Chapter 2 - The Internet Address Architecture
2.1 Introduction
This chapter deals with IP addresses.
Every device connected to the Internet has at least one IP address.
IP addresses are assigned to devices when they are connected to the global Internet. And the IP addresses should be coordinated so as to not duplicate other addresses in use on the network. This is the same in private networks.
Groups of IP addresses are allocated to users and organizations. The addresses can then be assigned to devices.
Individual users get IP addresses from Internet Service Providers (ISPs).
2.2 Expressing IP Addresses
IPv4 addresses are 32-bit long, and are often represented in dotted-quad notaion or dotted-decimal notation.
IPv6 addresses are 128-bit long. The conventional notation adopted for IPv6 addresses is a series of four hexadecimal numbers called blocks or fields separated by colons. An example IPv6 address containing eight blocks would be written as 5f05:2000:80ad:5800:0058:0800:2023:1d71. A number of agreed-upon simplifications have been standardized for expressing IPv6 addresses [RFC4291]:
- Leading zeros of a block need not be written. In the preceding example, the address could have been written as 5f05:2000:80ad:5800:58:800:2023:1d71.
- Blocks of all zeros can be omitted and replaced by the notation ::. For example, the IPv6 address 0:0:0:0:0:0:0:1 can be written more compactly as ::1. Similarly, the address 2001:0db8:0:0:0:0:0:2 can be written more compactly as 2001:db8::2. To avoid ambiguities, the :: notation may be used only once in an IPv6 address.
- Embedded IPv4 addresses represented in the IPv6 format can use a form of hybrid notation in which the block immediately preceding the IPv4 portion of the address has the value ffff and the remaining part of the address is formatted using dotted-quad. For example, the IPv6 address ::ffff:10.0.0.1 represents the IPv4 address 10.0.0.1. This is called an IPv4-mapped IPv6 address.
- A conventional notation is adopted in which the low-order 32 bits of the IPv6 address can be written using dotted-quad notation. The IPv6 address ::0102:f001 is therefore equivalent to the address ::1.2.240.1. This is called an IPv4-compatible IPv6 address. Note that IPv4-compatible addresses are not the same as IPv4-mapped addresses; they are compatible only in the sense that they can be written down or manipulated by software in a way similar to IPv4 addresses. This type of addressing was originally required for transition plans between IPv4 and IPv6 but is now no longer required [RFC4291].
Bracket characters, [ and ], can be used to surround the IPv6 address in URLs. For example:
http://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443/
refers to port number 443 on IPv6 host 2001:0db8:85a3:08d3:1319:8a2e:0370:7344 using the HTTP/TCP/IPv6 protocols.
[RFC5952] imposes some rules to narrow the range of options while remaining compatible with [RFC4291]:
- Leading zeros must be suppressed (e.g., 2001:0db8::0022 becomes 2001:db8::22).
- The :: construct must be used to its maximum possible effect (most zeros suppressed) but not for only 16-bit blocks. If multiple blocks contain equallength runs of zeros, the first is replaced with ::.
- The hexadecimal digits a through f should be represented in lowercase.
2.3 Basic IP Address Structure
2.3.1 Classful Addressing
Internet's address structure was defined to let every unicast IP address to have a network portion, to identify the network on which the interface using the IP address was to be found, and a host portion, used to identify the particular host on the network given in the network portion.
An Internet address can be devided into net number and host number.
IP addresses are given out to different sites based on their number of hosts. The partitioning of the address space involved five classes. Each class represented a different trade-off in the number of bits of a 32-bit IPv4 address devoted to the network number versus the number of bits devoted to the host number.
The first and last address in IP address pool cannot be used.
The structure of an IP datagram header is as follows. An IP header is alway 20 bytes in size.
Version is a 4-bit field indicating the version of IP protocol the data is using.
Header Length is a 4-bit field indicating the whole length of the header.
Service Type is an 8-bit field specifying details about quality of service, or QoS (which IP datagram is more important than the others), technologies.
Total Length is a 16-bit field indicating the total length of the IP datagram the header is attached to. The maximum size of a single IP datagram is 65535. If exceeded, the IP datagram is then split into many indicidual packets.
