T he Internet has become not only a means of communication, but also a means of global commerce, development, and distribution. Industries such as banking, manufacturing, and healthcare depend on the Internet for daily transactions, recordkeeping, and sales. Individuals, too, increasingly rely on the Internet for purchasing and data-gathering operations. In previous chapters, you learned that the Internet depends on the TCP/IP suite of protocols, as do a number of network operating systems. Because of the increasing popularity of the Inter- net, having TCP/IP expertise can pave the way to a lucrative, challenging, and rewarding career. In Chapter 4, you learned about core protocols and subprotocols in the TCP/IP protocol suite, addressing schemes, and host and domain naming. You also learned that TCP/IP is a complex and highly customizable protocol suite. This chapter builds on these basic concepts, examin- ing how TCP/IP-based networks are designed and analyzed. It also describes the services and applications that TCP/IP-based networks commonly support. If you are unclear about the con- cepts related to IP addressing or binary-to-decimal conversion, take time to review Chapter 4 before reading this chapter. Designing TCP/IP-Based Networks By now, you understand that most modern networks rely on the TCP/IP protocol suite, not only for Internet connectivity, but also for transmitting data over private connections. Before proceeding with TCP/IP network design considerations, it’s useful to briefly review some TCP/IP fundamentals. For example, you have learned that IP is a routable protocol, and that on a network using TCP/IP each interface is associated with a unique IP address. Some nodes may use multiple IP addresses. For example, on a router that contains two NICs, each NIC can be assigned a separate IP address. Or, on a Web server that hosts multiple Web sites—such as one operated by an ISP—each Web service associated with a site can have a different IP address. IP addresses consist of four 8-bit octets (or bytes) that can be expressed in either binary (for example, 10000011 01000001 00001010 00100100) or dotted decimal (for example, 131.65.10.36) notation. Many networks assign IP addresses and host names dynamically, using DHCP, rather than statically. You also know that every IP address can be associated with a network class—A, B, C, D, or E (though Class D and E addresses are reserved for special purposes). A node’s network class provides information about the segment or network to which the node belongs. The following section explains how network and host information in an IP address can be manipulated to subdivide networks into smaller segments. Subnetting Subnetting separates a network into multiple logically defined segments, or subnets. Networks are commonly subnetted according to geographic locations (for example, the floors of a build- ing connected by a LAN, or the buildings connected by a WAN), departmental boundaries, or technology types (for example, Ethernet or Token Ring). Where subnetting is implemented, each subnet’s traffic is separated from every other subnet’s traffic. A network administrator might separate traffic to: ◆ Enhance security—Subnetworks must be connected via routers or other Layer 3 devices. As you know, these devices do not retransmit incoming frames to all other nodes on the same segment (as a hub does). Instead, they forward frames only as necessary to reach their destination. Because every frame is not indiscriminately retransmitted, the possibility for one node to tap into another node’s transmissions is reduced. ◆ Improve performance—For the same reason that subnetting enhances security, it also improves performance on a network. When data is selectively retransmitted, unnec- essary transmissions are kept to a minimum. In the case of Ethernet networks, sub- netting is useful for limiting the amount of broadcast traffic—and therefore the amount of potential collisions—by decreasing the size of each broadcast domain. The more efficient use of bandwidth results in better overall network performance. ◆ Simplify troubleshooting—For example, a network administrator might subdivide an organization’s network according to geography, assigning a separate subnet to the nodes in the downtown office, west-side office, and east-side office of her company. Suppose one day the network has trouble transmitting data only to a certain group of IP addresses—those located on the west-side office subnet. When troubleshoot- ing, rather than examining the whole network for errors or bottlenecks, the network administrator needs only to see that the faulty transmissions are all associated with addresses on the west-side subnet to know that she should zero in on that subnet. To understand how subnetting is implemented, it’s necessary to first review