Network Layer: IP Addresses, Subnetting, and Routing Explained

Billions of devices communicate across the internet every second, yet most users never consider the invisible addressing system making these connections possible. While local networks use MAC addresses to identify hardware, global communication requires a more flexible system: IP addresses and the network layer protocols that route data across continents in milliseconds.

Understanding the network layer—how IP addresses work, how subnets divide networks, and how routers forward packets—is fundamental to IT careers. Whether you’re troubleshooting connectivity issues, designing network infrastructure, or preparing for CompTIA Network+ certification, mastering these concepts separates effective network administrators from those constantly struggling with basic connectivity problems.

Reading Time: 18 minutes

What You’ll Learn:

• How IP addresses identify devices on global networks
• IP datagram structure and encapsulation
• Traditional IP address classes (A, B, C, D, E)
• ARP protocol for IP-to-MAC address resolution
• Subnet masks and subnetting calculations
• Binary math for networking (simplified)
• CIDR notation and classless routing
• How routers forward packets using routing tables
• Private IP addresses and NAT (Network Address Translation)
• Practical commands to examine your network configuration

Prerequisites: Basic understanding of networks and the OSI model helpful but not required. We’ll build from fundamentals.

Why MAC Addresses Aren’t Enough

Local Area Networks (LANs) use MAC (Media Access Control) addresses to identify devices on the same physical network segment. Every network interface card has a unique 48-bit MAC address (like 00:1A:2B:3C:4D:5E) burned into hardware during manufacturing.

MAC addresses work perfectly for local communication:

• Switch receives frame with destination MAC
• Switch checks MAC address table
• Switch forwards frame to correct port
• Destination device receives frame

But MAC addresses fail at scale:

Problem 1: No hierarchical structure

• MAC addresses are flat, with no geographic or organizational grouping
• Can’t create efficient routing tables for billions of devices
• Every router would need to know every MAC address globally (impossible)

Problem 2: Hardware-tied addresses

• MAC addresses permanently tied to specific hardware
• Moving a device requires updating countless routing entries
• No way to organize addresses by network location

Problem 3: Not routable

• MAC addresses work only on local network segments
• Can’t cross router boundaries
• Limited to single broadcast domain

The solution: IP addresses provide hierarchical, logical addressing that scales globally while remaining independent of physical hardware.

💡 Key Concept: MAC addresses identify hardware (Layer 2), while IP addresses identify network locations (Layer 3). Both are necessary—MAC for local delivery, IP for routing across networks.

What is an IP Address?

An IP address (IPv4) is a 32-bit number identifying a device’s logical location on a network, written in human-readable dotted decimal notation.

Dotted Decimal Notation

Format: Four numbers (octets) separated by dots, each ranging from 0 to 255.

Example IP address: 192.168.1.100

Breaking it down:

• 192 – First octet (8 bits)
• 168 – Second octet (8 bits)
• 1 – Third octet (8 bits)
• 100 – Fourth octet (8 bits)

Total: 32 bits (4 octets × 8 bits each)

Binary Representation

Computers process IP addresses as binary (base 2) numbers:

Decimal: 192.168.1.100

Binary: 11000000.10101000.00000001.01100100

Understanding the conversion:

Why binary matters: Subnetting calculations, subnet masks, and routing decisions all operate on binary representations.

Binary Math Basics for Networking

Binary uses only two digits: 0 and 1

Counting in binary:

• Decimal 0 = Binary 0
• Decimal 1 = Binary 1
• Decimal 2 = Binary 10
• Decimal 3 = Binary 11
• Decimal 4 = Binary 100
• Decimal 5 = Binary 101

Bit positions and values (8-bit octet):

Calculating total possible values:

Formula: 2^n where n = number of bits

• 4 bits: 2^4 = 16 values (0-15)
• 8 bits: 2^8 = 256 values (0-255)
• 32 bits: 2^32 = 4,294,967,296 possible IPv4 addresses

The AND operator (critical for subnetting):

The AND operation compares two bits and returns 1 only if both bits are 1:

Why it matters: Subnet masks use AND operations to extract network portions from IP addresses.