Identification is a 16-bit field used to group messages together. As stated above, when a IP datagram exceeds the maximum size, identification field can tell the receiver which packets are belong to the same transmission.
Flag is a 4-bit field indicating if a datagram is allowed to be fragmented, or that the datagram has already been fragmented. Fragmentation is the process of taking a single IP datagram and splitting it up into several smaller datagrams.
Fragment Offset is a 12-bit field contains the value used by the receiving end to take all the fragmented parts and put them all together in the correct order.
TTL is an 8-bit field indicating how many router hops a datagram can traverse before it's thrown away.
Protocol is an 8-bit field that contains data about what transport layer protocol is being used. Most common ones are TCP or UDP.
Header Checksum is a 16-bit field that contains the checksum of the contents of the entire IP datagram header. Because TTL will change on every hop, the checksum changes every time TTL changes.
Source IP Address is a 32-bit field that contains the source IP of the datagram.
Destination IP Address is a 32-bit field that contains the destination IP of the datagram to be send to.
Options is a 16-bit field used to set special characteristics for datagrams primarily used for testing purposes.
Padding is a 16-bit field is a series of zeros used to ensure the header is the correct total size.The forming of the datagram with header is called Encapsulation.
The payload of the IP datagram is a TCP or UDP data packet.
2.3.2 Subnet Addressing
Problem arose when the Internet began to grow. It was inconvenient to allocate a new network number to any new network segment that was to be attached to the Internet. To address the problem, it was natural to consider a way that a site attached to the Internet could be allocated a network number centrally that could then be subdivided locally by site administrators.
The approach adopted to support this capability is called subnet addressing [RFC0950].
The site may further divide the host portion of its base address allocation into a subnetwork (subnet) number and a host number.
For performing network subnetting, refer to other online matetials for clarification.
2.3.3 Subnet Masks
The subnet mask is an assignment of bits used by a host or router to determine how the network and subnetwork information is partitioned.
Subnet masks for IP are the same length as the corresponding IP addresses (32 bits for IPv4 and 128 bits for IPv6).
Subnet masks are configured in a host or router either statically or using dinamic system such as the Dynamic Host COnfiguration Protocol (DHCP).
Subnet masks constitue with 1s and 0s, with 1s at higher bits and 0s at lower bits. Subnet masks can then be expressed in shorthand as slash/number of 1 bits.
Subnet masks help routers and hosts determine where the network/subnetwork portion of an IP address ends and the host part starts. Bit set to 1 means the corresponding bit in an IP address should be considered part of a combined network/subnetwork, which is the basis for the router or host to forward datagrams. Conversely, 0 bit is host portion. For example, in Figure 2-4 we can see how the IPv4 address 128.32.1.14 is treated when a subnet mask of 255.255.255.0 is applied to it.
Subnet masks are applied locally. Routers outside the site make routing decisions based only on the network number portion of an address, not the combined network or host portion..
2.3.4 Variable-Length Subnet Masks (VLSM)
"In the more complicated and realistic example shown in Figure 2-5, three different subnet masks are used within the site to subnet the 128.32.0.0/16 network: /24, /25, and /26. Doing so provides for a different number of hosts on each subnet. Recall that the number of hosts is constrained by the number of bits remaining in the IP address that are not used by the network/subnet number. For IPv4 and a /24 prefix, this allows for 32 – 24 = 8 bits (256 hosts); for /25, half as many (128 hosts); and for /26, half further still (64 hosts). Note that each interface on each host and router depicted is now given both an IP address and a subnet mask, but the mask differs across the network topology. With an appropriate dynamic routing protocol running among the routers (e.g., OSPF, IS-IS, RIPv2), traffic is able to flow correctly among hosts at the same site or to/from the outside of the site across the Internet. Although it may not seem obvious, there is a common case where a subnetwork contains only two hosts. When routers are connected together by a pointto-point link requiring an IP address to be assigned at each end, it is common practice to use a /31 network prefix with IPv4, and it is now also a recommended practice to use a /127 prefix for IPv6 [RFC6164]."