IP addressing con- ventions on a network that does not use subnetting. Classful Addressing In Chapter 4, you learned about the first and simplest type of IP addressing, which is known as classful addressing because it adheres to network class distinctions. In classful addressing, only Class A, Class B, and Class C addresses are recognized. Recall that all IP addresses consist of network and host information. In classful addressing, the network information portion of an IP address (the network ID) is limited to the first 8 bits in a Class A address, the first 16 bits in a Class B address, and the first 24 bits in a Class C address. Host information is contained in the last 24 bits for a Class A address, the last 16 bits in a Class B address, and the last 8 bits in a Class C address. Refer to Chapter 11 483 DESIGNING TCP/IP-BASED NETWORKS NET+ 2.7 NET+ 2.6 Figure 4-8 to review the bit separation between network and host information in classful addressing. Figure 11-1 offers some example IP addresses separated into network and host information accord- ing to the classful addressing convention. 484 Chapter 11 IN-DEPTH TCP/IP NETWORKING FIGURE 11-1 Example IP addresses with classful addressing Adhering to a fixed network ID size ultimately limits the number of hosts a network can include. For example, leasing an entire Class C network of addresses gives you only 254 usable IP addresses. In addition, using classful addressing makes it difficult to separate traffic from various parts of a net- work. As you have learned, separating traffic offers many practical benefits. For example, if an orga- nization used an entire Class B network of addresses, it could have up to 65,534 hosts all on one network segment. Imagine the challenges involved in managing such a highly populated net- work, not to mention the poor performance that would result. In 1985, because of the difficulty of managing a whole network class of addresses and the dwindling supply of usable IP addresses, computer scientists introduced subnetting. Depending on the source, you may find the term network ID used interchangeably with the terms network number or network prefix. NOTE Subnet Masks Subnetting depends on the use of subnet masks to identify how a network is subdivided. A subnet mask indicates where network information is located in an IP address. The “1” bits in a subnet mask indicate that corresponding bits in an IP address contain network information. The “0” bits in a subnet mask indicate that corresponding bits in an IP address contain host information. Each network class is associated with a default subnet mask, as shown in Table 11-1. For exam- ple, by default, a Class A address’s first octet (or 8 bits) represents network information and is NET+ 2.6 NET+ 2.7 composed of all 1s. (Recall that an octet composed of all 1s in binary notation equals 255 in decimal notation. An octet composed of all 0s in binary notation equals 0 in decimal nota- tion.) That means that if you work on a network whose hosts are configured with a subnet mask of 255.0.0.0, you know that the network is using Class A addresses and, furthermore, that it is not using subnetting, because 255.0.0.0 is the default subnet mask for a Class A network. Table 11-1 Default subnet masks Number of Bits Default Subnet Network Default Subnet Mask Used for Network Mask (Dotted Class (Binary) Information Decimal) A 11111111 00000000 00000000 00000000 8 255.0.0.0 B 11111111 11111111 00000000 00000000 16 255.255.0.0 C 11111111 11111111 11111111 00000000 24 255.255.255.0 To calculate a host’s network ID given its IP address and subnet mask, you follow a logical process of combining bits known as ANDing. In ANDing, a bit with a value of 1 plus another bit with a value of 1 results in a 1. A bit with a value of 0 plus any other bit results in a 0. If you think of 1 as “true” and 0 as “false,” the logic of ANDing makes sense. Adding a true state- ment to a true statement still results in a true statement. But adding a true statement to a false statement results in a false statement. ANDing logic is demonstrated in Table 11-2, which pro- vides every possible combination of having a 1 or 0 bit in an IP address or subnet mask. Table 11-2 ANDing IP address bit 1100 Subnet mask bit 1010 Resulting bit 1000 An example host IP address, its default subnet mask, and network ID are shown in Figure 11- 2 in both binary and dotted decimal notation. Notice that the IP address’s fourth octet could have been composed of any combination of 1s and 0s, and the network ID’s fourth octet would still be all 0s. Chapter 11 485 DESIGNING TCP/IP-BASED NETWORKS FIGURE 11-2 Example of calculating a host’s network ID NET+ 2.7 At this point, you should understand how to determine a host’s network ID given its IP address and subnet mask. This section explained how to apply ANDing