Billions of devices communicate across the internet every second, yet most users never consider the invisible addressing system making these connections possible. While local networks use MAC addresses to identify hardware, global communication requires a more flexible system: IP addresses and the network layer protocols that route data across continents in milliseconds.
Understanding the network layer—how IP addresses work, how subnets divide networks, and how routers forward packets—is fundamental to IT careers. Whether you’re troubleshooting connectivity issues, designing network infrastructure, or preparing for CompTIA Network+ certification, mastering these concepts separates effective network administrators from those constantly struggling with basic connectivity problems.
Reading Time: 18 minutes
What You’ll Learn:
- How IP addresses identify devices on global networks
- IP datagram structure and encapsulation
- Traditional IP address classes (A, B, C, D, E)
- ARP protocol for IP-to-MAC address resolution
- Subnet masks and subnetting calculations
- Binary math for networking (simplified)
- CIDR notation and classless routing
- How routers forward packets using routing tables
- Private IP addresses and NAT (Network Address Translation)
- Practical commands to examine your network configuration
Prerequisites: Basic understanding of networks and the OSI model helpful but not required. We’ll build from fundamentals.
Why MAC Addresses Aren’t Enough
Local Area Networks (LANs) use MAC (Media Access Control) addresses to identify devices on the same physical network segment. Every network interface card has a unique 48-bit MAC address (like 00:1A:2B:3C:4D:5E) burned into hardware during manufacturing.
MAC addresses work perfectly for local communication:
- Switch receives frame with destination MAC
- Switch checks MAC address table
- Switch forwards frame to correct port
- Destination device receives frame
But MAC addresses fail at scale:
Problem 1: No hierarchical structure
- MAC addresses are flat, with no geographic or organizational grouping
- Can’t create efficient routing tables for billions of devices
- Every router would need to know every MAC address globally (impossible)
Problem 2: Hardware-tied addresses
- MAC addresses permanently tied to specific hardware
- Moving a device requires updating countless routing entries
- No way to organize addresses by network location
Problem 3: Not routable
- MAC addresses work only on local network segments
- Can’t cross router boundaries
- Limited to single broadcast domain
The solution: IP addresses provide hierarchical, logical addressing that scales globally while remaining independent of physical hardware.
💡 Key Concept: MAC addresses identify hardware (Layer 2), while IP addresses identify network locations (Layer 3). Both are necessary—MAC for local delivery, IP for routing across networks.
What is an IP Address?
An IP address (IPv4) is a 32-bit number identifying a device’s logical location on a network, written in human-readable dotted decimal notation.
Dotted Decimal Notation
Format: Four numbers (octets) separated by dots, each ranging from 0 to 255.
Example IP address: 192.168.1.100
Breaking it down:
- 192 – First octet (8 bits)
- 168 – Second octet (8 bits)
- 1 – Third octet (8 bits)
- 100 – Fourth octet (8 bits)
Total: 32 bits (4 octets × 8 bits each)
Binary Representation
Computers process IP addresses as binary (base 2) numbers:
Decimal: 192.168.1.100
Binary: 11000000.10101000.00000001.01100100
Understanding the conversion:
| Decimal | Binary | Calculation |
|---|---|---|
| 192 | 11000000 | 128 + 64 = 192 |
| 168 | 10101000 | 128 + 32 + 8 = 168 |
| 1 | 00000001 | 1 |
| 100 | 01100100 | 64 + 32 + 4 = 100 |
Why binary matters: Subnetting calculations, subnet masks, and routing decisions all operate on binary representations.
Binary Math Basics for Networking
Binary uses only two digits: 0 and 1
Counting in binary:
- Decimal 0 = Binary 0
- Decimal 1 = Binary 1
- Decimal 2 = Binary 10
- Decimal 3 = Binary 11
- Decimal 4 = Binary 100
- Decimal 5 = Binary 101
Bit positions and values (8-bit octet):
| Position | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 |
|---|---|---|---|---|---|---|---|---|
| Value | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
Calculating total possible values:
Formula: 2^n where n = number of bits
- 4 bits: 2^4 = 16 values (0-15)
- 8 bits: 2^8 = 256 values (0-255)
- 32 bits: 2^32 = 4,294,967,296 possible IPv4 addresses
The AND operator (critical for subnetting):
The AND operation compares two bits and returns 1 only if both bits are 1:
| Bit A | Bit B | A AND B |
|---|---|---|
| 0 | 0 | 0 |
| 0 | 1 | 0 |
| 1 | 0 | 0 |
| 1 | 1 | 1 |
Why it matters: Subnet masks use AND operations to extract network portions from IP addresses.
