C H A P T E R
5
Fundamentals of IP Addressing
and Routing
The OSI physical layer (Layer 1) defines how to transmit bits over a particular type of
physical network. The OSI data link layer (Layer 2) defines the framing, addressing,
error detection, and rules for when to use the physical medium. Although they are
important, these two layers do not define how to deliver data between devices that exist
far from each other, with many different physical networks sitting between the two
computers.
This chapter explains the function and purpose of the OSI network layer (Layer 3): the
end-to-end delivery of data between two computers. Regardless of the type of physical
network to which each endpoint computer is attached, and regardless of the types of
physical networks used between the two computers, the network layer defines how to
forward, or route, data between the two computers.
This chapter covers the basics of how the network layer routes data packets from one
computer to another. After reviewing the full story at a basic level, this chapter examines
in more detail the network layer of TCP/IP, including IP addressing (which enables efficient
routing), IP routing (the forwarding process itself), IP routing protocols (the process by
which routers learn routes), and several other small but important features of the network
layer.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read the
entire chapter. If you miss no more than one of these 13 self-assessment questions, you
might want to move ahead to the “Exam Preparation Tasks” section. Table 5-1 lists the
major headings in this chapter and the “Do I Know This Already?” quiz questions covering
the material in those sections. This helps you assess your knowledge of these specific areas.
The answers to the “Do I Know This Already?” quiz appear in Appendix A.
1828xbook.fm Page 93 Thursday, July 26, 2007 3:10 PM
94 Chapter 5: Fundamentals of IP Addressing and Routing
1. Which of the following are functions of OSI Layer 3 protocols?

a. Logical addressing
b. Physical addressing
c. Path selection
d. Arbitration
e. Error recovery
2. Imagine that PC1 needs to send some data to PC2, and PC1 and PC2 are separated by
several routers. What are the largest entities that make it from PC1 to PC2?
a. Frame
b. Segment
c. Packet
d. L5 PDU
e. L3 PDU
f. L1 PDU
3. Imagine a network with two routers that are connected with a point-to-point HDLC
serial link. Each router has an Ethernet, with PC1 sharing the Ethernet with Router1,
and PC2 sharing the Ethernet with Router2. When PC1 sends data to PC2, which of the
following is true?
a. Router1 strips the Ethernet header and trailer off the frame received from PC1,
never to be used again.
b. Router1 encapsulates the Ethernet frame inside an HDLC header and sends the
frame to Router2, which extracts the Ethernet frame for forwarding to PC2.
Table 5-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section Questions
Overview of Network Layer Functions 1 – 3
IP Addressing 4 – 8
IP Routing 9, 10
IP Routing Protocols 11
Network Layer Utilities 12, 13
1828xbook.fm Page 94 Thursday, July 26, 2007 3:10 PM
“Do I Know This Already?” Quiz 95

c. Router1 strips the Ethernet header and trailer off the frame received from PC1,
which is exactly re-created by R2 before forwarding data to PC2.
d. Router1 removes the Ethernet, IP, and TCP headers and rebuilds the appropriate
headers before forwarding the packet to Router2.
4. Which of the following are valid Class C IP addresses that can be assigned to hosts?
a. 1.1.1.1
b. 200.1.1.1
c. 128.128.128.128
d. 224.1.1.1
e. 223.223.223.255
5. What is the range of values for the first octet for Class A IP networks?
a. 0 to 127
b. 0 to 126
c. 1 to 127
d. 1 to 126
e. 128 to 191
f. 128 to 192
6. PC1 and PC2 are on two different Ethernets that are separated by an IP router. PC1’s
IP address is 10.1.1.1, and no subnetting is used. Which of the following addresses
could be used for PC2?
a. 10.1.1.2
b. 10.2.2.2
c. 10.200.200.1
d. 9.1.1.1
e. 225.1.1.1
f. 1.1.1.1
1828xbook.fm Page 95 Thursday, July 26, 2007 3:10 PM
96 Chapter 5: Fundamentals of IP Addressing and Routing
7. Each Class B network contains how many IP addresses that can be assigned to hosts?
a. 16,777,214

b. 16,777,216
c. 65,536
d. 65,534
e. 65,532
f. 32,768
g. 32,766
8. Each Class C network contains how many IP addresses that can be assigned to hosts?
a. 65,534
b. 65,532
c. 32,768
d. 32,766
e. 256
f. 254
9. Which of the following does a router normally use when making a decision about
routing TCP/IP packets?
a. Destination MAC address
b. Source MAC address
c. Destination IP address
d. Source IP address
e. Destination MAC and IP address
10. Which of the following are true about a LAN-connected TCP/IP host and its IP routing
(forwarding) choices?
a. The host always sends packets to its default gateway.
b. The host sends packets to its default gateway if the destination IP address is in a
different class of IP network than the host.
c. The host sends packets to its default gateway if the destination IP address is in a
different subnet than the host.
d. The host sends packets to its default gateway if the destination IP address is in the
same subnet as the host.
1828xbook.fm Page 96 Thursday, July 26, 2007 3:10 PM

