IP and Routing
The Internet Protocol provides addressing and hop-by-hop packet forwarding between networks. Each device gets an IP address; routers forward packets toward their destination by consulting routing tables. IP is unreliable by design — reliability comes from TCP above.
Why It Matters
Every packet on the internet has a source and destination IP address. Understanding subnetting, routing, NAT, and ARP explains how your local network connects to the world, why some addresses are private, and how traceroute works.
IPv4 Addressing
32-bit address written as four octets: 192.168.1.100
CIDR and Subnetting
CIDR notation: 192.168.1.0/24 means the first 24 bits are the network prefix, leaving 8 bits for hosts.
| CIDR | Subnet Mask | Hosts | Use |
|---|---|---|---|
/32 | 255.255.255.255 | 1 | Single host route |
/24 | 255.255.255.0 | 254 | Typical LAN |
/16 | 255.255.0.0 | 65,534 | Large internal network |
/8 | 255.0.0.0 | 16M+ | Class A (10.0.0.0/8) |
Network address = IP AND mask. Two hosts are on the same subnet if their network addresses match.
import ipaddress
net = ipaddress.ip_network('10.0.0.0/8')
print(ipaddress.ip_address('10.1.2.3') in net) # True
print(net.num_addresses) # 16777216Private Address Ranges (RFC 1918)
| Range | CIDR | Typical Use |
|---|---|---|
| 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | Large enterprises, cloud VPCs |
| 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | Medium networks |
| 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | Home/small office |
These are not routable on the public internet — require NAT to reach external hosts.
Routing
Each router maintains a routing table mapping destination networks to next hops:
Destination Gateway Interface Metric
10.0.0.0/8 192.168.1.1 eth0 100
192.168.1.0/24 0.0.0.0 eth0 0 ← directly connected
0.0.0.0/0 192.168.1.1 eth0 200 ← default route
Longest prefix match: the most specific route wins. A packet for 10.0.5.3 matches /8 but if a /24 route for 10.0.5.0/24 exists, that’s used instead.
ip route # show routing table
ip route get 8.8.8.8 # which route would be used?
traceroute 8.8.8.8 # show each hop to destinationARP (Address Resolution Protocol)
IP addresses are logical. Ethernet frames need MAC addresses. ARP bridges the gap on local networks:
Host A (10.0.0.5) wants to reach Host B (10.0.0.10):
1. "Who has 10.0.0.10?" → broadcast to ff:ff:ff:ff:ff:ff
2. Host B replies: "10.0.0.10 is at aa:bb:cc:dd:ee:ff"
3. Host A caches the mapping and sends the Ethernet frame
ip neigh # show ARP cache
arping 192.168.1.1 # manually ARP a hostTTL and Traceroute
Every IP packet has a TTL (Time To Live) field, decremented by each router. When TTL=0, the router drops the packet and sends an ICMP “Time Exceeded” back.
traceroute exploits this: send packets with TTL=1, then 2, then 3… Each hop reveals the router that dropped it.
traceroute -n 8.8.8.8 # -n skips DNS reverse lookup
# 1 192.168.1.1 1.2ms (your router)
# 2 10.0.0.1 5.3ms (ISP)
# 3 ...NAT (Network Address Translation)
NAT lets many private-IP devices share one public IP:
Internal: 192.168.1.50:12345 → Router rewrites to → Public: 203.0.113.1:54321
Response: 203.0.113.1:54321 → Router maps back → 192.168.1.50:12345
The router maintains a translation table of (internal IP:port) ↔ (external port). This is why most home devices can access the internet despite having private IPs.
IPv6
128-bit addresses: 2001:0db8:85a3::8a2e:0370:7334. Key differences from IPv4:
- Massive address space (no NAT needed)
- Simplified header (no checksum, no fragmentation by routers)
- Built-in autoconfiguration (SLAAC)
- IPsec support mandatory in spec
Related
- OSI and TCP IP Model — IP lives at the Internet layer
- TCP Protocol — runs over IP, provides reliability
- DNS Protocol — resolves names to IP addresses
- Socket Programming — IP addresses used in
bind/connect