CLASSES OF NETWORK

INTRODUCTION: A basic understanding of computer networks is requisite in order

to understand the principles of network security. In this section, we'll cover some of the
foundations of computer networking, then move on to an overview of some popular networks.
Following that, we'll take a more in-depth look at TCP/IP, the network protocol suite that is used
to run the Internet and many intranets.

Once we've covered this, we'll go back and discuss some of the threats that managers and
administrators of computer networks need to confront, and then some tools that can be used to
reduce the exposure to the risks of network computing.

IP ADDRESS: In September 1981, IP addressing was standardized and required that each
host on the Internet would have a unique 32-bit network number and routers connected to
multiple networks would have a unique IP address for each interface. This would create a two
level hierarchy structured network.

Fig 8.1 Subnet mask | IP Address

As you can see this level is now known as Prefix and Host.

• All hosts (individual computers) in the network share the prefix (subnet mask).
• The host (IP address) is unique and can't be shared. If you repeat an IP address within the
network, it will cause conflict.

Network classes: All networks in practical use have different sizes. For
example, a company that will have 50 computers, will not need a network of 5000 computers,
And on the contrary, a company that needs 5000 computers does not need a network that can
only hold 50 computers.

This is the main reason that engineers decided that IP address space should be divided in
different classes in order to meet different requirements.
The following classes were created; each class fixes a boundary between the network prefix and
the host within the 32-bit address:

Class a: This network is 8-bit network prefix. Its highest bit is set to 0, and contains a 7-bit
network number and a 24-bit host number.

A maximum of 126, which is (2 7 -2,) networks can be defined; two is subtracted because all an
(0 and 1) subnet cannot be used in certain routers using RIP-1 Protocol. Each network supports a
maximum of 16,777,214 (2 24 -2) hosts per network. You must subtract two because the base
network represents host “0”, and the last host on the network is actually used for 1s ("broadcast")
and may not be assigned to any host.

The class A network address block contains 2 31 power (2,147,483,648) individual addresses. The
IPv4 address space contains a maximum of 2 32 power (4,294,967,296) addresses, which mean
that a class A network address space is 50% of the total IPv4 unicast, address space.

Class b: This network is a 16-bit network prefix; its highest bit order is set to 1-0. It is a
14-bit network number with a 16-bit host number.

This class defines 16,384 (2 14 ) /16 networks, and supports a maximum of 65,534 (2 16 -2) hosts
per network. Class B /16 block address is (1,073,741,824) = 2 30; therefore it represent 25% of
the total IPV4.
Class c: This is a 24-bit network prefix; it has a 3 bit set to the highest order 1-1-0. It is a
21-bit network number with 8-bit host number.

This class defines a maximum of 2,097,152 (2 21 ) /24 networks. And each network supports up
to 254 (2 8 -2) hosts. The entire class C network represents 2 29 (536,870,912) addresses;
therefore it is only 12.5 % of the total IPv4.

Other networks:

There are two other networks that are not commonly used, class D and Class E.
Class D has its highest bit order set to 1-1-1-0 it is used to support multicasting.
Class E has its highest bit order set to 1-1-1-1 which is reserved for experimental use

IP Address in Decimal Notation:-

Reading IP addresses would be very difficult if we actually used its binary notation or
hexadecimal notation. To simplify the reading, a standard was developed known as the doted
decimal notation, which divides a 32-bit IP address into a four 8-bit.

Look at the following figure.

Fig 8.3

Figure 8.3 demonstrates a Class B network, doted in decimal notation. Now it simplifies the
reading doesn't it?
So how do we recognize what type of network are we dealing with? The following table may
answer the question.
 Subnet Classes Dotted Decimal
High Bit
Class Range
Order
A /8 Prefixes 0 1.xxx.xxx.xxx through 126.xxx.xxx.xxx
B /16 Prefixes 10 128.0.xxx.xxx through 191.255.xxx.xxx
C /24 Prefixes 110 192.0.0.xxx through 223.255.255.xxx
Table 8.1

Note. 127.0.0.1 is out of the table, because this address is the reserved loop back.

As you have already noticed, the classes A, B and C are easy to understand, and easy to allocate,
but the allocation of addresses is truly inefficient because there are no classes to support medium
sized networks.

If you notice a Class C, /24 which supports 254 hosts is too small and a class B /16 which
support 65,534 hosts is too big. And assigning either one to an organization really makes a great
impact when increasing the size of the Internet's routing table.
Anyways, if you are working in a private LAN behind a router or proxy server, you are probably
using a Class C or Class B. Many system administrators are unaware of why they are using these
types of networks; others don't even know that classes exist. All they know is that they have to
place a subnet mask.