“Do I Know This Already?” Quiz 97
11. Which of the following are functions of a routing protocol?
a. Advertising known routes to neighboring routers.
b. Learning routes for subnets directly connected to the router.
c. Learning routes, and putting those routes into the routing table, for routes adver-
tised to the router by its neighboring routers.
d. To forward IP packets based on a packet’s destination IP address.
12. Which of the following protocols allows a client PC to discover the IP address of
another computer based on that other computer’s name?
a. ARP
b. RARP
c. DNS
d. DHCP
13. Which of the following protocols allows a client PC to request assignment of an IP
address as well as learn its default gateway?
a. ARP
b. RARP
c. DNS
d. DHCP
1828xbook.fm Page 97 Thursday, July 26, 2007 3:10 PM
98 Chapter 5: Fundamentals of IP Addressing and Routing
Foundation Topics
OSI Layer 3-equivalent protocols define how packets can be delivered from the computer
that creates the packet all the way to the computer that needs to receive the packet. To reach
that goal, an OSI network layer protocol defines the following features:
Routing: The process of forwarding packets (Layer 3 PDUs).
Logical addressing: Addresses that can be used regardless of the type of physical
networks used, providing each device (at least) one address. Logical addressing
enables the routing process to identify a packet’s source and destination.
Routing protocol: A protocol that aids routers by dynamically learning about the

groups of addresses in the network, which in turn allows the routing (forwarding)
process to work well.
Other utilities: The network layer also relies on other utilities. For TCP/IP, these
utilities include Domain Name System (DNS), Dynamic Host Configuration Protocol
(DHCP), Address Resolution Protocol (ARP), and ping.
This chapter begins with an overview of routing, logical addressing, and routing protocols.
Following that, the text moves on to more details about the specifics of the TCP/IP network
layer (called the internetwork layer in the TCP/IP model). In particular, the topics of IP
addressing, routing, routing protocols, and network layer utilities are covered.
Overview of Network Layer Functions
A protocol that defines routing and logical addressing is considered to be a network layer,
or Layer 3, protocol. OSI does define a unique Layer 3 protocol called Connectionless Network
Services (CLNS), but, as usual with OSI protocols, you rarely see it in networks today. In
the recent past, you might have seen many other network layer protocols, such as Internet
Protocol (IP), Novell Internetwork Packet Exchange (IPX), or AppleTalk Datagram
Delivery Protocol (DDP). Today, the only Layer 3 protocol that is used widely is the TCP/
IP network layer protocol—specifically, IP.
The main job of IP is to route data (packets) from the source host to the destination host.
Because a network might need to forward large numbers of packets, the IP routing process
is very simple. IP does not require any overhead agreements or messages before sending a
packet, making IP a connectionless protocol. IP tries to deliver each packet, but if a router
or host’s IP process cannot deliver the packet, it is discarded—with no error recovery. The
NOTE The term path selection sometimes is used to mean the same thing as routing
protocol, sometimes is used to refer to the routing (forwarding) of packets, and
sometimes is used for both functions.
1828xbook.fm Page 98 Thursday, July 26, 2007 3:10 PM
Overview of Network Layer Functions 99
goal with IP is to deliver packets with as little per-packet work as possible, which allows
for large packet volumes. Other protocols perform some of the other useful networking
functions. For example, Transmission Control Protocol (TCP), which is described in detail

in Chapter 6, “Fundamentals of TCP/IP Transport, Applications, and Security,” provides
error recovery, resending lost data, but IP does not.
IP routing relies on the structure and meaning of IP addresses, and IP addressing was
designed with IP routing in mind. This first major section of this chapter begins by
introducing IP routing, with some IP addressing concepts introduced along the way. Then,
the text examines IP addressing fundamentals.
Routing (Forwarding)
Routing focuses on the end-to-end logic of forwarding data. Figure 5-1 shows a simple
example of how routing works. The logic illustrated by the figure is relatively simple. For
PC1 to send data to PC2, it must send something to router R1, which sends it to router R2,
and then to router R3, and finally to PC2. However, the logic used by each device along the
path varies slightly.
Figure 5-1 Routing Logic: PC1 Sending to PC2
10.1.1.1
10.0.0.0
168.0.0.0
168.11.0.0
168.1.0.0
168.1.1.1
Destination Is in
Another Group; Send
to Nearby Router.
My Route
to that Group Is
Out Serial Link.
My Route
to that Group Is
Out Frame
Relay.
Send Directly

to PC2
R1
R2
R3
PC1
PC2
1828xbook.fm Page 99 Thursday, July 26, 2007 3:10 PM
100 Chapter 5: Fundamentals of IP Addressing and Routing
PC1’s Logic: Sending Data to a Nearby Router
In this example, illustrated in Figure 5-1, PC1 has some data to send to PC2. Because PC2
is not on the same Ethernet as PC1, PC1 needs to send the packet to a router that is attached
to the same Ethernet as PC1. The sender sends a data-link frame across the medium to the
nearby router; this frame includes the packet in the data portion of the frame. That frame
uses data link layer (Layer 2) addressing in the data-link header to ensure that the nearby
router receives the frame.
The main point here is that the computer that created the data does not know much about
the network—just how to get the data to some nearby router. Using a post office analogy,
it’s like knowing how to get to the local post office, but nothing more. Likewise, PC1 needs
to know only how to get the packet to R1, not the rest of the path used to send the packet
to PC2.
R1 and R2’s Logic: Routing Data Across the Network
R1 and R2 both use the same general process to route the packet. The routing table for any
particular network layer protocol contains a list of network layer address groupings. Instead
of a single entry in the routing table per individual destination network layer address, there
is one routing table entry per group. The router compares the destination network layer
address in the packet to the entries in the routing table and makes a match. This matching
entry in the routing table tells this router where to forward the packet next. The words in
the bubbles in Figure 5-1 point out this basic logic.
The concept of network layer address grouping is similar to the U.S. zip code system.
Everyone living in the same vicinity is in the same zip code, and the postal sorters just look

