Java Reference
In-Depth Information
Internet Address Blocks
To avoid this problem, blocks of IPv4 addresses are assigned to Internet service pro‐
viders (ISPs) by their regional Internet registry. When a company or an organization
wants to set up an IP-based network connected to the Internet, their ISP assigns them
a block of addresses. Each block has a fixed prefix. For instance if the prefix is 216.254.85,
then the local network can use addresses from 216.254.85.0 to 216.254.85.255. Because
this block fixes the first 24 bits, it's called a /24. A /23 specifies the first 23 bits, leaving
9 bits for 2
9
or 512 total local IP addresses. A /30 subnet (the smallest possible) specifies
the first 30 bits of the IP addresses within the subnetwork, leaving 2 bits for 2
2
or 4 total
local IP addresses. However, the lowest address in all block used to identify the network
itself, and the largest address is a broadcast address for the network, so you have two
fewer available addresses than you might first expect.
Network Address Translation
Because of the increasing scarcity of and demand for raw IP addresses, most networks
today use Network Address Translation (NAT). In NAT-based networks most nodes
only have local, non-routable addresses selected from either 10.x.x.x, 172.16.x.x to
172.31.x.x, or 192.168.x.x. The routers that connect the local networks to the ISP trans‐
late these local addresses to a much smaller set of routable addresses.
For instance, the dozen or so IP nodes in my apartment all share a single externally
visible IP address. The computer on which I'm typing this has the IP address 192.168.1.5,
but on your network that address may refer to a completely different host, if it exists at
all. Nor could you reach my computer by sending data to 192.168.1.5. Instead, you'd
have to send to 216.254.85.72 (and even then, the data would only get through if I had
configured my NAT router to pass incoming connections on to 192.168.1.5).
The router watches my outgoing and incoming connections and adjusts the addresses
in the IP packets. For an outgoing packet, it changes the source address to the router's
external address (216.254.85.72 on my network). For an incoming packet, it changes
the destination address to one of the local addresses, such as 192.168.1.12. Exactly how
it keeps track of which connections come from and are aimed at which internal com‐
puters is not particularly important to a Java programmer. As long as your machines
are configured properly, this process is mostly transparent. You just need to remember
that the external and internal addresses may not be the same.
Eventually, IPv6 should make most of this obsolete. NAT will be pointless, though fire‐
walls will still be useful. Subnets will still exist for routing, but they'll be much larger.
Firewalls
There are some naughty people on the Internet. To keep them out, it's often helpful to
set up one point of access to a local network and check all traffic into or out of that access