2.3.5 Broadcast Addresses
Broadcast address is a special address reserved in IPv4 address, it's called the subnet broadcast address.
The subnet broadcast address is formed by setting the network/subnetwork portion of an IPv4 address to the appropriate value and all the bits in the Hos field to 1. The diagram below shows a somewhat differenct complement method to calculate the boradcast address.
255.255.255.255 is reserved as the local net bradcast (limited broadcast) address, which is never forwarded by the router.
Though routers may not forward broadcasts, subnet broadcasts and local net broadcasts destined for the same network to which a computer is attached should be expected to work unless explicitly disabled by end hosts (like ping). Such broadcasts do not require action by a router; link-layer broadcast mechanisms, if available, are used for supporting them.
Broadcast addresses are typically used with protocols such as UDP/IP or ICMP.
IPv6 uses exclusively multicast addresses.
2.3.6 IPv6 Addresses and Interface Identifiers
Special prefixes used with IPv6 addresses indicate the scope of an address. The scope of an IPv6 address refers to the portion of the network where it can be used. Important examples of scopes include node-local (the address can be used only for communication on the same computer), link-local (used only among nodes on the same network link or IPv6 prefix), or global (Internet-wide).
In IPv6, most nodes have more than one address in use, often on the same network interface.
The set of addresses required in an IPv6 node, including multicast addresses, is given in [RFC4291].
Link-local IPv6 addresses use interface identifiers (IIDs) as a basis for unicast IPv6 address assignment.
IIDs are ordinarily 64 bits long and are formed either directly from the underlying link-layer MAC address of a network interface using a modified EUI-64 format [EUI64], or by another process that randomizes the value in hopes of providing some degree of privacy against address tracking
According to IEEE standards, EUI stands for extended unique identifier.
The OUIs are maintained and allocated by the IEEE registration authority [IEEERA].
IIDS are formed by EUI-64.
EUI-64 identifiers start with a 24-bit Organizationally Unique Identifier (OUI) followed by a 40-bit extension identifier assigned by the organization.
The OUI is 24-bit long and occupies the first 3 bytes of both EUI-48 and EUI-64 address. The low-order 2 bits of the first bytes of these addresses are designated the u and g bits.
The u bit, when set, indicates that the address is locally administered.
The g bit, when set, indicates that the address is a group or multicast-type address.The EUI-48 address 00-11-22-33-44-55 would become 00-11-22-FF-FE-33-44-55 in EUI-64.
2.3.6.1 Examples
Linux example.
Ethernet's hardware address is 00:30:48:2A:19:89. It is first converted to EUI-64, forming the address 00:30:48:ff:fe:2a:19:89. Next, the u bit is inverted, forming the IID value 02:30:48:ff:fe:2a:19:89. To complete the link-local IPv6 address, add the reserved link-local prefix fe80::/10 to form the final complete address fe80::230:48ff:fe2a:1989.The data packet from Ethernet is called Ethernet frame. The structure of an Ethernet frame header is as follows.
Preamble is a 64-bit field with the first 7-bytes (56-bits) constitutes of alternating 1s and 0s, acting as buffer between frames and a internal clock synchronization to network interfaces to regulate the speed they send data. The last byte is known as the SFD (Start Frame Delimiter) indicating that the preamble is over and that the actual frame contents will now follow.
Destination Address is a 48-bit field containing the destination MAC address for the Ethernet frame.
Source Address is a 48-bit field containing the source MAC address.
Tag (VLAN Tag) is a 32-bit field indicating the frame itself is a VLAN frame.
Ether-type is a 16-bit field describing the protocol of the contents of the frame. Ether-type field only appears when VLAN Tag is present.
Payload is a 1500 bytes field containing the actual data.
FCS (Frame Check Sequence) is a 4-byte number that represents a checksum value for the enture frame. It is calculated with the Cyclical Redundancy Check (CRC) mathematical transformation. It is an important concept for data integrity. If the FCS in the receiving end does not match the FCS in the header, the datagram is thrown out.Windows example.
A special tunnel endpoint is used to carry IPv6 traffic through newtorks that otherwise support only IPv4.
