COMPUTER NETWORKING FOR CCNA HTTPS

HTTPS


What is Hypertext Transfer Protocol Secure (HTTPS)?

HTTPS stands for Hypertext Transfer Protocol Secure. It is the secure version of the HTTP protocol used for communication between a web browser and a website. HTTPS ensures that the data transmitted between the browser and the website is encrypted and protected from unauthorized access.

When you visit a website that uses HTTPS, your browser establishes a secure connection with the server hosting the website. This is done through the use of an SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate. The SSL/TLS certificate verifies the authenticity of the website and encrypts the data exchanged between the browser and the server.

The main benefits of using HTTPS include:

1. Data confidentiality: HTTPS encrypts the data transferred between the browser and the website, preventing unauthorized parties from intercepting and understanding the information.

2. Data integrity: HTTPS ensures that the data remains unchanged during transit. It uses cryptographic algorithms to detect any tampering or modifications to the data.

3. Authentication: HTTPS verifies the identity of the website, ensuring that you are connecting to the intended destination and not a malicious imposter.

4. Trust and credibility: Websites that use HTTPS display a padlock symbol in the browser's address bar, indicating a secure connection. This can increase user trust and confidence in the website.

5. SEO advantages: Google and other search engines use HTTPS as a ranking indication. Compared to non-secure websites, HTTPS-enabled websites may see a little improvement in search engine ranks.

Overall, HTTPS is essential for secure communication on the web, particularly when transmitting sensitive information such as passwords, credit card details, or personal data. It helps protect user privacy and ensures a safer browsing experience.


How does HTTPS work?

In order for HTTPS (Hypertext Transfer Protocol Secure) to function, an additional layer of security must be added to the basic HTTP protocol.. Here's a simplified explanation of how HTTPS works:


1. SSL/TLS Handshake: When a client (e.g., a web browser) initiates a connection to a server that supports HTTPS, the SSL/TLS handshake process begins. During this handshake, the client and server establish a secure connection and negotiate the encryption algorithms and cryptographic keys to be used for the session.


2. SSL/TLS Certificate: The server presents its SSL/TLS certificate to the client. This certificate is issued by a trusted third-party entity known as a Certificate Authority (CA). The certificate contains the server's public key, its domain name, and other information. The client checks the certificate's authenticity and validity by verifying its digital signature and ensuring it has not expired or been revoked.


3. Public Key Encryption: If the client accepts the server's certificate as valid, it generates a random session key, known as the symmetric key. The client encrypts this symmetric key using the server's public key from the certificate and sends it to the server.


4. Symmetric Encryption: Both the client and server now have the same symmetric key. They use this key to encrypt and decrypt data during the session. Symmetric encryption is faster than public key encryption and is used for encrypting the actual data transmitted between the client and server.


5. Secure Data Transfer: With the secure connection established, all data transmitted between the client and server is encrypted using the symmetric key. This ensures that even if someone intercepts the data, they cannot understand its content.


6. Data Integrity: HTTPS also ensures data integrity by using cryptographic hash functions. The server generates a unique hash value for each data packet it sends, and the client verifies the integrity of the received data by recalculating the hash value and comparing it with the one sent by the server. If the hash values match, it ensures that the data hasn't been tampered with during transmission.

Throughout the session, the client and server continuously exchange encrypted data using the symmetric key. This encryption and decryption process provides confidentiality, integrity, and authenticity to the data transmitted over HTTPS.

It's important to note that HTTPS primarily secures the communication channel between the client and server, but it does not guarantee the security of the server itself or protect against vulnerabilities in the web application. Website owners should also implement appropriate security measures to safeguard the server and application against other types of attacks.

Advantages of HTTPS

HTTPS (Hypertext Transfer Protocol Secure) offers several advantages over its non-secure counterpart, HTTP. Here are some key advantages of using HTTPS:

1. Data Encryption: The primary advantage of HTTPS is the encryption of data transmitted between the client (web browser) and the server. This encryption ensures that the data is unreadable to anyone who might intercept it, providing confidentiality and protecting sensitive information such as passwords, credit card details, and personal data.

2. Data Integrity: HTTPS employs cryptographic mechanisms, such as message digests and digital signatures, to ensure the integrity of data during transmission. This means that any tampering or modification of the data will be detected, preventing unauthorized alteration of information.

3. Authentication and Trust: HTTPS utilizes SSL/TLS certificates issued by trusted Certificate Authorities (CAs). These certificates verify the identity of the website, establishing a level of trust for the users. When a website has a valid SSL/TLS certificate, the browser displays a padlock icon and may indicate the site as "Secure." This authentication helps protect against phishing attacks and assures users that they are communicating with the intended website.

4. User Confidence and Trust: The visual indicators of a secure connection, such as the padlock icon and "Secure" label, contribute to user confidence and trust. Users are more likely to feel safe and comfortable interacting with a website that uses HTTPS, especially when sharing sensitive information.

5. SEO Benefits: Search engines prioritize secure websites by considering HTTPS as a ranking factor. Websites using HTTPS may receive a slight boost in search engine rankings, potentially improving their visibility and organic traffic.

6. Compliance with Data Protection Regulations: HTTPS is often required for compliance with data protection regulations, such as the General Data Protection Regulation (GDPR). These regulations aim to protect users' personal data and privacy, and using HTTPS helps fulfill the security requirements outlined by these regulations.

