 Class D 224.0.0.0 239.255.255.255 (multicast) Class E 240.0.0.0 255.255.255.255 (reserved) 129 **129 There are different classes of IP addresses. A, B, and C are the normal classes. When we talk about the start and end address, some of the hosts that are in there, some of the numbers that are in there, are not valid. But we are talking about what is the extent of this network. Well, in a class A network what we do is we fix the first octet. And then we mess with the rest of them. So, we have a hundred and twenty-eight class A networks that are available. When we go down to the class B set of addresses, the first octet and the first bit is fixed. If you convert one Page 5 of 11 twenty-eight into decimal, you see that it is a one followed by a zero. In a class C address, we have two million networks. But each one of those networks only has two hundred and fifty-six hosts on it. So, the first two bits will be fixed. One, one, zero makes up one ninety-two. And then anything below that is configurable. What about the class D and the class E? Well, first off the class E is experimental. And it's not used. Any address that came to you that was, "Hi, I'm from 240.1.1. You're not from anywhere that I really want to know about. I'm putting you on the bogon list, and all those addresses are no good because we don't play experiments with the Internet. Okay, I can go ahead and lop those off. The class D is the multicast address. This is IGMP not ICMP. And you'll know that it is a class D address because it is just shy of two forty, between two twenty-four and just shy of two forty, at two thirty-nine trip two fifty-five. That class D is for multicasting. Page 6 of 11 IP Addresses of Note IP Addresses of Note Private IP spaces are not routable on the open Internet • Intended for organizations to use instead of public (costly) IP addresses Private Address Start Address End Address Space Class A 10.0.0.0 10.255.255.255 Class B 172.16.0.0 172.31.255.255 Class C 192.168.1.0 192.168.1.255 127.0.0.0 127.255.255.255 – loopback address 169.254.0.0 169.254.255.255 – autoconfiguration 130 **130 There are a set of private IP address-- well, the IP address space that is limited by rule RFC 1918. And in it what it says is that we've got a group of IP addresses, because we're running out of IP addresses, what we're going to do is allow you to do internal IP address assignments back in here that we don't care about on the Internet. And, in fact, all of the routers that are RFC 1918 compliant won't even pass that traffic. So, what can we use back here that's not routable on the Internet or is not supposed to be? Well, there's one for each class of address. In the class A, it's the ten network, the entire ten Page 7 of 11 network. Sixty million hosts are useable inside your organization. But not on the Internet. Class B is a little bit different. It's the 172.16, just shy of the 172.32. That's a class B network that is totally useable by you. And actually there are sixty-five thousand hosts sixteen different times that are useable. So, you could have a sixteen, a seventeen, an eighteen, a nineteen, a twenty, all the way up to thirty-one. Those are all Class B addresses. They are not supposed to be routable. Last is the Class C address. Now, there's a funny little thing about the Class C address. The 192.168.1.0 through 255 is a class A address with only two hundred and fifty-four hosts on it. However, that's by convention. If you try to use the 192.168.2, three, four, all the way up to two- fifty-five. Those are also non-routable and not used. But the convention is 1.0. Now, there are two other special addresses that we want to pay attention to that aren't inside of the RFC 1918, but these are very good lists of hosts to not allow on your network filtered at your router or firewall. And that is the loopback address, the entire class A address of one twenty-seven-- we only use 127.0.0.1 as our loopback. The other ones don't count. They're not useable. And lastly, Microsoft created something called automatic IP Page 8 of 11 addressing, or APIPA, where they disqualified the entire 169.254 all the way up through 255.255.