📚 Study Tip: Don’t memorize binary conversions—learn the bit position values (128, 64, 32, 16, 8, 4, 2, 1) and add them. Example: 192 = 128 + 64, so binary is 11000000.

Dynamic vs Static IP Assignment

Dynamic IP addresses (DHCP):

• Automatically assigned when device joins network
• DHCP (Dynamic Host Configuration Protocol) server provides IP
• Address may change when lease expires or device reconnects
• Used for most client devices (laptops, phones, tablets)

DHCP process (simplified):

1. Device broadcasts “DHCP Discover” request
2. DHCP server responds with “DHCP Offer” (available IP)
3. Device requests offered IP with “DHCP Request”
4. Server confirms with “DHCP Acknowledgment”

Static IP addresses:

• Manually configured on device
• Never changes unless manually reconfigured
• Required for servers, printers, routers, network infrastructure
• Ensures consistent accessibility

Why servers need static IPs:

• DNS records point to specific IPs
• Firewall rules reference specific addresses
• Services listen on known IPs
• Clients connect using fixed addresses

MAC vs IP Address Comparison

Real-world behavior: When you travel with your laptop, the MAC address stays constant (hardware), but you receive new IP addresses at each Wi-Fi network (logical location).

IP Datagrams and Encapsulation

Data transmitted at the network layer is packaged as IP datagrams (also called packets), which contain routing information and payload data.

IP Datagram Structure

Two main components:

1. Header (routing information):

• Typically 20 bytes for IPv4
• Contains addressing and control information
• Processed by every router along the path

2. Payload (actual data):

• The data being transmitted
• Can be TCP segment, UDP datagram, or other Layer 4 protocol
• Maximum total datagram size: 65,535 bytes

IP Header Fields (Key Components)

Version (4 bits):

• Indicates IP version (4 for IPv4, 6 for IPv6)
• Ensures compatibility between devices

Header Length (4 bits):

• Length of IP header in 32-bit words
• Almost always 5 (meaning 20 bytes)

Service Type / Type of Service (8 bits):

• Quality of Service (QoS) indicators
• Prioritizes certain traffic (VoIP, video)

Total Length (16 bits):

• Total datagram size (header + payload)
• Maximum: 65,535 bytes (2^16 – 1)

Identification, Flags, Fragment Offset (32 bits combined):

• Used for fragmentation when datagrams exceed network MTU
• Helps reassemble fragmented packets at destination
• Each fragment gets same ID number for reassembly

TTL – Time to Live (8 bits):

• Starts at value set by sender (typically 64 or 128)
• Decremented by 1 at each router hop
• When TTL reaches 0, packet is discarded (prevents infinite loops)
• Router sends ICMP “Time Exceeded” message back to source

Protocol (8 bits):

• Identifies Layer 4 protocol in payload
• Common values: 6 = TCP, 17 = UDP, 1 = ICMP

Header Checksum (16 bits):

• Error detection for IP header only (not payload)
• Recalculated at each router (since TTL changes)

Source IP Address (32 bits):

• Sender’s IP address

Destination IP Address (32 bits):

• Recipient’s IP address

Encapsulation: Layers Within Layers

IP datagrams don’t travel alone—they’re encapsulated within lower-layer frames:

Layer structure (bottom to top):

┌─────────────────────────────────────────────┐
│    Application Data (HTTP, FTP, etc.)      │ Layer 7
└─────────────────────────────────────────────┘
                    ↓ Encapsulated by
┌─────────────────────────────────────────────┐
│  TCP/UDP Header │  Application Data         │ Layer 4
└─────────────────────────────────────────────┘
                    ↓ Encapsulated by
┌─────────────────────────────────────────────┐
│ IP Header │ TCP/UDP Header │ App Data       │ Layer 3
└─────────────────────────────────────────────┘
                    ↓ Encapsulated by
┌─────────────────────────────────────────────┐
│ Ethernet │ IP Header │ TCP │ Data │ CRC     │ Layer 2
└─────────────────────────────────────────────┘