The special tunneling interface is called ISATAP [RFC5214]. The physical address is a hexadecimal encoding of an IPv4 address: 0A-99-8D-87, the same as 10.153.141.135. Add the OUI 00-00-5e (assigned to the IANA) to the front, and add hex value fe, forming 00:00:5efe:10.153.141.135. Then, combined with the standard link-local prefix fe80::/10 to give the address fe80::5efe:10.153.141.135. The %2 appended to the end of the address is called a zone ID in Windows and indicates the interface index number on the computer corresponding to the IPv6 address. IPv6 addresses are often created by a process of automatic configuration.
2.4 CIDR and Aggregation
Three problem arose in the mid 1990s:
- Class B address would be exhausted by about 1995.
- IPv4 is inadequate by the early 2000.
- The number of entries in the global routing table (one per network number) would be too many when more and more class A, B and C routing entries appear, which would damage routing performance.
ROAD (ROuting and ADdressing) group in IETF proposed to remove the class breakdown of IP addresses and promote the ability to aggregate hierarchically assigned IP address to deal with problem 1 and 3. IPv6 was envisioned to deal with problem 2.
2.4.1 Prefixes
The Internet routing system was extended to support the Classless Inter-Domain Routing (CIDR) [RFC4632]. The enabled contiguous address allocation. With CIDR, any address range is not predefined as being part of a class but instead requires a mask similar to a subnet mask, called a CIDR mask.
CIDR masks are visible to the global routing system.
CIDR is based on variable-length subnet masking (VLSM) which allows the specification of arbitrary-length prefixes.
The core Internet routers is able to interpret and process masks in addition to network numbers. This combination of numbers, called a network prefix, is used for both IPv4 and IPv6 address management.
An n-bit prefix is predefined value for the first n bits of an address. The value if n is an integer in the range of 0-32 for IPv4 and 0-128 for IPv6. The bit number is appended to the base IP address following a / character. In the following example, the bits defined by the prefix are enclosed in a box. The remaining bits may be set to any combination of 0s and 1s, thereby covering the possible address range.
A smaller prefix length corresponds to a larger number of possible addresses.
2.4.2 Aggregation
A routing table entry tells a router where to send traffic. The router inspects the destination IP address in an arriving datagram, finds a matching routing table entry, and from the entry extracts the “next hop” for the datagram.
The hierarchical routing approach in the late 1970s by Kleinrock and Kamoun was published to solve the problem of keep the routing table simple while maintaining the shortest-path routes to all destinations.
Aggregation also refers to the term Supernetting.
Below is an example explaining supernetting.
A corporation has the following networks in its routing table:
192.168.98.0
192.168.99.0
192.168.100.0
192.168.101.0
192.168.102.0
192.168.105.0
To supernet, firstly, the addresses are converted into binary format and aligned in a list:
Secondly, the number of most common bits is counted. The summary route is found by setting the remaining bits to zero. And it is followed by a slash and then the number of the most common bits.
Thus, the summarized route is 192.168.96.0/20. The subnet mask is 255.255.240.0.
Note that this summarized route also contains networks that were not in the summarized group, namely, 192.168.96.0, 192.168.97.0, 192.168.103.0, 192.168.104.0, 192.168.106.0, 192.168.107.0, 192.168.108.0, 192.168.109.0, 192.168.110.0, and 192.168.111.0. It must be assured that the missing network prefixes do not exist outside of this route.Take this example for understanding the superiorness of supernetting. If an ISP is assigned a block of IP address by a regional Internet registry (RIR) of 172.1.0.0 to 172.1.255.255. The ISP might then assign subnetworks to each of their downstream clients, e.g., Customer A will have the range 172.1.1.0 to 172.1.1.255, Customer B would receive the range 172.1.2.0 to 172.1.2.255 and Customer C would receive the range 172.1.3.0 to 172.1.3.255, and so on. Instead of an entry for each of the subnets 172.1.1.x and 172.1.2.x, etc., the ISP could aggregate the entire 172.1.x.x address range and advertise the network 172.1.0.0/16 on the Internet community, which would reduce the number of entries in the global routing table. ------ Wikipedia
2.5 Special-Use Addresses
Both IPv4 and IPv6 have a few address ranges that are used for special purposes [RFC5735].