Recommended publications
  • How to Find out the IP Address of an Omron
    Communications Middleware/Network Browser How to find an Omron Controller’s IP address Valin Corporation | www.valin.com Overview • Many Omron PLC’s have Ethernet ports or Ethernet port options • The IP address for a PLC is usually changed by the programmer • Most customers do not mark the controller with IP address (label etc.) • Very difficult to communicate to the PLC over Ethernet if the IP address is unknown. Valin Corporation | www.valin.com Simple Ethernet Network Basics IP address is up to 12 digits (4 octets) Ex:192.168.1.1 For MOST PLC programming applications, the first 3 octets are the network address and the last is the node address. In above example 192.168.1 is network address, 1 is node address. For devices to communicate on a simple network: • Every device IP Network address must be the same. • Every device node number must be different. Device Laptop EX: Omron PLC 192.168.1.1 192.168.1.1 Device Laptop EX: Omron PLC 127.27.250.5 192.168.1.1 Device Laptop EX: Omron PLC 192.168.1.3 192.168.1.1 Valin Corporation | www.valin.com Omron Default IP Address • Most Omron Ethernet devices use one of the following IP addresses by default. Omron PLC 192.168.250.1 OR 192.168.1.1 Valin Corporation | www.valin.com PING Command • PING is a way to check if the device is connected (both virtually and physically) to the network. • Windows Command Prompt command. • PC must use the same network number as device (See previous) • Example: “ping 172.21.90.5” will test to see if a device with that IP address is connected to the PC.
    [Show full text]
  • Xerox® Colorqube 8580/8880 Color Printer 3 System Administrator Guide
    Xerox® ColorQube® 8580 / 8880 Color Printer Imprimante couleur System Administrator Guide Guide de l’administrateur système © 2015 Xerox Corporation. All rights reserved. Unpublished rights reserved under the copyright laws of the United States. Contents of this publication may not be reproduced in any form without permission of Xerox Corporation. Copyright protection claimed includes all forms of matters of copyrightable materials and information now allowed by statutory or judicial law or hereinafter granted, including without limitation, material generated from the software programs which are displayed on the screen such as styles, templates, icons, screen displays, looks, and so on. Xerox® and Xerox and Design®, Phaser®, PhaserSMART®, PhaserMatch®, PhaserCal®, PhaserMeter™, CentreWare®, PagePack®, eClick®, PrintingScout®, Walk-Up®, WorkCentre®, FreeFlow®, SMARTsend®, Scan to PC Desktop®, MeterAssistant®, SuppliesAssistant®, Xerox Secure Access Unified ID System®, Xerox Extensible Interface Platform®, ColorQube®, Global Print Driver®, and Mobile Express Driver® are trademarks of Xerox Corporation in the United States and/or other countries. Adobe® Reader®, Adobe® Type Manager®, ATM™, Flash®, Macromedia®, Photoshop®, and PostScript® are trademarks of Adobe Systems Incorporated in the United States and/or other countries. Apple, Bonjour, EtherTalk, TrueType, iPad, iPhone, iPod, iPod touch, Mac and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries. AirPrint and the AirPrint logo are trademarks of Apple Inc. HP-GL®, HP-UX®, and PCL® are trademarks of Hewlett-Packard Corporation in the United States and/or other countries. IBM® and AIX® are trademarks of International Business Machines Corporation in the United States and/or other countries. Microsoft®, Windows Vista®, Windows®, and Windows Server® are trademarks of Microsoft Corporation in the United States and other countries.
    [Show full text]
  • Cs-204: Computer Networks
    CS-204: COMPUTER NETWORKS Lecture 5 Chapter 19- Network Layer: Logical Addressing Instructor: Dr. Vandana Kushwaha 1. INTRODUCTION Communication at the network layer is host-to-host (computer-to-computer); a computer somewhere in the world needs to communicate with another computer somewhere else in the world. Usually, computers communicate through the Internet. The packet transmitted by the sending computer may pass through several LANs or WANs before reaching the destination computer. For this level of communication, we need a global addressing scheme; we called this logical addressing or IP address. 2. IPv4 ADDRESSES An IPv4 address is a 32-bit address that uniquely and universally defines the connection of a device (for example, a computer or a router) to the Internet. IPv4 addresses are unique. They are unique in the sense that each address defines one, and only one, connection to the Internet. Two devices on the Internet can never have the same address at the same time. But by using some strategies, an address may be assigned to a device for a time period and then taken away and assigned to another device. On the other hand, if a device operating at the network layer has m connections to the Internet, it needs to have m addresses. A router is such a device which needs as many IP addresses as the number of ports are there in it. 2.1. Address Space A protocol such as IPv4 that defines addresses has an address space. An address space is the total number of addresses used by the protocol. If a protocol uses N bits to define an address, the address space is 2N because each bit can have two different values (0 or 1) and N bits can have 2N values.
