Introduction
IPprotocol
IPprotocolisaprotocoldesignedforcommunicationbetweencomputernetworks.IntheInternet,itisasetofrulesthatenablesallcomputernetworksconnectedtotheInternettocommunicatewitheachother,andstipulatestherulesthatcomputersshouldabidebywhencommunicatingontheInternet.AnycomputersystemproducedbyanymanufacturercanbeinterconnectedwiththeInternetaslongasitcomplieswiththeIPprotocol.Thenetworksystemsandequipmentproducedbyvariousmanufacturers,suchasEthernet,packetswitchingnetwork,etc.,cannotcommunicatewitheachother.Themainreasonwhytheycannotcommunicateisbecausethebasicunitofthedatatheytransmit(technicallycalled"frame")Theformatisdifferent.TheIPprotocolisactuallyasetofprotocolsoftwarecomposedofsoftwareprograms.Ituniformlyconvertsvarious"frames"intothe"IPdatagram"format.ThisconversionisoneofthemostimportantfeaturesoftheInternet,makingallkindsofcomputersCanrealizeintercommunicationontheInternet,thatis,ithasthecharacteristicof"openness".ItispreciselybecauseoftheIPprotocolthattheInternetcanrapidlydevelopintotheworld'slargestandopencomputercommunicationnetwork.Therefore,theIPprotocolcanalsobecalled"InternetProtocol".
IPaddress
ThereisalsoaveryimportantcontentintheIPprotocol,whichistospecifyauniqueaddressforeachcomputerandotherequipmentontheInternet,called"IPaddress".Becauseofthisuniqueaddress,itisensuredthatuserscanefficientlyandconvenientlyselecttheobjectstheyneedfromtensofthousandsofcomputerswhenoperatingonanetworkedcomputer.
TheIPaddressislikeourhomeaddress.Ifyouwanttowritetoaperson,youneedtoknowhis(her)addresssothatthepostmancandelivertheletter.Thecomputersendinginformationislikeapostman,itmustknowtheonly"homeaddress"inordernottosendthelettertothewrongperson.It’sjustthatouraddressisexpressedinwords,andthecomputer’saddressisexpressedinbinarynumbers.
IPaddressesareusedtoassignnumberstocomputersontheInternet.WhateveryoneseesdailyisthateverynetworkedPCneedsanIPaddressinordertocommunicatenormally.Wecancompare"personalcomputer"to"atelephone",then"IPaddress"isequivalentto"phonenumber",andtherouterintheInternetisequivalenttothe"program-controlledswitchboard"ofthetelecommunicationsbureau.
TheIPaddressisa32-bitbinarynumber,usuallydividedinto4"8-bitbinarynumbers"(thatis,4bytes).TheIPaddressisusuallyexpressedin"dotteddecimalnotation"intheformof(a.b.c.d),wherea,b,c,anddarealldecimalintegersbetween0and255.Example:ThedotteddecimalIPaddress(100.4.5.6)isactuallya32-bitbinarynumber(01100100.00000100.00000101.00000110).
DevelopmentHistory
TheIPaddressthatfirstappearedwasIPV4,whichhasonly4numbers,andthemaximumnumberofeachsegmentdoesnotexceed255.DuetothevigorousdevelopmentoftheInternet,thedemandforIPaddressesisincreasing,makingtheissuanceofIPaddressesmoreandmorestringent.VariousdatashowthattheglobalIPv4addressesmaybeallissuedbetween2005and2010(theactualsituationisin2019TheallocationofIPv4addresseswascompletedonNovember25th).ThelackofaddressspacewillinevitablyhinderthefurtherdevelopmentoftheInternet.Inordertoexpandtheaddressspace,itisplannedtoredefinetheaddressspacethroughIPv6.IPv6usesa128-bitaddresslength.InthedesignofIPv6,inadditiontosolvingtheproblemofaddressshortageonceandforall,otherproblemsthatcouldnotbesolvedwellinIPv4werealsoconsidered.
