Linux Tutorial and something else…..
I don't know what's the matter with people: they don't learn by understanding, they learn by some other way — by rote or something. Their knowledge is so fragile! (Feynman)
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 213.136.72.1 0.0.0.0 UG 0 0 0 eth0
213.136.72.0. 0.0.0.0. 255.255.255.0. U 0 0 0. eth0
Remove from static table route this to permit to reach the internal network ip always passing through the closed router
ip route del 213.136.72.0/24 via 0.0.0.0 dev eth0
[root@mail ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 213.136.72.1 0.0.0.0 UG 0 0 0 eth0
Le macchine virtuali sono fatte per collegarsi a differenti tipi di connessione LAN. In genere, in ambito domestico o delle piccole e medie imprese, vengono utilizzate solo per andare su Internet o far parte della rete locale. Per gli smanettoni o i tecnici, invece, può essere necessario creare una rete virtuale interna per effettuare esperimenti con i protocolli e le impostazioni. Insomma, c’è molta versatilità su questo aspetto. Ecco perché VirtualBox, offre diversi tipi di rete:
Il servizio NAT è incluso in tutti i router/modem. Non fa altro che prendere tutte le connessioni dai vari computer e farle passare per una connessione unica, con un unico indirizzo IP. Perciò puoi avere una o più macchine virtuali che navigano su internet senza vedersi tra loro (ognuna di esse è in una rete isolata). In VirtualBox è la modalità predefinita e funziona con l’assegnazione di un DHCP al sistema operativo Guest.
Permette la creazione di una rete tra macchine virtuali, ma sempre con tecnologia NAT.
Bridge in italiano si traduce letteralmente come “ponte”. VirtualBox fa, quindi, semplicemente da ponte tra la macchina virtuale e la rete locale. Dunque, la macchina Guest sarà collegata alla rete come qualsiasi altro computer fisico e potrà interfacciarsi con gli altri dispositivi in rete senza problemi. Ovviamente, dovrà essere configurato come un dispositivo fisico in rete (indirizzi IP, DNS, etc).
VirtualBox permette di creare una rete interna, privata e non visibile dall’esterno. Ciò permette di avere dei server di prova con servizi come il DHCP, Active Directory, DNS, etc. Questa funzionalità garantisce il dialogo tra le macchine virtuali anche se l’Host non è collegato a nessuna rete. Infatti, le VM non possono dialogare tra loro in bridged se non c’è collegamento ad una vera rete. La “intnet”, invece, funziona sempre. Ovviamente in questo caso bisogna autoassegnarsi degli indirizzi o utilizzare un Server DHCP.
La rete di soli host è una rete interna in cui tutte le VM sono collegate tra loro (proprio come nella intnet), ma anche l’host è collegato ad essa. In questo caso vi è un’assegnazione di indirizzi IP data in automatico da VirtualBox stesso.
L’opzione NAT, come abbiamo già visto, permette ad una macchina virtuale di funzionare proprio come un computer connesso ad un router che esce su Internet. Se, però, volessimo inoltrare dei pacchetti ad una porta è possibile farlo. Un po’ come quando si aprono le porte sul router (ad esempio la 80) e si può accedere al server web tramite l’Indirizzo IP pubblico. Solo che, in questo caso, accedendo all’indirizzo host (ad es. 192.168.1.100:80) avremo un forwarding alla porta 80 della macchina virtuale.
Caching name servers using ‘Unbound‘ ( is a validating, recursive, and caching DNS server software ), back in RHEL/CentOS 6.x (where x is version number), we used bind software to configure DNS servers.
Here in this article, we are going to use ‘unbound‘ caching software to install and configure a DNS Server in RHEL/CentOS 7 systems.
Setup Cahing DNS Server in RHEL/CentOS 7
DNS cache servers are used to resolve any DNS query they receive. If the server caches the query and in future the same queries requested by any clients the request will be delivered from DNS ‘unbound‘ cache, this can be done in milliseconds than the first time it resolved.
Caching will only act as a agent to resolve the query of client from any one of the forwarders. Using caching server, will reduce the loading time of webpages by keeping the cache database in unbound server.
Operating System : CentOS Linux release 7.0.1406 (Core) IP Address : 192.168.0.50 Host-name : ns.tecmintlocal.com
Operating System : CentOS 6 IP Address : 192.168.0.100 Host-name : client.tecmintlocal.com
1. Before setting up a caching DNS server, make sure that you’ve added correct hostname and configured correct static IP address for your system, if not set the system static IP address.
