IPv4 network basics
October 28th, 2018
A very basic introduction to IPv4 addressing and networks
Why are we talking about this?
Every so often I realise that I've had to deal with things that not every developer in the current day and age has to dive into as deeply. This means that I'm getting old. But it also means that it might be valuable to write down which parts of that knowledge is still useful to me.
So this is about IPv4?
Well, its about some parts of it that help me debug things like Vagrant and Docker setups. Most explanations online go into depth about the protocol, but I'm just going to limit it to what I find useful.
Okay. So where do we begin?
Let's take a look at an IPv4 address. You probably know it as four numbers divided by dots:
But this is just an "easy to talk about" way of showing an IP. If we want to talk about networks, subnet masks and routing, it makes a lot more sense to show it as a sequence of bits. Four sequences of 8 bits, to be exact. Let's start with the first number:
192 -> 11000000
How do we get to that sequence? Well, each bit can be considered to have an integer value. Starting
from the right side, the value is 1, 2, 4, 8... etc. Adding all the values together, you would get
a maximum value of
255. Sound familiar?
1 1 1 1 1 1 1 1 128 +64 +32 +16 +8 +4 +2 +1 = 255 1 1 0 0 0 0 0 0 128 +64 - - - - - - = 192
For the entire IP address, this would give us the following string of bits:
11000000.10101000.00000000.00000001 192. 168. 0. 1
Okay, but how is this more useful?
Well, we have only looked at a single IP address so far. But the IP addresses are grouped into subnets.
The way we note how large a certain network is, we need to add a subnet mask. Let's take a common mask
255.255.255.0. What does this mean? You probably know by experience that this means all IP addresses
that start with
192.168.0 are in the same network. But let's look at our IP address and network mask
in binary form again:
11000000.10101000.00000000.00000001 Ip address 192. 168. 0. 1 11111111.11111111.11111111.00000000 Network mask 255. 255. 255. 0
Let's remember the following rule: - Two IP addresses are considered to be in the same subnet if all the active (meaning the 1's) bits in the subnet mask are the same for both IP addresses.
A match: 11000000.10101000.00000000.00000001 (192.168.0.1) 11000000.10101000.00000000.00011000 (192.168.0.24) -------------------------- Binary AND for the first 24 bits 11000000.10101000.00000000 Yes, those IP's are on the same subnet And a mismatch: 11000000.10101000.00000000.00000001 (192.168.0.1) 11000000.10101000.00000010.00000001 (192.168.2.1) -------------------------- Binary AND for the first 24 bits 11000000.10101000.00000000 ^ No, this bit is different here
Another way of writing a subnet mask is by adding the number of active bits after the IP with a slash.
In this case, you can count 24 1's in the subnet mask, so it's a
The first part of the IP address (the part that needs to "stay the same") is the network part. The rest of the ip address is the host part. So the subnet mask tells you how "long" the network part is.
192.168.0.0 /24 11000000.10101000.00000000.00000000 |------------------------| |------| Network part Host part
I can tell which IP's are in the same subnet. Now what?
Let's look at subnets a little more. You see, because the subnet mask denotes the number of bits that are the
same within that subnet, a subnet mask can't be just any number. With
/32 (32 bits in common), all bits in an
IP must be the same (so that is actually not a range, but just a single IP).
In the case of
/24, how many IP adresses can we make? Well, since the first 3 octets are the same, we only
look at the last octet:
00000000 -> 0 00000001 -> 1 00000010 -> 2 00000011 -> 3 00000100 -> 4 ... 11111111 -> 255
So from 0 to 255, we have room to use 256 different IP addresses, right?
Wrong. We can't actually use all the addresses. Because there are more rules to follow:
- The first address in a subnet can't be used, it is called the network address
- The last address in a subnet can't be used, it is called the broadcast address
192.168.0.0 -> Network address 192.168.0.255 -> Broadcast address
I can see we need another example, let's use a subnet mask of
/28 on the same IP:
11000000.10101000.00000000.00000001 192. 168. 0. 1 11111111.11111111.11111111.11110000 (28 1's) 255. 255. 255. 240 11000000.10101000.00000000.0000 0001 |-----------------------------| |--| Network part Host part 11000000.10101000.00000000.0000 0000 192. 168. 0. 0 -> Network address 11000000.10101000.00000000.0000 1111 192. 168. 0. 15 -> Broadcast address
The available addresses in this (any)
/28 subnet is 14 IP addresses.
So, the smaller the number of bits in the subnet mask, the larger the number of usable IP addresses in the subnet. Each bit we "remove" from the network part of the IP address is available on the host part.
Why do I always run into the same IP addresses? 192.168.0.0 or 10.0.0.0 for example?
