Managing Network Device Security


IPv4 Addresses

An Internet address version 4 (IPv4) is a unique 32-bit binary number assigned to a host and used for all communication with host. Each packet sent across a network contains the 32-bit IP address of the sender (source) as well as the intended recipient (destination).


  The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot) looks like The value in each octet ranges from 0 to 255 decimal, or 00000000 – 11111111 binary.  Dotted decimal notation is a syntactic form the IP software uses to express 32-bit binary values when interacting with humans.  This is shown in the table below.

32 Bit Binary Numbers Equivalent Dotted Decimal Numbers
10000001 00110100 00000110 00000000
11000000 00000101 00110000 00000011
00001010 00000010 00000000 00000101

Logically every 32-bit IP address consists of two parts:


It identifies the physical network to which the computers are attached.


It identifies an individual computer on the network.

In every physical network is assigned a unique value known as a prefix/network number. No two networks can be assigned the same network number and no two computers on the same network can be assigned the same suffix but this suffix value can be used more than one on different networks.

The IP address hierarchy guarantees two important principles:

Each computer is assigned a unique address.

Although network number assignment must be accordance with global standard, suffixes can be assigned locally.


The original IP address scheme divides host addresses into three primary classes. The class of an address determines the boundary between the network prefix and suffix. The original classes of IP addresses are shown in the figure below.

ipv4 pic1


The relationship between classes and dotted decimal notation is given as follows:

In class A the three octets correspond to a host suffix.

In class B the last two octets are the host octets.

Class C has only one octet to represent the host.

The range of decimal values found in the first octet of each address class is given below in the table.

Class Range of Values
A 0 through 127
B 128 through 191
C 192 through 223
D 224 through 239
E 240 through 255

The IP class scheme does not divide the 32-bit address space into equal size class and the classes do not contain the same number of networks.

A prefix of n bits allows 2n unique network number, while a suffix of n bits allows 2n host numbers to be assigned on a given network. This is shown in the table below.

Address Class Bit in Prefix Maximum Number of Networks Bits in Suffix Maximum Number of Hosts per Network
A 7 128 24 16777216
B 14 1684 16 65536
C 21 2097152 8 256

Throughout the Internet, each network prefix is unique. Networks obtain their network numbers from their Internet service provider (ISP).  The Internet service providers coordinate with the (IANA) Internet assigned number authority to obtain their network numbers.


Due to huge growth in internet, classful addresses became a limitation. The IP address space was being exhausted because all networks had to choose one of three possible sizes. Many addresses were unused.

Two new mechanisms were invented to overcome the restrictions:

•             Subnet addressing

•             Classless addressing

Instead of having three distinct address classes, subnetting allows to create multiple logical networks that exist within a single Class A, B, or C network. If you do not subnet, you are only able to use one network from your Class A, B, or C network.

Each data link on a network must have a unique network ID, with every node on that link being a member of the same network. If you break a major network (Class A, B, or C) into smaller subnetworks, it allows you to create a network of interconnecting subnetworks. Each data link on this network would then have a unique network/subnetwork ID.


To use a classless or subnet address, table inside hosts and routers that contain address must keep two pieces of information with each address: the 32-bit address itself and another 32-bit value that specifies the boundary that is known as the Address Mask or Subnet Mask.


Inside a computer, each address mask is stored as a 32-bit value. When we enter a prefix and an address mask they use a modified form of dotted decimal addressing called CIDR addressing, which is known as CIDR Notation.

As an example how CIDR adds flexibility, suppose a single class B prefix (e.g. i.e. 216 host addresses 16-bit CIDR mask denoted as:

That is, by making CIDR mask corresponds exactly to the old classful interpretation. It will be fine if 216 hosts are attached. If it does have two customers with only twelve computers each, the ISP can use CIDR to partition the address into three pieces.

•             Two of them each big enough for one of two customers.

•             Remainder available for future customers.

For example one customer can be assigned and the other customer can be assigned Both customers have same mask size, the prefix differs i.e. each customer has a unique prefix.


The example below in the figure shows the CIDR host addresses.

ipv4 pic2