2. After, setting correct hostname and static IP address, you can verify them with the help of following commands.
# hostnamectl # ip addr show | grep inet
Check IP Address
3. Before installing ‘Unbound’ package, we must update the our system to latest version, after that we can install the unbound package.
# yum update -y # yum install unbound -y
Install Unbound DNS Package
4. After package has been installed, make a copy of the unbound configuration file before making any changes to original file.
# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original
5. Next, use any of your favorite text editor to open and edit ‘unbound.conf‘ configuration file.
# vim /etc/unbound/unbound.conf
Copy Unbound DNS Configuration
Once the file is opened for editing, make the following changes:
Search for Interface and enable the interface which we going to use or if our server have multiple interfaces we have to enable the interface 0.0.0.0.
Here Our server IP was 192.168.0.50, So, i’am going to use unbound in this interface.
Interface 192.168.0.50
Search for the following string and make it ‘Yes‘.
do-ip4: yes do-udp: yes do-tcp: yes
To enable the log, add the variable as below, it will log every unbound activities.
logfile: /var/log/unbound
Enable following parameter to hide id.server and hostname.bind queries.
hide-identity: yes
Enable following parameter to hide version.server and version.bind queries.
hide-version: yes
Then search for access-control to allow. This is to allow which clients are allowed to query this unbound server.
Here I have used 0.0.0.0, that means anyone send query to this server. If we need to refuse query for some range of network we can define which network need to be refuse from unbound queries.
access-control: 0.0.0.0/0 allow
Note: Instead of allow, we can replace it with allow_snoop this will enable some additional parameters like dig and it support both recursive and non recursive.
Then search for domain-insecure. If our domain is works with DNS sec keys, we need to define our server available for domain-insecure. Here our domain will be treated as insecure.
domain-insecure: "tecmintlocal.com
Then change the forwarders for our requested query not fulfilled by this server it will forward to root domain (. ) and resolve the query.
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
Finally, save and quit the configuration file using wq!.
6. After making the above configuration, now verify the unbound.conf file for any errors using the following command.
# unbound-checkconf /etc/unbound/unbound.conf
Check Unbound DNS Configuration
7. After file verification over without any errors, you can safely restart the ‘unbound’ service and enable it at system startup.
# systemctl start unbound.service # sudo systemctl enable unbound.service
Start Unbound DNS Service
8. Now it’s time to check our DNS cache, by doing a ‘drill’ (query) one ‘india.com‘ domain. At first the ‘drill‘ command results for ‘india.com‘ domain will take some milliseconds, and then do a second drill and have a note on Query time it takes for both drills.
drill india.com @192.168.0.50
Check DNS Cache Locally
Did you see in the above output, the first query taken almost 262 msec to resolve and the second query takes 0 msec to resolve domain (india.com).
That means, the first query gets cached in our DNS Cache, so when we run ‘drill’ second time the query served from our local DNS cache, this way we can improve loading speed of websites.
9. We can’t use both iptables and firewalld at same time on same machine, if we do both will conflict with each other, thus removing ipables rules will be a good idea. To remove or flush the iptables, use the following command.
# iptables -F
10. After removing iptables rules permanently, now add the DNS service to firewalld list permanently.
# firewall-cmd --add-service=dns # firewall-cmd --add-service=dns --permanent
11. After adding DNS service rules, list the rules and confirm.
# firewall-cmd --list-all
Add DNS to Firewalld
12. To get the current server status, use the following command.
# unbound-control status
Check Unbound DNS Status
13. If in-case you would like to have a dump of a DNS cache information in a text file, you can redirect it to some file using below command for future use.
# unbound-control dump_cache > /tmp/DNS_cache.txt
Backup DNS Cache
14. To restore or import the cache from the dumped file, you can use following command.
# unbound-control dump_cache < /tmp/DNS_cache.txt
Restore DNS Cache
15. To check whether the specific address was resolved by our forwarders in unbound cache Server, use the below command.
# unbound-control lookup google.com
Check DNS Lookup
16. Some times if our DNS cache server will not reply our query, in mean time we can use to flush the cache to remove information such as A, AAA, NS, SO, CNAME, MX, PTR etc.. records from DNS cache. We can remove all information using flush_zone this will remove all informations.
# unbound-control flush www.digitalocean.com # unbound-control flush_zone tecmintlocal.com
17. To check which forwards are currently used to resolve.
# unbound-control list_forwards
Check Current DNS Forwards
18. Here I’ve used a CentOS 6 server as my client machine, IP for this machine is 192.168.0.100 and I’m going to use my unbound DNS server IP (i.e Primary DNS) in it’s interface configuration.