7. Mitigation of Man-in-the-Middle Attacks: HTTPS protects against man-in-the-middle attacks, where an attacker intercepts the communication between the client and the server to eavesdrop, modify, or inject malicious content. The encryption and authentication provided by HTTPS make it significantly more challenging for attackers to carry out such attacks.

By using HTTPS, website owners, and users can benefit from enhanced security, privacy, and trust, creating a safer online environment for communication and data exchange.

Disadvantages of HTTPS.

While HTTPS (Hypertext Transfer Protocol Secure) offers numerous advantages, there are a few potential disadvantages to consider:

1. Increased Resource Consumption: Implementing HTTPS requires additional computational resources on both the server and client sides. The encryption and decryption processes can add overhead, potentially leading to increased CPU usage and slightly slower response times compared to non-secure HTTP connections. However, with modern hardware and optimized implementations, the impact is usually negligible.

2. Certificate Management: HTTPS relies on SSL/TLS certificates issued by Certificate Authorities (CAs). Managing these certificates can be complex, especially for large websites with multiple subdomains or complex infrastructure setups. Certificates need to be renewed periodically, and any misconfiguration or expired certificate can lead to potential security warnings for users or disruptions in the website's availability.

3. Cost: While there are free SSL/TLS certificates available through initiatives like Let's Encrypt, some organizations may still need to purchase certificates from commercial CAs. Premium SSL/TLS certificates, particularly Extended Validation (EV) certificates that offer higher assurance and visual indicators like the company name in the browser address bar, can be costly. However, for most standard use cases, affordable or free certificates are available.

4. Compatibility Issues: Although HTTPS is widely supported by modern web browsers and servers, there might be compatibility issues with older systems or outdated software. Some older devices or software applications may not fully support the latest encryption protocols or ciphers required for a secure HTTPS connection. However, this is becoming less of an issue as outdated systems are gradually phased out.

5. Caching Limitations: Caching of HTTPS content can be more challenging than caching HTTP content. Caching proxies or content delivery networks (CDNs) may need additional configurations to properly cache HTTPS responses without compromising security. This can impact the overall performance and caching efficiency of the website.

Despite these potential disadvantages, the overall benefits of HTTPS in terms of security, data protection, and user trust generally outweigh these concerns. The widespread adoption of HTTPS has made it the standard protocol for secure communication on the web.

HTTPS and the CIA triad

HTTPS (Hypertext Transfer Protocol Secure) plays a significant role in upholding the CIA triad, which stands for Confidentiality, Integrity, and Availability. The CIA triad is a fundamental concept in information security, and HTTPS helps address each component as follows:

1. Confidentiality: HTTPS ensures confidentiality by encrypting the data transmitted between the client and the server. It prevents unauthorized individuals or eavesdroppers from intercepting and understanding the content of the data. The encryption provided by HTTPS safeguards sensitive information, such as passwords, financial details, and personal data, maintaining the confidentiality of the data during transmission.

2. Integrity: HTTPS guarantees data integrity by employing cryptographic mechanisms. It uses techniques like message digests and digital signatures to detect any unauthorized modification or tampering with the data. The recipient can verify the integrity of the data by comparing the received data's hash value with the expected value, ensuring that the data has not been altered during transit.

3. Availability: While HTTPS primarily focuses on confidentiality and integrity, it indirectly contributes to availability. By securing the communication channel and protecting against attacks like man-in-the-middle, HTTPS helps ensure that the website and its resources are available to legitimate users. It reduces the risk of disruptions, unauthorized access, or data breaches that could compromise the availability of the website or its services.

By employing HTTPS, organizations can enhance the security of their online communication, safeguard sensitive data, and maintain the trust of their users. It helps establish a secure environment that upholds the principles of the CIA triad, ultimately promoting a more secure and reliable online experience.

What does HTTPS do?

HTTPS (Hypertext Transfer Protocol Secure) is an extension of the HTTP protocol used for communication between a web browser and a website. It adds an extra layer of security by encrypting the data exchanged between the client (browser) and the server.

Here's what HTTPS does:

1. Data Encryption: The primary function of HTTPS is to encrypt the data transmitted between the client and the server. It uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt the data, making it unreadable to anyone who might intercept it. This encryption ensures the confidentiality of sensitive information, such as passwords, credit card details, and personal data, by preventing unauthorized access to the data.

2. Data Integrity: HTTPS employs cryptographic mechanisms to ensure the integrity of the data during transmission. It uses techniques like message digests and digital signatures to detect any tampering or modification of the data. This ensures that the data remains unchanged and uncorrupted during transit, providing assurance that the information received by the client is the same as what was sent by the server.

3. Authentication: HTTPS utilizes SSL/TLS certificates issued by trusted Certificate Authorities (CAs) to authenticate the identity of the server. The server presents its certificate to the client, which verifies its authenticity and ensures that the client is communicating with the intended website. This authentication helps protect against phishing attacks and ensures that the client is not interacting with a malicious imposter.

4. Trust and Confidence: Websites using HTTPS display visual indicators in web browsers, such as a padlock icon in the address bar, to indicate a secure connection. These indicators help build trust and confidence in the website for users, assuring them that their data is being transmitted securely. Users are more likely to trust and feel comfortable interacting with a website that uses HTTPS.

