[ Team LiB ] Previous Section Next Section


If you want to go to a store, it's useful to know where it's at. You could cruise for hours or days looking for the store you want—and you might never find it. But once you have an address, you have an anchor. You know where to go, and you should be able to quickly figure out how to get there.

Although mindless cruising is one of the delights of the Web (after all, isn't that what surfing really is?), when you're more directed in your search (when you know what you're looking for), having an address can be helpful. Even if you surf, you may want to return to the same page you've visited before, and knowing where to find it will shorten your journey back (but maybe make it less fun).

Just like physical stores, the Internet uses an address to anchor Web sites. In fact, not only sites but every device that connects to the Internet gets its own, unique address. The Internet Protocol itself defines the addressing scheme that's used, so the addresses are naturally called IP addresses.

IP Addresses

Under the Internet Protocol, an address is four bytes, a 32-bit binary number. Usually you'll find it expressed as a series of four numbers called octets. The value of each octet is expressed in decimal notation, and the individual octets are separated by periods. Hence, an Internet address looks like this:

Every device gets its own, unique address. Do the math, and you'll see this scheme allows for 4,294,967,296 unique devices (which is simply 2 to the 32nd power, exactly what a 32-bit binary address means).

Dividing IP addresses into octets is more than a matter of readability. By design, the IP address is structured to help make finding any given computer easier. The address has two parts: The first identifies a network connected to the Internet, and the last part identifies a specific computer attached to the network.

For example, the computer with the IP address of actually is computer number 1 attached to the network named

Structuring IP addresses in this way makes routing packets and messages across the Internet easier for the routers charged with the job. They only need to find the network and dump the packets on it. The network then routes the packets to the computer designated in the IP address.

Subnet Masks

You may detect the one small flaw in this addressing system—the IP address by itself does not indicate where the split between the network address and the device address occurs. Although it would be easy to define the last octet as the device address, that was too arbitrary and limiting for the folks who developed the Internet. Such a scheme would limit any network to only 256 addresses. The Internet designers preferred to permit greater versatility in configuring networks. After all, the Internet was specifically meant to allow colleges to exchange information, and most colleges now have substantially more than 256 students, each with his or her own computer tied into the network and Internet.

Instead of fixing the division between network and device addresses, the Internet designers chose to use a second number that defined the boundary. This second number is the subnet mask. You'll encounter it nearly every time you tangle with IP addresses.

The subnet mask takes the same form as an IP address, four octets in dotted-decimal format. Unlike IP addresses, however, which allow full variation to yield more than four billion distinct numbers, only 32 different subnet masks are allowed in the IP scheme of things. Once you think about it, this number makes sense because there are only 32 places to draw the line between network and device addresses. Table 14.1 lists all the valid subnet masks.

Table 14.1. Subnet Masks
Mask in Hex Mask in Decimal Number of Available Addresses 2,147,483,648
C0.00.00.00 1,073,741,824
E0.00.00.00 536,870,912
F0.00.00.00 268,435,456
F8.00.00.00 134,217,728
FC.00.00.00 67,108,864
FE.00.00.00 33,554,432
FF.00.00.00 16,777,216
FF.80.00.00 8,388,608
FF.C0.00.00 4,194,304
FF.E0.00.00 2,097,152
FF.F0.00.00 1,048,576
FF.F8.00.00 524,288
FF.FC.00.00 262,144
FF.FE.00.00 131,072
FF.FF.00.00 65,536
FF.FF.80.00 32,768
FF.FF.C0.00 16,384
FF.FF.E0.00 8192
FF.FF.F0.00 4096
FF.FF.F8.00 2048
FF.FF.FC.00 1024
FF.FF.FE.00 512
FF.FF.FF.00 256
FF.FF.FF.80 128
FF.FF.FF.C0 64
FF.FF.FF.E0 32
FF.FF.FF.F0 16

Understanding why these particular masks are the only ones allowed and why they were chosen requires examining the IP address and subnet mask numbers in their native binary form.