Log-into the Client machine and set the Primary DNS server IP to our unbound server’s IP.
Run the setup command and choose network configuration from TUI network manager.
Then choose DNS configuration, insert the unbound DNS server’s IP as Primary DNS, but here i have used both in Primary and Secondary because I don’t have any other DNS server.
Primary DNS : 192.168.0.50 Secondary DNS : 192.168.0.50
Select Network Configuration
Select DNS Configuration
Enter DNS IP Address
Click OK –> Save&Quit –> Quit.
19. After adding Primary and Secondary DNS IP addresses, now it’s time to restart the network using following command.
# /etc/init.d/network restart
Restart Network
20. Now time to access any one of the website from client machine and check for the cache in unbound DNS server.
# elinks aol.com # dig aol.com
Check Website
Query Website
# unbound-control-setup setup in directory /etc/unbound generating unbound_server.key Generating RSA private key, 1536 bit long modulus .................++++ .........++++ e is 65537 (0x10001) generating unbound_control.key Generating RSA private key, 1536 bit long modulus .........++++ ..................................++++ e is 65537 (0x10001) create unbound_server.pem (self signed certificate) create unbound_control.pem (signed client certificate) Signature ok subject=/CN=unbound-control Getting CA Private Key Setup success. Certificates created. Enable in unbound.conf file to use
# unbound-checkconf unbound-checkconf: no errors in /etc/unbound/unbound.conf
Earlier we were used to setup DNS cache server using bind package in RHEL and CentOS systems. Now, we have seen how to setup a DNS cache server using unbound package. Hope this will resolve your query request quicker than the bind pacakge.
This post mentions some linux command line tools that can be used to monitor the network usage. These tools monitor the traffic flowing through network interfaces and measure the speed at which data is currently being transferred. Incoming and outgoing traffic is shown separately.
Some of the commands, show the bandwidth used by individual processes. This makes it easy to detect a process that is overusing network bandwidth.
The tools have different mechanisms of generating the traffic report. Some of the tools like nload read the “/proc/net/dev” file to get traffic stats, whereas some tools use the pcap library to capture all packets and then calculate the total size to estimate the traffic load.
Here is a list of the commands, sorted by their features.
1. Overall bandwidth - nload, bmon, slurm, bwm-ng, cbm, speedometer, netload 2. Overall bandwidth (batch style output) - vnstat, ifstat, dstat, collectl 2. Bandwidth per socket connection - iftop, iptraf, tcptrack, pktstat, netwatch, trafshow 3. Bandwidth per process - nethogs
Nload is a commandline tool that allows users to monitor the incoming and outgoing traffic separately. It also draws out a graph to indicate the same, the scale of which can be adjusted. Easy and simple to use, and does not support many options.
So if you just need to take a quick look at the total bandwidth usage without details of individual processes, then nload will be handy.
$ nload
Installing Nload – Fedora and Ubuntu have got it in the default repos. CentOS users need to get nload from Epel repositories.
# fedora or centos $ yum install nload -y # ubuntu/debian $ sudo apt-get install nload
Iftop measures the data flowing through individual socket connections, and it works in a manner that is different from Nload. Iftop uses the pcap library to capture the packets moving in and out of the network adapter, and then sums up the size and count to find the total bandwidth under use.
Although iftop reports the bandwidth used by individual connections, it cannot report the process name/id involved in the particular socket connection. But being based on the pcap library, iftop is able to filter the traffic and report bandwidth usage over selected host connections as specified by the filter.
$ sudo iftop -n
The n option prevents iftop from resolving ip addresses to hostname, which causes additional network traffic of its own.
Install iftop – Ubuntu/Debian/Fedora users get it from default repos. CentOS users get it from Epel.
# fedora or centos yum install iftop -y # ubuntu or debian $ sudo apt-get install iftop
Iptraf is an interactive and colorful IP Lan monitor. It shows individual connections and the amount of data flowing between the hosts. Here is a screenshot
$ sudo iptraf
Install iptraf
# Centos (base repo) $ yum install iptraf # fedora or centos (with epel) $ yum install iptraf-ng -y # ubuntu or debian $ sudo apt-get install iptraf iptraf-ng
Nethogs is a small ‘net top’ tool that shows the bandwidth used by individual processes and sorts the list putting the most intensive processes on top. In the event of a sudden bandwidth spike, quickly open nethogs and find the process responsible. Nethogs reports the PID, user and the path of the program.