TheexistingInternetrunsonthebasisoftheIPv4protocol.IPv6isthenextversionoftheInternetprotocol,whichcanalsobesaidtobethenext-generationInternetprotocol.ItwasoriginallyproposedbecausewiththerapiddevelopmentoftheInternet,thelimitedaddressspacedefinedbyIPv4willbeexhausted,andthelackofaddressspacewillinevitablyObstructthefurtherdevelopmentoftheInternet.Inordertoexpandtheaddressspace,itisplannedtoredefinetheaddressspacethroughIPv6.IPv4usesa32-bitaddresslength,withonlyabout4.3billionaddresses,whichareestimatedtobeallocatedbetween2005and2010,whileIPv6usesa128-bitaddresslength,whichcanprovideaddressesalmostunlimitedly.AccordingtoconservativemethodstoestimatetheactualaddressesthatIPv6canallocate,morethan1,000addressescanstillbeallocatedpersquaremeteroftheentireearth.InthedesignprocessofIPv6,inadditiontosolvingtheproblemofaddressshortage,italsoconsideredsomeotherproblemsthatcouldnotbesolvedinIPv4,mainlyend-to-endIPconnection,qualityofservice(QoS),security,multicast,andmobility,Plugandplay,etc.
WiththerapiddevelopmentoftheInternetandthecontinuousimprovementofInternetusers'requirementsforservicelevels,IPv6willreceivemoreandmoreattentionintheworld.Infact,thereisnorushtopromoteIPv6,andtheproblemofinsufficientIPv4addressescanbesolvedbyonlyextending32bitsto40bitsonthebasisofexistingIPv4.Asaresult,thenumberofavailableaddresseshasbeenexpandedby256times.
IPaddresstype
Publicaddress
PublicaddressishandledbyInterNIC(InternetNetworkInformationCenter).TheseIPaddressesareassignedtoorganizationsthatregisterandapplytoInterNIC.AccesstheInternetdirectlythroughit.
Privateaddress
Privateaddressisanon-registeredaddress,specificallyforinternalusebyorganizations.
Thereservedinternalprivateaddressesarelistedbelow
ClassA10.0.0.0--10.255.255.255
ClassB172.16.0.0--172.31.255.255
ClassC192.168.0.0--192.168.255.255
IPaddressingmethod
IntheinitialdesignoftheInternet,inordertofacilitateaddressingandhierarchicalconstructionofthenetwork,EachIPaddressincludestwoidentificationcodes(ID),namelynetworkIDandhostID.AllhostsonthesamephysicalnetworkusethesamenetworkID,andahostonthenetwork(includingworkstationsandserversonthenetwork)hasahostIDcorrespondingtoit.TheInternetCommitteehasdefined5typesofIPaddressestosuitnetworksofdifferentcapacities,namelyClassA~ClassE.
Amongthem,ClassA,B,andC3(asshowninthefollowingtable)areuniformlyallocatedbyInternetNICglobally,andClassDandEarespecialaddresses.
Category | Maximumnumberofnetworks | IPaddressrange | Maximumnumberofhostspernetworksegment | PrivateIPaddressrange |
A | 126(2^7-2) | 1.0.0.1-127.255.255.254 td> | 16777214 | 10.0.0.0-10.255.255.255 |
B | 16384(2^14) | 128.0.0.1-191.255.255.254 | 65534 | 172.16.0.0-172.31.255.255 |
C | 2097152(2^21) | 192.0.0.1-223.255.255.254 | 254 | 192.168.0.0-192.168.255.255 |
ClassAIPaddress
AClassAIPaddressmeansthatamongthefournumbersoftheIPaddress,thefirstnumberisthenetworknumber,andtheremainingthreenumbersareThenumberofthelocalcomputer.IftheIPaddressisexpressedinbinary,theClassAIPaddressconsistsofa1-bytenetworkaddressanda3-bytehostaddress,andthehighestbitofthenetworkaddressmustbe"0".ThelengthofthenetworkidentifierintheclassAIPaddressis8bits,andthelengthofthehostIDis24bits.ThenumberofclassAnetworkaddressesissmall,with126networks,andeachnetworkcanaccommodatemorethan16millionhosts.
TypeAIPaddressTheaddressrangeis1.0.0.1to127.255.255.254(binaryrepresentationis:00000001000000000000000000000001-01111111111111111111111111111110).Thelastoneisthebroadcastaddress.
ClassBIPaddress
AClassBIPaddressmeansthatamongthefournumbersoftheIPaddress,thefirsttwonumbersarenetworknumbers.IftheIPaddressisexpressedinbinary,theClassBIPaddressconsistsofa2-bytenetworkaddressanda2-bytehostaddress,andthehighestbitofthenetworkaddressmustbe"10".ThelengthofthenetworkidentifierintheclassBIPaddressis16bits,andthelengthofthehostIDis16bits.TheclassBnetworkaddressissuitableformedium-scalenetworks.Thereare16,384networks,andeachnetworkcanaccommodatemorethan60,000computers.tower.