Only those addresses not designated as special, multicast, or reserved are available to be assigned for unicast use. Some unicast address space (prefixes 10/8, 172.16/12, and 192.168/16 for IPv4 and fc00::/7 for IPv6) is reserved
for building private networks. Addresses from these ranges can be used by cooperating hosts and routers within a site or organization, but not across the global Internet. Thus, these addresses are sometimes called nonroutable addresses. That is, they will not be routed by the public Internet. Private addresses are frequently used in combination with network address translation (NAT).Special-use addresses for IPv6.
2.5.1 Addressing IPv4/IPv6 Translators
IPv4 addresses can be translated into IPv6 addresses, called IPv4-embedded-IPv6 addresses. The translation process involve several IPv5 prefixes, namely 32, 40, 48, 56, 64, or 96. Bits 64–71 must be set to 0 to maintain compatibility with identifiers specified in [RFC4291]. The suffix bits are reserved and should be set to 0. Then, concatenate the IPv6 prefix with the 32-bit IPv4 address, ensuring that the bits 63–71 are set to 0. And append the suffix as 0 bits until a 128-bit address is produced.
2.5.2 Multicast Addresses
IP multicast addresses are also called group or group addresses. They identifies a group of host interfaces.
The portion of the network that a single group covers is known as the group’s scope [RFC2365].
Common scopes include node-local (same computer), link-local (same subnet), site-local (applicable to some site), global (entire Internet), and administrative.
A site administrator can configure the router as admin-scope boundaries, meaning that multicast traffic of the associated group is not forwarded past the router.
When a host wants to send something to the group, it first creates a datagram using one of his unicast IP addresses as the source address and a multicast IP address as the destination. All hosts in scope that have joined the group should receive any datagrams sent to the group.
The sender does not know how many hosts are receiving the datagrams.
The multicast service model is called any-source multicast (ASM). In this model, any sender can send to any group; a receiver joins the group by specifying the group address.
A newer approach is called the source-specific multicast (SSM) [RFC3569][RFC4607], uses only a single sender per group. To join the group, a host specifies the address of a channel, which comprises both a group address and a source IP address.
2.5.3 IPv4 Multicast Addresses
The class D space (224.0.0.0–239.255.255.255) has been reserved for supporting multicast for IPv4.
There's a total of 268,435,456 host groups (each host group is an IP address and therere 28 bits free).
The address space is devided into major sections as follows.
The local network control block is limited to the local network of the sender; datagrams sent to those addresses are never forwarded by multicast routers. The All Hosts group (224.0.0.1) is one group in this block.
The internetwork control block is similar to the local network control range but is intended for control traffic that needs to be routed off the local link. An example from this block is the Network Time Protocol (NTP) multicast group (224.0.1.1) [RFC5905].
Most of the allocations in first ad hoc block are for commercial services.
The SDP/SAP block contains addresses used by applications such as the session directory tool (SDR) [H96] that send multicast session announcements using the Session Announcement Protocol (SAP) [RFC2974]. Originally a component of SAP, the newer Session Description Protocol (SDP) [RFC4566] is now used not only with IP multicast but also with other mechanisms
to describe multimedia sessions.
The SSM block is used by applications employing SSM in combination with their own unicast source IP address in forming SSM channels.
In the GLOP block, multicast addresses are based on the autonomous system (AS) number of the host. Link To AS Number WIKI.
GLOP addresses are generated by placing a 16-bit AS number in the second and third bytes of the IPv4 multicast address, leaving room for 1 byte to represent the possible multicast addresses (i.e., up to 256 addresses).The most recent IPv4 multicast asddress allocation mechanism is called unicast-prefix-based multicast addressing (UBM).
The UBM IPv4 address range is 234.0.0.0 through 234.255.255.255. A unicast address allocation with a /24 or shorter prefix may make use of UBM addresses.
UBM addresses are constructed as a concatenation of the 234/8 prefix, the allocated unicast prefix, and the multicast group ID.