for the zip codes, ignoring the rest of the address. Likewise, in Figure 5-1, everyone in this
network whose IP address starts with 168.1 is on the Ethernet on which PC2 resides, so the
routers can have just one routing table entry that means “all addresses that start with 168.1.”
Any intervening routers repeat the same process: the router compares the packet’s
destination network layer (Layer 3) address to the groups listed in its routing table, and the
matched routing table entry tells this router where to forward the packet next. Eventually,
the packet is delivered to the router connected to the network or subnet of the destination
host (R3), as shown in Figure 5-1.
R3’s Logic: Delivering Data to the End Destination
The final router in the path, R3, uses almost the exact same logic as R1 and R2, but with
one minor difference. R3 needs to forward the packet directly to PC2, not to some other
router. On the surface, that difference seems insignificant. In the next section, when you
read about how the network layer uses the data link layer, the significance of the difference
will become obvious.
1828xbook.fm Page 100 Thursday, July 26, 2007 3:10 PM
Overview of Network Layer Functions 101
Network Layer Interaction with the Data Link Layer
When the network layer protocol is processing the packet, it decides to send the packet out
the appropriate network interface. Before the actual bits can be placed onto that physical
interface, the network layer must hand off the packet to the data link layer protocols, which,
in turn, ask the physical layer to actually send the data. And as was described in Chapter 3,
“Fundamentals of LANs,” the data link layer adds the appropriate header and trailer to the
packet, creating a frame, before sending the frames over each physical network. The routing
process forwards the packet, and only the packet, end-to-end through the network,
discarding data-link headers and trailers along the way. The network layer processes
deliver the packet end-to-end, using successive data-link headers and trailers just to get the
packet to the next router or host in the path. Each successive data link layer just gets the
packet from one device to the next. Figure 5-2 points out the key encapsulation logic on
each device, using the same examples as in Figure 5-1.
Figure 5-2 Network Layer and Data Link Layer Encapsulation

10.1.1.1
10.0.0.0
168.10.0.0
168.11.0.0
168.1.0.0
Encapsulate
IP Packet in
Ethernet
Extract IP
Packet and
Encapsulate in
HDLC
Extract IP
Packet, and
Encapsulate in
Frame Relay
Extract IP
Packet, and
Encapsulate in
Ethernet
Eth. IP Packet
HDLC IP Packet
FR IP Packet
Eth IP Packet
PC1
R1
R2
R3
168.1.1.1
PC2

1828xbook.fm Page 101 Thursday, July 26, 2007 3:10 PM
102 Chapter 5: Fundamentals of IP Addressing and Routing
Because the routers build new data-link headers and trailers (trailers not shown in the
figure), and because the new headers contain data-link addresses, the PCs and routers must
have some way to decide what data-link addresses to use. An example of how the router
determines which data-link address to use is the IP Address Resolution Protocol (ARP).
ARP is used to dynamically learn the data-link address of an IP host connected to a LAN.
You will read more about ARP later in this chapter.
Routing as covered so far has two main concepts:
■ The process of routing forwards Layer 3 packets, also called Layer 3 protocol data
units (L3 PDU), based on the destination Layer 3 address in the packet.
■ The routing process uses the data link layer to encapsulate the Layer 3 packets into
Layer 2 frames for transmission across each successive data link.
IP Packets and the IP Header
The IP packets encapsulated in the data-link frames shown in Figure 5-2 have an IP header,
followed by additional headers and data. For reference, Figure 5-3 shows the fields inside
the standard 20-byte IPv4 header, with no optional IP header fields, as is typically seen in
most networks today.
Figure 5-3 IPv4 Header
Of the different fields inside the IPv4 header, this book, and the companion ICND2 Official
Exam Certification Guide, ignore all the fields except the Time-To-Live (TTL) (covered in
Chapter 15 in this book), protocol (Chapter 6 of the ICND2 book), and the source and
destination IP address fields (scattered throughout most chapters). However, for reference,
Table 5-2 briefly describes each field.
Version
Header
Length
DS Field Packet Length
Identification
Fragment Offset (13)Flags (3)

Time to Live
Protocol
Header Checksum
Source IP Address
Destination IP Address
081624 31
1828xbook.fm Page 102 Thursday, July 26, 2007 3:10 PM
Overview of Network Layer Functions 103
This section next examines the concept of network layer addressing and how it aids the
routing process.
Network Layer (Layer 3) Addressing
Network layer protocols define the format and meaning of logical addresses. (The term
logical address does not really refer to whether the addresses make sense, but rather to
contrast these addresses with physical addresses.) Each computer that needs to
communicate will have (at least) one network layer address so that other computers can
send data packets to that address, expecting the network to deliver the data packet to the
correct computer.
One key feature of network layer addresses is that they were designed to allow logical
grouping of addresses. In other words, something about the numeric value of an address
implies a group or set of addresses, all of which are considered to be in the same grouping.
With IP addresses, this group is called a network or a subnet. These groupings work just
like USPS zip (postal) codes, allowing the routers (mail sorters) to speedily route (sort) lots
of packets (letters).
Table 5-2 IPv4 Header Fields
Field Meaning
Version Version of the IP protocol. Most networks use version 4 today.
IHL IP Header Length. Defines the length of the IP header, including optional fields.
DS Field Differentiated Services Field. It is used for marking packets for the purpose of
applying different quality-of-service (QoS) levels to different packets.
Packet length Identifies the entire length of the IP packet, including the data.