📚 Study Tip: Don’t memorize binary conversions—learn the bit position values (128, 64, 32, 16, 8, 4, 2, 1) and add them. Example: 192 = 128 + 64, so binary is 11000000.
Dynamic vs Static IP Assignment
Dynamic IP addresses (DHCP):
- Automatically assigned when device joins network
- DHCP (Dynamic Host Configuration Protocol) server provides IP
- Address may change when lease expires or device reconnects
- Used for most client devices (laptops, phones, tablets)
DHCP process (simplified):
- Device broadcasts “DHCP Discover” request
- DHCP server responds with “DHCP Offer” (available IP)
- Device requests offered IP with “DHCP Request”
- Server confirms with “DHCP Acknowledgment”
Static IP addresses:
- Manually configured on device
- Never changes unless manually reconfigured
- Required for servers, printers, routers, network infrastructure
- Ensures consistent accessibility
Why servers need static IPs:
- DNS records point to specific IPs
- Firewall rules reference specific addresses
- Services listen on known IPs
- Clients connect using fixed addresses
MAC vs IP Address Comparison
| Feature | MAC Address | IP Address |
|---|---|---|
| Layer | Layer 2 (Data Link) | Layer 3 (Network) |
| Size | 48 bits | 32 bits (IPv4) |
| Format | 00:1A:2B:3C:4D:5E | 192.168.1.100 |
| Assignment | Burned into hardware | Configured per network |
| Scope | Local network only | Global (routable) |
| Changes | Never (hardware-tied) | Changes per network |
| Purpose | Local frame delivery | Cross-network routing |
Real-world behavior: When you travel with your laptop, the MAC address stays constant (hardware), but you receive new IP addresses at each Wi-Fi network (logical location).
IP Datagrams and Encapsulation
Data transmitted at the network layer is packaged as IP datagrams (also called packets), which contain routing information and payload data.
IP Datagram Structure
Two main components:
1. Header (routing information):
- Typically 20 bytes for IPv4
- Contains addressing and control information
- Processed by every router along the path
2. Payload (actual data):
- The data being transmitted
- Can be TCP segment, UDP datagram, or other Layer 4 protocol
- Maximum total datagram size: 65,535 bytes
IP Header Fields (Key Components)
Version (4 bits):
- Indicates IP version (4 for IPv4, 6 for IPv6)
- Ensures compatibility between devices
Header Length (4 bits):
- Length of IP header in 32-bit words
- Almost always 5 (meaning 20 bytes)
Service Type / Type of Service (8 bits):
- Quality of Service (QoS) indicators
- Prioritizes certain traffic (VoIP, video)
Total Length (16 bits):
- Total datagram size (header + payload)
- Maximum: 65,535 bytes (2^16 – 1)
Identification, Flags, Fragment Offset (32 bits combined):
- Used for fragmentation when datagrams exceed network MTU
- Helps reassemble fragmented packets at destination
- Each fragment gets same ID number for reassembly
TTL – Time to Live (8 bits):
- Starts at value set by sender (typically 64 or 128)
- Decremented by 1 at each router hop
- When TTL reaches 0, packet is discarded (prevents infinite loops)
- Router sends ICMP “Time Exceeded” message back to source
Protocol (8 bits):
- Identifies Layer 4 protocol in payload
- Common values: 6 = TCP, 17 = UDP, 1 = ICMP
Header Checksum (16 bits):
- Error detection for IP header only (not payload)
- Recalculated at each router (since TTL changes)
Source IP Address (32 bits):
- Sender’s IP address
Destination IP Address (32 bits):
- Recipient’s IP address
Encapsulation: Layers Within Layers
IP datagrams don’t travel alone—they’re encapsulated within lower-layer frames:
Layer structure (bottom to top):
┌─────────────────────────────────────────────┐
│ Application Data (HTTP, FTP, etc.) │ Layer 7
└─────────────────────────────────────────────┘
↓ Encapsulated by
┌─────────────────────────────────────────────┐
│ TCP/UDP Header │ Application Data │ Layer 4
└─────────────────────────────────────────────┘
↓ Encapsulated by
┌─────────────────────────────────────────────┐
│ IP Header │ TCP/UDP Header │ App Data │ Layer 3
└─────────────────────────────────────────────┘
↓ Encapsulated by
┌─────────────────────────────────────────────┐
│ Ethernet │ IP Header │ TCP │ Data │ CRC │ Layer 2
└─────────────────────────────────────────────┘
The process:
- Application creates data (email, web page)
- Transport layer adds TCP or UDP header (segments)
- Network layer adds IP header (datagrams/packets)
- Data link layer adds Ethernet frame header and trailer (frames)
- Physical layer transmits as electrical/optical signals (bits)
At each router:
- Ethernet frame is removed (de-encapsulated)
- IP datagram examined for destination
- New Ethernet frame created for next hop (re-encapsulated)
- MAC addresses change, but IP addresses remain constant
🔍 Key Insight: The IP datagram (header + payload) becomes the payload of the Ethernet frame. This layered encapsulation enables different technologies at each layer while maintaining end-to-end IP addressing.