The process:

1. Application creates data (email, web page)
2. Transport layer adds TCP or UDP header (segments)
3. Network layer adds IP header (datagrams/packets)
4. Data link layer adds Ethernet frame header and trailer (frames)
5. Physical layer transmits as electrical/optical signals (bits)

At each router:

• Ethernet frame is removed (de-encapsulated)
• IP datagram examined for destination
• New Ethernet frame created for next hop (re-encapsulated)
• MAC addresses change, but IP addresses remain constant

🔍 Key Insight: The IP datagram (header + payload) becomes the payload of the Ethernet frame. This layered encapsulation enables different technologies at each layer while maintaining end-to-end IP addressing.

Traditional IP Address Classes

Historically, IPv4 addresses were divided into classes based on the first octet, determining network and host portions.

The Class System

Class Details

Class A: Massive Networks

• Range: 0.0.0.0 to 127.255.255.255
• Format: N.H.H.H (N=Network, H=Host)
• Default mask: 255.0.0.0 (/8)
• Example: 10.0.0.0 (entire 10.x.x.x range)
• Use case: Originally for huge organizations, ISPs, governments

Class B: Medium Networks

• Range: 128.0.0.0 to 191.255.255.255
• Format: N.N.H.H
• Default mask: 255.255.0.0 (/16)
• Example: 172.16.0.0 to 172.31.0.0 (private addresses)
• Use case: Universities, large companies

Class C: Small Networks

• Range: 192.0.0.0 to 223.255.255.255
• Format: N.N.N.H
• Default mask: 255.255.255.0 (/24)
• Example: 192.168.1.0 (most home networks)
• Use case: Small businesses, home networks, departments

Class D: Multicast

• Range: 224.0.0.0 to 239.255.255.255
• Purpose: Sending data to multiple recipients simultaneously
• Not assigned to hosts: Used for streaming, video conferencing
• Example: 224.0.0.1 (all hosts on subnet)

Class E: Experimental

• Range: 240.0.0.0 to 255.255.255.255
• Purpose: Reserved for research and future use
• Not used in production: Never assigned to devices

Why Classes Are Obsolete

The problem with classful addressing:

Waste: Class B provided 65,534 addresses—too many for most organizations but not enough for ISPs.

Inflexibility: Fixed boundaries didn’t match real-world needs.

Exhaustion: Inefficient allocation depleted IPv4 address space faster.

The solution: CIDR (Classless Inter-Domain Routing) allows any network size, not limited to class boundaries. We’ll cover CIDR in detail later.

📝 Exam Note: While classes are largely obsolete, CompTIA exams still test Class A/B/C recognition. Know the ranges: A (0-127), B (128-191), C (192-223), D (224-239), E (240-255).

ARP: Bridging IP and MAC Addresses

ARP (Address Resolution Protocol) resolves known IP addresses to unknown MAC addresses, enabling local network communication.

The ARP Problem

Scenario: Your computer (192.168.1.100) wants to send data to another device (192.168.1.50) on the same local network.

What you know: Destination IP address (192.168.1.50)

What you need: Destination MAC address (for Ethernet frame)

The problem: IP addresses operate at Layer 3, but Ethernet frames need Layer 2 MAC addresses for delivery. How do we find the MAC address corresponding to an IP?

How ARP Works

ARP Resolution Process:

1. Check ARP cache:
   • Computer checks local ARP table for existing IP-to-MAC mapping
   • If found, use cached MAC address (skip steps 2-4)
2. ARP Request (broadcast):
   • Computer sends ARP request to broadcast MAC address (FF:FF:FF:FF:FF:FF)
   • Message: “Who has IP 192.168.1.50? Tell 192.168.1.100”
   • All devices on local network receive broadcast
3. ARP Reply (unicast):
   • Device with IP 192.168.1.50 responds directly to requester
   • Message: “192.168.1.50 is at MAC 00:1A:2B:3C:4D:5E”
   • Sent directly to requester’s MAC address (not broadcast)
4. Cache update:
   • Both devices update their ARP tables with learned mapping
   • Future communication uses cached entry
5. Data transmission:
   • Original frame now has destination MAC address
   • Communication proceeds normally

ARP Cache

What is the ARP cache?