Identification Used by the IP packet fragmentation process; all fragments of the original
packet contain the same identifier.
Flags 3 bits used by the IP packet fragmentation process.
Fragment offset A number used to help hosts reassemble fragmented packets into the original
larger packet.
TTL Time to live. A value used to prevent routing loops.
Protocol A field that identifies the contents of the data portion of the IP packet. For example,
protocol 6 implies that a TCP header is the first thing in the IP packet data field.
Header Checksum A value used to store an FCS value, whose purpose is to determine if any bit
errors occurred in the IP header.
Source IP address The 32-bit IP address of the sender of the packet.
Destination IP
address
The 32-bit IP address of the intended recipient of the packet.
1828xbook.fm Page 103 Thursday, July 26, 2007 3:10 PM
104 Chapter 5: Fundamentals of IP Addressing and Routing
Just like postal street addresses, network layer addresses are grouped based on physical
location in a network. The rules differ for some network layer protocols, but with IP
addressing, the first part of the IP address is the same for all the addresses in one grouping.
For example, in Figures 5-1 and 5-2, the following IP addressing conventions define the
groups of IP addresses (IP networks) for all hosts on that internetwork:
■ Hosts on the top Ethernet: Addresses start with 10
■ Hosts on the R1-R2 serial link: Addresses start with 168.10
■ Hosts on the R2-R3 Frame Relay network: Addresses start with 168.11
■ Hosts on the bottom Ethernet: Addresses start with 168.1
Routing relies on the fact that Layer 3 addresses are grouped. The routing tables for each
network layer protocol can have one entry for the group, not one entry for each individual
address. Imagine an Ethernet with 100 TCP/IP hosts. A router that needs to forward packets
to any of those hosts needs only one entry in its IP routing table, with that one routing table
entry representing the entire group of hosts on the Ethernet. This basic fact is one of the key

reasons that routers can scale to allow hundreds of thousands of devices. It’s very similar
to the USPS zip code system. It would be ridiculous to have people in the same zip code
live far from each other, or to have next-door neighbors be in different zip codes. The poor
postman would spend all his time driving and flying around the country! Similarly, to make
routing more efficient, network layer protocols group addresses.
Routing Protocols
Conveniently, the routers in Figures 5-1 and 5-2 somehow know the correct steps to take to
forward the packet from PC1 to PC2. To make the correct choices, each router needs a
routing table, with a route that matches the packet sent to PC2. The routes tell the router
where to send the packet next.
In most cases, routers build their routing table entries dynamically using a routing protocol.
Routing protocols learn about all the locations of the network layer “groups” in a network
and advertise the groups’ locations. As a result, each router can build a good routing table
dynamically. Routing protocols define message formats and procedures, just like any other
protocol. The end goal of each routing protocol is to fill the routing table with all known
destination groups and with the best route to reach each group.
NOTE To avoid confusion when writing about IP networks, many resources (including
this one) use the term internetwork to refer more generally to a network made up of
routers, switches, cables, and other equipment, and the word network to refer to the more
specific concept of an IP network.
1828xbook.fm Page 104 Thursday, July 26, 2007 3:10 PM
IP Addressing 105
The terminology relating to routing protocols sometimes can get in the way. A routing
protocol learns routes and puts those routes in a routing table. A routed protocol defines the
type of packet forwarded, or routed, through a network. In Figures 5-1 and 5-2, the figures
represent how IP packets are routed, so IP would be the routed protocol. If the routers used
Routing Information Protocol (RIP) to learn the routes, RIP would be the routing protocol.
Later in this chapter, the section “IP Routing Protocols” shows a detailed example of how
routing protocols learn routes.
Now that you have seen the basic function of the OSI network layer at work, the rest of this

chapter examines the key components of the end-to-end routing process for TCP/IP.
IP Addressing
IP addressing is absolutely the most important topic for the CCNA exams. By the time
you have completed your study, you should be comfortable and confident in your
understanding of IP addresses, their formats, the grouping concepts, how to subdivide
groups into subnets, how to interpret the documentation for existing networks’ IP
addressing, and so on. Simply put, you had better know addressing and subnetting!
This section introduces IP addressing and subnetting and also covers the concepts behind
the structure of an IP address, including how it relates to IP routing. In Chapter 12,
“IP Addressing and Subnetting,” you will read about the math behind IP addressing
and subnetting.
IP Addressing Definitions
If a device wants to communicate using TCP/IP, it needs an IP address. When the device
has an IP address and the appropriate software and hardware, it can send and receive
IP packets. Any device that can send and receive IP packets is called an IP host.
IP addresses consist of a 32-bit number, usually written in dotted-decimal notation. The
“decimal” part of the term comes from the fact that each byte (8 bits) of the 32-bit IP address
is shown as its decimal equivalent. The four resulting decimal numbers are written in sequence,
with “dots,” or decimal points, separating the numbers—hence the name dotted decimal. For
instance, 168.1.1.1 is an IP address written in dotted-decimal form; the actual binary version is
10101000 00000001 00000001 00000001. (You almost never need to write down the binary
version, but you will see how to convert between the two formats in Chapter 12.)
NOTE IP Version 4 (IPv4) is the most widely used version of IP. The ICND2 Official
Exam Certification Guide covers the newer version of IP, IPv6. This book only briefly
mentions IPv6 in Chapter 12 and otherwise ignores it. So, all references to IP addresses
in this book should be taken to mean “IP version 4” addresses.
1828xbook.fm Page 105 Thursday, July 26, 2007 3:10 PM
106 Chapter 5: Fundamentals of IP Addressing and Routing
Each decimal number in an IP address is called an octet. The term octet is just a vendor-
neutral term for byte. So, for an IP address of 168.1.1.1, the first octet is 168, the second