Although most network administrators look at IP addresses in the dotted-decimal format, computer equipment sees them as a series of 32 ones and zeros. For example, what you see as the IP address looks like this to your computer:


Divided into octets, this number becomes the following:


In this format, the number of the subnet mask makes more sense, at least if you look at it with an engineer's eyes. The number allows subnet mask numbers resulting in a dotted-decimal format that is all ones on the left and zeros on the right. For example, the subnet mask expressed as can also be represented in binary as follows:


In this form, the columns filled with the ones represent the digits of the IP address that designate the network. The columns filled with zeros are the digits of the valid computer identification numbers.

Don't bother memorizing the table of subnet masks. If all you're going to do is home networking, you only need to deal with one subnet mask: You'll find that this is Microsoft's default when you set up TCP/IP on your system, and it is both necessary and sufficient for most home network setups.

Network Classes

Subnet masks move into prominence when you venture into serious networking. That is, when you move your network onto the Internet and have your own galaxy of computers linking into workgroups. To accommodate the really big kids with prodigious needs, the Internet was designed to be divvied up among governments and businesses in chunks that depended on need and, more likely, lobbying.

Some organizations need more Internet space than others. Some are able to demand more space than others. And some are able to use whatever forms of legal blackmail are available to extort more network space than others. In the days that InterNIC (the organization charged with administering the Internet at that time) assigned blocks of Internet addresses, it followed a classification scheme with five levels: Classes A through E. Although this scheme is no longer used, the addresses assigned under it remain. You can classify it as interesting Internet trivia that still creeps into our lives when we least expect it.

In any case, in each of the first three classes defined under the InterNIC scheme, the number of addresses available to an organization was defined by the subnet mask. In addition, InterNIC defined two more classes for special purposes: multicasting (sending packets to multiple computers but not all on the Internet) and experimental purposes. These classes were assigned their own ranges of special IP addresses. The five classes are as follows:

  • Class A— These Internet addresses use a subnet mask of The first bit in a Class A address is always zero, so Class A addresses always start with the first octet in the range of 0 to 126, inclusive. This classification leaves seven bits to identify the network and 24 bits to identify individual devices.

  • Class B— These Internet addresses use a subnet mask of The first two bits of a Class B address are a one followed by a zero, so the first octet of a Class B address always falls in the range 128 to 191, inclusive. This classification leaves 14 bits to identify the network and 16 bits to identify individual devices.

  • Class C These Internet addresses use a subnet mask of The first three bits of a Class C address are always two ones followed by a zero, so Class C addresses always fall in the range with the first octet of 192 to 223, inclusive. This classification leaves 21 bits to identify the network and eight bits to identify individual devices.

  • Class D These addresses always start with binary addresses of three ones followed by a zero, which translates into a first octet in dotted-decimal notation in the range 224 to 239, inclusive. The remaining 28 bits in the address identify the group of computers for which the multicast is meant.

  • Class E These addresses always start with a binary address of four ones, which translates into a first octet in dotted-decimal notation in the range 240 to 255, inclusive. As with Class D, the remaining 28 bits in the address identify the group of computers for which the multicast is meant.


Subnet masks are cumbersome in everyday use on the Internet. To help make routing messages between computer networks more efficient, Internet workers developed Classless Inter-Domain Routing (CIDR) to provide more flexibility than was possible with the subnet mask scheme. The CIDR system is now used by virtually every computer on the Internet's backbone to route messages to their destinations.

Basically, the CIDR system distills the four-byte subnet mask into a single number appended to an IP address called a network prefix. The number in the network prefix describes the number of bits in the address that constitute the network designation part of the address, much as the subnet mask does. For example, in the CIDR network address

the first 24 bits indicate the address of a network, and the last eight bits identify an individual computer.


Although four billion is a lot of computers for a network, the Internet's administrators see the reserve of IP addresses quickly disappearing. They fear that sometime soon the world will run out of them and no new computer can connect.

