IP Addressing and Network Management

Every device on a network has an IP address divided into two parts:

$\underset{\text{identifies the network}}{\underbrace{\text{Network identifier}}}+\underset{\text{identifies the device on that network}}{\underbrace{\text{Host identifier}}}$

Routers use the network identifier to route packets to the correct network. Once in the correct network, the host identifier identifies the specific device.

IPv4 example: 192.168.1.42

• Written as 4 octets (0–255) separated by dots
• Network part might be 192.168.1 (first 3 octets), host part 42 (last octet)
• Exact split determined by the subnet mask

A subnet mask is a 32-bit value that identifies which bits of an IP address are the network part and which are the host part.

How to apply: AND the IP address with the subnet mask to extract the network address.

Example:

IP address:   192.168.1.42   =  11000000.10101000.00000001.00101010
Subnet mask:  255.255.255.0  =  11111111.11111111.11111111.00000000
AND result:   192.168.1.0    =  11000000.10101000.00000001.00000000

The result (192.168.1.0) is the network address. The host is device .42 on the 192.168.1.0 network.

CIDR notation: /24 means the first 24 bits are the network part (equivalent to mask 255.255.255.0). 192.168.1.0/24 defines a subnet with 256 addresses (hosts .1–.254, .0 is network address, .255 is broadcast).

Subnetting divides a network into smaller sub-networks, improving security and reducing broadcast traffic within each subnet.

IPv4:

• 32-bit address (4 octets): 93.184.216.34
• $2^{32}\approx 4.3$ billion addresses
• Address exhaustion: all public IPv4 blocks allocated

IPv6:

• 128-bit address (8 groups of 4 hex digits): 2001:0db8:85a3:0000:0000:8a2e:0370:7334
• $2^{128}$ addresses — effectively inexhaustible
• Additional features: built-in auto-configuration (devices can generate their own addresses), improved security support, no need for NAT at scale

Why IPv6 was introduced: IPv4 address space exhaustion. The Internet grew far beyond what 4.3 billion addresses could support. IPv6 provides effectively unlimited addresses for every device, including IoT.

Public IP address:

• Globally unique and routable on the Internet
• Assigned by ISPs and internet registries
• Visible to servers on the Internet

Private IP address:

• Used within a LAN (home, office network); not routable on the Internet
• Defined ranges:
  • 10.0.0.0 – 10.255.255.255
  • 172.16.0.0 – 172.31.255.255
  • 192.168.0.0 – 192.168.255.255
• Multiple devices on different private networks can share the same private IP (e.g. many homes have 192.168.1.1 as their router)

Devices with private IPs access the Internet through NAT on their router, which maps their private address to the router's single public IP.

DHCP (Dynamic Host Configuration Protocol)

DHCP automatically assigns configuration to devices joining a network. When a device connects:

1. Device broadcasts a DHCP request
2. DHCP server responds with: IP address, subnet mask, default gateway, DNS server address
3. Device configures itself using these values for the duration of the lease

Without DHCP, every device would need a manually configured static IP address.

NAT (Network Address Translation)

NAT allows multiple devices on a private network to share a single public IP address.

• The router maintains a translation table: maps (private IP + ephemeral port) ↔ (public IP + translated port)
• Outbound: router replaces the source private IP with its public IP in each packet
• Inbound: router uses the translation table to forward the reply to the correct private device

Example:

Device 192.168.1.5:5000 ──NAT──▶ 86.11.22.33:40001 ──▶ web server
web server ──▶ 86.11.22.33:40001 ──NAT──▶ 192.168.1.5:5000

Port forwarding

Port forwarding allows external devices to initiate connections to a specific internal device through the NAT router.

Configuration: incoming traffic on public IP port 8080 → forward to 192.168.1.10:80 (internal web server).

Without port forwarding, NAT only handles outbound-initiated connections — the router does not know which internal device should receive an unsolicited inbound connection.

1. Stating that private IP addresses are unique on the Internet

Private IP addresses are not globally unique. Multiple private networks worldwide use the same private address ranges (192.168.x.x, etc.). They are unique only within their own LAN. NAT handles the translation to a globally unique public IP.

2. Confusing subnet mask with subnet address

The subnet mask (e.g. 255.255.255.0) is a tool for extracting the network part of an address. The network address (e.g. 192.168.1.0) is the result of ANDing an IP with the mask. They are different things.

3. Stating NAT provides security

NAT provides implicit inbound filtering (unsolicited inbound connections are dropped) as a side effect, not as a designed security feature. It is not a replacement for a firewall.

4. Forgetting what DHCP assigns

DHCP assigns four things: IP address, subnet mask, default gateway, and DNS server address. Answers that only say "IP address" are incomplete.