octet is 1, and so on. The range of decimal numbers in each octet is between 0 and 255,
inclusive.
Finally, note that each network interface uses a unique IP address. Most people tend to think
that their computer has an IP address, but actually their computer’s network card has an
IP address. If you put two Ethernet cards in a PC to forward IP packets through both cards,
they both would need unique IP addresses. Also, if your laptop has both an Ethernet
NIC and a wireless NIC working at the same time, your laptop will have an IP address for
each NIC. Similarly, routers, which typically have many network interfaces that forward
IP packets, have an IP address for each interface.
Now that you have some idea of the basic terminology, the next section relates IP
addressing to the routing concepts of OSI Layer 3.
How IP Addresses Are Grouped
The original specifications for TCP/IP grouped IP addresses into sets of consecutive
addresses called IP networks. The addresses in a single network have the same numeric
value in the first part of all addresses in the network. Figure 5-4 shows a simple
internetwork that has three separate IP networks.
Figure 5-4 Sample Network Using Class A, B, and C Network Numbers
The conventions of IP addressing and IP address grouping make routing easy. For
example, all IP addresses that begin with 8 are in the IP network that contains all the
hosts on the Ethernet on the left. Likewise, all IP addresses that begin with 130.4 are in
another IP network that consists of all the hosts on the Ethernet on the right. Along the
same lines, 199.1.1 is the prefix for all IP addresses on the network that includes the
Network
8.0.0.0
All IP addresses
that begin with 8
All IP addresses that
begin with 199.1.1
All IP addresses that
begin with 130.4

Network
130.4.0.0
Network
199.1.1.0
1828xbook.fm Page 106 Thursday, July 26, 2007 3:10 PM
IP Addressing 107
addresses on the serial link. (The only two IP addresses in this last grouping will be the
IP addresses on each of the two routers.) By following this convention, the routers build
a routing table with three entries—one for each prefix, or network number. For example,
the router on the left can have one route that refers to all addresses that begin with 130.4,
with that route directing the router to forward packets to the router on the right.
The example indirectly points out a couple of key points about how IP addresses are
organized. To be a little more explicit, the following two rules summarize the facts about
which IP addresses need to be in the same grouping:
■ All IP addresses in the same group must not be separated by a router.
■ IP addresses separated by a router must be in different groups.
As mentioned earlier in this chapter, IP addressing behaves similarly to zip codes. Everyone
in my zip code lives in a little town in Ohio. If some members of my zip code were in
California, some of my mail might be sent to California by mistake. Likewise, IP routing
relies on the fact that all IP addresses in the same group (called either a network or a subnet)
are in the same general location. If some of the IP addresses in my network or subnet were
allowed to be on the other side of the internetwork compared to my computer, the routers
in the network might incorrectly send some of the packets sent to my computer to the other
side of the network.
Classes of Networks
Figure 5-4 and the surrounding text claim that the IP addresses of devices attached to the
Ethernet on the left all start with 8 and that the IP addresses of devices attached to the
Ethernet on the right all start with 130.4. Why only one number (8) for the “prefix” on the
Ethernet on the left and two numbers (130 and 4) on the Ethernet on the right? Well, it all
has to do with IP address classes.

RFC 791 defines the IP protocol, including several different classes of networks. IP defines
three different network classes for addresses used by individual hosts—addresses called
unicast IP addresses. These three network classes are called A, B, and C. TCP/IP defines
Class D (multicast) addresses and Class E (experimental) addresses as well.
By definition, all addresses in the same Class A, B, or C network have the same numeric
value network portion of the addresses. The rest of the address is called the host portion of
the address.
Using the post office example, the network part of an IP address acts like the zip (postal)
code, and the host part acts like the street address. Just as a letter-sorting machine
three states away from you cares only about the zip code on a letter addressed to you,
1828xbook.fm Page 107 Thursday, July 26, 2007 3:10 PM
108 Chapter 5: Fundamentals of IP Addressing and Routing
a router three hops away from you cares only about the network number that your address
resides in.
Class A, B, and C networks each have a different length for the part that identifies the network:
■ Class A networks have a 1-byte-long network part. That leaves 3 bytes for the rest of
the address, called the host part.
■ Class B networks have a 2-byte-long network part, leaving 2 bytes for the host portion
of the address.
■ Class C networks have a 3-byte-long network part, leaving only 1 byte for the host part.
For example, Figure 5-4 lists network 8.0.0.0 next to the Ethernet on the left. Network
8.0.0.0 is a Class A network, which means that only 1 octet (byte) is used for the network
part of the address. So, all hosts in network 8.0.0.0 begin with 8. Similarly, Class B network
130.4.0.0 is listed next to the Ethernet on the right. Because it is a Class B network, 2 octets
define the network part, and all addresses begin with 130.4 as the first 2 octets.
When listing network numbers, the convention is to write down the network part of the number,
with all decimal 0s in the host part of the number. So, Class A network “8,” which consists of
all IP addresses that begin with 8, is written as 8.0.0.0. Similarly, Class B network “130.4,”
which consists of all IP addresses that begin with 130.4, is written as 130.4.0.0, and so on.
Now consider the size of each class of network. Class A networks need 1 byte for the network

part, leaving 3 bytes, or 24 bits, for the host part. There are 2
24
different possible values in the
host part of a Class A IP address. So, each Class A network can have 2
24
IP addresses—except
for two reserved host addresses in each network, as shown in the last column of Table 5-3.
The table summarizes the characteristics of Class A, B, and C networks.
*
There are two reserved host addresses per network.
Based on the three examples from Figure 5-4, Table 5-4 provides a closer look at the
numeric version of the three network numbers: 8.0.0.0, 130.4.0.0, and 199.1.1.0.
Table 5-3 Sizes of Network and Host Parts of IP Addresses with No Subnetting
Any Network of This
Class
Number of Network
Bytes (Bits)
Number of Host
Bytes (Bits)
Number of Addresses
Per Network
*
A1 (8) 3 (24) 2
24
– 2
B2 (16) 2 (16) 2
16
– 2
C3 (24) 1 (8) 2
8