$ sudo nethogs
Install Nethogs – Ubuntu, Debian, Fedora users get from default repos. CentOS users need Epel
# ubuntu or debian (default repos) $ sudo apt-get install nethogs # fedora or centos (from epel) $ sudo yum install nethogs -y
Bmon (Bandwidth Monitor) is a tool similar to nload that shows the traffic load over all the network interfaces on the system. The output also consists of a graph and a section with packet level details.
Install Bmon – Ubuntu, Debian and Fedora users can install from default repos. CentOS users need to setup repoforge, since its not available in Epel.
# ubuntu or debian $ sudo apt-get install bmon # fedora or centos (from repoforge) $ sudo yum install bmon
Bmon supports many options and is capable of producing reports in html format. Check the man page for more information
Slurm is ‘yet’ another network load monitor that shows device statistics along with an ascii graph. It supports 3 different styles of graphs each of which can be activated using the c, s and l keys. Simple in features, slurm does not display any further details about the network load.
$ slurm -s -i eth0
Install slurm
# debian or ubuntu $ sudo apt-get install slurm # fedora or centos $ sudo yum install slurm -y
Tcptrack is similar to iftop, and uses the pcap library to capture packets and calculate various statistics like the bandwidth used in each connection. It also supports the standard pcap filters that can be used to monitor specific connections.
Install tcptrack – Ubuntu, Debian and Fedora have it in default repos. CentOS users need to get it from RepoForge as it is not available in Epel either.
# ubuntu, debian $ sudo apt-get install tcptrack # fedora, centos (from repoforge repository) $ sudo yum install tcptrack
Vnstat is bit different from most of the other tools. It actually runs a background service/daemon and keeps recording the size of data transfer all the time. Next it can be used to generate a report of the history of network usage.
$ service vnstat status * vnStat daemon is running
Running vnstat without any options would simply show the total amount of data transfer that took place since the date the daemon is running.
$ vnstat
Database updated: Mon Mar 17 15:26:59 2014
eth0 since 06/12/13
rx: 135.14 GiB tx: 35.76 GiB total: 170.90 GiB
monthly
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Feb '14 8.19 GiB | 2.08 GiB | 10.27 GiB | 35.60 kbit/s
Mar '14 4.98 GiB | 1.52 GiB | 6.50 GiB | 37.93 kbit/s
------------------------+-------------+-------------+---------------
estimated 9.28 GiB | 2.83 GiB | 12.11 GiB |
daily
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
yesterday 236.11 MiB | 98.61 MiB | 334.72 MiB | 31.74 kbit/s
today 128.55 MiB | 41.00 MiB | 169.56 MiB | 24.97 kbit/s
------------------------+-------------+-------------+---------------
estimated 199 MiB | 63 MiB | 262 MiB |
To monitor the bandwidth usage in realtime, use the ‘-l’ option (live mode). It would then show the total bandwidth used by incoming and outgoing data, but in a very precise manner without any internal details about host connections or processes.
$ vnstat -l -i eth0 Monitoring eth0... (press CTRL-C to stop) rx: 12 kbit/s 10 p/s tx: 12 kbit/s 11 p/s
Vnstat is more like a tool to get historic reports of how much bandwidth is used everyday or over the past month. It is not strictly a tool for monitoring the network in real time.
Vnstat supports many options, details about which can be found in the man page.
Install vnstat
# ubuntu or debian $ sudo apt-get install vnstat # fedora or centos (from epel) $ sudo yum install vnstat
Bwm-ng (Bandwidth Monitor Next Generation) is another very simple real time network load monitor that reports a summary of the speed at which data is being transferred in and out of all available network interfaces on the system.
$ bwm-ng
bwm-ng v0.6 (probing every 0.500s), press 'h' for help input: /proc/net/dev type: rate / iface Rx Tx T ot========================================================================== == eth0: 0.53 KB/s 1.31 KB/s 1.84 KB lo: 0.00 KB/s 0.00 KB/s 0.00 KB-------------------------------------------------------------------------- -- total: 0.53 KB/s 1.31 KB/s 1.84 KB/s
If the console size is sufficiently large, bwm-ng can also draw bar graphs for the traffic using the curses2 output mode.
$ bwm-ng -o curses2
Install Bwm-NG – On CentOS bwm-ng can be installed from Epel.
# ubuntu or debian $ sudo apt-get install bwm-ng # fedora or centos (from epel) $ sudo apt-get install bwm-ng
A tiny little simple bandwidth monitor that displays the traffic volume through network interfaces. No further options, just the traffic stats are display and updated in realtime.