logic to an IP address plus a default subnet mask, but it works just the same way for networks that are subnetted and have different subnet masks, as you will soon learn. Before learning how to create subnets, however, it is necessary to understand the types of addresses that cannot be used as subnet masks or host addresses. Reserved Addresses Certain types of IP addresses cannot be assigned to a network interface on a node or used as subnet masks. Instead, these IP addresses are reserved for special functions. One type of reserved address should be familiar to you already—that is, the network ID. In a network ID, as you know, bits available for host information are set to 0. Therefore, a workstation on the example network used in Figure 11-2 could not be assigned the IP address 199.34.89.0, because that address is the network ID. When using classful addressing, a network ID always ends with an octet of 0 (and may have additional, preceding octets equal to 0). However, when sub- netting is applied and a default subnet mask is no longer used, a network ID may have other decimal values in its last octet(s). Another reserved IP address is the broadcast address for a network or segment. In a broadcast address, the octet(s) that represent host information are set to equal all 1s, or in decimal nota- tion, 255. In the example in Figure 11-2, the broadcast address would be 199.34.89.255. If a workstation on that network sent a message to the address 199.34.89.255, it would be issued to every node on the segment. Because the octets equal to 0 and 255 are reserved, only the numbers 1 through 254 can be used for host information in an IP address. Thus, on a network that followed the example in Figure 11-2, the usable host addresses would range from 199.34.89.1 to 199.34.89.254. If you subnetted this network, the range of usable host addresses would be different. The next sec- tion describes how subnets are created and how you can determine the range of usable host addresses on a subnet. Subnetting Techniques Subnetting breaks the rules of classful addressing. To create subnets, some of an IP address’s bits that in classful addressing would represent host information are changed to represent net- work information instead. By making bits that previously were used for host information rep- resent network information, you reduce the number of bits available for identifying hosts. Consequently, you reduce the number of usable host addresses per subnet.The number of hosts and subnets available after subnetting is related to how many host information bits you use (or borrow, as network professionals like to say) for network information. Table 11-3 illustrates the numbers of subnets and hosts that can be created by subnetting a Class B network. Notice the range of subnet masks that can be used instead of the default Class B subnet mask of 255.255.0.0. Also compare the listed numbers of hosts per subnet to the 65,534 hosts available on a Class B network that does not use subnetting. 486 Chapter 11 IN-DEPTH TCP/IP NETWORKING NET+ 2.7 Table 11-3 Class B subnet masks Number of Number of Subnets Hosts Subnet Mask on Network per Subnet 255.255.192.0 or 11111111 11111111 11000000 00000000 2 16382 255.255.224.0 or 11111111 11111111 11100000 00000000 6 8190 255.255.240.0 or 11111111 11111111 11110000 00000000 14 4094 255.255.248.0 or 11111111 11111111 11111000 00000000 30 2046 255.255.252.0 or 11111111 11111111 11111100 00000000 62 1022 255.255.254.0 or 11111111 11111111 11111110 00000000 126 510 255.255.255.0 or 11111111 11111111 11111111 00000000 254 254 255.255.255.128 or 11111111 11111111 11111111 10000000 510 126 255.255.255.192 or 11111111 11111111 11111111 11000000 1,022 62 255.255.255.224 or 11111111 11111111 11111111 11100000 2,046 30 255.255.255.240 or 11111111 11111111 11111111 11110000 4,094 14 255.255.255.248 or 11111111 11111111 11111111 11111000 8,190 6 255.255.255.252 or 11111111 11111111 11111111 11111100 16,382 2 Table 11-4 illustrates the numbers of subnets and hosts that can be created by subnetting a Class C network. Notice that a Class C network allows for fewer subnets than a Class B net- work. This is because Class C addresses have fewer host information bits that can be borrowed for network information. In addition, fewer bits are left over for host information, which leads to a lower number of hosts per subnet than the number available to Class B subnets. Table 11-4 Class C subnet masks Number of Number of Subnets Hosts Subnet Mask on Network per Subnet 255.255.255.192 or 11111111 11111111 11111111 1100000 2 62 255.255.255.224 or 11111111 11111111 11111111 1110000 6 30 255.255.255.240 or 11111111 11111111 11111111 1111000 14 14 255.255.255.248 or 11111111 11111111 11111111 1111100 30 6 255.255.255.252 or 11111111 11111111 11111111 1111110 62 2 Chapter 11 487 DESIGNING