Overall, HTTPS provides a secure communication channel between the client and the server, protecting sensitive data, ensuring data integrity, and establishing trust and authenticity. It is widely used for secure online transactions, login forms, and any situation where the confidentiality and integrity of data are crucial.

Why is HTTPS important? What happens if a website doesn’t have HTTPS?

HTTPS prevents websites from displaying their information so that anyone snooping on the network can read it easily. When data is transmitted through normal HTTP, it is divided into packets that can be readily "sniffed" with the help of free software. As a result, data transmission over an insecure channel, like public Wi-Fi, is extremely susceptible to eavesdropping. In actuality, all communication through HTTP is done so in plain text, making it extremely easy for anyone with the right tools to view it and making it susceptible to on-path assaults.


When using HTTPS, traffic is encrypted, making it impossible for packets to be read if they are sniffed or otherwise intercepted. Let's examine an illustration:

Before encryption:

This is a string of text that is completely readable

After encryption:

ITM0IRyiEhVpa6VnKyExMiEgNveroyWBPlgGyfkflYjDaaFf/Kn3bo3OfghBPDWo6AfSHlNtL8N7ITEwIXc1gU5X73xMs
JormzzXlwOyrCs+9XCPk63Y+z0=

in websites without HTTPS, it is possible for Internet service providers (ISPs) or other intermediaries to inject content into webpages without the approval of the website owner. This commonly takes the form of advertising, where an ISP looking to increase revenue injects paid advertising into the web pages of their customers. Unsurprisingly, when this occurs, the profits for the advertisements and the quality control of those advertisements are in no way shared with the website owner. HTTPS eliminates the ability of unmoderated third parties to inject advertising into web content.


What port does HTTPS use?

Use port 443 for HTTPS. This sets HTTPS apart from HTTP, which makes use of port 80.(A port is a virtual software-based location in networking where network connections begin and stop. All machines on a network make a number of ports available so they can accept traffic. Different protocols employ different ports, and each port is connected with a particular activity or service.)

How does a website start using HTTPS?

Many website hosting providers and other services will offer TLS/SSL certificates for a fee. These certificates will often be shared amongst many customers. More expensive certificates are available which can be individually registered to particular web properties. 

All websites using Cloudflare receive HTTPS for free using a shared certificate (the technical term for this is a multi-domain SSL certificate). Setting up a free account will guarantee a web property receives continually updated HTTPS protection. You can also explore our paid plans for individual certificates and other features. In either case, a web property receives all the benefits of using HTTPS.

Common mistakes to avoid when adapting HTTPS connection

While HTTPS can enhance website security, implementing it improperly can negatively affect a site's security and usability. Common mistakes include the following issues.

Problem

Solution

Expired certificates

Always ensure that the site certificate is up to date.

Missing certificate for all host names

Get a certificate for all host names that the site serves to avoid certificate name mismatch errors.

Server Name Indication (SNI) support

Ensure that the web server supports SNI and that the audience uses SNI-supported browsers.

Crawling and indexing issues

Ensure that the HTTPS site is not blocked from crawling using robots.txt. Also, enable proper indexing of all pages by search engines.

Content

Ensure that content matches on both HTTP and HTTPS pages.

Are HTTPS connections vulnerable to attacks?


While HTTPS (Hypertext Transfer Protocol Secure) provides a high level of security for web communication, it is not completely immune to all attacks. While the encryption and authentication mechanisms of HTTPS significantly reduce the risk of unauthorized access and data interception, there are still a few potential vulnerabilities to consider:

1. Man-in-the-Middle (MitM) Attacks: Although HTTPS is designed to protect against MitM attacks, there are scenarios where attackers can still attempt to intercept or manipulate the communication. For example, if an attacker manages to compromise a trusted Certificate Authority (CA) and issue fraudulent certificates, they can potentially impersonate a legitimate website. However, such attacks are relatively rare and require significant resources and coordination to execute successfully.


2. Expired or Revoked Certificates: If a website's SSL/TLS certificate expires or is revoked, it can leave the connection vulnerable. Browsers typically display warning messages to users when encountering expired or revoked certificates, indicating potential security risks. Users should exercise caution when proceeding with such connections.


3. Weak Encryption Algorithms or Configurations: While modern HTTPS implementations use strong encryption algorithms, older or misconfigured systems might still rely on weak ciphers or protocols. Attackers could exploit these vulnerabilities to perform attacks, such as downgrade attacks or cryptographic attacks targeting weak algorithms. Regular updates and adherence to current security best practices can mitigate these risks.


4. Server Vulnerabilities: HTTPS secures the communication channel but does not directly protect against server-level vulnerabilities. If a web server or the underlying software has security weaknesses, attackers can potentially exploit them to compromise the server and gain unauthorized access to data or inject malicious content. Regular security patches, secure coding practices, and server hardening measures are crucial for mitigating these risks.


5. Phishing and Social Engineering: HTTPS does not protect against phishing attacks or social engineering tactics where attackers deceive users into willingly providing sensitive information. Attackers may create convincing fake websites with valid SSL/TLS certificates, tricking users into thinking they are on a legitimate site. Users should remain vigilant and exercise caution when entering personal information or interacting with websites.


