Addresses

Most likely, you have heard the term IP address. But, what does it really represent and what does it really do? And, exactly how do hosts address each other? These are some of the topics

covered in this section.

Physical Addresses, Media Access Controller Addresses

You can scour the headers of IP packets looking for physical layer MAC addresses until you turn blue, and you will not find them. MAC addresses do not mean anything to IP, which uses logical addresses; they are not part of the protocol. For all intents and purposes, they may as well not exist.

By the same token, physical MAC addresses are how the Ethernet card interfaces with the network. The Ethernet card does not know a single thing about IP, IP headers, or logical IP addresses. So, you are faced with the signature line of Cool Hand Luke: "What we have here is a failure to communicate." Clearly, if things are going to work, an operation process is required that facilitates the correspondence between logical IP and physical MAC addresses.

Do you know the IP address of your desktop computer? If you don't, you are not really one down at all; it is absolutely normal not to know it. It is normal for several reasons, one being that in these days most of you don't even own or even get to keep the same IP address. IP address space is a precious commodity. When you connect to the network, many of you are loaned an address for that session, or possibly longer by an Internet service provider (ISP) or network service provider via applications, such as Dynamic Host Configuration Protocol (DHCP).

Leasing an IP Number: Dynamic Host Configuration Protocol

DHCP is a protocol that permits dynamic assignment of IP numbers. This replaces the labor-intensive process of IP address management, in which every host is configured with a static IP number assigned to it. DHCP allows the centralization and automation of the IP assignment process. Hosts are leased an IP number for a given amount of time, and this makes the process of managing and administering large networks more efficient. This is good for the network administrator, but makes the security administrator's job more complicated (for example, when some IP number and associated temporary owner have to be chased down for questionable activity).

Exactly how many possible IP numbers are there? The exact number is 232 (because the address is comprised of 32 bits), which is a number higher than 4 billion. But, every single IP number is not available; reserved ranges decrease the possible numbers. With the explosive growth of the Internet worldwide, the sad realization has dawned that the IP addresses are being rapidly depleted. What are some remedies for the address depletion?

First, a particular site can use DHCP and assign IP numbers temporarily for the duration of their use. This means that not all hosts will be active at any given time and a smaller pool of possible IP numbers is required. The other remedy is something known as reserved private addresses. The governing body of the Internet, the Internet Address Numbers Authority (IANA), has set aside blocks of IP addresses to be used for internal addresses only. For instance, the 192.168 and 172.16 subnets are to be used for hosts talking within a particular network. This traffic should not leave the site's gateway. This allows a site with an insufficient number of IP addresses to use these Class B network addresses for internal purposes and to save the assigned IP addresses for other purposes.

Okay, go ahead and smirk now; some of you did know your IP address. That is good. However, do you know your host's MAC address by heart? The answer would most likely be "no," because almost no one knows his MAC address. There are several reasons for this, but the primary one is that a 48-bit address with no provisions for human memorization is hard to lock into the brain.

The Address Resolution Protocol (ARP) enables you to resolve the translation of physical MAC addresses to logical IP addresses. ARP is not an IP protocol per se; it is the process of sending an Ethernet frame to all systems on the same network segment. This is known as a broadcast. If a message is a broadcast message, it is sent to all the machines on part of or the entire

network. A point worth emphasizing is that ARP is for locally attached hosts only on the same network; this cannot be done between hosts on different networks.

The source host broadcasts the ARP request, and then presumably the destination host picks it up and replies with its MAC address. During this transaction, both the source and destination host, and any listening hosts on the network, cache (or save) what they have learned about the other host, thereby storing the IP and MAC addresses. This storage cuts down on the number of new ARP requests required. Ultimately, on the same network segment, the communications will occur between MAC addresses and not IP addresses. They might begin as a TCP/IP transaction with two hosts communicating between the same layers of TCP/IP, but when the actual delivery occurs, communication is between two hosts' MAC addresses.

Why are MAC addresses so huge? After all, 48 bits is a lot of address space. The idea was that they would be unique for all time and space! That sounds good if you say it real fast, but future plans are to expand this value to 128 bits to accommodate its current limitations in

allowing each NIC manufacturer to have a unique vendor code embedded in the MAC address.

Logical Addresses, IP Addresses

An IP address has 32 allocated bits to identify a host. This 32-bit number is expressed as four decimal numbers separated by periods (for example, 192.168.5.5). These are not just random or sequential assignments. The initial portion of the IP number tells something about the size of the network on which the host resides. The remainder of the IP number distinguishes hosts on that network. Addresses are categorized by class; classes tell how many hosts are in a given network or how many bits in the IP address are assigned for the unique hosts in a network (see Table 1.1). A grouping known as Class A addresses assigns the initial 8 bits for a network portion of the address, for example, and the final 24 bits for the host portion of the address. Because 24 bits have been allocated for the hosts, more than 16 million (224-1) hosts can possibly be in the network. An example of a Class A network is the 18.0.0.0 through 18.255.255.255, IP space assigned to Massachusetts Institute of Technology.

The IP address classes range from Class A addresses to Class E. Classes A, B, and C are unicast addresses; when you send a packet to them, presumably you are addressing a single machine. Class D is known as a multicast address used to communicate with a designated set of hosts. Class E is reserved for experimental use. Table 1.2 shows the address range associated