TCP/IP-BASED NETWORKS NET+ 2.7 Calculating Subnets Now that you have seen the results of subnetting, you are ready to try subnetting a network. Suppose you have leased the Class C network whose network ID is 199.34.89.0 and you want to divide it into six subnets to correspond to the six different departments in your company. The formula for determining how to modify a default subnet mask is: 2 n -2=Y where n = the number of bits in the subnet mask that must be switched from 0 to 1 and Y = the number of subnets that result Notice that this formula subtracts 2 from the total number of possible subnets—that is, from the cal- culation of 2 to the power of the number of the bits that equal 1. That’s because in traditional sub- netting, bit combinations of all 0s or all 1s are not allowed for identifying subnets; just as host addresses ending in all 0s or all 1s are not allowed because of addresses reserved for the network ID and broad- cast transmissions. (However, in the next section of this chapter you learn why this equation doesn’t apply to all modern networks.) Because you want six separate subnets, the equation becomes 6=2 n -2. Because 6+2 equals 8 and 8=2 3 , you know that the value of n equals 3. Thus, you need to change three additional subnet mask bits from 0 to 1. That means that rather than using the default subnet mask, in which the first 24 bits indicate the position of network information, you would use a subnet mask of 11111111 111111111 11111111 11100000, in which the first 27 bits indicate the position of network information. Converting from binary to the more familiar dotted decimal notation, this subnet mask becomes 255.255.255.224. When you configure the TCP/IP properties of clients on your network, you would specify this subnet mask. Now that you have calculated the subnet mask, you still need to assign IP addresses to nodes based on your new subnetting scheme. Recall that you have borrowed three bits from what used to be host information in the IP address. That leaves five bits available in the last octet of your Class C addresses to identify hosts. Adding the values of the last five bits, 16 + 8 + 4 + 2 + 1, equals 31, for a total of 32 potential addresses (0 through 31). However, as you have learned, one address is reserved for the network ID and cannot be used. Another address is reserved for the broadcast ID and cannot be used. Thus, using five bits for host information allows a max- imum of 30 different host addresses for each of the six subnets. So, in this example, you can have a maximum of 6 x 30, or 180, unique host addresses on the network. Table 11-5 lists the network ID, broadcast address, and usable host addresses for each of the six subnets in this example Class C network. Together, the additional bits used for subnet infor- mation plus the existing network ID are known as the extended network prefix. The extended network prefix for each subnet is based on which of the additional (borrowed) network infor- mation bits are set to equal 1. For example, in subnet number 1, only the third bit of the three is set to 1, making the last octet of the extended network prefix 00100000, or in decimal nota- tion, 32. In subnet number 2, only the second bit is set to 1, making the last octet of the extended network prefix 01000000, or 64. In Table 11-5, the three bits borrowed from the host informa- tion portion of the Class C address (to indicate network information) are underlined. 488 Chapter 11 IN-DEPTH TCP/IP NETWORKING NET+ 2.7 Class A, Class B, and Class C networks can all be subnetted. But because each class reserves a different number of bits for network information, each class has a different number of host information bits that can be used for subnet information. The number of hosts and subnets on your network will vary depending on your network class and the way you use subnetting. Enu- merating the dozens of subnet possibilities based on different arrangements and network classes is beyond the scope of this book. However, several Web sites provide excellent tools that help you calculate subnet information. One such site is www.subnetmask.info. If you use subnetting on your LAN, only your LAN’s devices need to interpret your devices’ subnetting information. Routers external to your LAN, such as those on the Internet, pay atten- tion to only the network portion of your devices’ IP addresses when transmitting data to them. As a result, devices external to a subnetted LAN (such as routers on the Internet) can direct data to those LAN devices without interpreting the LAN’s subnetting information. Table 11-5 Subnet information for six subnets in an example Class C network Subnet Extended Network Broadcast Usable Host Number Prefix Address Addresses 1 199.34.89.32 or 199.34.89.63 or 199.34.89.33 11000111 00100010 11000111 00100010 through 