Traditional IP Address Classes
Historically, IPv4 addresses were divided into classes based on the first octet, determining network and host portions.
The Class System
| Class | First Octet | Network Bits | Host Bits | Networks | Hosts per Network | Purpose |
|---|---|---|---|---|---|---|
| A | 0-127 | 8 | 24 | 128 | 16,777,214 | Large organizations |
| B | 128-191 | 16 | 16 | 16,384 | 65,534 | Medium organizations |
| C | 192-223 | 24 | 8 | 2,097,152 | 254 | Small networks |
| D | 224-239 | N/A | N/A | N/A | N/A | Multicast |
| E | 240-255 | N/A | N/A | N/A | N/A | Experimental/Reserved |
Class Details
Class A: Massive Networks
- Range: 0.0.0.0 to 127.255.255.255
- Format: N.H.H.H (N=Network, H=Host)
- Default mask: 255.0.0.0 (/8)
- Example: 10.0.0.0 (entire 10.x.x.x range)
- Use case: Originally for huge organizations, ISPs, governments
Class B: Medium Networks
- Range: 128.0.0.0 to 191.255.255.255
- Format: N.N.H.H
- Default mask: 255.255.0.0 (/16)
- Example: 172.16.0.0 to 172.31.0.0 (private addresses)
- Use case: Universities, large companies
Class C: Small Networks
- Range: 192.0.0.0 to 223.255.255.255
- Format: N.N.N.H
- Default mask: 255.255.255.0 (/24)
- Example: 192.168.1.0 (most home networks)
- Use case: Small businesses, home networks, departments
Class D: Multicast
- Range: 224.0.0.0 to 239.255.255.255
- Purpose: Sending data to multiple recipients simultaneously
- Not assigned to hosts: Used for streaming, video conferencing
- Example: 224.0.0.1 (all hosts on subnet)
Class E: Experimental
- Range: 240.0.0.0 to 255.255.255.255
- Purpose: Reserved for research and future use
- Not used in production: Never assigned to devices
Why Classes Are Obsolete
The problem with classful addressing:
Waste: Class B provided 65,534 addresses—too many for most organizations but not enough for ISPs.
Inflexibility: Fixed boundaries didn’t match real-world needs.
Exhaustion: Inefficient allocation depleted IPv4 address space faster.
The solution: CIDR (Classless Inter-Domain Routing) allows any network size, not limited to class boundaries. We’ll cover CIDR in detail later.
📝 Exam Note: While classes are largely obsolete, CompTIA exams still test Class A/B/C recognition. Know the ranges: A (0-127), B (128-191), C (192-223), D (224-239), E (240-255).
ARP: Bridging IP and MAC Addresses
ARP (Address Resolution Protocol) resolves known IP addresses to unknown MAC addresses, enabling local network communication.
The ARP Problem
Scenario: Your computer (192.168.1.100) wants to send data to another device (192.168.1.50) on the same local network.
What you know: Destination IP address (192.168.1.50)
What you need: Destination MAC address (for Ethernet frame)
The problem: IP addresses operate at Layer 3, but Ethernet frames need Layer 2 MAC addresses for delivery. How do we find the MAC address corresponding to an IP?
How ARP Works
ARP Resolution Process:
- Check ARP cache:
- Computer checks local ARP table for existing IP-to-MAC mapping
- If found, use cached MAC address (skip steps 2-4)
- ARP Request (broadcast):
- Computer sends ARP request to broadcast MAC address (FF:FF:FF:FF:FF:FF)
- Message: “Who has IP 192.168.1.50? Tell 192.168.1.100”
- All devices on local network receive broadcast
- ARP Reply (unicast):
- Device with IP 192.168.1.50 responds directly to requester
- Message: “192.168.1.50 is at MAC 00:1A:2B:3C:4D:5E”
- Sent directly to requester’s MAC address (not broadcast)
- Cache update:
- Both devices update their ARP tables with learned mapping
- Future communication uses cached entry
- Data transmission:
- Original frame now has destination MAC address
- Communication proceeds normally
ARP Cache
What is the ARP cache?