Sub-netting:

Some of you may not have the need, but I will show the rest of you how to subnet a network in
this section.

RFC 950 (Request for Comments) defined a standard to divide network classes A, B, C, into
smaller pieces, known as subnetting. Believe it or not, subnetting was used to overcome the
problem that the Internet faced with the growth problem.

Subnetting allowed a three level hierarchy by introducing the subnet number. It was
accomplished by dividing the host number into two parts.
 Fig 8.4

As far as the Internet is concerned, the data goes through the router; and the router looks up in its
entry to find out if there is a subnet number defined. If yes, the data is sent directly to the host
number and doesn't really care where the host is, since it is in the same network prefix. (And by
the way the subnet number is not visible outside the internal LAN.)

Fig 8.5

But how exactly is the data handled? When data is requested from an internal LAN to the
Internet, it passes through the router encapsulated with an ID number that identifies itself from
where the data was requested. The remote server then returns the requested information to the
router. The router then acknowledges that host X requested the information. The router verifies
in its entry to find out in which subnet host X is located. If the subnet is verified positive, the
information then is routed to the destination host “X”.

The internal network can have a very high complexity, but only the router knows it.

Fig 8.6
Observe Fig. 8.6, with a single router = gateway and a single IP address. A system administrator
can route several networks to the Internet, without affecting the growth of the Internet. All
internal networks can access the Internet as long as the router is active.

How the extended network prefixes work:

Well, the subnet mask is in charge of this. The subnet mask looks for the network prefix to
ensure that a synchronized job is being processed. For example, if you need to specify a subnet
mask in a class network, any subnet that you will specify will define your network

Fig 8.7

Even though the subnet mask is in charge of the lookup, the router protocol refers to the
extended network prefix length rather than the actual subnet mask. Therefore the prefix length is
contiguous 1bit in the subnet mask and because there is no standard which defines it, the
routing protocol takes place to carry out the subnet mask. If the protocol fails to identify the
subnet mask, the network just wouldn't exist, and all current process would be terminated.

Network Engineering, Designing Subnets:

Example of Sub-netting:
If a company has been assigned a network number 192.168.1.0/24 and it needs to define six
subnets; it is required to support at least 28 hosts for one of their departments.

16 (24), 8 (23), 4 (22), 2 (21)

First we need to determine the number of bits required for the six subnets.
 • Observe the power notation above, it is impossible to define six, therefore 23= 8 (3-
bits are required). We have 2 unused subnets.
• We are subnetting a /24 bit network prefix, our calculation result, was 3 bits required
to define the 8 subnets; then 24+3 = 27 this makes our network an extended 27-bit
prefix.

Fig 8.8

Note. An IP address is a set of 4 octets of 8 bits.

• This leaves us 5 bits for our hosts in each subnet. If we do the calculation for the five
bits 25 gives us 32.

You may be wondering how we got that 224 subnet mask. The subnet mask is based on the 3-
bits result of our 8 sub networks. Check the following table.

Subnet Expansion
Bit Pattern Masked Bits Provided Subnets Subnet Mask
11000000 2 2 2 192
11100000 3 3 6 224
11110000 4 4 14 240
11111000 5 5 30 248
11111100 6 6 62 252
11111110 7 7 126 254
11111111 8 8 254 255
Table 8.2
 Yes, I know what you are saying, “The table doesn't tell me anything”. Look, this is how it
goes:

Bit value 128 64 32 16 8 4 2 1

Subnet
- 192 224 240 248 252 254 255
mask
#of
- 2 6 14 30 62 126 254
SubNework
Table 8.3

Here we go again, 3 bits was required for our 8 subnets, now look here:

128 + 64 =
---- Number of Sub-networks
192
192 + 32 = If 192 Subnet mask is used
224 it
224 + 16 =
will give 2 subnets.
240
240 + 8 = 248
If 224 Subnet mask is used
248 + 4 = 252
it
252 + 2 = 254 will give 6 subnets.
Table 8.4
254 + 1 = 255

Allocating subnets:

By creating 8 subnets, we basically created 8 different networks that can be allocated through
different departments in the organization. These eight sub-networks will be numbered from 0
through 7.