01011001 00100000 01011001 00111111 199.34.89.62 2 199.34.89.64 or 199.34.89.95 or 199.34.89.65 11000111 00100010 11000111 00100010 through 01011001 01000000 01011001 01011111 199.34.89.94 3 199.34.89.96 or 199.34.89.127 or 199.34.89.97 11000111 00100010 11000111 00100010 through 01011001 01100000 01011001 01111111 199.34.89.126 4 199.34.89.128 or 199.34.89.159 or 199.34.89.129 11000111 00100010 11000111 00100010 through 01011001 10000000 01011001 10011111 199.34.89.158 5 199.34.89.160 or 199.34.89.191 or 199.34.89.161 11000111 00100010 11000111 00100010 through 01011001 10100000 01011001 10111111 199.34.89.190 6 199.34.89.192 or 199.34.89.223 or 199.34.89.193 11000111 00100010 11000111 00100010 through 01011001 11000000 01011001 11011111 199.34.89.222 Chapter 11 489 DESIGNING TCP/IP-BASED NETWORKS NET+ 2.7 Figure 11-3 illustrates a situation in which a LAN has been granted the Class C range of addresses that begin with 199.34.89. The network administrator has subnetted this Class C network into six smaller networks with the network IDs listed in Table 11-5. As you know, routers connect different network segments via their physical interfaces. In the case of subnet- ting, a router must interpret IP addresses from different subnets and direct data from one sub- net to another. Each subnet corresponds to a different port on the router. 490 Chapter 11 IN-DEPTH TCP/IP NETWORKING FIGURE 11-3 A router connecting several subnets NET+ 2.7 When a router on the internal LAN needs to direct data from a machine with the IP address of 199.34.89.73 to a machine with the IP address of 199.34.89.114, its interpretation of the worksta- tions’ subnet masks (255.255.255.224) plus the host information in the IP addresses tells the router that they are on different subnets. The router forwards data between the two subnets (or ports). In this figure, the devices connecting subnets to the router are labeled switches, but they could also be routers, bridges, or hubs. Alternatively, nodes having different extended network prefixes could be directly connected to the router so that each subnet is associated with only one device, though this is an unlikely configuration. When a server on the Internet attempts to deliver a Web page to the machine with IP address 199.34.89.73, however, the Internet router does not use the subnet mask information. It only knows that the machine is on a Class C network beginning with a network ID of 199.34.89. That’s all the information it needs to reach the organization’s router. After the data enters the organization’s LAN, the LAN’s router then interprets the subnet mask information as if it were transmitting data inter- nally to deliver data to the machine with IP address 199.34.89.73. Because subnetting does not affect how a device is addressed by external networks, a network administrator does not need to inform Internet authorities about new segments created via subnetting. You have learned how to subdivide a network into multiple smaller segments through subnetting. Next, you’ll learn about more contemporary variations on this method. CIDR (Classless Inter-Domain Routing) By 1993, the Internet was growing exponentially, and the demand for IP addresses was growing with it. The IETF (Internet Engineering Task Force) recognized that additional measures were neces- sary to increase the availability and flexibility of IP addresses. In response to this need, the IETF devised CIDR (Classless Inter-Domain Routing, pronounced cider), which is sometimes called classless routing or supernetting. CIDR is not exclusive of subnetting; it merely provides additional ways of arranging network and host information in an IP address. In CIDR, conventional network class distinctions do not exist. For example, the previous section described subdividing a Class C network into six subnets of 30 addressable hosts each. To achieve this, the subnet boundary (or length of the extended network pre- fix) was moved to the right—from the default 24 th bit to the 27 th bit—into what used to be the host information octet. In CIDR, a subnet boundary can move to the left. Moving the subnet boundary to the left allows you to use more bits for host information and, therefore, generate more usable IP addresses on your network. A subnet created by moving the subnet boundary to the left is known as a supernet. Figure 11-4 contrasts examples of a Class C supernet mask with a subnet mask. Notice that in Figure 11-4, 27 bits are used for network information in the subnet mask, whereas only 22 bits are used for network information in the supernet mask. Suppose that you have leased the Class C range of addresses that shares the network ID 199.34.89.0 and, because of growth in your company, you need to greatly increase the number of host addresses this network allows by default. By changing the default subnet mask of 255.255.255.0 (11111111 11111111 11111111 00000000) to 255.255.252.0 (11111111 Chapter 11 491 DESIGNING TCP/IP-BASED NETWORKS NET+ 2.7 [...]