• Local table storing recent IP-to-MAC mappings
• Reduces network traffic by avoiding repeated ARP requests
• Entries have short lifetimes (typically 2-10 minutes)

Why entries expire:

• Devices may change IP addresses (DHCP)
• Devices may leave network
• Keeps cache accurate and current

Viewing Your ARP Table

Windows:

tarp -a

Expected output:

Interface: 192.168.1.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-50-56-c0-00-08     dynamic
  192.168.1.50          00-1a-2b-3c-4d-5e     dynamic
  192.168.1.255         ff-ff-ff-ff-ff-ff     static

Interpretation:

• Internet Address: IP address
• Physical Address: Corresponding MAC address
• Type: Dynamic (learned via ARP) or Static (manually configured)

Linux/macOS:

arp -an
ip neigh show

Clear ARP cache (Windows):

arp -d

Useful for troubleshooting stale entries causing connectivity issues.

ARP Security Consideration

ARP spoofing/poisoning attack:

• Malicious device sends fake ARP replies
• Claims to be another device’s IP address
• Intercepts traffic intended for legitimate device
• Man-in-the-middle attack on local network

Mitigation:

• Static ARP entries for critical devices
• ARP monitoring/detection tools
• Network Access Control (NAC)
• Switch port security

⚠️ Security Note: ARP operates without authentication—any device can send ARP replies. On untrusted networks (public Wi-Fi), attackers can easily intercept traffic using ARP poisoning.

Subnet Masks and Subnetting

Subnetting divides a large network into smaller, manageable subnetworks (subnets), improving organization, security, and routing efficiency.

Why Subnetting Matters

Without subnetting:

• Single large broadcast domain (all devices see all broadcasts)
• Difficult to manage thousands of devices
• Security challenges (no network segmentation)
• Inefficient routing

With subnetting:

• ✅ Separate departments/locations logically
• ✅ Reduce broadcast traffic
• ✅ Improve security through network segmentation
• ✅ Efficient IP address allocation
• ✅ Better routing performance

Understanding Subnet Masks

A subnet mask is a 32-bit number that divides an IP address into network/subnet portions and host portions.

Format: Same as IP address (dotted decimal), but with specific pattern of 1s and 0s.

Common subnet masks:

Subnet mask rules:

1. Binary representation always starts with consecutive 1s
2. Followed by consecutive 0s
3. Never alternates between 1s and 0s
4. 1s = Network/Subnet portion (fixed)
5. 0s = Host portion (variable, for devices)

IP Address Components with Subnetting

An IP address with subnet mask divides into three parts:

IP Address:    192.168.1.100
Subnet Mask:   255.255.255.0 (/24)

Components:
- Network ID:  192.168.1     (first 24 bits)
- Subnet ID:   (included in above)
- Host ID:     100            (last 8 bits)

Network ID: Identifies the overall network
Subnet ID: Identifies specific subnet within network
Host ID: Identifies individual device within subnet

Calculating Usable Hosts

Formula: 2^(host bits) – 2

Why subtract 2?

• Network address: First address (all host bits = 0) identifies the network itself
• Broadcast address: Last address (all host bits = 1) for broadcasting to all hosts

Examples:

/24 subnet (255.255.255.0):

• Host bits: 8
• Total addresses: 2^8 = 256
• Usable hosts: 256 – 2 = 254
• Network: 192.168.1.0
• Broadcast: 192.168.1.255
• Range: 192.168.1.1 to 192.168.1.254

/27 subnet (255.255.255.224):

• Host bits: 5
• Total addresses: 2^5 = 32
• Usable hosts: 32 – 2 = 30
• Example network: 192.168.1.32
• Broadcast: 192.168.1.63
• Range: 192.168.1.33 to 192.168.1.62