    [Show full text]
  • Aerohive Configuration Guide: RADIUS Authentication | 2
    Aerohive Configuration Guide RADIUS Authentication Aerohive Configuration Guide: RADIUS Authentication | 2 Copyright © 2012 Aerohive Networks, Inc. All rights reserved Aerohive Networks, Inc. 330 Gibraltar Drive Sunnyvale, CA 94089 P/N 330068-03, Rev. A To learn more about Aerohive products visit www.aerohive.com/techdocs Aerohive Networks, Inc. Aerohive Configuration Guide: RADIUS Authentication | 3 Contents Contents ...................................................................................................................................................................................................................... 3 IEEE 802.1X Primer................................................................................................................................................................................................... 4 Example 1: Single Site Authentication .................................................................................................................................................................... 6 Step 1: Configuring the Network Policy ..............................................................................................................................................................7 Step 2: Configuring the Interface and User Access .........................................................................................................................................7 Step 3: Uploading the Configuration and Certificates ....................................................................................................................................
    [Show full text]
  • Multitech Bluetooth Network Access Point Administrator Guide S000619 Rev 1.2 for Use with Model: MT200B2E
    MultiTech Bluetooth® Network Access Point Administrator Guide MultiTech Bluetooth Network Access Point Administrator Guide S000619 Rev 1.2 For use with model: MT200B2E Copyright This publication may not be reproduced, in whole or in part, without the specific and express prior written permission signed by an executive officer of Multi-Tech Systems, Inc. All rights reserved. Copyright © 2015 by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representations or warranties, whether express, implied or by estoppels, with respect to the content, information, material and recommendations herein and specifically disclaims any implied warranties of merchantability, fitness for any particular purpose and non- infringement. Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes. Trademarks MultiTech, MultiConnect, and the MultiTech logo are registered trademarks of Multi-Tech Systems, Inc. Bluetooth is a registered trademark of Bluetooth SIG, Inc. All other brand and product names are trademarks or registered trademarks of their respective companies. Contacting MultiTech Knowledge Base The Knowledge Base provides immediate access to support information and resolutions for all MultiTech products. Visit http://www.multitech.com/kb.go. Support Portal To create an account and submit a support case directly to our technical support team, visit: https://support.multitech.com Support Business Hours: M-F, 9am to 5pm CT Country By Email By Phone Europe, Middle East, Africa: [email protected] +(44) 118 959 7774 U.S., Canada, all others: [email protected] (800) 972-2439 or (763) 717-5863 World Headquarters Multi-Tech Systems, Inc.
    [Show full text]
  • Internet Protocol Suite
    InternetInternet ProtocolProtocol SuiteSuite Srinidhi Varadarajan InternetInternet ProtocolProtocol Suite:Suite: TransportTransport • TCP: Transmission Control Protocol • Byte stream transfer • Reliable, connection-oriented service • Point-to-point (one-to-one) service only • UDP: User Datagram Protocol • Unreliable (“best effort”) datagram service • Point-to-point, multicast (one-to-many), and • broadcast (one-to-all) InternetInternet ProtocolProtocol Suite:Suite: NetworkNetwork z IP: Internet Protocol – Unreliable service – Performs routing – Supported by routing protocols, • e.g. RIP, IS-IS, • OSPF, IGP, and BGP z ICMP: Internet Control Message Protocol – Used by IP (primarily) to exchange error and control messages with other nodes z IGMP: Internet Group Management Protocol – Used for controlling multicast (one-to-many transmission) for UDP datagrams InternetInternet ProtocolProtocol Suite:Suite: DataData LinkLink z ARP: Address Resolution Protocol – Translates from an IP (network) address to a network interface (hardware) address, e.g. IP address-to-Ethernet address or IP address-to- FDDI address z RARP: Reverse Address Resolution Protocol – Translates from a network interface (hardware) address to an IP (network) address AddressAddress ResolutionResolution ProtocolProtocol (ARP)(ARP) ARP Query What is the Ethernet Address of 130.245.20.2 Ethernet ARP Response IP Source 0A:03:23:65:09:FB IP Destination IP: 130.245.20.1 IP: 130.245.20.2 Ethernet: 0A:03:21:60:09:FA Ethernet: 0A:03:23:65:09:FB z Maps IP addresses to Ethernet Addresses
    [Show full text]
  • Domain Name System System Work?