Therefore:
Our source network is: 192.168.1.0/24
Base Net: 11000000. 10101000. 00000001. 00000000 = 192.168.1.0 /24
Subnet #0: 11000000 10101000 00000001 00000000 = 192.168.1.0 /27
Subnet #1 11000000 10101000 00000001 00100000 = 192.168.1.32 /27
Subnet #2 11000000 10101000 00000001 01000000 = 192.168.1.64 /27
Subnet #3 11000000 10101000 00000001 01100000 = 192.168.1.96 /27
Subnet #4 11000000 10101000 00000001 10000000 = 192.168.1.128 /27
Subnet #5 11000000 10101000 00000001 10100000 = 192.168.1.160 /27
Subnet #6 11000000 10101000 00000001 11000000 = 192.168.1.192 /27
Subnet #7 11000000 10101000 00000001 11100000 = 192.168.1.224 /27
Table 8.5

Rule of RFC 950

When RFC 950 was introduced, almost all routers were classful (RIP-1 Protocol); eventually
classless (BGP-4 Protocol) routers were implemented. Because of the classful routers, RFC 950
prohibited the use of subnet 0s and subnet 1s.

But how does a router knows what is a 0s subnet? The answer is it doesn't. It is not an easy task
for a classful router using RIP protocol, because RIP does not provide mask or prefix-length
information. Therefore the router does not know which is a 0s subnet and which is the entire
network. Here is why!

Subnet #0 route: 192.168.1.0 /27 11000000. 10101000. 00000001. 000|00000

27-bit Prefix -->

Base network route: 192.168.1.0 /24 11000000. 10101000. 00000001|. 00000000

24-bit Prefix -->
Table 8.6

As you can see, they look identical, but the true answer lies in the prefix length or mask. Refer to
Figure 8.8. The solution to this 0's problem is the router's entry needed to be updated to include
the prefix length in order to recognize which one was the 0's subnet and which one was the entire
network.

For the subnet of 1s, the router requires the prefix length to determine whether the incoming
package referred to broadcast of subnets 1's or to the broadcast of the entire network.

Broadcast to Subnet:
192.168.1.224 /27 11000000. 10101000. 00000001. 111|11111
27-bit Prefix -->
Broadcast to Network:
192.168.1.0 /24 11000000. 10101000. 00000001|. 11111111
24-bit Prefix -->
Table 8.7

You should also know that NET Builder software could automate solutions in relation to the 0s
and 1s problem. This software allows the network administrator to Forward Subnet-Cast. Other
solutions were implemented with the introduction of IGP (Internal Gateway Protocol).

Defining Host Addresses for each subnet:

In practice the host field cannot contain 0s or 1s. The 0s hosts will represent the base
network and the 1's hosts will represent the broadcast in the network. So let's go back to our
formula, remember we have 5 bits left for our hosts; therefore 25-2 = 30. Note two hosts are
subtracted because one host will be the base of the network and the other one will be the
broadcast.

Refer to Table 8.5, and pick the subnet #3 to see how the individual and valid host would be
in the network. Observe that the 5-bits that were left for the host will be now modified.

Subnet #3
11000000 10101000 00000001 01100000 = 192.168.1.96 /27

Hosts
#1 11000000 10101000 00000001 01100001 = 192.168.1.97 /27
#2 11000000 10101000 00000001 01100010 = 192.168.1.98 /27
#3 11000000 10101000 00000001 01100011 = 192.168.1.99 /27
 #4 11000000 10101000 00000001 01100100 = 192.168.1.100 /27
#5 11000000 10101000 00000001 01100101 = 192.168.1.101 /27
#6 11000000 10101000 00000001 01100110 = 192.168.1.102 /27

.
.
#15 11000000 10101000 00000001 01101111 = 192.168.1.111 /27
#16 11000000 10101000 00000001 01110000 = 192.168.1.112 /27

.
.
#28 11000000 10101000 00000001 01111100 = 192.168.1.124 /27
#29 11000000 10101000 00000001 01111101 = 192.168.1.125 /27
#30 11000000 10101000 00000001 01111110 = 192.168.1.126 /27

Table 8.8

The broadcast address for our subnet #3 would be:

11000000 10101000 00000001 01111111 = 192.168.1.127 /27

Table 8.9

Observe that the broadcast address for Subnet #3 is exactly one less than the base address of
Subnet #4 (192.168.1.128). The broadcast address will be always one before the next new
base subnet.

Let's allocate Subnet #4 so you can see what I am talking about.