They haven't been asleep, however. They have developed a revised version of the Internet Protocol to accommodate longer addresses to break through the 32-bit addressing limit. Called Internet Protocol Version 6 (we used version 4 today), the revision allows for IP addresses 128-bits long. The result is that IPv6 accommodates more addresses than it is convenient to write down. Every person in the world could have four billion computers, each with its own IPv6 address, and there would still be 16 sextillion times more addresses available.

The revisions of IPv6 don't stop with longer addresses. Under IPv6, the packet header allows messages to be identified as part of a particular flow, such as a stream of audio or video. Properly identified, the packets can be routed to follow the same path to help them get reconstructed as a real-time stream. The header also includes extensions for authentication, error control, and privacy.

The IPv6 spec is designed to allow compatibility with today's IP addressing system. The lowest 32 bits of the IPv6 address can function as a current IP address and routed appropriately.

What Address to Use

When setting up a home or small office network, at some time or another you will be confronted with the choice of IP addresses to use—it's one of those unwelcome choices that is given every network administrator. As far as I can tell, no readily available source even hints at what IP address you should use. But the choice is critical, and the people who govern such things in the Internet publish the addresses you should use.

In fact, the Internet Assigned Numbers Authority (IANA, which you can find on the Web at www.iana.org) reserves three blocks of IP addresses for use by private networks—that is, those that don't intend on directly connecting to the Web. Because it's likely you will connect only through a gateway at your ISP, your home network falls into the private network class, and these reserved addresses are the ones you should choose from. Table 14.2 lists the addresses IANA reserves for private networks.

Table 14.2. Address Ranges Reserved for Private Networks
Start Address End Address Addresses in Range 16,777,216 1,048,576 65,536

Clearly, any of these three ranges will have more than enough room for any conceivable home network. Microsoft uses the last of these, the range starting at, for the private networks it automatically sets up for home use.

Certainly you're not limited to these values for your own private network. You could simply create your own IP address. If you're not too clever for you own good, you may get away with it. Coming up with a valid address is not difficult—but it's not a good idea either. Internet addresses are assigned, and the Internet governing bodies go to lengths to be sure there's no conflicts.

Addresses You Cannot Use

The IP naming rules dictate that you cannot use certain addresses for computers on a network. These fall at the two ends of the number range in the fourth octet. That is, addresses ending in zero, such as, and those ending in 255, such as, cannot be used as addresses for computers or other devices connected to a network. These addresses have a specifically defined meaning in the IP system.

Addresses ending in a zero refer to the network itself rather than any specific computer or device connected to it. Addresses ending in 255 are used to broadcast messages to all devices in the network, so all devices in a network will receive packets with the network address and a 255 at its end.

The rule is simple: Never use these addresses when assigning IP addresses to any device in your network.


If you find IP addresses confusing, you're not the only one. Keeping track of all the addresses used by a network can be confusing, indeed. What you really need is someone who excels at organization, who rigidly assigns addresses and keeps track of every detail as if he were a machine. In fact, a machine such as a computer would be a good choice to take over the job.

Using the Dynamic Host Configuration Protocol (DHCP), you can move the responsibility for assigning and organizing the IP addresses your network uses to one of its servers.

DHCP is an automatic method for assigning addresses to devices. When a device wants to join the network, it queries the DHCP server, and the server sends back a unique IP address for the device.

Not just any address will do. In the Microsoft scheme of things, the addresses assigned by a server are drawn from within a scope, a range of no more than 255 contiguous addresses. All the devices in a workgroup must be within the same scope, although a network may have many intercommunicating scopes.

Setting up a DHCP server usually is more work than most normal people want to do. That's why it's usually left to network administrators. But if you buy an inexpensive router in order to share a high-speed Internet connection, odds are it has a DHCP server built in to it. When you log in to your network in preparation for sharing your connection, the DHCP server automatically sends your computer its own unique IP address so it can join the network.

Note that you should have only one DHCP server in a network. If you install a dedicated server to act as your DHCP server and you install a router for Internet sharing, the two DHCP servers may come into conflict, possibly preventing your network from operating, or just preventing some computers from seeing others on the network. To avoid problems, make sure you have only one DHCP server.

    [ Team LiB ] Previous Section Next Section