- Local table storing recent IP-to-MAC mappings
- Reduces network traffic by avoiding repeated ARP requests
- Entries have short lifetimes (typically 2-10 minutes)
Why entries expire:
- Devices may change IP addresses (DHCP)
- Devices may leave network
- Keeps cache accurate and current
Viewing Your ARP Table
Windows:
tarp -a
Expected output:
Interface: 192.168.1.100 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-50-56-c0-00-08 dynamic
192.168.1.50 00-1a-2b-3c-4d-5e dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
Interpretation:
- Internet Address: IP address
- Physical Address: Corresponding MAC address
- Type: Dynamic (learned via ARP) or Static (manually configured)
Linux/macOS:
arp -an
ip neigh show
Clear ARP cache (Windows):
arp -d
Useful for troubleshooting stale entries causing connectivity issues.
ARP Security Consideration
ARP spoofing/poisoning attack:
- Malicious device sends fake ARP replies
- Claims to be another device’s IP address
- Intercepts traffic intended for legitimate device
- Man-in-the-middle attack on local network
Mitigation:
- Static ARP entries for critical devices
- ARP monitoring/detection tools
- Network Access Control (NAC)
- Switch port security
⚠️ Security Note: ARP operates without authentication—any device can send ARP replies. On untrusted networks (public Wi-Fi), attackers can easily intercept traffic using ARP poisoning.
Subnet Masks and Subnetting
Subnetting divides a large network into smaller, manageable subnetworks (subnets), improving organization, security, and routing efficiency.
Why Subnetting Matters
Without subnetting:
- Single large broadcast domain (all devices see all broadcasts)
- Difficult to manage thousands of devices
- Security challenges (no network segmentation)
- Inefficient routing
With subnetting:
- ✅ Separate departments/locations logically
- ✅ Reduce broadcast traffic
- ✅ Improve security through network segmentation
- ✅ Efficient IP address allocation
- ✅ Better routing performance
Understanding Subnet Masks
A subnet mask is a 32-bit number that divides an IP address into network/subnet portions and host portions.
Format: Same as IP address (dotted decimal), but with specific pattern of 1s and 0s.
Common subnet masks:
| CIDR | Decimal | Binary | Host Bits | Usable Hosts |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 11111111.00000000.00000000.00000000 | 24 | 16,777,214 |
| /16 | 255.255.0.0 | 11111111.11111111.00000000.00000000 | 16 | 65,534 |
| /24 | 255.255.255.0 | 11111111.11111111.11111111.00000000 | 8 | 254 |
| /25 | 255.255.255.128 | 11111111.11111111.11111111.10000000 | 7 | 126 |
| /26 | 255.255.255.192 | 11111111.11111111.11111111.11000000 | 6 | 62 |
| /27 | 255.255.255.224 | 11111111.11111111.11111111.11100000 | 5 | 30 |
| /28 | 255.255.255.240 | 11111111.11111111.11111111.11110000 | 4 | 14 |
| /30 | 255.255.255.252 | 11111111.11111111.11111111.11111100 | 2 | 2 |
Subnet mask rules:
- Binary representation always starts with consecutive 1s
- Followed by consecutive 0s
- Never alternates between 1s and 0s
- 1s = Network/Subnet portion (fixed)
- 0s = Host portion (variable, for devices)
IP Address Components with Subnetting
An IP address with subnet mask divides into three parts:
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0 (/24)
Components:
- Network ID: 192.168.1 (first 24 bits)
- Subnet ID: (included in above)
- Host ID: 100 (last 8 bits)
Network ID: Identifies the overall network
Subnet ID: Identifies specific subnet within network
Host ID: Identifies individual device within subnet
Calculating Usable Hosts
Formula: 2^(host bits) – 2
Why subtract 2?