/30 subnet (255.255.255.252):

• Host bits: 2
• Total addresses: 2^2 = 4
• Usable hosts: 4 – 2 = 2
• Perfect for point-to-point links (router-to-router)
• Example: 10.1.1.0/30
• Network: 10.1.1.0
• Usable: 10.1.1.1 and 10.1.1.2
• Broadcast: 10.1.1.3

Step-by-Step Subnetting Calculation

Problem: Determine network ID for IP 192.168.10.75 with mask 255.255.255.224

Step 1: Convert IP to binary

192.168.10.75
11000000.10101000.00001010.01001011

Step 2: Convert mask to binary

255.255.255.224 (/27)
11111111.11111111.11111111.11100000

Step 3: AND operation (bitwise)

IP:    11000000.10101000.00001010.01001011
Mask:  11111111.11111111.11111111.11100000
       ────────────────────────────────────
AND:   11000000.10101000.00001010.01000000

Step 4: Convert result to decimal

11000000.10101000.00001010.01000000
192.168.10.64

Answer: Network ID is 192.168.10.64/27

Additional info:

• Broadcast address: 192.168.10.95 (all host bits = 1)
• Usable range: 192.168.10.65 to 192.168.10.94
• Total usable hosts: 30

Quick Subnetting Trick (No Binary)

For /24, /25, /26, /27, /28, /30 (common exam scenarios):

Find subnet size: 256 – last octet of mask

Example: /27 (255.255.255.224)

• Subnet size: 256 – 224 = 32
• Networks increment by 32: .0, .32, .64, .96, .128, .160, .192, .224

To find which subnet 192.168.10.75 belongs to:

• Divide 75 by 32 = 2 with remainder
• Network 2 starts at 2 × 32 = 64
• Answer: 192.168.10.64/27 (matches our binary calculation!)

🎯 Pro Tip: Master /24 (most common home/small business), /27 (30 hosts), and /30 (2 hosts for point-to-point). These cover 80% of real-world scenarios.

CIDR: Classless Inter-Domain Routing

CIDR (Classless Inter-Domain Routing) replaced the rigid class system with flexible, variable-length subnet masks, enabling efficient IP address allocation.

CIDR Notation

Format: IP address / prefix length

Examples:

• 192.168.1.0/24 = 255.255.255.0 mask
• 10.0.0.0/8 = 255.0.0.0 mask
• 172.16.0.0/12 = 255.240.0.0 mask
• 192.168.10.64/27 = 255.255.255.224 mask

The number after the slash indicates how many bits (from left) are the network/subnet portion.

CIDR Advantages

Flexibility:

• Create networks of any size, not limited to /8, /16, /24
• Allocate exactly the number of addresses needed
• Example: Need 50 hosts? Use /26 (62 usable) instead of wasteful /24 (254 usable)

Efficiency:

• Reduces wasted IP addresses
• Slows IPv4 address exhaustion
• Better utilization of limited address space

Routing optimization:

• Route aggregation (summarization): Combine multiple networks into single routing entry
• Reduces routing table size
• Improves router performance
• Example: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 → summarize as 192.168.0.0/22

CIDR Examples

Scenario 1: Small office needs 60 computers

Class-based (old way):

• Must use Class C: /24 = 254 usable hosts
• Waste: 254 – 60 = 194 unused addresses

CIDR (modern way):

• Use /26 = 62 usable hosts
• Waste: 62 – 60 = 2 unused addresses
• Freed addresses can be assigned to other subnets

Scenario 2: ISP allocating to customers

Without CIDR:

• Customer needs 5,000 addresses
• Can’t use Class C (only 254 hosts)
• Must assign Class B (65,534 hosts)
• Waste: 60,534 addresses

With CIDR:

• Calculate required bits: Need ~5,000 hosts
• 2^13 = 8,192 (sufficient)
• Assign /19 (32 – 19 = 13 host bits)
• Provides 8,190 usable addresses
• Much more efficient than full Class B

📊 Industry Impact: CIDR, implemented in 1993, extended IPv4’s lifespan by decades through efficient address allocation. Without CIDR, IPv4 exhaustion would have occurred in the late 1990s.

