one137

Theme: 

1 – IP, Routes, Subnets

Goal

Understand the output of commands such as

  • ip addr (ifconfig on macOS)
  • ip route and
  • ss -tulpn (lsof -nP -i4TCP -sTCP:LISTEN on macOS)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo
       valid_lft forever preferred_lft forever

2: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.8.0.1/24 scope global wg0
       valid_lft forever preferred_lft forever

417: eth0@if418: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:14:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.20.0.3/16 brd 172.20.255.255 scope global eth0
       valid_lft forever preferred_lft forever

COMMAND   TYPE  NODE  NAME
node      IPv4   TCP  *:3000 (LISTEN)
mongod    IPv4   TCP  127.0.0.1:3001 (LISTEN)
syncthing IPv4   TCP  127.0.0.1:8384 (LISTEN)

IP Addresses

  • Every device on the internet needs a unique address
  • Like a phone number or postal address for your computer
  • Two versions: IPv4 (e.g., 192.168.1.10) and IPv6 (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
  • IPv4 has ~4.3 billion addresses, IPv6 has 340 undecillion (10^38)
flowchart LR
    A[Computer A\n192.168.1.10] <-->|IP packets| B[Computer B\n192.168.1.20]

MAC vs IP Addresses

CharacteristicMAC AddressIP Address
Format48-bit hexa (aa:bb:cc:dd:ee:ff)32-bit dec for IPv4, 128-bit for IPv6
AssignmentPermanently assigned by manufacturerLogically assigned and changeable
Purpose”Last hop” delivery on local network segmentsEnd-to-end routing across networks
ScopeOnly meaningful within local networkGlobally meaningful
LayerLayer 2 (Data Link)Layer 3 (Network)

Analogy: a person’s name VS a building’s address.

ARP requests allow to find the MAC address for an IP.

Subnets

Subnet:

  • Logical division of an IP network
  • Allows for better network organization and security

Subnet mask:

  • Defines which part of the IP is network vs host
  • Common mask: 255.255.255.0 (or /24)
    • Network portion: 192.168.1
    • Host portion: 0-255
  • CIDR (Classless Inter-Domain Routing):
    • Replaces older class-based system (Class A, B, C)
    • IPs have 32 bits: 192.168.1.10 = 11000000.10101000.00000001.00001010
    • /24 means first 24 bits (192.168.1) are network portion, /16 for 172.1, etc.
    • More flexible allocation of network sizes (e.g. /28 for 16 IPs)
flowchart TD
	S1[Subnet 192.168.1.0/24\nEngineering]
	S2[Subnet 192.168.2.0/24\nMarketing]
	S3[Subnet 172.16.0.0/16\nCampus 2]

Network Switches

  • A switch connects multiple devices on a local network (same subnet)
  • Acts as a traffic controller, directing data only to intended recipients
  • More efficient than direct connections or older hubs
  • Learns which devices are connected to each port
flowchart TD
    S[Switch] --- A[Engineering PC A\n192.168.1.10]
    S --- B[Engineering PC B\n192.168.1.20]
    S --- C[Engineering PC C\n192.168.1.30]
    S --- P[Engineering Printer\n192.168.1.40]

Gateways and Routers

  • Gateway: Door between different networks (local network and the internet, or different subnets)
  • Router: Physical device that acts as a gateway
  • Routes traffic between networks using routing tables
  • Network Address Translation (NAT) allows multiple local devices to share one public IP
flowchart TD
    R[Router] --- SW1[Switch 1]
    R --- SW2[Switch 2]
    R --- SW3[Switch 3]
    SW1 --- S1[Subnet 192.168.1.0/24\nEngineering]
    SW2 --- S2[Subnet 192.168.2.0/24\nMarketing]
    SW3 --- S3[Subnet 172.16.0.0/16\nCampus 2]

flowchart LR
    subgraph Local Network
        C1[192.168.1.10] --> R
        C2[192.168.1.20] --> R
    end
    R[Router\nLocal: 192.168.1.1\nPublic: 203.0.113.1] --> I[Internet]

DHCP (Dynamic Host Configuration Protocol)