- Network address: First address (all host bits = 0) identifies the network itself
- Broadcast address: Last address (all host bits = 1) for broadcasting to all hosts
Examples:
/24 subnet (255.255.255.0):
- Host bits: 8
- Total addresses: 2^8 = 256
- Usable hosts: 256 – 2 = 254
- Network: 192.168.1.0
- Broadcast: 192.168.1.255
- Range: 192.168.1.1 to 192.168.1.254
/27 subnet (255.255.255.224):
- Host bits: 5
- Total addresses: 2^5 = 32
- Usable hosts: 32 – 2 = 30
- Example network: 192.168.1.32
- Broadcast: 192.168.1.63
- Range: 192.168.1.33 to 192.168.1.62
/30 subnet (255.255.255.252):
- Host bits: 2
- Total addresses: 2^2 = 4
- Usable hosts: 4 – 2 = 2
- Perfect for point-to-point links (router-to-router)
- Example: 10.1.1.0/30
- Network: 10.1.1.0
- Usable: 10.1.1.1 and 10.1.1.2
- Broadcast: 10.1.1.3
Step-by-Step Subnetting Calculation
Problem: Determine network ID for IP 192.168.10.75 with mask 255.255.255.224
Step 1: Convert IP to binary
192.168.10.75
11000000.10101000.00001010.01001011
Step 2: Convert mask to binary
255.255.255.224 (/27)
11111111.11111111.11111111.11100000
Step 3: AND operation (bitwise)
IP: 11000000.10101000.00001010.01001011
Mask: 11111111.11111111.11111111.11100000
────────────────────────────────────
AND: 11000000.10101000.00001010.01000000
Step 4: Convert result to decimal
11000000.10101000.00001010.01000000
192.168.10.64
Answer: Network ID is 192.168.10.64/27
Additional info:
- Broadcast address: 192.168.10.95 (all host bits = 1)
- Usable range: 192.168.10.65 to 192.168.10.94
- Total usable hosts: 30
Quick Subnetting Trick (No Binary)
For /24, /25, /26, /27, /28, /30 (common exam scenarios):
Find subnet size: 256 – last octet of mask
Example: /27 (255.255.255.224)
- Subnet size: 256 – 224 = 32
- Networks increment by 32: .0, .32, .64, .96, .128, .160, .192, .224
To find which subnet 192.168.10.75 belongs to:
- Divide 75 by 32 = 2 with remainder
- Network 2 starts at 2 × 32 = 64
- Answer: 192.168.10.64/27 (matches our binary calculation!)
🎯 Pro Tip: Master /24 (most common home/small business), /27 (30 hosts), and /30 (2 hosts for point-to-point). These cover 80% of real-world scenarios.
CIDR: Classless Inter-Domain Routing
CIDR (Classless Inter-Domain Routing) replaced the rigid class system with flexible, variable-length subnet masks, enabling efficient IP address allocation.
CIDR Notation
Format: IP address / prefix length
Examples:
192.168.1.0/24= 255.255.255.0 mask10.0.0.0/8= 255.0.0.0 mask172.16.0.0/12= 255.240.0.0 mask192.168.10.64/27= 255.255.255.224 mask
The number after the slash indicates how many bits (from left) are the network/subnet portion.
CIDR Advantages
Flexibility:
- Create networks of any size, not limited to /8, /16, /24
- Allocate exactly the number of addresses needed
- Example: Need 50 hosts? Use /26 (62 usable) instead of wasteful /24 (254 usable)
Efficiency:
- Reduces wasted IP addresses
- Slows IPv4 address exhaustion
- Better utilization of limited address space
Routing optimization:
- Route aggregation (summarization): Combine multiple networks into single routing entry
- Reduces routing table size
- Improves router performance
- Example: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 → summarize as 192.168.0.0/22
CIDR Examples
Scenario 1: Small office needs 60 computers
Class-based (old way):
- Must use Class C: /24 = 254 usable hosts
- Waste: 254 – 60 = 194 unused addresses
CIDR (modern way):
- Use /26 = 62 usable hosts
- Waste: 62 – 60 = 2 unused addresses
- Freed addresses can be assigned to other subnets
Scenario 2: ISP allocating to customers
Without CIDR:
- Customer needs 5,000 addresses
- Can’t use Class C (only 254 hosts)
- Must assign Class B (65,534 hosts)
- Waste: 60,534 addresses
With CIDR:
- Calculate required bits: Need ~5,000 hosts
- 2^13 = 8,192 (sufficient)
- Assign /19 (32 – 19 = 13 host bits)
- Provides 8,190 usable addresses
- Much more efficient than full Class B
📊 Industry Impact: CIDR, implemented in 1993, extended IPv4’s lifespan by decades through efficient address allocation. Without CIDR, IPv4 exhaustion would have occurred in the late 1990s.