How Routing Works

Routers connect networks and forward packets between them based on destination IP addresses, enabling global internet communication.

Router Basics

What is a router?

• Layer 3 network device
• Connects two or more networks
• Makes forwarding decisions based on IP addresses
• Has at least two network interfaces (one per connected network)

Router vs Switch:

The Gateway Router

A gateway router (or default gateway) is the router that devices use to reach networks outside their local subnet.

Device perspective:

• Local traffic: Sent directly to destination (same subnet)
• Remote traffic: Sent to default gateway (different subnet)

Determining local vs remote:

Device performs AND operation on destination IP and local subnet mask:

• If result matches device’s network ID → local (ARP for MAC, send directly)
• If result differs → remote (send to default gateway)

Example:

Device: 192.168.1.100/24
Gateway: 192.168.1.1

Destination A: 192.168.1.50 (same subnet)
→ ARP for 192.168.1.50, send directly

Destination B: 8.8.8.8 (Google DNS, remote)
→ Send to gateway 192.168.1.1, let router forward

Routing Process Step-by-Step

Scenario: Computer A (192.168.1.100) wants to reach web server (8.8.8.8)

Step 1: Source determines remote destination

• Computer A compares 8.8.8.8 against its subnet (192.168.1.0/24)
• Different network → send to default gateway (192.168.1.1)

Step 2: ARP for gateway

• Computer A performs ARP for 192.168.1.1
• Learns gateway MAC address

Step 3: Encapsulate and send

• Creates IP datagram with source 192.168.1.100, destination 8.8.8.8
• Wraps in Ethernet frame with destination MAC = gateway’s MAC
• Sends frame to gateway

Step 4: Router receives and de-encapsulates

• Router receives frame on interface 1
• Strips Ethernet frame
• Examines IP datagram destination (8.8.8.8)

Step 5: Router consults routing table

• Looks up 8.8.8.8 in routing table
• Finds best match (default route 0.0.0.0/0 → next hop 203.0.113.1)

Step 6: Router forwards

• Decrements TTL by 1
• Recalculates checksum
• Determines next-hop router’s MAC via ARP
• Creates new Ethernet frame with destination MAC = next router
• Forwards on appropriate interface

Step 7: Repeat through multiple hops

• Each router repeats steps 4-6
• Packet hops through multiple routers
• Eventually reaches destination network

Step 8: Final delivery

• Last router recognizes destination on directly connected network
• ARPs for destination device
• Delivers packet

Routing Tables

A routing table is a database telling routers where to forward packets for various destination networks.

Key columns:

Column meanings:

Destination Network: Target network IP
Subnet Mask: Network’s mask
Next Hop: IP of next router (or “directly connected”)
Metric: Cost to reach (often hop count—lower is better)
Interface: Which router interface to use

Special routes:

Directly connected: Networks the router has interfaces on
Default route (0.0.0.0/0): Catch-all for destinations not explicitly listed (typically points to ISP)

Routing Decisions

How routers choose paths:

1. Most specific match wins: Longer prefix length preferred
   • /32 beats /24 beats /16 beats /8 beats /0
2. Lowest metric (fewest hops): If multiple routes to same destination
3. Load balancing: If equal-cost paths exist, distribute traffic

Example routing decision:

Destination: 192.168.1.50

Routing table entries:
A. 192.168.0.0/16 → Next hop X
B. 192.168.1.0/24 → Next hop Y

Choice: B (more specific match /24 vs /16)

Multi-Hop Routing

Most internet traffic traverses multiple routers (hops):

Your Computer → Home Router → ISP Router → Regional Router → 
Internet Backbone → Destination ISP → Destination Router → Web Server

Trace route command shows the path:

Windows:

tracert google.com

Linux/macOS:

traceroute google.com

Example output:

1    <1 ms   192.168.1.1      (Home router)
2    15 ms   10.1.1.1         (ISP gateway)
3    18 ms   72.14.236.1      (ISP backbone)
4    25 ms   108.170.252.1    (Google edge)
5    26 ms   8.8.8.8          (Google DNS)

Each line shows one hop (router) along the path.