    What is the DNS? - how it works Isaac Maposa | Dev Anand Teelucksingh | Beran Gillen Community Onboarding Program | 11 March 2017 Agenda 1 2 3 What is the Domain Structure of the How does the Name System? Domain Name Domain Name System System Work? 4 5 6 Who makes the Stakeholders in the Engage with ICANN Domain Name Domain Name ??? System Work? System. | 2 What is the Domain Name System (DNS)? The Internet, what is it..? ● The Internet is a network of networks that interconnects devices to exchange information. ● In order to “talk” to each other, all of these devices must have a unique numerical address called an Internet Protocol address or IP Address. An example of an IP address is 94.127.53.132 ● When you visit a website from your browser, you are requesting the website from your device’s IP address to the web server’s IP address. ● However, you don’t type in the ip address of the web server, rather the domain name of for example www.google.com ● In so doing, you have queried the DNS. ● So what is this DNS???? | 4 What is the Domain Name System? ● The Domain Name System or DNS overcomes this problem of remembering IP addresses by mapping domain names to IP addresses. ● While this sounds like a phone book, it is not a centralised database. ● The DNS is a distributed database across a hierarchy of networks of servers and provide ways for devices and software (like browsers and email) to query the DNS to get an IP address. ● Domain names must be unique.
    [Show full text]
  • INTRODUCTION to SUBNETTING How to Maximize Network Addresses
    Volume 1 • Issue 8 September–October 2000 Introduction to Industrial Ethernet, Part 5. Part 4 was featured in Issue 6, the MAY–JUNE 2000. If you would like a copy, please send your request to EXTENSION [email protected] A Technical Supplement to control NETWORK © 2000 Contemporary Control Systems, Inc. INTRODUCTION TO SUBNETTING How to maximize network addresses. By George Thomas, Contemporary Controls INTRODUCTION address to distinguish it from the Class Addressing other computers. With IP In a previous article we discussed addressing, servers and IPv4 is called a classful system the Internet Protocol and the workstations are all termed hosts under RFC 761 with IP addresses structure of IP addresses. An IP but each address not only identifies being defined as belonging to one address identifies the source and a host but the address of the of five classes A, B, C, D or E. destination of a directed or unicast network on which the host resides. Classes A, B and C define different possible combinations of network message and is defined in RFC 761. This is because IP is an and host addresses. Class D is IPv4 is the most common version internetworking protocol that not reserved for multicasting. of IP addressing requiring 32-bit only allows communication Multicasting is the ability of one addresses. Although IPv6, the 128- between hosts on the same host to communicate with many bit version, will be used in the network, but communication other hosts with one transmission future, this article will restrict the between hosts on different and is beyond the scope of this discussion to IPv4.
    [Show full text]
  • NAT-Aware Public-Private GSLB Configuration Avi Networks — Technical Reference (17.2)
    Page 1 of 5 NAT-aware Public-Private GSLB Configuration Avi Networks — Technical Reference (17.2) NAT-aware Public-Private GSLB Configuration view online An Avi GSLB configuration can serve clients from a mixture of public and private networks. Introduction Typically, the VIP configured in a local virtual service (configured as a GSLB pool member) is a private IP address. But this IP address may not always be reachable by the client. For example, a user on a laptop could come in via the corporate intranet or VPN, but also directly from the public Internet. In the former case, the source IP address would be an intranet private IP address. In the latter case, it would be a public IP address. Note that, with resolvers (LDNS) in the middle and no support for extension mechanism for DNS (EDNS), this may not be as simple. Note ? If EDNS processing is enabled, the client's IP address is found within the ECS option. For more information, refer to the Extension Mechanisms for DNS Client Subnet Option Insertion article. The source being a certain set of resolver IP addresses could indicate that the client is coming in from a private network, and another set of IP addresses could indicate that the client is coming in from a public network. How It Works Client DNS requests coming in from within the intranet have the private IP served in the A record, and requests from outside are served the public IP address. Please note that datapath health monitoring is performed only against the private IP address.