Unicast IPv4 address prefix 192.0.2.0/24 has a single associated UBM address 234.192.0.2.
A left-shifting of the multicast address by 8 bits can determine the owner of the multicast address. The corresponding unicast IPv4 address space 128.32.0.0/16 (the “left-shifted” version of 234.128.32.0) is owned by UC Berkeley (as can be determined using a WHOIS query).
2.5.4 IPv6 Multicast Addresses
Prefix ff00::/8 is reserved for multicast addresses. 112 bits are available for holding the group number, a total of 2112 = 5,192,296,858,534,827,628,530,496,329,220,096 groups.
The following is the value for the scope field.
IPv6 multicast addresses can span multiple scopes. Each of these is defined with a certain offset relative to every scope, it's called scope-relative or variable-scope.
For example the NTP servers have variable-scope IPv6 addresses.
The R, P, T flags make three kind of IPv6 multicast address policies. First, with R and P both set to 0. It is standard. Second, with P set to 1, then two other alternative methods exist for multicast addresses that do not require global agreement on a per-group basis, namely unicast-prefix based and link-scoped. The unicast-prefix based method makes that a unicast prefix allocation provided by an ISP or address allocation authority also effectively allocates a collection of multicast addresses. The link-scoped utilizes the interface identifiers, and multicast addresses are based on a host’s IID.
The T bit field, when set, indicates that the included group address is temporary or dynamically allocated.When the P bit field is set to 1, the T bit must also be set to 1. When this happens, a special format of IPv6 multicast addresses based on unicast address prefixes is enabled.
Unicast-prefix-based addressing changes the format of the multicast address to include space for a unicast prefix and its length, plus a smaller (32-bit) group ID.
IPv6 addresses have already been allocated with prefixes, the prefixes can be used in multicast addresses. For example, an organization receiving a unicast prefix allocation of 3ffe:ffff:1::/48 would also consequently receive a unicast-based multicast prefix allocation of ff3x:30:3ffe:ffff:1::/96, where x is any valid scope.
SSM is also supported using this format by setting the prefix length and prefix fields to 0, effectively requiring the prefix ff3x::/32 (where x is any valid scope value) for use in all such IPv6 SSM multicast addresses.To create unique multicast addresses of link-local scope, a method based on
IIDs can be used [RFC4489], which is preferred to unicast-prefix-based allocation when only link-local scope is required.
The advantage of this structure over the previous one is that no prefix need be supplied in forming the multicast address.
In ad hoc networks where no routers may be available, an individual machine can form unique multicast addresses based on its own IID without having to engage in a complex agreement protocol.
This format works only for link- or node-local multicast scoping, when larger scopes are required, either unicast-prefix-based addressing or permanent multicast addresses are used.
As an example of this format, a host with IID 02-11-22-33-44-55-66-77 would use multicast addresses of the form ff3x:0011:0211:2233:4455:6677:gggg:gggg, where x is a scope value of 2 or less and gggg:gggg is the hexadecimal notation for a 32-bit multicast group ID.R bit field is used when unicastprefix-based multicast addressing is used (the P bit is set) along with a multicast routing protocol that requires knowledge of a rendezvous point.
A rendezvous point (RP) is the IP address of a router set up to handle multicast routing for one or more multicast groups. RPs are used by the PIM-SM protocol [RFC4601] to help senders and receivers participating in the same multicast group to find each other. One of the problems encountered in deploying Internet-wide multicast has been locating rendezvous points. This scheme overloads the IPv6 multicast address to include an RP address. Therefore, it is simple to find an RP from a group address by just selecting the appropriate subset of bits.
When the R bit is set, the modified format for a multicast address is as follows.
SSM is not used (so the prefix length cannot be zero).
A new 4-bit field called the RIID is introduced.
To form the IPv6 address of an RP based on a multicast address on the Figure above, the number of bits indicated in the Prefix Length field are extracted from the Prefix field and placed as the upper bits in a fresh IPv6 address. Then, the contents of the RIID field are used as the low-order 4 bits of the RP address. The rest is filled with zeros.