TheaddressrangeofClassBIPaddressis128.0.0.1-191.255.255.254(binaryrepresentationis:10000000000000000000000000000001----10111111111111111111111111111110).Thelastoneisthebroadcastaddress.
ThesubnetmaskoftheClassBIPaddressis255.255.0.0,andthemaximumnumberofhostssupportedbyeachnetworkis256tothepowerof2=65,534.
ClassCIPaddress
AClassCIPaddressmeansthatamongthefournumbersintheIPaddress,thefirstthreenumbersarenetworknumbers,andtheremainingnumbersarelocalThenumberofthecomputer.IftheIPaddressisexpressedinbinary,theclassCIPaddressconsistsofa3-bytenetworkaddressanda1-bytehostaddress,andthehighestbitofthenetworkaddressmustbe"110".ThelengthofthenetworkidentifierintheclassCIPaddressis24bits,andthelengthofthehostIDis8bits.ThenumberofclassCnetworkaddressesislarge,withmorethan2.09millionnetworks.Suitableforsmall-scalelocalareanetworks,eachnetworkcanonlycontainupto254computers.
ClassCIPaddressrange192.0.0.1-223.2255.255.254(binaryrepresentationis:11000000000000000000000000000001-11011111111111111111111111111110).
ThesubnetmaskofClassCIPaddressis255.255.255.0,andthemaximumnumberofhostssupportedbyeachnetworkis256-2=254units
ClassDIPaddress
ClassDIPaddresseshavehistoricallybeencalledmulticastaddresses,thatis,multicastaddresses.InEthernet,amulticastaddressnamesagroupofstationsthatshouldreceiveapacketinthisnetwork.Themostsignificantbitofthemulticastaddressmustbe"1110",andtherangeisfrom224.0.0.0to239.255.255.255.
SpecialURL
Theaddress("0.0.0.0")witheachbytebeing0correspondstothecurrenthost;
TheIPaddress("255.255.255.255")whoseeverybyteintheIPaddressis1isthebroadcastaddressofthecurrentsubnet;
AllE-classIPaddressesbeginningwith"11110"intheIPaddressarereservedforfutureandexperimentaluse.
TheIPaddresscannotstartwithdecimal"127".Thenumbers127.0.0.1to127.255.255.255inthistypeofaddressareusedforlooptesting.,Suchas:127.0.0.1canrepresenttheIPaddressofthemachine,use"http://127.0.0.1"totestthewebserverconfiguredinthemachine.
Thefirst6-bitgroupofthenetworkIDcannotbeallsetto"0"either,all"0"meansthelocalnetwork.
Subnet
Introduceasubnetmask(NetMask)tologicallydividealargenetworkintosomesmallnetworks.Thesubnetmaskismadeupofaseriesof1sand0s,anditpointsoutwhatthenetworknumberofanIPaddressisbydoingan"AND"operationwiththeIPaddress.FortraditionalIPaddressclassification,thesubnetmaskofclassAaddressis255.0.0.0;thesubnetmaskofclassBaddressis255.255.0.0;thesubnetmaskofclassCaddressis255.255.255.0.Forexample,ifyouwanttodivideaclassBnetwork166.111.0.0intomultipleclassCsubnets,youonlyneedtosetitssubnetmaskto255.255.255.0,sothat166.111.1.1and166.111.2.1belongtoDifferentnetworkstoo.Likethis,themethodofdividinganetworkintomultiplenetworksthroughalongersubnetmaskiscalledsubnetting.
Supernetting
Supernettingisaconceptsimilartosubnetting.Itcombinesmultiplesmallnetworksintoonelargenetworkthroughashortsubnetmask.Forexample,aunithas8classCaddresses:202.120.224.0~202.120.231.0.Aslongasitssubnetmaskissetto255.255.248.0,theseclassCnetworkscanbeconnected.
ClasslessInter-DomainRouting
ClasslessInter-DomainRouting(CIDR,ClasslessInter-DomainRouting)addressesareassignedaccordingtothenetworktopology,andacontinuoussetofnetworkaddressescanbeassignedtoafamilyCompanies,andusetheentiregroupofaddressesasanetworkaddress(forexample,usingsupernettechnology),thereisonlyoneroutingtableentryintheexternalroutingtable.Thisnotonlysolvestheproblemofaddressscarcity,butalsosolvestheproblemofroutingtableexpansion.Inaddition,CIDRdividesthewholeworldintofourregions,andassignsacontinuousclassCaddresstoeachregion:Europe(194.0.0.0~195.255.255.255),NorthAmerica(198.0.0.0~199.255.255.255),CentralandSouthAmerica(200.0.0.0~201.255.255.255)andAsiaPacific(202.0.0.0~203.255.255.255).Inthisway,whenarouteroutsidetheAsia-Pacificregionreceivesadatagramwiththefirst8digitsof202or203,itonlyneedstoputitontheroutetotheAsia-Pacificregion,andthelast24digitscanbeusedinthedatagram.AfterarrivingintheAsia-Pacificregion,processingisperformed,whichgreatlyalleviatestheproblemofroutingtableexpansion.