  • Automatically assigns IP addresses to devices on a network
  • No manual configuration needed - “plug and play” networking
  • Also provides other network settings (subnet mask, gateway, DNS servers)
  • Typical process: DISCOVER → OFFER → REQUEST → ACKNOWLEDGE
sequenceDiagram
    participant C as Client
    participant D as DHCP Server
    C->>D: DISCOVER
    Note over C,D: "I need an IP address"
    D->>C: OFFER
    Note over C,D: "You can use 192.168.1.50"
    C->>D: REQUEST
    Note over C,D: "I'd like to use that IP"
    D->>C: ACKNOWLEDGE
    Note over C,D: "It's yours for X hours"

Broadcast address

Special address to reach all devices in a subnet

  • Typically ends in .255 (for /24 networks)
  • Used for network discovery and some network protocols
  • Example: 192.168.1.255 reaches all devices in 192.168.1.0/24

Example use cases:

  • DHCP requests (when a device first joins a network and needs an IP)
  • ARP requests (to find the MAC address for an IP)
  • Network printer discovery
  • Smart home devices announcing themselves on the network
  • Wake-on-LAN

Network Interfaces

  • Physical or virtual connections between a device and a network
    • Analogy:
      • device = city, IP network = train network, interface = train station
      • Paris has multiple stations: Gare du Nord, Gare de Lyon, etc. The correct one (and so the correct “route”) needs to be chosen to reach a given other city
  • Common types:
    • Ethernet (eth0, eth1): Physical wired connections
    • Wireless (wlan0): WiFi connections
    • Loopback (lo): Special interface for local communication
  • Each interface has:
    • A MAC address (for physical interfaces)
    • One (or more) IP addresses
    • MTU and various flags indicating its state and capabilities

Loopback Interface and Address

  • Special interface (lo) for local communication
  • Always available, even if network hardware fails
  • Standard IP: 127.0.0.1 (IPv4) or ::1 (IPv6)
  • Hostname “localhost” typically resolves to 127.0.0.1

Example use cases:

  • Testing network services locally
  • Web developers running local development servers
  • Database connections to local instances
  • Inter-process communication via network protocols
  • Network application testing without network access
  • Services that only need to be accessible from the same machine

Network Ports

  • Allows multiple network services on same IP address
  • 16-bit number (0-65535) that identifies a specific service
  • Often written after IP with colon: 192.168.1.10:80
  • Well-known ports (0-1023): 80/443: HTTP(S), 22: SSH, 53: DNS, 25: SMTP
  • Dynamic/private ports (49152-65535): Assigned automatically by client applications when making connections
  • In the train station analogy, the port would probably be the track number
flowchart LR
    subgraph "Server 192.168.1.99"
        direction TB
        W[Web Server<br/>:80] 
        S[SSH Server<br/>:22]
    end
    C1[Client A 192.168.1.10<br/>:49152] --> W
    C2[Client B 192.168.1.11<br/>:59745] --> S

Brief intro to TCP (Transmission Control Protocol)

  • Provides reliable, ordered data delivery between applications
  • Connection-oriented: requires setup before data transfer
  • Each connection identified by 4 values:
    • Source IP:Port
    • Destination IP:Port
  • Key features:
    • Guarantees delivery (retransmits lost packets)
    • Maintains packet order
    • Controls flow to prevent overwhelming receiver
sequenceDiagram
    participant C as Client<br/>192.168.1.10:49152
    participant S as Server<br/>142.251.167.99:80
    C->>S: SYN
    Note over C,S: Can I start a connection?
    S->>C: SYN-ACK
    Note over C,S: Yes, I'm ready
    C->>S: ACK
    Note over C,S: Connection ESTABLISHED
    Note over C,S: Now we can send data

Network Address Translation (NAT)

  • Allows multiple internal devices to share one public IP address
  • Provides an additional layer of security by hiding internal network structure
  • Router maintains a NAT table tracking:
    • Internal IP:port <> External IP:port
    • Current connection status
  • Most home and small business networks use NAT
  • Without NAT, we would have run out of IPv4 addresses long ago