As an example, consider a multicast address ff75:940:2001:db8:dead:beef:f00d:face. In this case, the scope is 5 (site-local), the RIID field has the value 9, and the prefix length is 0x40 = 64 bits. The prefix itself is therefore 2001:db8:dead:beef, so the RP address is 2001:db8:dead:beef::9. More examples are given in [RFC3956].IPv6 reserved multicast address spaces.
2.5.5 Anycast Addresses
An anycast address is a unicast IPv4 or IPv6 address that identifies a different host
depending on where in the network it is used.This is accomplished by configuring Internet routers to advertise the same unicast routes from multiple locations in the Internet. Thus, an anycast address refers not to a single host in the Internet, but to the “most appropriate” or “closest” single host that is responding to the anycast address.
Anycast addressing is used most frequently for finding a computer that
provides a common service [RFC4786]. For example, a datagram sent to an anycast
address could be used to find a DNS server (see Chapter 11), a 6to4 gateway that
encapsulates IPv6 traffic in IPv4 tunnels [RFC3068], or RPs for multicast routing
[RFC4610].
2.6 Allocation
IP addresses are allocated by authorities, like ISP and other small authorities.
The authorities are hierarchically organized, the top one is the IANA.
2.6.1 Unicast
For unicast IPv4 and IPv6 address space, the IANA delegates much of its allocation authority to a few regional Internet registries (RIRs).
The RIRs coordinate with each other through an organization formed in 2003 called the Number Resource Organization (NRO) [NRO].
When user register for Internet service, they are allocated a fraction or range of their ISP’s address space in the form of an address prefix. These address ranges are owned and managed by the customer’s ISP and are called provider-aggregatable (PA) addresses because they consist of one or more prefixes that can be aggregated with other prefixes the ISP owns. Such addresses are also sometimes called non-portable addresses.
An alternative type of address space is called provider-independent (PI) address space. Addresses allocated from PI space are allocated to the user directly and may be used with any ISP.
Many site prefer to use PI addresses, and might be willing to pay extra for them, because it helps to avoid the need to renumber when switching ISPs (avoiding what has become known as provider lock).
2.6.1.1 Examples
IPv4 address 72.1.140.203 by accessing the corresponding URL http://whois.arin.net/rest/ip/72.1.140.203.txt:![Picture from TCP/IP Illustrated Volume 1](https://img-blog.csdnimg.cn/20210412215548969.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2hlaXNlaml1aHVjaGU=,size_16,color_FFFFFF,t_70)
Address 72.1.140.203 is really part of the network called SPEK-SEA5-PART-1, which has been allocated the address range 72.1.140.192/27.
SPEK-SEA5-PART-1’s address range is a portion of the PA address space called NET-72-1-128-0-1.Formulate a query for information about this network by visiting the URL http://whois.arin.net/rest/net/NET-72-1-128-0-1.txt
The address range 72.1.128.0/18 (called by the “handle” or name NET-72-1-128-0-1) has been directly allocated out of the address range 72.0.0.0/8 managed by ARIN.Search for information regarding the IPv4 address 193.5.93.80 using the Web query interface at http://www.ripe.net/whois
The address 193.5.93.80 is a portion of the 193.5.88.0/21 block allocated to WIPO.
The status of this block is ASSIGNED PI, meaning that this particular block of addresses is of the provider-independent variety.
The reference to RPSL indicates that the database records are in the Routing Policy Specification Language [RFC2622][RFC4012], used by ISPs to express their routing policies. Such information allows network operators to configure routers to help minimize Internet routing instabilities.
2.6.2 Multicast
Multicast addresses (i.e., group addresses) can be described based on their scope, the way they are determined (statically, dynamically by agreement, or algorithmically), and whether they are used for ASM or SSM.
Administratively scoped addresses and IPv6 link-scoped multicast addresses can be reused in various parts of the Internet and are either configured by a network administrator out of an administratively scoped address block or selected automatically by end hosts.
Globally scoped addresses that are statically allocated are generally fixed and may be hard-coded into applications. Such addresses are really intended for uses applicable to any Internet site.
Algorithmically determined globally scoped addresses can be created based on AS numbers, as in GLOP, or an associated unicast prefix allocation.
