AppleTalk on the Urbana-Champaign Campus

This page contains technical information about appletalk on the Urbana-Champaign campus.

Note that AppleTalk will no longer be routed over the main UIUCnet network core after May 16, 2004.
For more info: http://www.cites.uiuc.edu/news/2003/appletalk-ipx.html

Table of Contents:
This paper is provided by the Network Design Office of CITES to help people understand and configure their equipment for use on the University of Illinois campus-wide AppleTalk network. If you have any questions please contact the CITES Help Desk.

Abstract -- This document is a basic guide to the AppleTalk networking protocol as it is used on the UIUC campus. The general uses of AppleTalk, security and configuration issues, and how to get connected to the larger campus AppleTalk network are discussed. The method of calculating AppleTalk addresses that is used on campus is explained. Definitions of many AppleTalk terms are provided in Appendix C.

AppleTalk at UIUC

AppleTalk is basically how Macintosh computers talk to each other, their file servers and their printers. Until about 1994, the use of AppleTalk at UIUC was limited to in-building networks. This meant that people who wanted to share Macintosh files, and were on different networks, had two choices. They could use "Sneaker-Net" (carrying floppy disks by hand from person to person), or one person could move the files to a mainframe so that another person could move them back to her Macintosh. It was also impossible to share a server or a printer between networks. Now that AppleTalk is routed on the campus backbone, all of this has changed.

While Apple is moving in the direction of using IP for all of the Macintosh communications, there will be a need for AppleTalk as long as departments have older computers and printers that they wish to use on the network. We will continue to route AppleTalk on the campus as needed.

It is possible to connect two or more AppleTalk networks with a device called a router. On campus, building networks are hooked together by routers that can route AppleTalk. The term "campus-wide AppleTalk" is used to refer to all of the building networks that currently have AppleTalk routed between them. The campus-wide AppleTalk network allows different networks to see each other's Macintosh networking setup. Fileservers, printers, and other network devices are visible from remote networks. The following examples illustrate how this can be used in our university setting:

  • A student sitting in Lincoln Hall can easily see a server in DCL, and read class files off of the server.
  • A professor in the Vivarium can print a copy of a memo to the printer in his secretary's office in Morrill Hall.
  • A masters student in Everitt Lab can leave a draft of her thesis on her advisor's hard drive in Beckman.

Many departments find that having AppleTalk routed over the backbone offers convenience to their staff and students. It makes it easier to share documents and also to work while out of the office.

Elements to be considered

AppleTalk is great, but there are some caveats when it is used in a large network like the campus-wide AppleTalk. There are network numbers that have to be coordinated, file server and workstation security problems to be addressed, printer access to control, and a Macintosh Operating System (OS) limitation.

Network Numbers

Each AppleTalk network has a network number, or range of numbers that has been assigned to it (for more detail see Appendix A). What this number is doesn't matter if you only have one network. However, the campus is made up of many small networks all hooked together, and each of these must have its own unique number.

If two networks that are on the campus-wide AppleTalk are using the same network number(s), it could cause problems for both networks and anyone trying to reach them. Because of this, CITES uses filters on the routers to ensure that you can't interfere with other networks. The filters keep any network information that CITES hasn't checked for compatibility from being seen on the network.

Server and Workstation Security

Fileservers usually have logins and passwords to keep people from accessing files that they shouldn't. Most file servers also come with some kind of guest access for people that don't have their own login. Guest accounts aren't bad if the Fileserver's administrator has restricted the access that the guest can have.

Unfortunately, the default privileges for the guest user (called "Guest") under System 7's Personal File Sharing is full read and write access to the entire hard drive.

  • Under System 7.0 and 7.0.1, turning on File Sharing also turns Guest on, and gives Guest full read and write access to the hard drive.

  • Under System 7.1, turning File Sharing on doesn't automatically turn Guest on, but turning Guest on gives Guest full access to everything. With full access, a guest can read any files, copy licensed software, and even erase files on the hard drive.

  • Under System 7.5 and later, the defaults are much more security-conscious. Just turning Guest on doesn't give the guests any rights; you must set the Guest rights by hand in the areas where you want them to have access.

Because of the differences in these default behaviors, network administrators are cautioned to educate all of their Macintosh users about File Sharing and guest access before asking for AppleTalk to be enabled for their network.

For information on desktop Macintosh security issues for the pre-OS X Macintoshes, see Macintosh-specific security .

Printer Security

Printer access is a smaller issue, usually only of interest to groups that have expensive color printers. Because all devices are visible over the campus-wide AppleTalk, it is possible to print to almost any printer on AppleTalk from any Macintosh on campus. It is possible to use hardware devices between the printer and the rest of the network to isolate them, but it isn't always practical. Printer access has not been a problem for most groups on campus.