Routing Protocols

Routers share routing information using routing protocols:

Interior Gateway Protocols (IGP): Within single organization

• RIP (Routing Information Protocol): Simple, distance-vector, hop count metric, max 15 hops
• OSPF (Open Shortest Path First): Link-state, fast convergence, scalable, commonly used

Exterior Gateway Protocols (EGP): Between organizations

• BGP (Border Gateway Protocol): Internet backbone routing, path-vector, policy-based

Dynamic vs Static:

• Dynamic routing: Routers automatically share and update routes
• Static routing: Administrator manually configures routes (small networks)

🌐 Internet Scale: The global internet uses BGP to interconnect tens of thousands of autonomous systems (ISPs, large corporations, cloud providers), creating redundant mesh topology for reliability.

Private IP Addresses and NAT

IPv4’s 32-bit address space provides only ~4.3 billion addresses—insufficient for billions of devices worldwide. Private IP addresses and NAT enable address conservation.

RFC 1918 Private Address Ranges

Three blocks of IP addresses reserved for private use (never routed on public internet):

Characteristics:

• Not routable: Public internet routers drop packets with private IPs
• Reusable: Every organization can use same private ranges
• Internal only: Devices with private IPs can’t directly access internet

NAT: Network Address Translation

NAT translates private IP addresses to public IP addresses, enabling multiple devices to share a single public IP.

How NAT works:

Outbound (private → public):

1. Device (192.168.1.100) sends packet to internet (destination 8.8.8.8)
2. NAT router receives packet
3. Replaces source IP with router’s public IP (203.0.113.50)
4. Tracks translation in NAT table
5. Forwards modified packet to internet

Inbound (public → private):

1. Reply arrives at router from 8.8.8.8 to 203.0.113.50
2. Router checks NAT table
3. Finds original private IP (192.168.1.100)
4. Replaces destination IP with private IP
5. Forwards to internal device

NAT table example:

NAT types:

Static NAT: One-to-one mapping (one private IP permanently maps to one public IP)
Dynamic NAT: Pool of public IPs dynamically assigned
PAT (Port Address Translation): Most common—many private IPs share one public IP using port numbers

Advantages:

• ✅ Conserves public IPv4 addresses
• ✅ Provides basic security (hides internal structure)
• ✅ Allows IP renumbering without external changes

Disadvantages:

• ❌ Breaks end-to-end connectivity
• ❌ Complicates incoming connections (port forwarding needed)
• ❌ Issues with some protocols (VoIP, P2P)

🏠 Home Network Reality: Your home router performs NAT—all devices use 192.168.x.x addresses internally but share your ISP’s single public IP externally.

Practical Commands and Tools

View Your IP Configuration

Windows:

ipconfig

Output:

Ethernet adapter Local Area Connection:
   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Detailed info:

ipconfig /all

Shows DNS servers, DHCP status, MAC address, lease times.

Linux/macOS:

ip addr show
ifconfig

Test Connectivity

Ping (ICMP echo):

ping 8.8.8.8

Tests reachability and measures round-trip time.

Trace route:

tracert google.com        # Windows
traceroute google.com     # Linux/macOS

Shows path packets take through routers.

View Routing Table

Windows:

route print

Linux/macOS:

ip route show
route -n
netstat -rn

Shows how your computer routes traffic.

DNS Lookup

Windows/Linux/macOS:

nslookup google.com

Resolves domain names to IP addresses.

🔧 Troubleshooting Workflow: Can’t reach website? (1) Ping default gateway—tests local network. (2) Ping public DNS (8.8.8.8)—tests internet connectivity. (3) Nslookup domain—tests DNS resolution. (4) Tracert domain—identifies where packets fail.