SSM can use globally scoped addresses (i.e., from the SSM block) administratively scoped addresses, or unicast-prefix-based IPv6 addresses where the prefix is effectively zero.
2.7 Unicast Address Assignment
2.7.1 Single Provider/No Network/Single Address
A host has multiple Internet IP addresses, including the local “loopback” address (127.0.0.1), some multicast addresses, at a minimum, the All Hosts multicast address (224.0.0.1). If the host is running IPv6, at a minimum it is using the All Nodes IPv6 multicast address (ff02::1), any IPv6 addresses it has been assigned by the ISP, the IPv6 loopback address (::1), and a link-local address for each network interface configured for IPv6 use.
A point-to-point link associated with the device ppp0 has been assigned the IPv4 address 71.141.244.213
Inspect the group memberships, it is subscribed to the IPv6 All Nodes multicast group on its local loopback (lo) interface.
IPv4 All Hosts group is in use, in addition to the mDNS (multicast DNS) service [IDChes]. The mDNS protocol uses the static IPv4 multicast address 224.0.0.251.
2.7.2 Single Provider/Single Network/Single Address
A home network with routers, forming a home LAN, WLAN.
DHCP and NAT (called Internet Connection Sharing (ICS) in Windows) protocol is used in single network scenario.
2.7.3 Single Provider/Multiple Networks/Multiple Addresses
A site has been allocated the prefix 128.32.2.64/26, providing up to 62 (64 minus 2) routable IPv4 addresses.
The “DMZ” network (“demilitarized zone” network, outside the primary firewall) is used to attach servers that can be accessed by users on the Internet.
The remaining addresses from the site prefix are given to the NAT router as the basis for a “NAT pool”.
The separation of the internal network from the DMZ helps protect internal computers from damage should the DMZ servers be compromised.
Once the border router, DMZ, and internal NAT router have been set up, any address structure can be used internally, where many (private) IP addresses are available.
2.7.4 Multiple Providers/Multiple Networks/Multiple Addresses (Multihoming)
Some organizations that depend on Internet access for their continued operations attach to the Internet using more than one provider (called multihoming) in order to provide for redundancy in case of failure, or for other reasons.
Consider the situation in the Figure below.
A site has two ISPs, P1 and P2.
P1 has PA address allocated for S.
P2 has PI address allocated for S.
If S decides to use PA address, traffic for 12.46.129.0/25 tends to go through ISP P2 rather than P1 because of the longest matching prefix algorithm.
If S decides to use PI address, traffic will be more symmetric, however, no aggregation is possible.Quote Quote, needs more info to understand the next paragraph.
Multi6 outlines a number of approaches that have been proposed for handling the issue. Broadly, the options mentioned include using a routing approach equivalent to IPv4 multihoming mentioned previously, using the capabilities of Mobile IPv6 [RFC6275], and creating a new method that splits the identification of nodes away from their locators. Today, IP addresses serve as both identifiers (essentially a form of name) and locators (an address understood by the routing system) for a network interface attached to the Internet. Providing a separation would allow the network protocol implementation to function even if the
underlying IP address changes. Protocols that provide this separation are sometimes called identifier/locator separating or id/loc split protocols.
Shim6 introduces a “shim” network-layer protocol that separates the “upper-layer protocol identifier” used by the transport protocols from the IP address. Multihoming is achieved by selecting which IP address (locator) to use based on dynamic network conditions and without requiring PI address allocations. Communicating hosts (peers) agree on which locators to use and when to switch between them. Separation of identifiers from locators is the subject of several other efforts, including the experimental Host Identity Protocol (HIP) [RFC4423], which identifies hosts using cryptographic host identifiers. Such identifiers are effectively the public keys of public/private key pairs associated with hosts, so HIP traffic can be authenticated as having come from a particular host.Multihoming for IPv6 is still under study. The Multi6 architecture [RFC4177] and the Shim6 protocol [RFC5533] is the result of discussion for some time.
2.8 Attacks Involving IP Addresses
Spoofed datagrams may be sent by altering the IP addresses in the packet.
Computers or routers in botnets have effectively become an Internet-based balck market for carrying out attacks.