System 6 Chooser Limitations

Macintosh System 6.0.x and earlier versions of the OS have a software limitation in the Chooser. The Chooser is the part of the Macintosh OS that allows the user to select what file server or printer to use. The amount of memory allocated to hold the list of zones and the list of devices in the Chooser was quite small in early versions of the Macintosh OS, and a very limited subsection of the zones can be viewed at any one time. There is no way to control which zones show up in the list, and although often the computer's own zone does show up, there is no guarantee that it will. This keeps System 6.0.x users from being able to access the services they want with any regularity. There are software packages that can be purchased that address this problem.

How to get on the campus-wide AppleTalk

It is fairly simple to get on the AppleTalk backbone. There are three steps you must go through.

  1. Your network needs to be set up according to the campus standard. You must be using your unique network numbers, and have as few zones on your network as possible (usually one is enough). For information on calculating network numbers, see Appendix A.

    When naming your zone, keep in mind that the name needs to be descriptive. It will be one zone in a list of over one hundred zones on the campus-wide AppleTalk. People will have to search through this list to find your zone if they need to access your devices, so it needs to be descriptive or well known.

  2. The network administrator needs to contact CITES to coordinate the network information. To do this send E-mail to appletalk@uiuc.edu.

    The network administrator should provide the network information in the E-mail:

    • The router's IP number
    • The EtherTalk[1] network range
    • The zone name(s) on the EtherTalk
    • The network numbers and zone names of any LocalTalk or other networks that should be seen on the campus-wide AppleTalk
    • The network administrator's contact information:
      • name
      • E-mail address
      • phone number

    Any network numbers or zone names that are not provided to CITES will not be seen on the campus-wide AppleTalk. If there is a network or a zone that you do not wish to be seen on the campus-wide AppleTalk, please provide this information as well, and it will not be seen. Please note that all network numbers and zone names on the Ethernet will be seen by campus. It is only possible to "hide" networks or zones that are on other networks (for example a LocalTalk segment, or an Ethernet behind another router in the building).

  3. Wait patiently. After everything checks out, it can take as long as a week for AppleTalk to be enabled in the router. When it is enabled, your network will be part of the campus-wide AppleTalk.

What not to do on the campus-wide AppleTalk

There are a few things that you shouldn't do on your network if you are on the campus-wide AppleTalk. Installing a routing device with incorrect configurations, setting up an AppleTalk tunnel to another network, and changing the configuration of the existing AppleTalk networks without notifying CITES can all cause problems for your entire network. Doing any of these could cause your AppleTalk network(s) to not be seen on the campus-wide network.

Installing Routers

  • If you install a new GatorBox, FastPath, ARA server, Shiva NetModem, copy of Liaison, copy of LocalPath, or any other device or software package that routes AppleTalk traffic, the default configuration will not usually be set to match the campus standard.
    • If you are running an ARA server, you should be aware that the campus dial-in supports AppleTalk over PPP and you don't need to maintain your own modems for this. (Use the ARA 3.0 client to do this.)

  • If you need to add a device or software package like these, configure it before you plug it in to the network.

  • If you aren't the network administrator, and you are installing one of these devices, you need to coordinate it with the building network administrator.

  • If you are the network administrator, then CITES can can help you with configuration. Send E-mail to admin-help@uiuc.edu.
    • One exception: CITES cannot help you configure a GatorBox or FastPath on your network.
    • The resources of admin-help group are very limited, so they cannot help people who are not network administrators; they will just direct a non-network administrator to contact the building network administrator for their network.

Incorrectly configured network devices could keep part or all of your network from showing up on the campus-wide AppleTalk network. Please note that CITES no longer supports LocalTalk as part of the campus network.

Creating Tunnels

Before AppleTalk was routed on the campus network, some groups shared AppleTalk networks using AppleTalk tunneled inside IP packets. This typically required a GatorBox at each end of the tunnel, and resulted in a larger AppleTalk network. Now that AppleTalk is being routed, tunneling is not an acceptable means for a network to join the campus-wide AppleTalk.

If you do set up a tunnel with someone after you are on the campus-wide AppleTalk, their network will not be able to see the campus-wide network, although they will be able to see your network. If you want a a network to appear on the campus-wide AppleTalk network, you need to go through CITES.