It's important to note that HTTPS significantly enhances the security of web communication and remains the standard for secure online transactions. The vulnerabilities mentioned above are generally mitigated through industry best practices, regular updates, and the cooperation of browser vendors, Certificate Authorities, and website administrators.

COMPUTER NETWORKING FOR CCNA OSI MODEL

 OSI  MODEL

7 A conceptual framework known as the OSI (Open Systems Interconnection) model standardizes communication system functionalities into seven different levels. To enable data interchange between devices on a network, each layer interacts with the layers below it and performs a defined set of functions.

  • Application Layer: The application layer is the closest to the end-user and provides network services directly to applications. It supports application protocols such as HTTP, FTP, SMTP, and DNS, enabling users to interact with network services and access information.
  • Presentation Layer: Encryption and data representation are handled by this layer. It guarantees that information given by one system's application layer can be correctly read by another system's application layer. It deals with things like data encryption, data format conversion, and data compression.
  • Transport Layer: The transport layer ensures reliable and efficient end-to-end communication between devices. It provides services such as segmentation, acknowledgment, and retransmission of data. The popular protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at this layer.
  • Network Layer: The network layer handles the routing and forwarding of data packets across multiple networks. It determines the optimal path for data transmission, performs logical addressing, and deals with congestion control and packet sequencing. Routers operate at this layer.
  • Data Link Layer: The data link layer provides error-free transfer of data frames between adjacent nodes on a network. It ensures data integrity and performs functions such as framing, error detection, and flow control. Ethernet switches and wireless access points operate at this layer.
  • Physical Layer: This layer deals with the physical transmission of data over the network medium. It defines specifications for cables, connectors, and other hardware components. It primarily focuses on the electrical, mechanical, and procedural aspects of communication.

DATA               L7    Application  Layer 

DATA              L6    Presentation Layer    SOFTWARE LAYER     

DATA              L5     Session Layer

SEGMENTS    L4    Transport Layer   WORKS TCP/IP,UDP IP

 PACKET         L3   Network Layer      HARDWARE LAYER

DATA              L2    Data Link Layer

DATA               L1    Physical Layer

 

SEGMENT -  L4 HEADER         DATA    SPN & DPN                                             

 

PACKET -  L3 HEADER       L4 HEADER    |   DATA    SIP & DIP SPN & DPN


FRAME -  L2 HEADER        L3 HEADER   L4 HEADER  SMAC & DMAC     SEP & DEP       SPN & DPN

 

TCP = TRANSMISSION CONTROL PROTOCOL

UDP = USER DATAGRAM PROTOCOL

SPN = SOURCE PORT NUMBER

DPN = DESTINATION PROTOCOL NUMBER

SIP = SOURCE IP

DIP = DESTINATION IP

SMAC = SOURCE MAC ADDRESS

DMAC = DESTINATION MAC ADDRESS


  • IN THE APPLICATION LAYER, PRESENTATION LAYER & SESSION LAYER DATA FORM.
  • IN THE TRANSPORT LAYER DATA CHANGE INTO SEGMENTS.
  • IN NETWORK LAYER DATA CALLED PACKETS.
  • IN THE DATA LINK LAYER DATA IS CALLED FRAME.
  • AND PHYSICAL LAYER DATA CALLED BITS.
  • THE APPLICATION LAYER PROVIDES UI INTERFACE OR PLATFORM.
  • L5 SESSION LAYER ESTABLISH, MAINTAIN & TERMINATE.
  • TCP  AND UDP HELP DATA TRANSFER FROM SOFTWARE TO HARDWARE

TCP / IP MODEL

OSI REFERENCE MODEL             TCP IP CONCEPTUAL LAYER

APPLICATION                                                   APPLICATION

PRESENTATION

SESSION

TRANSPORT                                                       TRANSPORT

NETWORK                                                           NETWORK

DATA LINK                                                          NETWORK

PHYSICAL                                                           INTERFACE


TLS AND SSL


TRANSPORT LAYER SECURITY BETWEEN SESSION & TRANSPORT

SSL SECURE SOCKET LAYER

WORKS ON SESSION, WHEN RETURN THE HTTP CONVERT INTO HTTPS.



what is MOJO? | Learn mojo introduction

 HEY GUERILLIANS WELCOME BACK TO GUERILLA TECK WE ARE STARTING A NEW SERIES ON A TRENDING LANGUAGE WHICH IS MOJO LET’S START.


ABOUT MOJO AND ITS FOUNDER

The developer of Swift and the LLVM Compiler Infrastructure, Chris Latner, who also created Mojo Lang, has merged Python's simplicity of use with C's strength. Because of the hardware's exceptional programmability and the models' extensibility, this has enabled a new level of programming for all AI developers.

In terms of speed, Mojo Lang is 35000x quicker than Python, Scalar C++ is 5000x faster, and PyPy is 22x faster.

The programming language Mojo Lang is intended for use with CUDA-enabled GPUs and other AI gear. It accomplishes this by scaling hardware types without being complicated by utilizing Multi-Level Intermediate Representation (MLIR).