... Default gateways may connect multiple internal networks, or they may connect an internal network with external networks, such as WANs or the Internet As you have learned, routers that connect multiple networks must maintain a routing table to determine where to forward information When a router is used as a gateway, it must maintain routing tables as well The Internet contains a vast number of routers and... share a single Internet connection In previous chapters, you learned that this can be achieved by using a SOHO router or small switch to which each networked computer is connected Microsoft offers another alternative for sharing Internet access on computers running the Windows 98, Me, 2000, or 32-bit version of the XP operating system, ICS (Internet Connection Sharing) Using ICS, a computer with Internet... ICANN When you register a domain name with ICANN, you provide contact information for yourself, the technical person responsible for the domain (for example, an engineer at an ISP who maintains DNS services there), and information about the hosting entity (usually an ISP) and the DNS server addresses This information is stored in a database maintained by your RIR (Regional Internet Registry) The utility... track addressing information for every other gateway on the Internet, it would be overtaxed Instead, 494 Chapter 11 IN- DEPTH TCP/IP NETWORKING NET+ 1.6 FIGURE 11-6 The use of default gateways each handles only a relatively small amount of addressing information, which it uses to forward data to another gateway that knows more about the data’s destination Like routers on an internal network, Internet gateways... transport mail from machine to machine, this method would be laborious, slow, and error-prone Instead, other services, such as the Sendmail software for UNIX-type of systems, provide more friendly and sophisticated mail interfaces that rely on SMTP as their means of transport SMTP is a simple subprotocol, incapable of doing anything more than transporting mail or holding it in a queue In the post office... needed to use each in the dig man pages The dig utility is included with UNIX-type of operating systems If your computer runs a Windows-based operating system, however, you must obtain the code for the dig utility from a third party and install it on your system Whois You have learned about the process of domain name resolution and how individuals must register domain names with the Internet authority... have to be connected to the Internet A network or part of a network that uses browser-based services to exchange information within an enterprise is known as an intranet In addition to supplying HTTP-accessible documents, intranets are used for e-mail, file sharing, document management (for example, indexing several versions of documents), and collaboration (for example, allowing multiple employees to... simple whois command does not work with all types of domains, because in some cases, a special server must be queried for some domain information For example, domains registered with an RIR outside of North America and domains ending in gov or mil necessitate querying a server that holds DNS registration information only for these types of domains Rather than type whois at the shell or command prompt,... ftp.netscape.com The domain name is in the first column, followed by the record’s Time to Live, then its type code (for example, A for an address record or MX for a mail record), and finally, a data field indicating the IP address or other domain name with FIGURE 11-11 Output of a simple dig command 506 NET+ 4.1 4.2 Chapter 11 IN- DEPTH TCP/IP NETWORKING which the primary domain name is associated A... or client running TCP/IP However, the syntax of these commands may differ, depending on your client’s operating system For example, the command that traces the path of packets from one host to another is known as traceroute in UNIX-type of operating systems, but as tracert in the Windows operating systems Similarly, the options used with each command may differ according to the operating system For . indicate that corresponding bits in an IP address contain network information. The “0” bits in a subnet mask indicate that corresponding bits in an IP address contain host information. Each network. into network and host information accord- ing to the classful addressing convention. 484 Chapter 11 IN- DEPTH TCP/IP NETWORKING FIGURE 11-1 Example IP addresses with classful addressing Adhering. and healthcare depend on the Internet for daily transactions, recordkeeping, and sales. Individuals, too, increasingly rely on the Internet for purchasing and data-gathering operations. In previous chapters,