Changing the AppleTalk configuration

The router for your network needs to know about any AppleTalk information you want to be seen on the campus-wide AppleTalk. If the router doesn't have the correct numbers and zones for the EtherTalk that is attached to your network, no AppleTalk traffic will be passed off the network. If you have LocalTalk or other AppleTalk networks, the router needs to know the network numbers and zone names on these network, or they won't be seen by the rest of campus.

If you make a change to your AppleTalk configuration, you need to let CITES know so that the router can be updated. To do this send E-mail to appletalk@uiuc.edu, and coordinate the change with CITES people.


Appendix A

AppleTalk Numbers -- How to compute them, and how to use them

In the past, to guarantee the uniqueness of a network's AppleTalk numbers, the AppleTalk addresses were based on part of the network's IP addresses, as IP addresses must also be unique to work. When UIUC used only one subnet, this insured that there were no duplicate AppleTalk addresses. Now that there are two subnets being used on campus, things are slightly more complicated. The exact method of calculating AppleTalk network numbers from your network's IP address is as follows:

The AppleTalk network numbers are the lower 16-bits of the IP addresses, given in standard notation rather than dotted-decimal form.

If your network is part in the 128.174.0.0 address space, and if the first IP address of a subnet is A.B.C.D, then the first AppleTalk address in the network is C*256+D.

If your network is in the 130.126.0.0 address space, then the first AppleTalk address in the network is based on the last number in the subnet.

For a detailed list of starting network numbers based on IP address, see Table A.1 below.

subnet start subnet end (broadcast) mask 128.174.C.D
EtherTalk range		 130.126.C.D
EtherTalk range		 number of hosts
C.D C.(D+15) 255.255.255.240 (C * 256) + D (C * 256) + D + 15 13
C.D C.(D+31) 255.255.255.224 (C * 256) + D (C * 256) + D + 31 29
C.D C.(D+63) 255.255.255.192 (C * 256) + D (C * 256) + D + 63 61
C.D C.(D+127) 255.255.255.128 (C * 256) + D (C * 256) + D + 127 125
C.D C.(D+255) 255.255.255.0 (C * 256) + D (C * 256) + D + 255 253
C.D (C+1).(D+255) 255.255.254.0 (C * 256) + D ((C + 1) * 256) + D + 255 506

Table A.1 - EtherTalk ranges calculated for IP subnet A.B.C.D, with mask indicated.

Example 1:

Subnet 130.126.10.32 has mask 255.255.255.224.

Start with the row beginning with mask 255.255.255.224, and then look at the column labeled "130.126.C.D EtherTalk range" which says (C * 256) + D + 31.

For subnet 130.126.10.32, C = 10, and D = 32.

The formula becomes (10 * 256) + 32 + 31 == 2560 + 63 == 2623.

So the AppleTalk network number for your Ethernet is 2623, and the "next" number if you need it for LocalTalk or a NetWare server would be 2621, then 2620, etc. (You should skip one number in case you need to expand the number of nodes in your range.)

Example 2:

Subnet 128.174.10.32 has mask 255.255.255.240.

Start with the row beginning with mask 255.255.255.240, and then look at the column labeled "128.174.C.D EtherTalk range" which says (C * 256) + D.

For subnet 128.174.10.32 C = 10, and D = 32.

The formula becomes (10 *256) + 32 = 2560 + 32 = 2592.

So the AppleTalk network number for the Ethernet is 2592, and the "next" number if you need it for LocalTalk or a NetWare server would be 2594, then 2595, etc. (You should skip one number in case you need to expand the number of nodes in your range.)

Tracking your AppleTalk network numbers

There is a chance that the network numbers might overlap between networks on 128.174.0.0 and 130.126.0.0, so CITES must check all AppleTalk numbers before you use them.

To do this, send e-mail to appletalk@uiuc.edu. Please include:

  • Your network's IP address (in most cases this is one less than the IP address of your router)
  • Your network's IP mask
  • Your E-mail address
  • The number(s) that you have calculated as your AppleTalk network numbers

If there is a conflict or it looks like there might be a conflict in the future, CITES will assign you other numbers that will not be in conflict.

Things to keep in mind when assigning network numbers

When deciding how large an EtherTalk range should be, it is a good idea to keep in mind how many devices you might want to support on the network in the long term. A range of size 1 (the same number for start and finish -- ex: 4736-4736) supports 253 network devices. A range of size 2 (ex: 4736-4737) would support 506 devices. Following is a table of the first 7 ranges:

Range of
numbers
Total number of
nodes supported
Example
1
253
4736-4736
2
506
4736-4737
3
759
4736-4738
4
1012
4736-4739
5
1265
4736-4740
6
1518
4736-4741
7
1771
4736-4742

Table A.2 - Range vs. nodes supported.

