If you assume that an IP address identifies a computer, it's fair to say that a subnet identifies where the computer is. The component of an IP address that determines whether packets are to be sent locally or through a router is the subnet mask.
The subnet mask tells the protocol whether the local host and the destination host are on the same subnet.
From Fig Above: A screened-subnet setup works to employ a bastion host between two screening routers. What this provides is a special zone for publicly available services (around the bastion host) and transparent access for users on the trusted network. The zone around the bastion host that operates publicly and whose traffic to the trusted network is screened is known as a DMZ zone; for this reason, bastion hosts are sometimes referred to as DMZ hosts. Remember for the exam that a DMZ host would always be well-secured, just like a bastion host would be.
A subnet mask effectively breaks a complete IP address into two parts: the network identifier and the host identifier. Think of this in relationship to your home street address, which also has two parts: the street name (the network identifier) and the house number (the host identifier).
Basically, when the subnet bits match, the host and destination host are on the same subnet, and no routing is needed. When the subnet bits don't match, the destination host is on a remote network, and the packets are sent to the router.
The Internet community has standardized default subnet masks for each of the three IP address classes. The subnet masks for these address classes are defined in Table 1.
If a computer has an IP address of 142.146.102.45 with a subnet mask of 255.255.0.0, the first two octets (142.146) identify the network, and the last two octets (102.45) identify a specific host on that network.
No comments:
Post a Comment