Since Mojo Lang is a superset of Python, you won't need to learn any more programming languages. Isn't it convenient? Because of the base language's complete compatibility with Python, you can connect with the Python ecosystem and use NumPy and other libraries. Mojo Lang combines the simplicity of Python with the strength of the C programming language, thanks to Chris Latner, who also invented the Swift programming language and the LLVM Compiler Infrastructure. All AI developers now have access to previously unheard-of levels of programming thanks to the extensibility of AI models and the programmability of AI hardware.

• Types are used to improve efficiency and error checks.

• Taking control of memory through the zero-cost inline assignment of values to structures.

• Ownership and Borrower checking using memory safety to eliminate sharp edges.

• With auto-tuning, your parameters can be automatically determined to have the best values.

Differences between Mojo Lang and Python

Mojo Lang and Python are so similar, but there must be some differences, right?

Well, we’ve established that speed is the main difference between the two. But there are a few more.

Adding types

Similar to a Python class, Mojo Lang's built-in struct keyword. Structural differences from dynamical differences between class and struct.

var and let are two immutable keywords in the Mojo Lang syntax for instructing. In Mojo Lang, fn, a stricter function, takes the place of def, which defines a function as we are all familiar with from Python.

The built-in type SIMD (Single Instruction Many Data) in Mojo Lang can describe a vector in which a single instruction can be performed over many elements concurrently on the underlying hardware.

You can increase efficiency by 500 times by using the struct type and using it in the Python implementation.

Parallel Computing

Mojo Lang has a built-in parallelization feature that allows you to split your code into multiple threads, which can increase speed by 2000 times. Parallel processing is not available in Python and can be very complex.

Tiling Optimization

Mojo has a built-in tile optimization tool that allows you to cache and reuse your data more effectively. You can use and reuse memory that is close together at a given time.

Autotune

With the use of Autotune Mojo Lang, you can automatically modify your program's code to locate the ideal hardware-specific parameters.


CAN WE USE MOJO NOW???

THE ANSWER IS NO IT IS NOT PUBLICALLY AVAILABLE BUT WE ARE HERE TO TELL YOU ABOUT IT. IT IS ONLY AVAILABLE FOR DEVELOPERS IF YOU WANT SO WE CAN MAKE A BLOG ABOUT IT.

LET’S START WITH SOME CODING PART

Mojo is designed as a superset of Python, so many language features you are familiar with and the concepts you know in Python translate directly to Mojo. For instance, a "Hello World" program in Mojo looks exactly as it does in Python:


OUTPUT


And we can import our favorite libraries of Python in Mojo too and use them similarly to Python.


Basic systems programming extensions in Mojo

Systems programming is something to which Python is not well suited and where Mojo shines. Basic systems programming in Mojo is covered in this part.

1. Let and Var declarations

Similar to Python, you can give name values, and it implicitly creates a function-scope variable inside a function. This offers a very flexible and simple approach to writing code, but it also presents a challenge for two reasons:

1) Systems programmers often want to declare an immutable value.

2) Systems programmers want to get an error if they mistype a variable name in an assignment.

To support this, Mojo supports `let` and `var` declarations, which introduce a new scoped runtime value: `let` is immutable, and `var` is mutable.

For example:-


OUTPUT:- 3

Example 2:-


OUTPUT:- 1.0

STRUCT TYPE IN MOJO

Low-level data layout controls, indirection-free field access, and other techniques can be built upon in modern systems programming to create high-level and secure abstractions. The struct type is offered by Mojo in this regard.

In many aspects, classes and struct types are comparable. Classes, on the other hand, have dynamic dispatch, monkey-patching (also known as dynamic method "swizzling"), and dynamically bound instance properties, whereas structs are static, bound at compilation time, and embedded within their container rather than inherently indirect and reference counted.

Example:-





That’s all for today we’ll get back to it as soon as possible

Thank you

COMPUTER NETWORKING FOR CCNA SUBNETTING PART 5

 SUBNETTING

What is subnetting:-

  • Breaking the Network into small parts 
  •  & Stop wastage of hosts

Subnetting in Computer Networks

The topic of subnetting in computer networks will be covered in this tutorial. The most important idea we will learn about today is subnetting, which is the first thing we must understand while studying computer networks. Subnetting, the most crucial concept, will aid in reducing or spreading the pressure brought on by the networks' high load. Let's quickly go over the idea of subnetting now.

Let's now look at what Subnetting is. However, before we delve into the Subnetting notion, let's have a look at how Computer Networks use the term.

The network layer includes subnetting. It is the responsibility of the network layer to partition the received message into distinct parts and processes. The network layer is sometimes referred to as the brain of computer networks.

The basic idea of the Concept 

When the IP (Internet Protocol) system was first introduced, there were fewer people online, making it easier to find a network and send data to it. Due to the increase in internet users, sending a data packet to the desired machine in a network is becoming increasingly difficult. Once a network is big enough to serve an organization, network performance becomes a big problem.

An organization can use IP subnets (smaller broadcast domains, etc.) to conceptually or physically segment bigger networks (firewalls, etc.). In other words, routers use subnets as a basis for their routing decisions. In this post, we'll learn more about these concepts.

Introduction to Subnetting


A computer networking method known as subnetting is used to segment a large IP network into smaller subnetworks known as subnets. The main goals of this are to increase network management effectiveness and optimize address distribution.

