Network Fundamentals Part 2

The Logical Addresses

May 29, 2023

In the last blog I covered the physical links and addresses. In this part I cover the logical addresses.

Layer 3: The Network Layer

In Layer 2 of the TCP/IP Model, communication can only happen between computers that are connected to the same network device. This is called a LAN = Local Area Network. In a LAN, the network device only performs switching.

When a computer needs to communicate with something outside it’s LAN, for example the Internet, it needs a layer 3 address. The Internet is an example of a WAN = Wide Area Network. When computers needs to communicate over a WAN, the network device performs something called routing (that is why a home network device is referred to as a router). A router has a routing table that stores all possible ways towards a specific IP address.

This is were the IP = Internet Protocol addresses gets involved. This type of address is also unique, but can change. There are 2 types of IP addresses in use today:

• IPv4 (version 4) addresses are so far the most common types of addresses, at least in home networks or office networks. There are two common types of IPv4 addresses:

  • Private IP addresses – Only known to you, the router and other devices inside your home or office

  • Public IP addresses – Publicly visible on the Internet.

• IPv6 (version 6) addresses are not yet so common, unless you are connected on a mobile network. IPv6 have many more types of addresses, but I won’t explain all of them here. Like IPv4, there are publicly available, and private IPv6 addresses, but they work very differently than IPv4.

Example of how two computers communicate over a WAN.

If we are following the previous analogies, the public IP address would be your house address, which would change if you move. The people living inside the home are the Layer 2 MAC addresses, and they stay the same, regardless where they are located. The people inside the home have their own rooms, which are the private IP addresses; i.e. only the people living in the same house would know where to find that specific room with the specific person. 2 or more people in this analogy can’t share the same room though, but they can live in the same house (true for IPv4).

Note: There have been other Layer 3 protocols used in the past; for example: CLNS and IPX.

The IPv4 Protocol

An IPv4 address is a 32-bit number represented by 4 decimal octets. This means there is a theoretical limit of about ~4 billion addresses. With the amount of devices that needs Internet connectivity today, that is a big problem. However there are some address conserving techniques, but even those have reached it’s limits today.

The IPv4 address has two parts; the Network ID and the Host ID. Example:

Explanation:

• An octet represents an 8-bit number in decimal format (0 – 255) followed by a dot (.). 4 octets, each 8 bit long = 32bits in total.

• In the example above, the first 3 octects represent the network ID. This part will be the same for all computers in the same LAN.

• The last octet represents the Host ID. This identifies a specific device on the local network.

• The component that decides how long the network ID is, VS. the amounts of host ID’s available for that specific LAN, is the subnet mask.

• Another way of writing the address is 192.168.0.1/24, which indicates a subnet mask set to 24 bits in length.

Privacy Concerns regarding IPv4 addresses

There are, generally speaking, 2 types of IPv4 addresses:

• Public IP addresses – visible to anyone on the Internet.

• Private IP addresses – Only known to you, the router and your locally connected devices.

You can recognize a private IP address if it starts with 10.x.x.x, 172.16-32.x.x or 192.168.x.x. With an almost 100% probability, your computer will be configured with a private IP. This is because the home router will only give out private IP addresses, then perform something called NAT = Network Address Translation.

Note: On mobile carrier networks, You will likely be using a kind of private IP address as well; just not one of those ranges mentioned above.

NAT, very simply explained, will convert multiple private IPv4 addresses into one, single Public IP address. It will also convert the upper layer port address (Called PAT=Port Address Translation). This will do 3 things:

1. It will reduce the amount of public IP addresses needed per household.

2. It hides your device from exposing it’s real IP address to the Internet, which means that;

3. Nobody can initiate a communication to your specific device. Only you can initiate communications to public applications.

An analogy would be that a mailman knows which household to deliver a letter, but he doesn’t know to which specific room on the inside that will receive it.

IPv4 Scarcity

All major Internet Registries have run out of IPv4 addresses. A single IPv4 address on auction today cost something between 40-60 dollar. Think how much costs would be reduced if service providers, cloud providers and large corporations just switched to IPv6! In addition they can decommission all their expensive CG-NAT equipment (Carrier Grade NAT). This, I believe, would also make new smaller service providers and cloud providers able to come to the market. Because IPv6 is virtually limitless and therefore very low cost compared to IPv4.

from: ipv4.global

Note: A Good read about IPv4 price development for those interested: https://www.ipxo.com/blog/ipv4-price-history/

The IPv6 Protocol

The IPv6 Protocol was developed in the 90’s due to the impending depletion of IPv4 addresses. However, we are still not there yet where IPv6 has become mainstream.

Many ISPs have implemented IPv6 years ago, but the biggest problems, in my opinion, are:

• Home routers not being turned on with IPv6 by default and;

• Enterprise businesses not seeing the benefits.

On mobile networks however, there is a big chance you are using IPv6 already.

• An IPv6 address is 128-bit in length. This theoretically allows 2^128 combinations; or 340 trillion, trillion, trillion addresses.

• Due to its much much MUCH longer number, An IPv6 address is written in a different fashion than IPv4.

  • 8 “quartets” in hexadecimal format, which gives;

  • each quartet a 16-bit length and contain 4 hex numbers (0 – F). each number represents 4 bits and is called a “nibble”.