$ sudo apt-get install cbm
Another small and simple tool that just draws out good looking graphs of incoming and outgoing traffic through a given interface.
$ speedometer -r eth0 -t eth0
Install speedometer
# ubuntu or debian users $ sudo apt-get install speedometer
Pktstat displays all the active connections in real time, and the speed at which data is being transferred through them. It also displays the type of the connection, i.e. tcp or udp and also details about http requests if involved.
$ sudo pktstat -i eth0 -nt
$ sudo apt-get install pktstat
Netwatch is part of the netdiag collection of tools, and it too displays the connections between local host and other remote hosts, and the speed at which data is transferring on each connection.
$ sudo netwatch -e eth0 -nt
$ sudo apt-get install netdiag
Like netwatch and pktstat, trafshow reports the current active connections, their protocol and the data transfer speed on each connection. It can filter out connections using pcap type filters.
Monitor only tcp connections
$ sudo trafshow -i eth0 tcp
$ sudo apt-get install netdiag
The netload command just displays a small report on the current traffic load, and the total number of bytes transferred since the program start. No more features are there. Its part of the netdiag.
$ netload eth0
$ sudo apt-get install netdiag
The ifstat reports the network bandwidth in a batch style mode. The output is in a format that is easy to log and parse using other programs or utilities.
$ ifstat -t -i eth0 0.5 Time eth0 HH:MM:SS KB/s in KB/s out 09:59:21 2.62 2.80 09:59:22 2.10 1.78 09:59:22 2.67 1.84 09:59:23 2.06 1.98 09:59:23 1.73 1.79
Install ifstat – Ubuntu, Debian and Fedora users have it in the default repos. CentOS users need to get it from Repoforge, since its not there in Epel.
# ubuntu, debian $ sudo apt-get install ifstat # fedora, centos (Repoforge) $ sudo yum install ifstat
Dstat is a versatile tool (written in python) that can monitor different system statistics and report them in a batch style mode or log the data to a csv or similar file. This example shows how to use dstat to report network bandwidth
$ dstat -nt -net/total- ----system---- recv send| time 0 0 |23-03 10:27:13 1738B 1810B|23-03 10:27:14 2937B 2610B|23-03 10:27:15 2319B 2232B|23-03 10:27:16 2738B 2508B|23-03 10:27:17
Install dstat
$ sudo apt-get install dstat
Collectl reports system statistics in a style that is similar to dstat, and like dstat it is gathers statistics about various different system resources like cpu, memory, network etc. Over here is a simple example of how to use it to report network usage/bandwidth.
$ collectl -sn -oT -i0.5 waiting for 0.5 second sample... # <----------Network----------> #Time KBIn PktIn KBOut PktOut 10:32:01 40 58 43 66 10:32:01 27 58 3 32 10:32:02 3 28 9 44 10:32:02 5 42 96 96 10:32:03 5 48 3 28
Install Collectl
# Ubuntu/Debian users $ sudo apt-get install collectl #Fedora $ sudo yum install collectl
Those were a few handy commands to quickly check the network bandwidth on your linux server. However these need the user to login to the remote server over ssh. Alternatively web based monitoring tools can also be used for the same task.
Ntop and Darkstat are some of the basic web based network monitoring tools available for Linux. Beyond these lie the enterprise level monitoring tools like Nagios that provide a host of features to not just monitor a server but entire infrastructure.