Subnetting's main objective is to increase the utility of IP addresses. A network without subnetting would only be able to use one broadcast domain, which might not be feasible or effective, especially in big networks. Organizations can allocate IP addresses more effectively and efficiently by segmenting a network into subnets.


Purpose of Subnetting in Computer Networks

Subnetting serves several important purposes in computer networks, contributing to improved efficiency, scalability, security, and management. Here are the key purposes of subnetting:

1.) Efficient IP Address Utilization: Subnetting allows for the efficient utilization of IP addresses. By dividing a network into smaller subnets, organizations can allocate IP addresses more precisely based on their actual needs. This prevents wastage of IP address space, especially in larger networks, where assigning a single IP address to each device would be impractical.

2.) Enhanced Network Performance: Subnetting improves network performance by reducing broadcast traffic and containing network communications within specific subnets. Broadcast messages, such as ARP (Address Resolution Protocol) requests, are limited to the devices within the same subnet, preventing unnecessary network-wide broadcasts. This helps in minimizing network congestion and improving overall performance.

3.) Improved Network Security: Subnetting enhances network security by creating logical boundaries between different departments, divisions, or security zones. Each subnet can be treated as a separate broadcast domain, allowing for the implementation of more granular security policies. Access control and traffic filtering can be applied at the subnet level, reducing the potential impact of security breaches.

4.) Scalability and Flexibility: Subnetting provides scalability and flexibility in network design. As networks grow or change, subnetting allows for the addition of new subnets and devices without requiring a complete reconfiguration of the entire network. It facilitates easy expansion and adaptation to changing network requirements, supporting the growth of organizations and their evolving network needs.

5.) Simplified Network Management: Subnetting simplifies network management by logically grouping devices based on their location, function, or department. Network administrators can apply specific configurations, policies, and monitoring at the subnet level, making network management more efficient. Troubleshooting and administration tasks are simplified as administrators can focus on specific subnets rather than the entire network.

6.) Routing Efficiency: Subnetting enables efficient routing within a network. By dividing a large network into smaller subnets, routers can make more targeted routing decisions based on the destination subnet. This reduces the size of routing tables and improves the efficiency of routing protocols.

In summary, subnetting plays a vital role in computer networks by optimizing IP address utilization, enhancing network performance and security, facilitating scalability and flexibility, simplifying network management, and improving routing efficiency. It is an essential technique for designing and managing modern networks effectively.

The Subnetting Process :-

The process of subnetting involves dividing a network into smaller subnetworks or subnets. Subnetting allows for efficient use of IP address space, network segmentation, and improved network management. Here's a step-by-step guide to the subnetting process:

1. Determine the Required Number of Subnets: Start by identifying the number of subnets you need for your network. This decision is based on factors such as network size, organizational requirements, and future scalability. Consider how many separate segments you need to create within your network.

2. Determine the Required Number of Hosts per Subnet: Next, determine the number of hosts (devices or systems) you need in each subnet. This will help you determine the subnet size or the number of assignable IP addresses required in each subnet. Keep in mind that each subnet requires a network address and a broadcast address, leaving the remaining addresses for host assignment.

3. Choose a Subnet Mask: Select an appropriate subnet mask that allows for the required number of subnets and hosts per subnet. The subnet mask defines the network portion and the host portion of the IP address. It is represented as a series of binary bits or dotted decimal notation (e.g., 255.255.255.0 for a subnet with 24 bits). The subnet mask is usually represented alongside the IP address, such as 192.168.0.0/24.

4. Calculate the Subnet Bits: Determine the number of subnet bits required based on the number of subnets you determined in step 1. To calculate the subnet bits, count the number of subnet bits needed to represent the required number of subnets. The formula is 2^N, where N is the number of subnet bits. Find the smallest value of N that satisfies your requirements.

5. Calculate the Host Bits: Determine the number of host bits required based on the number of hosts per subnet you determined in step 2. To calculate the host bits, count the number of host bits needed to represent the required number of hosts. The formula is 2^N - 2, where N is the number of host bits. Subtract 2 because the network address and broadcast address are reserved and cannot be assigned to hosts.

6. Determine the Subnet IDs: Start subnetting by assigning subnet IDs. Begin with the default network address and increment by the subnet increment value, which is calculated by the subnet bits. Each subnet ID represents the starting address of a subnet.

7. Assign IP Addresses: Within each subnet, assign IP addresses to the hosts. Start with the first assignable address (after the network address) and increment by 1 for each subsequent host. The last address in each subnet is reserved for the broadcast address.

8. Verify and Test: After subnetting, verify the correctness of your subnet design and test network connectivity within and between subnets. Ensure that routing tables and network configurations are properly updated to accommodate the new subnet structure.

Remember that subnetting requires careful planning and consideration of network requirements. It's important to allocate sufficient IP address space and choose appropriate subnet masks to accommodate future growth and ensure efficient network operation.

The benefits of subnetting

The following is a list of the benefits of subnetting:

1. It gives one network security from another network. For instance, in an organization, another department cannot access the developer department's code.

2. It's possible that one subnet requires a greater network priority than another. A sales department might be required to host webcasts or video conferences, for instance.