– 2
1828xbook.fm Page 108 Thursday, July 26, 2007 3:10 PM
IP Addressing 109
Even though the network numbers look like addresses because of their dotted-decimal
format, network numbers cannot be assigned to an interface to be used as an IP address.
Conceptually, network numbers represent the group of all IP addresses in the network,
much like a zip code represents the group of all addresses in a community. It would be
confusing to have a single number represent a whole group of addresses and then also use
that same number as an IP address for a single device. So, the network numbers themselves
are reserved and cannot be used as an IP address for a device.
Besides the network number, a second dotted-decimal value in each network is reserved.
Note that the first reserved value, the network number, has all binary 0s in the host part of
the number (see Table 5-4). The other reserved value is the one with all binary 1s in the host
part of the number. This number is called the network broadcast or directed broadcast
address. This reserved number cannot be assigned to a host for use as an IP address. However,
packets sent to a network broadcast address are forwarded to all devices in the network.
Also, because the network number is the lowest numeric value inside that network and the
broadcast address is the highest numeric value, all the numbers between the network
number and the broadcast address are the valid, useful IP addresses that can be used to
address interfaces in the network.
The Actual Class A, B, and C Network Numbers
The Internet is a collection of almost every IP-based network and almost every TCP/IP host
computer in the world. The original design of the Internet required several cooperating
features that made it technically possible as well as administratively manageable:
■ Each computer connected to the Internet needs a unique, nonduplicated IP address.
■ Administratively, a central authority assigned Class A, B, or C networks to companies,
governments, school systems, and ISPs based on the size of their IP network (Class A
for large networks, Class B for medium networks, and Class C for small networks).
■ The central authority assigned each network number to only one organization, helping
ensure unique address assignment worldwide.

■ Each organization with an assigned Class A, B, or C network then assigned individual
IP addresses inside its own network.
Table 5-4 Sample Network Numbers, Decimal and Binary
Network Number Binary Representation, with the Host Part in Bold
8.0.0.0 00001000 00000000 00000000 00000000
130.4.0.0 10000010 00000100 00000000 00000000
199.1.1.0 11000111 00000001 00000001 00000000
1828xbook.fm Page 109 Thursday, July 26, 2007 3:10 PM
110 Chapter 5: Fundamentals of IP Addressing and Routing
By following these guidelines, as long as each organization assigns each IP address to only
one computer, every computer in the Internet has a globally unique IP address.
The organization in charge of universal IP address assignment is the Internet Corporation
for Assigned Network Numbers (ICANN, www.icann.org). (The Internet Assigned Numbers
Authority (IANA) formerly owned the IP address assignment process.) ICANN, in turn,
assigns regional authority to other cooperating organizations. For example, the American
Registry for Internet Numbers (ARIN, www.arin.org) owns the address assignment process
for North America.
Table 5-5 summarizes the possible network numbers that ICANN and other agencies could
have assigned over time. Note the total number for each network class and the number
of hosts in each Class A, B, and C network.
*
The Valid Network Numbers column shows actual network numbers. Networks 0.0.0.0 (originally defined for use as
a broadcast address) and 127.0.0.0 (still available for use as the loopback address) are reserved.
Memorizing the contents of Table 5-5 should be one of the first things you do in preparation
for the CCNA exam(s). Engineers should be able to categorize a network as Class A, B,
or C with ease. Also, memorize the number of octets in the network part of Class A, B, and
C addresses, as shown in Table 5-4.
IP Subnetting
Subnetting is one of the most important topics on the ICND1, ICND2, and CCNA exams. You
need to know how it works and how to “do the math” to figure out issues when subnetting is

in use, both in real life and on the exam. Chapter 12 covers the details of subnetting concepts,
motivation, and math, but you should have a basic understanding of the concepts before
NOTE The details of address assignment have changed over time, but the general idea
described here is enough detail to help you understand the concept of different Class A,
B, and C networks.
Table 5-5 All Possible Valid Network Numbers
*
Class
First Octet
Range
Valid Network
Numbers
*
Tot al Number for This
Class of Network
Number of Hosts
Per Network
A1 to 126 1.0.0.0 to 126.0.0.0 2
7
– 2 (126) 2
24
– 2 (16,777,214)
B 128 to 191 128.0.0.0 to
191.255.0.0
2
14
(16,384) 2
16
– 2 (65,534)
C 192 to 223 192.0.0.0 to

223.255.255.0
2
21
(2,097,152) 2
8
– 2 (254)
1828xbook.fm Page 110 Thursday, July 26, 2007 3:10 PM
IP Addressing 111
covering the topics between here and Chapter 12. IP subnetting takes a single Class A, B, or
C network and subdivides it into a number of smaller groups of IP addresses. The Class A, B,
and C rules still exist, but now, a single Class A, B, or C network can be subdivided into many
smaller groups. Subnetting treats a subdivision of a single Class A, B, or C network as if it
were a network itself. In fact, the name “subnet” is just shorthand for “subdivided network.”
You can easily discern the concepts behind subnetting by comparing one network topology
that does not use subnetting with the same topology but with subnetting implemented.
Figure 5-5 shows such a network, without subnetting.
Figure 5-5 Backdrop for Discussing Numbers of Different Networks/Subnetworks
The design in Figure 5-5 requires six groups of IP addresses, each of which is a Class B
network in this example. The four LANs each use a single Class B network. In other
words, each of the LANs attached to routers A, B, C, and D is in a separate IP network.
Additionally, the two serial interfaces composing the point-to-point serial link between
routers C and D use one IP network because these two interfaces are not separated by a
router. Finally, the three router interfaces composing the Frame Relay network with routers
A, B, and C are not separated by an IP router and would use a sixth IP network.
Frame Relay
150.5.0.0
150.1.0.0
150.4.0.0
150.6.0.0
150.2.0.0