How Routing Works
Routers connect networks and forward packets between them based on destination IP addresses, enabling global internet communication.
Router Basics
What is a router?
- Layer 3 network device
- Connects two or more networks
- Makes forwarding decisions based on IP addresses
- Has at least two network interfaces (one per connected network)
Router vs Switch:
| Feature | Router | Switch |
|---|---|---|
| Layer | Layer 3 (Network) | Layer 2 (Data Link) |
| Addressing | IP addresses | MAC addresses |
| Scope | Between networks | Within single network |
| Broadcast domain | Separates | Same |
| Intelligence | Routes to distant networks | Forwards locally |
The Gateway Router
A gateway router (or default gateway) is the router that devices use to reach networks outside their local subnet.
Device perspective:
- Local traffic: Sent directly to destination (same subnet)
- Remote traffic: Sent to default gateway (different subnet)
Determining local vs remote:
Device performs AND operation on destination IP and local subnet mask:
- If result matches device’s network ID → local (ARP for MAC, send directly)
- If result differs → remote (send to default gateway)
Example:
Device: 192.168.1.100/24
Gateway: 192.168.1.1
Destination A: 192.168.1.50 (same subnet)
→ ARP for 192.168.1.50, send directly
Destination B: 8.8.8.8 (Google DNS, remote)
→ Send to gateway 192.168.1.1, let router forward
Routing Process Step-by-Step
Scenario: Computer A (192.168.1.100) wants to reach web server (8.8.8.8)
Step 1: Source determines remote destination
- Computer A compares 8.8.8.8 against its subnet (192.168.1.0/24)
- Different network → send to default gateway (192.168.1.1)
Step 2: ARP for gateway
- Computer A performs ARP for 192.168.1.1
- Learns gateway MAC address
Step 3: Encapsulate and send
- Creates IP datagram with source 192.168.1.100, destination 8.8.8.8
- Wraps in Ethernet frame with destination MAC = gateway’s MAC
- Sends frame to gateway
Step 4: Router receives and de-encapsulates
- Router receives frame on interface 1
- Strips Ethernet frame
- Examines IP datagram destination (8.8.8.8)
Step 5: Router consults routing table
- Looks up 8.8.8.8 in routing table
- Finds best match (default route 0.0.0.0/0 → next hop 203.0.113.1)
Step 6: Router forwards
- Decrements TTL by 1
- Recalculates checksum
- Determines next-hop router’s MAC via ARP
- Creates new Ethernet frame with destination MAC = next router
- Forwards on appropriate interface
Step 7: Repeat through multiple hops
- Each router repeats steps 4-6
- Packet hops through multiple routers
- Eventually reaches destination network
Step 8: Final delivery
- Last router recognizes destination on directly connected network
- ARPs for destination device
- Delivers packet
Routing Tables
A routing table is a database telling routers where to forward packets for various destination networks.
Key columns:
| Destination Network | Subnet Mask | Next Hop | Metric (Hops) | Interface |
|---|---|---|---|---|
| 192.168.1.0 | 255.255.255.0 | Directly connected | 0 | eth0 |
| 10.0.0.0 | 255.255.255.0 | 192.168.1.2 | 1 | eth0 |
| 172.16.0.0 | 255.255.0.0 | 192.168.1.3 | 2 | eth0 |
| 0.0.0.0 | 0.0.0.0 | 192.168.1.1 | 0 | eth0 |
Column meanings:
Destination Network: Target network IP
Subnet Mask: Network’s mask
Next Hop: IP of next router (or “directly connected”)
Metric: Cost to reach (often hop count—lower is better)
Interface: Which router interface to use
Special routes:
Directly connected: Networks the router has interfaces on
Default route (0.0.0.0/0): Catch-all for destinations not explicitly listed (typically points to ISP)
Routing Decisions
How routers choose paths:
- Most specific match wins: Longer prefix length preferred
- /32 beats /24 beats /16 beats /8 beats /0
- Lowest metric (fewest hops): If multiple routes to same destination
- Load balancing: If equal-cost paths exist, distribute traffic
Example routing decision:
Destination: 192.168.1.50
Routing table entries:
A. 192.168.0.0/16 → Next hop X
B. 192.168.1.0/24 → Next hop Y
Choice: B (more specific match /24 vs /16)
Multi-Hop Routing
Most internet traffic traverses multiple routers (hops):
Your Computer → Home Router → ISP Router → Regional Router →
Internet Backbone → Destination ISP → Destination Router → Web Server
Trace route command shows the path:
Windows:
tracert google.com
Linux/macOS:
traceroute google.com
Example output:
1 <1 ms 192.168.1.1 (Home router)
2 15 ms 10.1.1.1 (ISP gateway)
3 18 ms 72.14.236.1 (ISP backbone)
4 25 ms 108.170.252.1 (Google edge)
5 26 ms 8.8.8.8 (Google DNS)
Each line shows one hop (router) along the path.