3. Maintenance is simple for small networks.

Disadvantages of Subnetting

The disadvantages of Subnetting are mentioned below:
  • In the case of a single network, only three steps are required to reach a Process i.e. Source Host to Destination Network, Destination Network to Destination Host, and then Destination Host to Process.
  • In the case of a Single Network only two IP addresses are wasted to represent Network Id and Broadcast address but in the case of Subnetting two IP addresses are wasted for each Subnet.
  • The cost of the overall Network also increases. Subnetting requires internal routers, Switches, Hubs, Bridges, etc. which are very costly.

An IP address is split into its network address and host address via subnetting.

The split address may then be further divided into units using the subnet mask approach, and those units can be assigned to different network devices.


Here, X refers to the Host ID. This is the only thing that gets changed in the Internet Protocol Address

Now, we are going to learn how these subnets provide different addresses to different devices and also the process of subnetting in computer networks. So, by this example, we would easily understand the working of the Subnet.

We are going to learn how Subnets are formed for Internet Protocol version 4 (IPv4) Addressing.

The IPv4 Addressing has five different classes. They are:

  • Class A Network
  • Class B Network
  • Class C Network
  • Class D Network
  • Class E Network

The total number of Internet Protocol Addresses (IP Address) gives the total number of Subnets that can be formed by using a network.

  • Class A has 24 Host ID Bits
  • Class B has 16 Host ID Bits
  • Class C has 8 Host ID Bits

The number of usable IP Addresses that can be created is

  • The total number of IP Addresses creatable = 2 The total number of Host ID Bits - 2.
  • Class A Network can have 224 - 2
  • Class B Network can have 216 - 2
  • Class C Network can have 28 - 2
  • Class D and Class E do not contribute to IP Address creation.
  • Class D is used for multicasting purposes
  • Class E is used for Address Range Calculator
They are saved for future purposes.


There are Two types of subnetting  –

FLSM – Fixed length subnetting mask

VLSM – variable length subnetting mask ( for ip v6 )

 FLSM:-

Fixed Length Subnetting Mask (FLSM) refers to a subnetting technique in computer networking where all subnets within a network have the same subnet mask. In FLSM, the subnet mask remains constant throughout the network and is not varied for different subnets.

To understand FLSM, let's consider an example. Suppose we have the IP address 192.168.0.0/24, which represents a network with a subnet mask of 255.255.255.0. In this case, the /24 denotes that the first 24 bits of the 32-bit IP address are fixed, representing the network portion, while the remaining 8 bits are available for host addresses.

With FLSM, if we divide this network into smaller subnets, each subnet will have the same subnet mask of 255.255.255.0. For instance, if we divide the network into four equal subnets, each subnet will have the following network ranges:

1. Subnet 1: 192.168.0.0/24 (First subnet with the same network address and subnet mask)

   - Usable IP range: 192.168.0.1 to 192.168.0.254

   - Broadcast address: 192.168.0.255

2. Subnet 2: 192.168.1.0/24 (Second subnet with the same network address and subnet mask)

   - Usable IP range: 192.168.1.1 to 192.168.1.254

   - Broadcast address: 192.168.1.255

3. Subnet 3: 192.168.2.0/24 (Third subnet with the same network address and subnet mask)

   - Usable IP range: 192.168.2.1 to 192.168.2.254

   - Broadcast address: 192.168.2.255

4. Subnet 4: 192.168.3.0/24 (Fourth subnet with the same network address and subnet mask)

   - Usable IP range: 192.168.3.1 to 192.168.3.254

   - Broadcast address: 192.168.3.255

As you can see, in FLSM, the subnet mask remains consistent across all subnets, making it easy to manage and configure routing tables. However, it may result in inefficient utilization of IP addresses when subnets have significantly different numbers of hosts.

It's worth noting that Fixed Length Subnetting Mask is different from Variable Length Subnetting Mask (VLSM), where subnets can have different subnet masks to accommodate varying numbers of hosts per subnet. VLSM allows for more efficient allocation of IP addresses but can be more complex to configure and manage.

VLSM:-

Subnets inside a network can have multiple subnet masks thanks to the computer networking subnetting technology known as Variable Length Subnet Mask (VLSM).Unlike Fixed Length Subnet Mask (FLSM), VLSM allows for more efficient utilization of IP addresses by allocating subnet masks according to the specific requirements of each subnet.

To understand VLSM, let's consider an example. Suppose we have the IP address 192.168.0.0/24, representing a network with a subnet mask of 255.255.255.0. With VLSM, we can divide this network into subnets of different sizes, each with its own subnet mask.

For instance, let's say we need four subnets with varying numbers of hosts:

1. Subnet 1: Requires 30 hosts

   - Subnet mask: /27 (255.255.255.224)

   - Usable IP range: 192.168.0.1 to 192.168.0.30

   - Broadcast address: 192.168.0.31

2. Subnet 2: Requires 12 hosts

   - Subnet mask: /28 (255.255.255.240)

   - Usable IP range: 192.168.0.33 to 192.168.0.46

   - Broadcast address: 192.168.0.47

3. Subnet 3: Requires 6 hosts

   - Subnet mask: /29 (255.255.255.248)

   - Usable IP range: 192.168.0.49 to 192.168.0.54

   - Broadcast address: 192.168.0.55

4. Subnet 4: Requires 50 hosts

   - Subnet mask: /26 (255.255.255.192)

   - Usable IP range: 192.168.0.65 to 192.168.0.126

   - Broadcast address: 192.168.0.127

In VLSM, we allocate subnet masks according to the number of hosts required in each subnet. This allows for efficient utilization of IP addresses by allocating smaller subnets for smaller requirements and larger subnets for larger requirements.