Ray
Kris Wendell
Fay
Hannah
Jessie
AB
C
D
150.3.0.0
Vinnie
1828xbook.fm Page 111 Thursday, July 26, 2007 3:10 PM
112 Chapter 5: Fundamentals of IP Addressing and Routing
Each Class B network has 2
16
– 2 host addresses—far more than you will ever need for each
LAN and WAN link. For example, the upper-left Ethernet should contain all addresses that
begin with 150.1. Therefore, addresses that begin with 150.1 cannot be assigned anywhere
else in the network, except on the upper-left Ethernet. So, if you ran out of IP addresses
somewhere else, you could not use the large number of unused addresses that begin with
150.1. As a result, the addressing design shown in Figure 5-5 wastes a lot of addresses.
In fact, this design would not be allowed if it were connected to the Internet. The ICANN
member organization would not assign six separate registered Class B network numbers.
In fact, you probably would not get even one Class B network, because most of the Class B
addresses are already assigned. You more likely would get a couple of Class C networks
with the expectation that you would use subnetting. Figure 5-6 illustrates a more realistic
example that uses basic subnetting.
Figure 5-6 Using Subnets
As in Figure 5-5, the design in Figure 5-6 requires six groups. Unlike Figure 5-5, this figure
uses six subnets, each of which is a subnet of a single Class B network. This design
subdivides the Class B network 150.150.0.0 into six subnets. To perform subnetting, the

third octet (in this example) is used to identify unique subnets of network 150.150.0.0.
Frame Relay
150.150.5.0
150.150.1.0
150.150.4.0
150.150.6.0
150.150.2.0
Ray
150.150.1.1
Kris
150.150.4.2
Wendell
150.150.4.1
Fay
150.150.1.2
Hannah
150.150.2.1
Jessie
150.150.2.2
AB
C
D
150.150.3.0
Vinnie
150.150.3.1
1828xbook.fm Page 112 Thursday, July 26, 2007 3:10 PM
IP Addressing 113
Notice that each subnet number in the figure shows a different value in the third octet,
representing each different subnet number. In other words, this design numbers or identifies
each different subnet using the third octet.

When subnetting, a third part of an IP address appears between the network and host parts
of the address—namely, the subnet part of the address. This field is created by “stealing”
or “borrowing” bits from the host part of the address. The size of the network part of the
address never shrinks. In other words, Class A, B, and C rules still apply when defining the
size of the network part of an address. The host part of the address shrinks to make room
for the subnet part of the address. Figure 5-7 shows the format of addresses when
subnetting, representing the number of bits in each of the three parts of an IP address.
Figure 5-7 Address Formats When Subnetting Is Used (Classful)
Now, instead of routing based on the network part of an address, routers can route based
on the combined network and subnet parts. For example, when Kris (150.150.4.2) sends
a packet to Hannah (150.150.2.1), router C has an IP route that lists information that
means “all addresses that begin with 150.150.2.” That same route tells router C to forward the
packet to router B next. Note that the information in the routing table includes both the
network and subnet part of the address, because both parts together identify the group.
Note that the concepts shown in Figure 5-7, with three parts of an IP address (network,
subnet, and host), are called classful addressing. The term classful addressing refers to how
you can think about IP addresses—specifically, that they have three parts. In particular,
classful addressing means that you view the address as having a network part that is
determined based on the rules about Class A, B, and C addressing—hence the word
“classful” in the term.
Because the routing process considers the network and subnet parts of the address together,
you can take an alternative view of IP addresses called classless addressing. Instead of
three parts, each address has two parts:
■ The part on which routing is based
■ The host part
Network Host Class A
8x
Subnet
24 – x
Network Host Class B

16
Subnet
16 – x x
HostNetwork Class C
x
Subnet
8 – x24
1828xbook.fm Page 113 Thursday, July 26, 2007 3:10 PM
114 Chapter 5: Fundamentals of IP Addressing and Routing
This first part—the part on which routing is based—is the combination of the network and
subnet parts from the classful addressing view. This first part is often simply called the
subnet part, or sometimes the prefix. Figure 5-8 shows the concepts and terms behind
classless IP addressing.
Figure 5-8 Address Formats When Subnetting Is Used (Classless)
Finally, IP addressing with subnetting uses a concept called a subnet mask. A subnet mask
helps define the structure of an IP address, as shown in Figures 5-7 and 5-8. Chapter 12
explains the details of subnet masks.
IP Routing
In the first section of this chapter, you read about the basics of routing using a network with
three routers and two PCs. Armed with more knowledge of IP addressing, you now can
take a closer look at the process of routing IP. This section focuses on how the originating
host chooses where to send the packet, as well as how routers choose where to route or
forward packets to the final destination.
Host Routing
Hosts actually use some simple routing logic when choosing where to send a packet. This
two-step logic is as follows:
Step 1 If the destination IP address is in the same subnet as I am, send the packet directly
to that destination host.
Step 2 If the destination IP address is not in the same subnet as I am, send the
packet to my default gateway (a router’s Ethernet interface on the

