Some IP address basics
IP addresses are internally represented as a 32 bit value. The topmost N bits identify the network, the rest of the number identifies the host in the network.
Let's look at two examples IPs, let's first look at the 32 bits:
10101100000100100000000010010110
10101100000100100000000110010110
You can rewrite the IP in an easier readable way by splitting it into 8 bit groups (bytes) and writing each binary in decimal format:
grouped:
10101100 00010010 00000000 10010110
10101100 00010010 00000001 10010110
grouped and decimal:
172.18.0.150
172.18.1.150
The question now is "are these IP addresses on the same network"? That depends on the network configuration. Let's take for example the network mask
11111111 11111111 11111111 00000000
(The ones are for the network, the zeroes are for the host.)
Laying that over the two IPs you see that both IP addresses are on different networks. If the mask where 255.255.0.0, they would be on the same network.
Different network:
11111111 11111111 11111111 00000000
10101100 00010010 00000000 10010110
10101100 00010010 00000001 10010110
Same network:
11111111 11111111 00000000 00000000
10101100 00010010 00000000 10010110
10101100 00010010 00000001 10010110
As with the IP addresses the network masks can also be written in decimal dotted format: 255.255.255.0 or 255.255.0.0. If you now need to write the full IP and network mask like 172.18.0.150/255.255.255.0 or 172.18.0.150/255.255.240.0 this is a lot of stuff to write. A shorter writing is not giving the network mask but the number of 1s in the network mask: 172.18.0.150/24 or 172.18.0.150/20. As you know, the 1s are always the topmost bits, so it is clear what "/24" or "/20" means.
Some routing basics
If you have not yet read my answer for the use of MAC addresses you might want to do so now.
In short: if the computer sends an IP packet, he is first checking if the destination IP address is on the same network as the computer itself (the source IP). If so, the computer can send the packet directly to the network and the destination computer can receive it. If the destination IP is not on the same network, then the computer cannot reach the target directly but needs to send the packet to the next router. Routing tables tell the router for which networks he shall connect which router (e.g. "if network 172.18.0.0/24, then router 1.1.1.1"). That router again will check if it can directly reach the destination IP or if it needs to forward the packet to the next router.
If you want to take a look at the routing table of your computer, you can use ip route
.
Keep in mind that on the receiver side the network mask is not relevant. 172.18.0.150/24 or 172.18.0.150/8 are both 172.18.0.150 and if the computer receives a packet for 172.18.0.150 he will consume it. The network mask is only used on sender's side. If computer A sends a packet from address a.a.a.a/n to computer B with address b.b.b.b/m then the sender A will compare the topmost n bits of the source address a.a.a.a and the topmost n bits of b.b.b.b. If both are equal, then a.a.a.a and b.b.b.b are on the same network (and n must equal m) and the packet can be sent directly. If they are not, then the networks are not equal (it does not mind that n might not equal m) and the packet must be sent a router who will forward the packet.
Understanding "ip route" output
Let's take for example a computer with two NICs:
default via 192.168.178.3 dev eth1 proto static metric 1024
10.0.0.0/8 via 172.16.1.1 dev eth0
169.254.0.0/16 dev eth1 scope link metric 1000
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.126.31
192.168.178.0/24 dev eth1 proto kernel scope link src 192.168.178.21
The lines 3 to 5 are derived from the IP addresses configured on the NICs (ip addr
). They tell the computer that if a packet to send matches for example network 172.16.0.0/16 it shall be sent on eth0 (which is configured to IP address 172.16.126.31 in my case). The second line is a specific route that I added. It says that packets to 10.0.0.0/8 shall be sent to 172.16.1.1 on eth0. The first line is giving the default gateway/router to use for packets that do not match any other given network.
Who decides how what a network is?
On top level RFC3330 defines that not all IP addresses are for broad use but that some ranges are reserved for special purposes. One example is the network 127.0.0.0/8. The most prominent address in that range is 127.0.0.1 (name: localhost) which identifies your own computer. This IP of course is only useful on your own computer because every packet sent to that network never leaves your computer. Taking all possible IP addresses and removing the reserved ranges you still have a pool of networks that are available. That big pool is managed by the ICANN. The next hierarchy level are five regional internet registries (like RIPE NCC). They get IP address ranges from the ICANN and sell them to their own customers - the local internet registries. These sell them to end customers (e.g. companies).
The decision how to split the complete IP address range is up to each manager of the pool. Let's say you are ICANN and manage the range 50.0.0.0/8-100.0.0.0/8. If now RIPE NCC asks for some IP addresses you can give them 50.0.0.0/16 or 50.0.0.0/8 or 50.0.0.0/8 up to 60.0.0.0/8. The same is true for RIPE NCC and the local internet registries. They can provide big or small networks. In the good old times the registries where quite reluctant and so there still exists big universities or companies with broad address ranges that they never needed completely. Some universities got /8 networks, so they have 24 bits for the host. That means they can address more than 16 million computers. If they only have some thousands of computers than it means that millions of IP addresses are reserved for that customer but never used - what a waste. So lately you are not getting big ranges anymore, you must argue if you really need the big range.
Anyway how you decide to sell the IP address ranges (networks) you must keep in mind that the big routers in the internet need to know how to reach almost any of the existing networks. If you sell very small networks you might end up with 10.0.0.0/24 and 10.1.0.0/24 being in Europe, 10.0.1.0/24 and 10.1.1.0/24 being in Asia and 10.0.2.0/24 and 10.1.2.0/24 being in Africa. That means that the router will end up with a lot of small network entries in the routing table. If you were giving 10.0.0.0/16 to Europe, 10.1.0.0/16 to Asia and 10.2.0.0/16 to Africa you would only have three entries for bigger networks in the routing table.
But that all is not our problem, it's the business of the internet registries. Not quite, because...
When and how do I need to setup a network?
In case you run a company's router you might get a range 40.41.0.0/16 and give these IP addresses to your computers as you like. But in this case all computers should be on the same physical network (no routers between). This might give bad performance for big networks, so you might want to split the networks. If you have for example two buildings, then you could allocate 40.41.0.0/17 to building one and 40.41.128.0/17 to building two.
Private IP addresses
In case you are running a broadband router or you run a company's router you might have seen private network IP addresses like 172.16.0.0/12. The IP address you gave (172.18.0.150) is such a private IP address (you can easily check with your new knowledge about network masks). These are used if you got N public IP addresses (in case of a normal ISP N=1) from your local internet registry but have M>N devices which need an IP address. In this case the router has one public IP address (used for all traffic to and from the internet) and also a private network with private IP addresses. In your case the router just took the private network 172.18.0.0/24 and gives IP addresses from that network to each of your PCs.
But what if someone else's router also takes 172.18.0.0/24? Surprisingly that is not a problem. This is because 172.16.0.0/12 is a private address range. You will never see IP addresses of that range in the public internet. If you send a packet to the internet, giving 172.18.0.150 as source address, then the router will replace the 172.18.0.150 with the public IP address that the ISP gave you. If the router receives a packet sent to the public IP address it determines to which of your computers it shall send the packet and changes the destination IP address to the private network IP address of your computer.