VLSM provides more flexibility and optimal use of IP addresses compared to FLSM. However, it can introduce complexity in managing and configuring routing tables, as each subnet may have a different subnet mask. Therefore, proper planning and documentation are crucial when implementing VLSM.

IPv4 - Subnetting

Each IP class has a unique default subnet mask that restricts that IP class to having a defined number of networks and fixed numbers of hosts per network. Being able to have fewer hosts per network or more networks per IP class is not possible with classful IP addressing.

The flexibility of employing bits from the IP address's host portion as a network within a network, or subnet, is made possible by CIDR, or classless inter-domain routing. It is possible to create smaller sub-networks via subnetting utilizing a single Class A IP address, which improves network administration capabilities.

Class A Subnets

Only the first octet of the Class A network identifier (i.e., 16777214 hosts per network) is used as the network identifier. Bits from the host component are taken and used to create additional subnets in Class A, and the subnet mask is adjusted as necessary.

For instance, if one MSB (Most Significant Bit) is added to the network address and one MSB is taken from the host bits of the second octet, two subnets (21=2) with a total of (223-2) 8388606 hosts are created.

In accordance with subnetting, the Subnet mask is modified. Here is a list of all potential Class A subnet combinations.


In the case of subnetting too, the very first and last IP address of every subnet is used for Subnet Number and Subnet Broadcast IP address respectively. Because these two IP addresses cannot be assigned to hosts, sub-netting cannot be implemented by using more than 30 bits as Network Bits, which provides less than two hosts per subnet.

Class B Subnets

With Classful Networking, the default configuration uses 14 bits for the network, resulting in (214) 16384 networks and (216-2) 65534 hosts. The same method used to subnet Class A addresses—borrowing bits from the host bits—can also be used to subnet Class B IP addresses. All potential combinations of Class B subnetting are shown here.

Class C Subnets

Due to the restriction on the number of hosts it can contain, Class C IP addresses are often only given to very tiny networks. The full range of subnetted Class B IP address combinations are listed below.

FLSM SUBNETTING  ( IP V4 ) :-

The formula of subnetting  :-

No of network = 2m

No of host = 2n

M = current subnet length – default subnet length

N = 32 – current subnet length

EX - 192.168.10.0 / 24 

In this ip 24 is  Subnet length/default subnet length   


We are utilizing generate the Broadcast Address and Usable Range of the New Subnets, one of many formulae and guidelines used to generate subnets.

The broadcast address and the usable range for the new subnets can be rapidly determined if the network address of the potential new subnets is established.

CLASS C SUBNETTING  :-

192.168.10.0/26

No of network = 2m

m = current subnet length  - default

m = 26-24 =  2

No of host = 2n

N =  32 – current subnet length = 32-26 =6

2n = 26 = 64

In 192.168.10.0 we have 2 networks and 64 host

SUBNETTING OF 4TH OCTATE  in class C :-

-         Network ID + no of host

-         First IP + 1

-         In BIP – 1 from NID next block size

-         Last IP -1 from BIP


EX - 200.200.200.0 / 28

n/w = 2m                                             host  = 2n

m = 28 – 24                                         n = 32-28

2m = 24                                                   =4

2m = 16                                                   2n = 2= 16



-         255 in the last octate – broadcast address

-         0 in last octate – network 

CLASS B SUBNETTING  :-

3rd-octave subnetting
  • IN CLASS B AND A WE HAVE A BIG NUMBER OF HOSTS SO WE HAVE TO USE BLOCK SIZE VALUE AS A HOST

BLOCK SIZE FORMULA:-

1 – ON BITS

0 – OFF BITS

BLOCK SIZE = 2 OFF BITS


  • 178.150.0.0/19
Number of network 2m = 23 = 8

19 – 16

3

Host = 2n = 213 = 8192

32 -19 = 13

  • Now u can see we have 8192 hosts now we have to use block size as host number
  • We have 0 in 3rd octate and subnet mask of this octate is 224 and binary of 224 is 11100000
  • If u dont know how to convert decimal to binary you can check

Part 4

  •  We need only off bits and we have 5 off bits 25 is 32.

Subnet mask- 255.255.254.0

Another example :-

178.150.0.0/22

N / W = 2M

M = 22-16

M = 6

2m = 64

 

N/H = 24

N = 32-22

N = 10

1024

Block size = 2 off bits 

= 22

= 4


255.255. 11111100. 00000000

255.255.252.0  - subnet mask 


4TH OCTAVE SUBNETTING :-

170.180.0.0/28

2m  = 28 -16 = 12 = 212 = 4096

2n = 32-28 = 4 = 16


A subnet mask of 170.180.0.0 is 255.255.255.240

And block size is 24

CLASS A SUBNETTING :-

10.0.0.0/14

2m  = 14 – 8 = 26 = 64

2n = 32- 14 = 2 16 = 65,536

Block size 22 = 4

subnet mask 255.255.0.0

EX . 10.0.0.0/20

2m = 20 -8 = 212 = 4096

2n = 32-20 = 212 = 4096

Block size = 24 = 16