Routing Protocols
Routers share routing information using routing protocols:
Interior Gateway Protocols (IGP): Within single organization
- RIP (Routing Information Protocol): Simple, distance-vector, hop count metric, max 15 hops
- OSPF (Open Shortest Path First): Link-state, fast convergence, scalable, commonly used
Exterior Gateway Protocols (EGP): Between organizations
- BGP (Border Gateway Protocol): Internet backbone routing, path-vector, policy-based
Dynamic vs Static:
- Dynamic routing: Routers automatically share and update routes
- Static routing: Administrator manually configures routes (small networks)
🌐 Internet Scale: The global internet uses BGP to interconnect tens of thousands of autonomous systems (ISPs, large corporations, cloud providers), creating redundant mesh topology for reliability.
Private IP Addresses and NAT
IPv4’s 32-bit address space provides only ~4.3 billion addresses—insufficient for billions of devices worldwide. Private IP addresses and NAT enable address conservation.
RFC 1918 Private Address Ranges
Three blocks of IP addresses reserved for private use (never routed on public internet):
| Class | Range | CIDR | Total Addresses | Common Use |
|---|---|---|---|---|
| Class A | 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | 16,777,216 | Large enterprises |
| Class B | 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | 1,048,576 | Medium organizations |
| Class C | 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | 65,536 | Home networks |
Characteristics:
- Not routable: Public internet routers drop packets with private IPs
- Reusable: Every organization can use same private ranges
- Internal only: Devices with private IPs can’t directly access internet
NAT: Network Address Translation
NAT translates private IP addresses to public IP addresses, enabling multiple devices to share a single public IP.
How NAT works:
Outbound (private → public):
- Device (192.168.1.100) sends packet to internet (destination 8.8.8.8)
- NAT router receives packet
- Replaces source IP with router’s public IP (203.0.113.50)
- Tracks translation in NAT table
- Forwards modified packet to internet
Inbound (public → private):
- Reply arrives at router from 8.8.8.8 to 203.0.113.50
- Router checks NAT table
- Finds original private IP (192.168.1.100)
- Replaces destination IP with private IP
- Forwards to internal device
NAT table example:
| Private IP:Port | Public IP:Port | Destination | Timestamp |
|---|---|---|---|
| 192.168.1.100:54321 | 203.0.113.50:54321 | 8.8.8.8:443 | 10:30:15 |
| 192.168.1.105:49152 | 203.0.113.50:49152 | 1.1.1.1:53 | 10:30:18 |
NAT types:
Static NAT: One-to-one mapping (one private IP permanently maps to one public IP)
Dynamic NAT: Pool of public IPs dynamically assigned
PAT (Port Address Translation): Most common—many private IPs share one public IP using port numbers
Advantages:
- ✅ Conserves public IPv4 addresses
- ✅ Provides basic security (hides internal structure)
- ✅ Allows IP renumbering without external changes
Disadvantages:
- ❌ Breaks end-to-end connectivity
- ❌ Complicates incoming connections (port forwarding needed)
- ❌ Issues with some protocols (VoIP, P2P)
🏠 Home Network Reality: Your home router performs NAT—all devices use 192.168.x.x addresses internally but share your ISP’s single public IP externally.
Practical Commands and Tools
View Your IP Configuration
Windows:
ipconfig
Output:
Ethernet adapter Local Area Connection:
IPv4 Address. . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Detailed info:
ipconfig /all
Shows DNS servers, DHCP status, MAC address, lease times.
Linux/macOS:
ip addr show
ifconfig
Test Connectivity
Ping (ICMP echo):
ping 8.8.8.8
Tests reachability and measures round-trip time.
Trace route:
tracert google.com # Windows
traceroute google.com # Linux/macOS
Shows path packets take through routers.
View Routing Table
Windows:
route print
Linux/macOS:
ip route show
route -n
netstat -rn
Shows how your computer routes traffic.