In order to communicate properly, we can't have duplicate addresses on a network. Each address has to be unique in order to be found. And, we can't just activate any IP address anywhere - an IP only works if it operates in a subnet with other devices.
This means that for a huge network like the internet, we need to have more rules. It was agreed that there would be a difference between public IP adresses and private IP addresses. Private meaning "within a network that is not the internet itself".
- Three ranges where selected to be for "Private" use:
Also, you probably recognise the IP
127.0.0.1 which means "the network interface I am currently on".
(there are few more with special purposes left out for simplicity)
- Different private networks can all re-use the same IP addresses
- For the internet, it does not matter that devices join and leave private networks all the time
So how can I even connect to the internet with an IP of 192.168.0.125?
In order to answer that, first I need to tell you what happens when your computer wants to "talk" to another computer. You see, the IP address isn't actually the thing that is used to deliver a message. A computer's network interface puts information in tiny little packets in envelopes addressed to the recipient's MAC address instead. Every network interface has one, and it should be unique on the network.
An example MAC address, or network interface Hardware address. 52:54:00:cb:bc:80
There are two possible cases:
1] You are both on the same IP subnet.
In this case, your computer will want to figure out the MAC address to use for delivery by asking every device in the subnet "excuse me, do you have this IP?". If all goes well, only one network interface will respond by saying "yes, that's me!" (thereby revealing the MAC address).
So how can one send a message to every device? By sending a message to the network's Broadcast address.
So THAT's what the broadcast address is for!
Yup. This type of MAC address discovery is called an ARP request, or Address Resolution Protocol.
This MAC address is kept in a local ARP table, so you don't have to look it up again.
2] You are not on the same IP subnet.
In that case, you can't get the MAC address to send the message to. A broadcast does not leave your subnet. So now your computer asks for the MAC address of the default gateway defined for your subnet. The default gateway is the device that knows how to get from your network to other places. So you only need to know how to reach the post office, and the post office will take care that your envelope reaches its destination.
These two cases are also the difference between switching and routing. A switch runs traffic on a subnet, but does not pass anything from one subnet to another. A router takes traffic from one subnet and passes it along to a different subnet for delivery. Most home networking devices are called "routers" but they perform both tasks.
How do I know my default gateway?
For each IP address that you have configured, there is also a default gateway or otherwise there is a default gateway for the interface itself. This information is kept in the routing table. If you use DHCP (which is a very likely option), then you get the default gateway information together with the IP address.
- A default gateway is always in the same subnet as your own IP
- It is always a machine that also has another network interface so that it can reach other networks.
Incidentally, to get an IP address through DHCP, you also need to use the broadcast address of a network to find the DHCP server in the first place!
If you really can't send a request anywhere (because you have badly configured your default gateway, or
there is no response to the ARP request on the local network), you will get a - probably familiar -
Destination host unreachable message.
So how does this default gateway allow me to use a local address on the internet again?
Finally a little more magic needs to happen. Your IP address is not valid on the other network, so the destination can't send you anything back. Your router (which is probably also your default gateway if you are on a small network) will switch your local IP with the public IP on the package.
That is called NAT, or Network Address Translation. This way, the response will be sent back to the public IP, and the router can determine which internal device the answer needs to go to.
192.168.0.1 -> 192.168.0.254 [ Router ] 126.96.36.199 -> 188.8.131.52 Private IP Default Gateway Public IP Destination IP
- NAT is used to translate a local IP t
What does all this have to do with debugging Vagrant or Docker?
Well, when you start a vagrant box or a docker machine, the underlying tools create whole new networks for you on virtual network interfaces. And even though everything happens inside one physical machine, there is a lot going on on a network level.
So it pays to know where communication is breaking down when you "can't reach a host".
There are different configurations for these virtual networks. When you "bridge", it means you will simulate having a network interface in your local network as well as the virtual network. It's like having one foot on each subnet and passing traffic from side one to the other (like a... you know... bridge).
You can also use "host" or "host adapter". This means you are handing over your own network adapter to the virtual machine, where it acts as if it's directly connected to the same network as the host.
There are many more settings, way too many to explain in this post. But these settings affect the way the networks are set up, they do not change the rules we have covered with regards to network subnets.
Some networking tools that can help when debugging network problems (remember, for docker you might want to
run them inside a running container with
These commands are for OSX, might work on linux, serve as a starting point for google if you are on windows. All IP addresses configured on this machine > ifconfig The current routing table > netstat -rn The current ARP table > arp -a Tracing all stops between my machine and another IP address > traceroute [hostname/ip address]
So is that it then?
For now. I hope this basic introduction was useful. Let me know if there is anything else you'd like to ask!
- OSI model on Wikipedia
- docker network
- vagrant network
Pointy haired boss