• Apart from the longer addresses, there are some similarities. IPv6 also uses a network part and a host part:

• Instead of typing a subnet mask of FFFF:FFFF:FFFF:FFFF:0000:0000:0000:0000, it is abbreviated by writing “/64”, which indicates the 64 topmost bits are set to 1, and the rest to 0. Which means that the first half of the address is the network ID, and the second half is the host ID.

At a glance, these addresses seems a bit more difficult to operate due to their length. However, they can be shortened. For example, the address below…

2001:0db8:0000:d010:0000:0000:0000:06a2

…can be shortened by removing leading zeroes inside a quartet. Also, consecutive quartets including only zeroes can be replaced with a double colon (::), but only once! The address above, can therefore be typed…

2001:db8:0:d010::6a2

…which makes it a little more manageable.

Note: I’m only including this because you may see a shortened IPv6 address in real life. For example, if you were to perform a name lookup, you would notice the IPv6 address is indeed shortened:

user@computer:~$ nslookup blog.bastuklubben.online 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   blog.bastuklubben.online
Address: 93.188.2.53
Name:   blog.bastuklubben.online
Address: 2a02:250:0:8::54 <----- Notice the double colon and missing leading zeroes.

Benefits of using IPv6

There are plenty of technical benefits to IPv6. Apart from more available addresses, the biggest ones are:

• No NAT required. This is a huge benefit for both network engineers and developers. NAT is one of the most confusing subjects in networking, and can cause a lot of problems.

• Fixed network and host portions. An IPv6 host address should always have a prefix of /64.

• They don’t require a DHCP Server to autoconfigure addresses for Internet communication.

The technical benefits are unfortunately not enough for most enterprise companies to spend time and resources to implement IPv6 all over their network. Now however, with the increasing IPv4 prices, there is finally a financial incentive to migrate to IPv6. I am worried though that as soon as somebody finds out that they can make money out of something, there will be conflict of interests rising. It is hard to predict what the future of IPv6 development will be.

Privacy Concerns regarding IPv6 addresses

The 2 most common types of IPv6 addresses are:

• Link-local addresses. These are used for communication on the local link, i.e. Inside your home. These start with “FE80”

• Global unicast addresses. These are used when communicating to the Internet. They have a range from 2000 to 3FFF.

Below is an output from a network card:

2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group
default qlen 1000
   link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
   inet 10.12.1.7/25 brd 10.12.1.127 scope global dynamic noprefixroute enp3s0
      valid_lft 81913sec preferred_lft 81913sec
   inet6 2001:db8::c010:17c8:4b6b:3380:d204/64 scope global temporary dynamic
noprefixroute  
      valid_lft 2591987sec preferred_lft 604787sec
   inet6 fe80::f7d6:c1db:55cb:9639/64 scope link noprefixroute  
      valid_lft forever preferred_lft forever

Since all IPv6 global unicast addresses are unique when communicating on the Internet, someone could possibly track a device on the Internet and follow that one around. Especially dangerous if the computer is using the EUI-64 standard format; someone thought it would be nice to include the Layer 2 MAC address inside the IPv6 host address for convenience, but that has obvious privacy concerns.

Therefore, RFC4941 – IPv6 Privacy Extensions was developed. This extension solves 2 things:

• The host will generate pseudo-random temporary IPv6 addresses, and will use different ones per connection.

• It will no longer include the MAC address inside the address.

Since they are pseudo-random (nothing can be completely random in IT), there is a possibility that someone could calculate one computers algorithm and then predict every future generated IPv6 address by the host; however, it is a very tedious task.

Source: https://labs.ripe.net/author/johanna_ullrich/ipv6-addresses-security-and-privacy/

This is important: Windows and MAC are running IPv6 Privacy Extensions by default, but Linux may not! You can enable IPv6 privacy extensions on the network card by;

• Clicking on the network symbol in the corner > right click on you connection and choose configure…

• Choose the tab IPv6, in the Privacy option, select Enabled (prefer temporary address)

Note: This is from a Kubuntu machine, but it should exist something similar for other distributions.

Basic Layer 3 Troubleshooting

Make sure you have installed the router properly

In general:

• The port connecting to the Internet is usually marked “WAN”. That is the layer 3 port

• The other ports are only performing layer 2 switching, and can be used for computers; but most folks connects through the WiFi antenna nowadays.

If you want to extend your network

Let’s say you have bad WiFi connectivity in the other side of the house. DO NOT install another router to fix this.

• Hosts connected to that router will be double-NATed (IP Translation happens twice), and it might cause unpredictable issues when going to the Internet.

• Roaming won’t work;

  • roaming is when you move your computer closer to another access point, until it eventually switchover to use that one instead; without loosing connection to the network entirely.

  • Accesspoint is the same as a wireless radio antenna.

• Also, you will struggle finding your network printer, network fileshare, or other computers that is connected to the other router.

Instead, install an access point or get help from someone who knows what they are doing.

That concludes the third layer of the TCP/IP Model. Thank you for reading this far.

Appendix

Advanced Layer 3 Troubleshooting

This will be covered in a separate blogpost due to it’s complexity.

Other Layer 3 related topics

There are more advanced Layer 3 related topics that i would like to describe in a future blogpost. For example, I’m considering making a posts about Cryptography, Onion Routing and VPN = Virtual Private Networks. Those topics are very relevant, if you want to reduce your digital footprint on the Internet.