DNS Lookup
Windows/Linux/macOS:
nslookup google.com
Resolves domain names to IP addresses.
🔧 Troubleshooting Workflow: Can’t reach website? (1) Ping default gateway—tests local network. (2) Ping public DNS (8.8.8.8)—tests internet connectivity. (3) Nslookup domain—tests DNS resolution. (4) Tracert domain—identifies where packets fail.
Key Takeaways
🌐 IP addresses provide hierarchical, logical addressing that scales globally by organizing networks into manageable hierarchies, unlike flat MAC addresses that only work on local networks.
🔢 Subnet masks divide IP addresses into network and host portions using binary AND operations—mastering this concept (preferably understanding the binary) is essential for calculating subnets, understanding routing, and troubleshooting network issues.
📊 CIDR replaced rigid class boundaries with flexible subnet masks allowing efficient IP allocation (like /27 for 30 hosts instead of wasteful /24 for 254), extending IPv4’s lifespan through better address utilization.
🔄 Routers forward packets based on destination IPs and routing tables by comparing destinations against table entries, choosing most specific matches, and decrementing TTL at each hop to prevent infinite routing loops.
🏠 Private IP addresses (10.x.x.x, 172.16-31.x.x, 192.168.x.x) with NAT enable billions of devices to share limited public IPv4 space by translating private addresses to public addresses at network boundaries.
Frequently Asked Questions
Q: What’s the difference between a subnet mask and CIDR notation?
A: They represent the same information differently. 255.255.255.0 (subnet mask in decimal) equals /24 (CIDR prefix length). CIDR is shorter and more commonly used in modern networking.
Q: Why do we subtract 2 when calculating usable hosts?
A: The first address (all host bits 0) is the network address identifying the subnet itself. The last address (all host bits 1) is the broadcast address for sending to all hosts. Neither can be assigned to devices.
Q: Can I use any private IP range at home?
A: Yes, but most home routers default to 192.168.0.x or 192.168.1.x for simplicity. You could use 10.x.x.x or 172.16-31.x.x, but there’s rarely a reason unless you have conflicts or specific requirements.
Q: What happens when TTL reaches 0?
A: The router discards the packet and sends an ICMP “Time Exceeded” message back to the source. This prevents packets from circulating forever in routing loops. Traceroute exploits this behavior to map routes.
Q: Do I need to memorize binary conversion for subnetting?
A: Not necessarily. Learn the bit position values (128, 64, 32, 16, 8, 4, 2, 1) and recognize common subnet masks (/24, /27, /30). For exams, practice the “256 minus last octet” shortcut for quick calculations.
Q: Why is 127.0.0.1 special?
A: 127.0.0.1 is the loopback address—traffic sent here never leaves your computer. It’s used for testing network software without actual network hardware. The entire 127.0.0.0/8 range is reserved for loopback.
Next Steps: Building Network Layer Expertise
Week 1-2: Fundamentals
- Practice binary-to-decimal conversion
- Memorize common subnet masks
- Calculate usable hosts for /24, /27, /30
- View your own IP configuration
Week 3-4: Subnetting practice
- Work through subnetting problems
- Use subnet calculators to verify answers
- Practice CIDR notation conversions
- Calculate network/broadcast addresses
Week 5-6: Routing understanding
- View routing tables on your devices
- Use traceroute to map internet paths
- Understand default gateway concept
- Learn routing protocol basics
Week 7-8: Advanced topics
- Study VLSM (Variable Length Subnet Masks)
- Practice route summarization
- Explore IPv6 addressing
- Understand NAT variations (static, dynamic, PAT)
Certifications:
- CompTIA Network+: Comprehensive network layer coverage
- Cisco CCNA: Deep routing and subnetting focus
- CompTIA A+: Basic IP addressing for support roles
Related Topics:
- “IPv6 Explained: Why We’re Moving Beyond IPv4”
- “VLSM and Route Summarization: Advanced Subnetting”
- “Dynamic Routing Protocols: OSPF vs RIP vs BGP”
- “TCP/IP Deep Dive: Understanding the Protocol Stack”
Have questions about subnetting calculations or routing concepts? Drop a comment with your specific scenario—I respond to every question and help troubleshoot networking confusion!
The network layer powers global internet connectivity through elegant addressing, efficient subnetting, and intelligent routing. Master IP addressing fundamentals, practice subnetting calculations, understand routing basics, and you’ll possess the core knowledge underlying every internet connection. Share this guide with others learning networking essentials!