Now observe that our base address is subnet 4
Subnet #4
11000000 10101000 00000001 10000000 = 192.168.1.128 /27

Hosts
#1 11000000 10101000 00000001 10000001 = 192.168.1.129 /27
#2 11000000 10101000 00000001 10000010 = 192.168.1.130 /27
#3 11000000 10101000 00000001 10000011 = 192.168.1.131 /27
#4 11000000 10101000 00000001 10000100 = 192.168.1.132 /27
#5 11000000 10101000 00000001 10000101 = 192.168.1.133 /27
#6 11000000 10101000 00000001 10000110 = 192.168.1.134 /27

.
.
#15 11000000 10101000 00000001 10001111 = 192.168.1.143 /27
#16 11000000 10101000 00000001 10010000 = 192.168.1.144 /27
#17 11000000 10101000 00000001 10010001 = 192.168.1.145 /27

.
.
#28 11000000 10101000 00000001 10011100 = 192.168.1.156 /27
#29 11000000 10101000 00000001 10011101 = 192.168.1.157 /27
#30 11000000 10101000 00000001 10011110 = 192.168.1.158 /27

Table 8.10

Now you see how easy it is to allocate a sub-netted network…

The broadcast address for our subnet #3 would be:

11000000 10101000 00000001 10000000 = 192.168.1.159 /27

 Table 8.11

Observe again the broadcast IP address is right before the next subnet, which is in this case
(subnet #5).

You may have already found this interesting, even though I just mentioned two protocols
RIP-1 and BGP-4. These protocols may be a disadvantage in a way. RIP for example is a flat
network; it is limited to the network-prefix and only allows a single subnet mask within each
network and it is because it does not provide subnet mask information in its routing table.
Therefore for any new routes it encounters it just makes assumptions of the subnet mask.

So let's analyze how RIP makes its guesses. A router in its nature has several ports, connected
at the same time to a port known as gateway (a door to go out). Each port has an IP address,
assuming that port 1 has been assigned 192.168.1.1/24 and port 2 has been assigned
200.168.2.1/24 – Now, note that if the router sees a network 192.168.50.0 in one of the nodes,
it automatically assumes it is a /24 mask because port 1 has a subnet 192.168.0.0 network.

Now note that if the router detects another network 128.68.0.0, this network will be treated as
a /16 mask network because no further information was found.

On the other hand, more flexible protocols could offer advantages and ease of management of
networks, therefore RFC 1009 was implemented.

Variable Length Subnet Mask:

There aren't many ways to really use a network efficiently. The RFC 1009, implemented in 1987;
which states that it is possible to use more than one subnet due to the different sizes of the
extended network prefixes.
As I said earlier having a flat network is a great disadvantage, because once the subnet mask is
defined; it locks the network into a fixed number of subnets.

Other important aspects of VLSM are the further division of address space, by dividing an
address into subnets, and then on to more subnets, which is known as aggregation.
 Fig 8.9 Note how this network has been divided recursively.

Our base network is a /8 network, but then it is sub-netted into a /16 extended network prefix.
Observe that in the second stage, the /16 network is sub-netted into two other subnets /24
networks and /19 extended network prefix. It doesn't stop there. Note that the /24 network was
sub-netted into a /27 extended network prefix.

Designing networks of course needs a little of artistry…but don't expect an audience to be

clapping at your performance. So far I haven't seen people paying for $500 dollar tickets to see
an engineer performing on the most highly complex of engineering theory. I mean people make
more money performing on a TV show than solving society's problems by developing
communications systems.

Put your imagination to work. This is the way underground networks are created. Each subnet
can have its own router and can be interconnected within other networks through gateways,
proxies, etc.
 Fig 8.10 routing subnets.

Observe the picture and note how VLSM can reduce the size of the routing table. First of all note
that the entire sub-netted network is not visible to the outside world, and everything is going out
trough router A. Depending on the size of the network, the bandwidth may be exhausted with all
active connections, you could easily load balance this by treating any part of the network as a
totally separated network and inserting another gateway.

Designing Variable Length Subnet Mask Networks:

When designing networks, a lot of things are taken into consideration. For example, how many
hosts are currently required, and how many would be most likely needed in the future. Many
organizations have different locations that they want to include as part of the project.

• First note that variable Length goes by level; so consider your designs as levels
(everything that will be needed).
• Always think today and future.

Routing protocols:

As we already know, the extended network prefix is used and therefore VLSM requires it to
be carried out. To accomplish the VLSM requirement, two protocols are used OSPF and I-IS-
I as the Interior Gateway Protocol, even though you could use RIP-2 a fixed in RFC 1388.
These protocols carry the extended network prefix in each advertisement. If the protocol does
not carry the prefix information, the router makes a lookup in its global configured routing
table. If the information is not found there it applies a local mask and delivers the information
as long as the host exists.