IPaddressallocation
TCP/IPprotocolrequiresdifferentsettingsfordifferentnetworks,andeachnodegenerallyneedsan"IPaddress"anda"subnetmask"",a"defaultgateway".However,youcanautomaticallyassignanIPaddresstotheclientthroughtheDynamicHostConfigurationProtocol(DHCP),whichavoidserrorsandsimplifiestheTCP/IPprotocolsettings.
TheIPaddressisnowassignedbyICANN(InternetCorporationforAssignedNamesandNumbers).
InterNIC:responsiblefortheUnitedStatesandotherregions;
ENIC:responsiblefortheEuropeanregion;
APNIC(AsiaPacificNetworkInformationCenter):ChineseuserscanapplytoAPNIC(Paymentrequired)
PS:In1998,APNICmoveditsheadquartersfromTokyotoBrisbane,Australia.
TheagencyresponsiblefortheallocationofClassAIPaddressesisENIC
TheagencyresponsiblefortheallocationofClassBIPaddressesinNorthAmericaisInterNIC
TheagencyresponsiblefortheallocationofClassBIPaddressesinAsiaPacificTheagencyisAPNIC
IPaddressmanagement
IftheIPaddresscannotbemanagedeffectively,itmayreducenetworkavailabilityandservicequality,andevencausenetworkbreakdown.
ThefollowingarethemainIPaddressmanagementmodes:
Manualmanagementmode
NetworkadministratorsusemanualMaintenance,queryandverifywhetheracertainIPaddresscanbeusedeffectivelyornot,withthehelpofasimplePINGcommand,whentheIPisnewlyassigned,theExceltableoraddressregisterneedstobeupdatedmanually.ManuallyconfigurethestaticIPaddressattheaccessend,whichisthetraditionalmanualmanagementIPmode.
ThemanagementmodeofDHCPallocationofIPaddresses
TheemergenceofthemodeofDHCPdynamicallocationofIPaddressesisbecausethescaleoftheinformationsystemisbecominglarger.Foractualbusinessneeds,themanualallocationofIPaddressesThemodelcannolongerbesatisfied.Thismethodwillbringthefollowingproblemstothenetwork:
1)RandomallocationofIPaddressesusesthemanagementmodeofDHCPallocation.EachstaffmemberusesacomputertospecifyasingleIPaddress,whichcannotbeallocatedbyrelateddepartments.BindingIP/MACaddressandauditingandothermeasures;
2)ThesituationwheretheCPUisusedtoohighandthesystemhangsup,orthenumberofuserswillgreatlyincrease,andtheDHCPrequestistoohigh.ThesesituationsareduetotheuseofThenon-dedicatedDHCPserverwilleventuallycauseuntimelyresponseandserviceinterruption;
3)TheIPaddresswhoseleaseexpirescannotbeautomaticallyreleased;thetablethatrecordsIPconflictscannotbeautomaticallycleared.ThisisbecauseSomenetworkequipmenthardwaresettings;
4)FortraditionalDHCPfunctions,thereisnoexternaluserauthorizationandauthenticationsecuritymechanism.Asaresult,maliciousforgeryofMACaddressescannotbedoneBlockingwillalsorunoutofIPaddresses;
5)Fornetworkadministrators,theprocessofnetworkexpansionprojectsismorecomplicatedandtrivial;
6)AccuratelylocateillegalaccessdevicesAlargenumberofretrievalworkloadsalsoexistinthismanagementmode;
7)Thesecurityperformanceislow,anditiseasytobeattacked.
ManagetheIPaddressmodethroughtheswitch
Inthelocalareanetwork,themethodofuseisinnovative,amodeforeffectivemanagementofIPaddresseswiththehelpofintegratedsecurityfeaturesinsidetheswitch.Justfollowthesecuritymeasuresfromauthentication(suchasIEEE802.1x)andaccesscontrolliststotheaforementionedsecurityattacksfromthenetworklayer2ordatalinklayer(DHCPserverspoofingattacks,IP/MACaddressspoofing,MACaddressflooding)Attacks,etc.)cannotbeprevented.