| Address format |
Difference to last address |
Mask | Addresses | Relative to class A, B, C |
Restrictions | Typical use | |
|---|---|---|---|---|---|---|---|
| Decimal | 2n | ||||||
| a.b.c.d/32 | +0.0.0.0 | 255.255.255.255 | 1 | 20 | 1⁄256 C | Host route | |
| a.b.c.d/31 | +0.0.0.1 | 255.255.255.254 | 2 | 21 | 1⁄128 C | d = 0 … (2n) … 254 | Point to point links (RFC 3021) |
| a.b.c.d/30 | +0.0.0.3 | 255.255.255.252 | 4 | 22 | 1⁄64 C | d = 0 … (4n) … 252 | Point to point links (glue network) |
| a.b.c.d/29 | +0.0.0.7 | 255.255.255.248 | 8 | 23 | 1⁄32 C | d = 0 … (8n) … 248 | Smallest multi-host network |
| a.b.c.d/28 | +0.0.0.15 | 255.255.255.240 | 16 | 24 | 1⁄16 C | d = 0 … (16n) … 240 | Small LAN |
| a.b.c.d/27 | +0.0.0.31 | 255.255.255.224 | 32 | 25 | ⅛ C | d = 0 … (32n) … 224 | |
| a.b.c.d/26 | +0.0.0.63 | 255.255.255.192 | 64 | 26 | ¼ C | d = 0, 64, 128, 192 | |
| a.b.c.d/25 | +0.0.0.127 | 255.255.255.128 | 128 | 27 | ½ C | d = 0, 128 | Large LAN |
| a.b.c.0/24 | +0.0.0.255 | 255.255.255.0 | 256 | 28 | 1 C | ||
| a.b.c.0/23 | +0.0.1.255 | 255.255.254.0 | 512 | 29 | 2 C | c = 0 … (2n) … 254 | |
| a.b.c.0/22 | +0.0.3.255 | 255.255.252.0 | 1,024 | 210 | 4 C | c = 0 … (4n) … 252 | Small business |
| a.b.c.0/21 | +0.0.7.255 | 255.255.248.0 | 2,048 | 211 | 8 C | c = 0 … (8n) … 248 | Small ISP/ large business |
| a.b.c.0/20 | +0.0.15.255 | 255.255.240.0 | 4,096 | 212 | 16 C | c = 0 … (16n) … 240 | |
| a.b.c.0/19 | +0.0.31.255 | 255.255.224.0 | 8,192 | 213 | 32 C | c = 0 … (32n) … 224 | ISP/ large business |
| a.b.c.0/18 | +0.0.63.255 | 255.255.192.0 | 16,384 | 214 | 64 C | c = 0, 64, 128, 192 | |
| a.b.c.0/17 | +0.0.127.255 | 255.255.128.0 | 32,768 | 215 | 128 C | c = 0, 128 | |
| a.b.0.0/16 | +0.0.255.255 | 255.255.0.0 | 65,536 | 216 | 256 C = B | ||
| a.b.0.0/15 | +0.1.255.255 | 255.254.0.0 | 131,072 | 217 | 2 B | b = 0 … (2n) … 254 | |
| a.b.0.0/14 | +0.3.255.255 | 255.252.0.0 | 262,144 | 218 | 4 B | b = 0 … (4n) … 252 | |
| a.b.0.0/13 | +0.7.255.255 | 255.248.0.0 | 524,288 | 219 | 8 B | b = 0 … (8n) … 248 | |
| a.b.0.0/12 | +0.15.255.255 | 255.240.0.0 | 1,048,576 | 220 | 16 B | b = 0 … (16n) … 240 | |
| a.b.0.0/11 | +0.31.255.255 | 255.224.0.0 | 2,097,152 | 221 | 32 B | b = 0 … (32n) … 224 | |
| a.b.0.0/10 | +0.63.255.255 | 255.192.0.0 | 4,194,304 | 222 | 64 B | b = 0, 64, 128, 192 | |
| a.b.0.0/9 | +0.127.255.255 | 255.128.0.0 | 8,388,608 | 223 | 128 B | b = 0, 128 | |
| a.0.0.0/8 | +0.255.255.255 | 255.0.0.0 | 16,777,216 | 224 | 256 B = A | Largest IANA block allocation | |
| a.0.0.0/7 | +1.255.255.255 | 254.0.0.0 | 33,554,432 | 225 | 2 A | a = 0 … (2n) … 254 | |
| a.0.0.0/6 | +3.255.255.255 | 252.0.0.0 | 67,108,864 | 226 | 4 A | a = 0 … (4n) … 252 | |
| a.0.0.0/5 | +7.255.255.255 | 248.0.0.0 | 134,217,728 | 227 | 8 A | a = 0 … (8n) … 248 | |
| a.0.0.0/4 | +15.255.255.255 | 240.0.0.0 | 268,435,456 | 228 | 16 A | a = 0 … (16n) … 240 | |
| a.0.0.0/3 | +31.255.255.255 | 224.0.0.0 | 536,870,912 | 229 | 32 A | a = 0 … (32n) … 224 | |
| a.0.0.0/2 | +63.255.255.255 | 192.0.0.0 | 1,073,741,824 | 230 | 64 A | a = 0, 64, 128, 192 | |
| a.0.0.0/1 | +127.255.255.255 | 128.0.0.0 | 2,147,483,648 | 231 | 128 A | a = 0, 128 | |
| 0.0.0.0/0 | +255.255.255.255 | 0.0.0.0 | 4,294,967,296 | 232 | 256 A |
In common usage