subnet).
For example, consider Figure 5-9, and focus on the Ethernet LAN at the top of the figure.
The top Ethernet has two PCs, labeled PC1 and PC11, plus router R1. When PC1 sends
a packet to 150.150.1.11 (PC11’s IP address), PC1 sends the packet over the Ethernet to
PC11—there’s no need to bother the router.
Host
x
Subnet or Prefix
32 – x
1828xbook.fm Page 114 Thursday, July 26, 2007 3:10 PM
IP Routing 115
Figure 5-9 Host Routing Alternatives
Alternatively, when PC1 sends a packet to PC2 (150.150.4.10), PC1 forwards the packet to
its default gateway of 150.150.1.4, which is R1’s Ethernet interface IP address according to
Step 2 in the host routing logic. The next section describes an example in which PC1 uses
its default gateway.
Router Forwarding Decisions and the IP Routing Table
Earlier in this chapter, Figures 5-1 and 5-2 (and the associated text) described generally how
routers forward packets, making use of each successive physical network to forward
packets to the next device. To better appreciate a router’s forwarding decision, this section
uses an example that includes three different routers forwarding a packet.
150.150.1.10
150.150.1.4
150.150.2.7
150.150.3.1
E0
S0
S1
150.150.4.10
R1

R2
R3
PC1
150.150.1.11
PC11
PC2
150.150.1.0
150.150.2.0
150.150.3.0
150.150.4.0
1828xbook.fm Page 115 Thursday, July 26, 2007 3:10 PM
116 Chapter 5: Fundamentals of IP Addressing and Routing
A router uses the following logic when receiving a data-link frame—a frame that has an
IP packet encapsulated in it:
Step 1 Use the data-link FCS field to ensure that the frame had no errors; if errors
occurred, discard the frame.
Step 2 Assuming the frame was not discarded at step 1, discard the old data-link
header and trailer, leaving the IP packet.
Step 3 Compare the IP packet’s destination IP address to the routing table, and
find the route that matches the destination address. This route identifies
the outgoing interface of the router, and possibly the next-hop router.
Step 4 Encapsulate the IP packet inside a new data-link header and trailer,
appropriate for the outgoing interface, and forward the frame.
With these steps, each router sends the packet to the next location until the packet reaches
its final destination.
Next, focus on the routing table and the matching process that occurs at Step 3. The packet
has a destination IP address in the header, whereas the routing table typically has a list of
networks and subnets. To match a routing table entry, the router thinks like this:
Network numbers and subnet numbers represent a group of addresses that begin
with the same prefix. In which of the groups in my routing table does this packet’s

destination address reside?
As you might guess, routers actually turn that logic into a math problem, but the text indeed
shows what occurs. For example, Figure 5-10 shows the same network topology as
Figure 5-9, but now with PC1 sending a packet to PC2.
The following list explains the forwarding logic at each step in the figure. (Note that all
references to Steps 1, 2, 3, and 4 refer to the list of routing logic at the top of this page.)
Step A PC1 sends the packet to its default gateway. PC1 first builds the IP packet, with
a destination address of PC2’s IP address (150.150.4.10). PC1 needs to send the
packet to R1 (PC1’s default gateway) because the destination address is on a
different subnet. PC1 places the IP packet into an Ethernet frame, with a
destination Ethernet address of R1’s Ethernet address. PC1 sends the frame onto
the Ethernet.
NOTE Note that the routers all know in this case that “subnet 150.150.4.0” means “all
addresses that begin with 150.150.4.”
1828xbook.fm Page 116 Thursday, July 26, 2007 3:10 PM
IP Routing 117
Figure 5-10 Simple Routing Example, with IP Subnets
Step B R1 processes the incoming frame and forwards the packet to R2.
Because the incoming Ethernet frame has a destination MAC of R1’s
Ethernet MAC, R1 copies the frame off the Ethernet for processing. R1
checks the frame’s FCS, and no errors have occurred (Step 1). R1 then
discards the Ethernet header and trailer (Step 2). Next, R1 compares the
packet’s destination address (150.150.4.10) to the routing table and finds the
entry for subnet 150.150.4.0—which includes addresses 150.150.4.0 through
150.150.4.255 (Step 3). Because the destination address is in this group,
R2 forwards the packet outgoing interface Serial0 to next-hop router R2
(150.150.2.7) after encapsulating the packet in an HDLC frame (step 4).
Step C R2 processes the incoming frame and forwards the packet to R3.
R2 repeats the same general process as R1 when R2 receives the HDLC
frame. R2 checks the FCS field and finds that no errors occurred (Step 1).

R2 then discards the HDLC header and trailer (Step 2). Next, R2 finds its
Default Router
150.150.1.4
150.150.1.10
150.150.1.4
150.150.2.7
150.150.3.1
E0
S0
S1
150.150.4.10
R1
R2
R3
PC1
150.150.1.11
PC11
PC2
150.150.1.0
150.150.2.0
150.150.3.0
150.150.4.0
Subnet Out Interface Next Hop IP Address
150.150.4.0 Serial0 150.150.2.7
R1 Routing Table
Subnet Out Interface Next Hop IP Address
150.150.4.0 Serial1 150.150.3.1
R2 Routing Table
Subnet Out Interface Next Hop IP Address
150.150.4.0 Ethernet0 N/A

R3 Routing Table
A
B
C
D
1828xbook.fm Page 117 Thursday, July 26, 2007 3:10 PM