Figure 1. This simplified network layer model illustrates the separation of networking functions from the applications they serve. Click here to see an enlarged diagram.
These days, almost all computers are networked in one way or another, whether it be through a conventional wired network, wirelessly or over a dial-up connection. In order for the computer attached to the network to send and receive packets, the computer must have a unique address.
Many years ago, when programmers wanted to write a program that made use of a connection between two computers, the programmers would not only write the application they were concerned with, but also they had to write low-level code to access the networking hardware. I once worked on a project to develop one of the first network-based automation systems. The network drivers were an integral part of the application. If you changed the network card, you had to rewrite the automation system program. This approach worked, but it created a monolithic program that incorporated all of the nuances of a particular networking card into the application itself. Clearly, this was not an optimal situation.
Application programmers needed something that would isolate them from the rapid changes that were occurring in networking technology. The solution came in the form of a layered approach to networking.
Network layering
Figure 1 shows a simplified version of the ISO 7 layer network model. Layer 1 describes the network hardware — the characteristics of the data transmitters and receivers; whether the network is optical, wireless or wired; and so on. Layer 2 describes how to organize bits to be sent over a particular network — Ethernet, ATM or token ring, for example. Layer 3 deals with organizing groups of computers into discreet networks and how computers on those networks are addressed. Layer 4 formats data from an application into datagrams and describes behavior of the network under error conditions.
The layered approach allows engineers to change out hardware at layer 1 and replace the software at layer 2 without having to completely rewrite the application that is using network services.
MAC and IP addressing
Interestingly, in the case of Internet Protocol (IP) over Ethernet, two addresses are required. The first is the layer 2 Ethernet MAC address, and the second is the layer 3 IP address. In Ethernet applications, each card is given its own unique 48-bit MAC address. This address is permanently assigned to the card when it is manufactured. (Security note: In some cases, this address can be changed or spoofed.) The MAC address takes the form nn:nn:nn:nn:nn:nn, where nn can be either a number or letter from a to f. An example of a valid MAC address is 00:09:6b:8d:79:96. Blocks of MAC addresses are assigned to a manufacturer by the Institute of Electrical and Electronic Engineers. Within that block, it is up to the manufacturer to ensure that each address they assign is unique. Therefore, the MAC address above can also be written IBM_8d:79:96 because IBM has been assigned the block of MAC addresses beginning with 00:09:6b.
Layer 2 addresses provide positive identification of a particular computer. But they cannot be changed and provide no way to organize computers into groups or networks. The MAC addresses of computers in an engineering department will be entirely random. For a router on the network to know whether a particular packet was destined for a local computer or for a computer on the Internet, the router would have to store the MAC address of every computer both locally and on the Internet — an almost impossible task.
The solution to organizing computers into groups or networks is provided by layer 3 of the ISO model. In this layer, machines are identified by network address, and this address can be set by the user. TCP/IP is the most commonly used networking protocol today. IP addresses are written in dot notation, with four numbers between 0 and 255, separated by periods (e.g., 127.0.23.41).
An engineer can assign a group of computers to a logical network, sometimes called a subnet, by assigning them addresses within the subnet range (e.g., 127.0.23.0 to 127.0.23.254 with a subnet of 255.255.255.0). Layer 3 allows the network designer to clearly identify a group of computers that belong together. It also allows routers and switches to forward packets to other switches without having to know the exact location and route to the destination computer.
Where do you get IP addresses?
If you are building a network and you are free to assign your own IP addresses, how do you know where to start? Fortunately, some of the decisions have already been made for you.
Figure 2. Shows an example of the path across the Internet from a computer in Atlanta to Cisco Systems located in San Jose, CA. Click here to see an enlarged diagram.
In the early days of the Internet, developers realized they needed documents to describe how the Internet functions. These documents are known as a Request for Comments (RFC). Currently, there are thousands of RFCs relative to TCP/IP and the Internet.
A good reference concerning RFCs is www.rfc-editor.org. One particularly helpful document is RFC 1918, which defines IP addresses for private networks. This document sets aside three blocks of IP addresses solely for private networks — IP addresses set aside for use inside a facility. The IP addresses you use and the subnet you select will depend on the number of PCs and network devices you plan to install. (See last month's article for a discussion of subnetting.)
It is important to note that private IP addresses are unroutable, which means they cannot be projected onto the Internet. If you want computers on the local area network (LAN) side of an Internet gateway router to be able to access the Internet, you will need to use a router that can perform Network Address Translation (NAT). NAT will automatically translate the source address of packets sent from a LAN computer to the WAN address of the Internet gateway. Your Internet service provider normally assigns this public IP address.
Anyone on the Internet can access the gateway by typing in the IP address. The NAT built into the router allows workstations inside your organization to access the Internet, but the actual IP addresses of the individual workstations are never projected onto the Internet. The LAN network interface on the Internet gateway will be entered as the gateway address for all devices on the LAN. All packets with network addresses that are not part of the LAN will be sent to the gateway address of the Internet router and on to the Internet.
For example, if you are at a workstation on a LAN and attempt to visit www.cisco.com (IP address 198.133.219.25), the computer looks at the IP address, sees that it is an address that is not on the local network and forwards it to the gateway. The router then looks at the address and continues to forward it on its way to Cisco. You can actually see this process by entering the traceroute command on a computer. (See Figure 2.) Enter “traceroute www.cisco.com” on Mac OSX and Unix systems or “tracert” on Windows machines. The number of hops will vary depending on the route from your computer to Cisco.
There are many facets to the subject of network addressing. We can only just touch the surface in the space available in this column. If you would like to learn more, go to your favorite Internet search engine and type in “network addressing.” You will find a number of excellent articles and tutorials on the subject.
Brad Gilmer is president of Gilmer & Associates, executive director of the Video Services Forum and executive director of the AAF Association.
Send questions and comments to:brad.gilmer@penton.com