If two local PCs talk to the same server 142.251.167.99:80, the router’s connection table may look like this:

IDStateProtocolLAN address (PC)WAN address (router)Remote addressTTL (s)Packets in/out
12ESTABLISHEDTCP192.168.1.10:1234203.0.113.1:5678142.251.167.99:80360042/38
13ESTABLISHEDTCP192.168.1.55:2345203.0.113.1:6789142.251.167.99:80360015/12

Example: Putting things together

Local PC 192.168.1.10 wants to view the local network website at 192.168.1.99:80:

sequenceDiagram
    participant PC as Computer<br/>IP: 192.168.1.10<br/>MAC: aa:bb:cc<br/>Interface: eth0
    participant S as Switch
    participant WS as Web Server<br/>IP: 192.168.1.99<br/>MAC: ff:ff:ff<br/>Interface: eth0
    PC->>PC: Which interface for 192.168.1.99? => eth0<br/>Is it on my subnet? => Yes
    PC->>S: ARP: Who has 192.168.1.99?
    Note over S: Switch learns PC's MAC<br/>is on physical port 1
    S->>WS: ARP: Who has 192.168.1.99?
    WS->>S: ARP: I am 192.168.1.99<br/>MAC: ff:ff:ff
    Note over S: Switch learns Web Server's MAC<br/>is on physical port 3
    S->>PC: ARP: 192.168.1.99 is at<br/>MAC ff:ff:ff
    PC->>S: HTTP request to 192.168.1.99:80<br/>from 192.168.1.10:1234<br/>via MAC ff:ff:ff
    S->>WS: HTTP request to 192.168.1.99:80<br/>from 192.168.1.10:1234<br/>via MAC ff:ff:ff
    WS->>S: HTTP response to 192.168.1.10:1234<br/>from 192.168.1.99:80<br/>via MAC aa:bb:cc
    S->>PC: HTTP response to 192.168.1.10:1234<br/>from 192.168.1.99:80<br/>via MAC aa:bb:cc

Example: Putting things together

Local PC 192.168.1.10 wants to view the internet website at 142.251.167.99:80:

sequenceDiagram
    participant PC as Computer<br/>IP: 192.168.1.10<br/>MAC: aa:bb:cc<br/>Interface: eth0
    participant S as Switch
    participant R as Router<br/>Local IP: 192.168.1.1<br/>Public IP: 203.0.113.1<br/>MAC: dd:ee:ff
	participant I as ...(intermediary<br>nodes)...
    participant T as Target server<br/>IP: 142.251.167.99
	
    PC->>PC: Which interface for 142.251.167.99? => eth0<br/>Is it on my subnet => No<br/>What's the gateway => 192.168.1.1
    PC->>S: ARP: Who has 192.168.1.1?
    Note over S: Switch learns PC's MAC<br/>is on physical port 1
    S->>R: ARP: Who has 192.168.1.1?
    R->>S: ARP: I am 192.168.1.1<br/>MAC: dd:ee:ff
    Note over S: Switch learns Router's MAC<br/>is on physical port 7
    S->>PC: ARP: 192.168.1.1 is at<br/>MAC dd:ee:ff
    PC->>S: Packet to 142.251.167.99<br/>from 192.168.1.10:1234<br/>via MAC dd:ee:ff
    S->>R: Packet to 142.251.167.99<br/>from 192.168.1.10:1234<br/>via MAC dd:ee:ff
    Note over R: NAT: Remember this connection<br/>from 192.168.1.10:1234
    R->>I: Forward packet from<br/>203.0.113.1:5678<br/>to (...:...)
    I->>T: Forward packet from<br/>(...:...)<br/>to 142.251.167.99:80
	T->>I: Reply to (...:...)<br/>from 142.251.167.99:80
	I->>R: Reply to 203.0.113.1:5678<br/>from (...:...)
    Note over R: NAT: Look up local IP:port<br/>matching 203.0.113.1:5678
    R->>S: Reply to MAC aa:bb:cc<br/>for 192.168.1.10:1234
    S->>PC: Reply to MAC aa:bb:cc<br/>for 192.168.1.10:1234