    [Show full text]
  • New Gateways (PDF
    Packet Network Notice Rev: 28-Nov-2011 Date: Nov 28, 2011 From: Santa Clara County ARES/RACES Packet Committee Subject: Packet Network Update – New AMPRnet and E-mail gateways Attention: All ECs, AECs, MACs and other Santa Clara County Packet Users This Packet Network Notice contains important information which affects your ability to access and use the county packet backbone. This update covers the following topics: • New AMPRnet Gateway • New E-mail Gateway Please read this information thoroughly and pass along to any packet users in your local area. New AMPRnet Gateway The AMPRnet is an AMateur Packet Radio network consisting of packet radio BBSs located worldwide. Local networks of BBSs are interconnected to other local networks through gateways. These gateways use IP-in-IP tunnels to connect to each other. AMPRnet IP addresses are allocated from the IP address block of 44.0.0.0/8. Once a BBS or local network of BBSs is connected to AMPRnet, each of the BBSs can reach any other BBS on the AMPRnet, and vice-versa. For example, in the State of Michigan, each county has a local network of one or more BBSs. Each county is connected to all other counties (and to the rest of the world) with AMPRnet connections. Here in California, we can use AMPRnet connections to reach other counties which do not have a radio path to our network. We have just started to reach out to other counties to work on making those connections. There are two primary uses for this connectivity: 1) Messaging: Messages can now be addressed to anyone at any of the AMPRnet BBSs with a simple and standard Internet-style address format: [email protected].
    [Show full text]
  • Ipv6 Addresses
    56982_CH04II 12/12/97 3:34 PM Page 57 CHAPTER 44 IPv6 Addresses As we already saw in Chapter 1 (Section 1.2.1), the main innovation of IPv6 addresses lies in their size: 128 bits! With 128 bits, 2128 addresses are available, which is ap- proximately 1038 addresses or, more exactly, 340.282.366.920.938.463.463.374.607.431.768.211.456 addresses1. If we estimate that the earth’s surface is 511.263.971.197.990 square meters, the result is that 655.570.793.348.866.943.898.599 IPv6 addresses will be available for each square meter of earth’s surface—a number that would be sufficient considering future colo- nization of other celestial bodies! On this subject, we suggest that people seeking good hu- mor read RFC 1607, “A View From The 21st Century,” 2 which presents a “retrospective” analysis written between 2020 and 2023 on choices made by the IPv6 protocol de- signers. 56982_CH04II 12/12/97 3:34 PM Page 58 58 Chapter Four 4.1 The Addressing Space IPv6 designers decided to subdivide the IPv6 addressing space on the ba- sis of the value assumed by leading bits in the address; the variable-length field comprising these leading bits is called the Format Prefix (FP)3. The allocation scheme adopted is shown in Table 4-1. Table 4-1 Allocation Prefix (binary) Fraction of Address Space Allocation of the Reserved 0000 0000 1/256 IPv6 addressing space Unassigned 0000 0001 1/256 Reserved for NSAP 0000 001 1/128 addresses Reserved for IPX 0000 010 1/128 addresses Unassigned 0000 011 1/128 Unassigned 0000 1 1/32 Unassigned 0001 1/16 Aggregatable global 001
    [Show full text]
  • Changing the IP Address Scope of the Media Gateway to Allow Use of Customer-Owned Routers
    Changing the IP Address scope of the media gateway to allow use of customer-owned routers This method does not require making any changes to the customer-owned router and can be completed by accessing the Media Gateway’s router and the powercycling of devices. The HomeConnect functionality may not be available on some devices when using this method. HomeConnect functionality may not work correctly using this method and devices connected to the Gateway’s Ethernet ports or wireless may not be able to communicate with devices connected to the customer’s router. Description The wireless can be enabled on both the Ultra TV Media Gateway and the customer- owned router at the same time. The DHCP is enabled on the customer-owned router and the Media Gateway, and both have a separate IP address scope to assign to connected devices. The customer- owned router is connected to the “1” Ethernet port of the Gateway using the Internet/WAN port on the router. Example This image shows how devices are connected to the Media Gateway and the customer-owned router. Configuring the Gateway 1. Access the Media Gateway: a. Enter “192.168.0.1” into the address bar of any web browser. b. Press the “Enter” key. c. Enter “technician” in the User Name field. d. Enter “WOWpass” in the Password field. If the user name and password combination do not work, the customer must call WOW! to have the password reset. e. Click the “Apply” button. 2. Click the “LAN Setup” tab. 3. Enter “192.168.2.1” in the IP Address field.
    [Show full text]