Make note that the higher the extended network prefix is, it has less hosts and gets faster to its
destination. This is known as a forwarding algorithm.

For example if a /16 class B network has been defined as /22 bit extended network-prefix
which has 64 subnets (26), that leaves 10 bits for the hosts which is equal to (210-2) 1022 hosts
per subnet.

Now the same /16 Class B network has been defined as /26 extended network-prefix gives
us 1024 subnets (210) “10 bits were required to have 1024 subnets”. That leaves only 6 bits for
our hosts. Now (26-2) defines only 62 hosts per subnet.

In those two examples, if a packet is sent to the router, which network is evaluated first? The
router obviously will pick the /26 extended network-prefix because it has the greatest bit
number corresponding to the destination IP address; in other words it is a shorter route and is
more descriptive.

To get a clearer picture observe the following, a host has been picked up for delivering a
packet to 42.3.1.20

Route 1 42.0.0.0/8 00101010 00000000 00000000 00000000

Route 2 42.3.0.0/16 00101010 00000011 00000000 00000000
Route 3 42.3.1.0/24 00101010 00000011 00000001 00000000

Destination
/24 ------------- |-------
Table 8.12 |-----------
Network -| Host-----|

Note. In this picture there is a /8 and a /16 network; however, the router jumps and evaluates
the /24 network first because it has a longer descriptive network prefix. According to what we
have just seen, VLSM is the exact answer to using a network effectively. Now look at the
following example. This is how a sub net is being sub-netted into more subnets.
 Now let's assume that you were going to subnet 42.3.0.0/16 this address into other subnets; so
let's do it. This IP address can be broken down as follows

Route 2 42.3.0.0/16 00101010 00000011 00000000 00000000

Table 8.13

Before I convert this network into another network, note that this is currently a /16 network.

My intention is to create another 16 subnets from it, and since 24= 16; I need 4 bits more to
create it, and by creating these subnets, I now convert my network into a /20 extended
network prefix.

Route 3 42.3.0.0/20 00101010 00000011 0000 0000 00000000

Table 8.14

12 bits are left for my host. (212-2) = 4094.

Now let's say that I need to break this further into a /27 extended network prefix. Now
observe what happens.

Route 4 42.3.0.0/20 00101010 00000011 0000 0000 000 00000

Table 8.15

Since I had a /20 network already, I needed 7 more bits to make it a 27 Network prefix
therefore (27) = 128, 5 bits are left for my hosts (25-2) = 30 So this is how it is done…
You could even break this further to restrict a network into smaller, less host support. (Ideal
for small needs)

Classless Internet Domain Routing (CIDR):

Well this is what I call a lifesaver…Do you remember the problem with 32-bit IPV4? Classless
Internet routing is what really solved the routing problem and was originally documented in 1993
RFC 1517, 1518, 1519, and 1520.

Because of the limitation of class A, B, and C, the IETF proposed the protocol to eliminate these
barriers by efficiently allocating existing IPV4 addresses, and the result is IPV6.

But how were things actually fixed? IPv6 or CIDIR is very clever, it actually take advantage of
these classes A, B, or C. Any given network prefix, will actually define the amount of IP
addresses.
Let's say that we have a 42.3.0.0 /20
Route 3 42.3.0.0/20 00101010 00000011 0000 0000 00000000

Table 8.16

So we have 12 bits left for our host correct? (212) = 4096 these are the actual corresponding hosts
on each network, very cool isn't it? Look at the following block of networks

Class A 10.25.40.0 /20 00001010 00011001 0010 1000 00000000

Class B 128.36.0.0 /20 10000000 00100100 0000 0000 00000000

Class C 192.168.1.0 /20 11000000 10101000 0000 0001 00000000

Table 8.17

Even though CIDR can solve a lot of problems, it may cause you a lot of problems too… be
informed of what type of networks you encounter, especially ISPs. Remember IPV6 is fairly new
and it is still under deployment. And yes, CIDR uses the address space very efficiently.

Here is an example, let's say that you are an ISP and you have a block of 42.3.64.0 /18

Route x 42.3.64.0/18 00101010 00000011 01 000000 00000000

Table 8.18

One of your clients just asked you for 1000 IP addresses. You could easily create a subnet /22
extended network prefix.

Route x 42.3.64.0/22 00101010 00000011 010000 00 00000000

Table 8.19

So 4 bits were required to create the extended network prefix that is (24) = 16 subnets and leaves
10 bits for the hosts. Then this is (210) = 1024 hosts per subnet; the result is that you could easily
give the client one of the 16 subnets.