Key Takeaways

🌐 IP addresses provide hierarchical, logical addressing that scales globally by organizing networks into manageable hierarchies, unlike flat MAC addresses that only work on local networks.

🔢 Subnet masks divide IP addresses into network and host portions using binary AND operations—mastering this concept (preferably understanding the binary) is essential for calculating subnets, understanding routing, and troubleshooting network issues.

📊 CIDR replaced rigid class boundaries with flexible subnet masks allowing efficient IP allocation (like /27 for 30 hosts instead of wasteful /24 for 254), extending IPv4’s lifespan through better address utilization.

🔄 Routers forward packets based on destination IPs and routing tables by comparing destinations against table entries, choosing most specific matches, and decrementing TTL at each hop to prevent infinite routing loops.

🏠 Private IP addresses (10.x.x.x, 172.16-31.x.x, 192.168.x.x) with NAT enable billions of devices to share limited public IPv4 space by translating private addresses to public addresses at network boundaries.

Frequently Asked Questions

Q: What’s the difference between a subnet mask and CIDR notation?
A: They represent the same information differently. 255.255.255.0 (subnet mask in decimal) equals /24 (CIDR prefix length). CIDR is shorter and more commonly used in modern networking.

Q: Why do we subtract 2 when calculating usable hosts?
A: The first address (all host bits 0) is the network address identifying the subnet itself. The last address (all host bits 1) is the broadcast address for sending to all hosts. Neither can be assigned to devices.

Q: Can I use any private IP range at home?
A: Yes, but most home routers default to 192.168.0.x or 192.168.1.x for simplicity. You could use 10.x.x.x or 172.16-31.x.x, but there’s rarely a reason unless you have conflicts or specific requirements.

Q: What happens when TTL reaches 0?
A: The router discards the packet and sends an ICMP “Time Exceeded” message back to the source. This prevents packets from circulating forever in routing loops. Traceroute exploits this behavior to map routes.

Q: Do I need to memorize binary conversion for subnetting?
A: Not necessarily. Learn the bit position values (128, 64, 32, 16, 8, 4, 2, 1) and recognize common subnet masks (/24, /27, /30). For exams, practice the “256 minus last octet” shortcut for quick calculations.

Q: Why is 127.0.0.1 special?
A: 127.0.0.1 is the loopback address—traffic sent here never leaves your computer. It’s used for testing network software without actual network hardware. The entire 127.0.0.0/8 range is reserved for loopback.

Next Steps: Building Network Layer Expertise

Week 1-2: Fundamentals

• Practice binary-to-decimal conversion
• Memorize common subnet masks
• Calculate usable hosts for /24, /27, /30
• View your own IP configuration

Week 3-4: Subnetting practice

• Work through subnetting problems
• Use subnet calculators to verify answers
• Practice CIDR notation conversions
• Calculate network/broadcast addresses

Week 5-6: Routing understanding

• View routing tables on your devices
• Use traceroute to map internet paths
• Understand default gateway concept
• Learn routing protocol basics

Week 7-8: Advanced topics

• Study VLSM (Variable Length Subnet Masks)
• Practice route summarization
• Explore IPv6 addressing
• Understand NAT variations (static, dynamic, PAT)

Certifications:

• CompTIA Network+: Comprehensive network layer coverage
• Cisco CCNA: Deep routing and subnetting focus
• CompTIA A+: Basic IP addressing for support roles

Related Topics:

• “IPv6 Explained: Why We’re Moving Beyond IPv4”
• “VLSM and Route Summarization: Advanced Subnetting”
• “Dynamic Routing Protocols: OSPF vs RIP vs BGP”
• “TCP/IP Deep Dive: Understanding the Protocol Stack”

Have questions about subnetting calculations or routing concepts? Drop a comment with your specific scenario—I respond to every question and help troubleshoot networking confusion!

The network layer powers global internet connectivity through elegant addressing, efficient subnetting, and intelligent routing. Master IP addressing fundamentals, practice subnetting calculations, understand routing basics, and you’ll possess the core knowledge underlying every internet connection. Share this guide with others learning networking essentials!