The standard on campus is for the Ethernet connected to the building router to use the first number in the range, so the EtherTalk range in this example would be 4736-4736. After numbering the EtherTalk range, the next numbers are available for the LocalTalk segments. It is a good idea to skip a number after the EtherTalk range in case the network needs to be expanded. So if on a 128.174 subnet the EtherTalk is 4736-4736, one would probably use 4738 for the first LocalTalk, 4739 for the second, etc. For a 130.126 subnet, you are starting at the highest number and working down. If your subnet is 130.126.18.0 and your netmask is 255.255.255.0, then your EtherTalk would be 4863, and you would skip 4862 before using 4861 as your first other number.

Appendix B -- Example of network addressing and routing


As an example of how network ranges and node number acquisition works, let's say there is an Ethernet with a range 200-203 (supporting 1012 total nodes on the Ethernet) and a LocalTalk with the net number 205 (supporting 254 total nodes on the LocalTalk). There is a GatorBox acting as a router between the Ethernet and LocalTalk networks. The network structure would look something like this:


On an extended network, such as an EtherTalk network, when a node is powered on, it gets a temporary network and node addresses. The first time the node is powered on, the network address is chosen randomly from the reserved startup range of 65280-65534. The node address is chosen randomly from 1-253. If the node has been started on a network before, it will first try to use the last network and node numbers that it had. If all the node numbers are taken on the network, then it will use a network number from the startup range, and an unused node number on that network. Then either way it asks for a router to tell it what the current network number is, and adjusts its numbers accordingly. For example:

Mac1 is on the Ethernet, and when it was turned on it asked for net information, and "remembered" that its last address was 201.5. No one else was using that address, and the router confirmed that the network number was available to be claimed, so Mac1 kept 201.5.

Mac2 is on the Ethernet and it "remembered" that its last address was 200.40. No one else was using that address, and the router confirmed that the network number was available to be claimed, so Mac2 kept 200.40.

Mac3 is on the Ethernet and tried 201.5, but Mac1 said "hey, that's me" so Mac3 had to try again, so Mac3 ended up with 201.6, after the router confirmed that 201 was a valid network number.

On a nonextended network, such as a LocalTalk network, the node address is remembered, and the network address requested from a router. If no router answers, it will use a network number of 0. For example:

Mac4 is on the LocalTalk and remembered node number 30, and the GatorBox told Mac4 that the network number was 205, so Mac4's address was 205.30.

Here's an idea of what this network might look like:

Now, if Mac4 wants to mount the hard drive of Mac1, then it sends out a request to 201.5. Mac4 got the net number and node number of Mac1 when the user opens the chooser and selected the volume. Nothing on the LocalTalk knows anything about net 201 except the GatorBox, which says "hey! that's on my other side" and passes on the request. The return packets from Mac1 to Mac4 are addressed to 205.30, and again the GatorBox has to pass the information, this time back to the LocalTalk side.

If Mac4 wanted to mount the hard drive of Mac2, it would send its request to 200.40; everything else would be the same as it was for Mac1.

If instead of the above addressing scheme, the EtherTalk range was 200-200, the only thing that would be different is that Mac1 and Mac3 would have addresses starting with 200, and not 201. They would be restricted to that one network address, instead of having a range to choose from, thus limiting the total number of nodes on that network to 253.


Appendix C -- Glossary

AppleTalk
The name of the protocol suite that Apple Macintosh computers speak to each other natively. AppleTalk addresses are in the form of `network.node.socket'. The suite includes specific hardware protocols such as LocalTalk and EtherTalk, and higher-level protocols such as the Printer Access Protocol and the Apple Filing Protocol. Sometimes AppleTalk is incorrectly used to describe a LocalTalk network.

Ethernet
A physical layer specification that defines the hardware and media to be used for the 10 Mbits/second carrier sense standard (IEEE 802.3). Ethernet has different cabling types such as 10base2 (also called thinwire, thinnet, or cheapernet), 10base5 (also called coax and thicknet), and 10baseT (also called twisted pair Ethernet).

EtherTalk
The protocol for sending AppleTalk over Ethernet. EtherTalk supports full Ethernet speed and all of the different Ethernet cable types. In most cases EtherTalk refers to EtherTalk Phase 2, as Phase 1 is no longer supported.

Phase 1
The `old way' of sending AppleTalk over Ethernet. No longer supported by Apple, it only allows 254 nodes to be used on the Ethernet by supporting only a single network number on the entire Ethernet. CITES discourages the use of EtherTalk Phase 1, since there are many devices that no longer support it. Phase 1 is not routed across the campus backbone.

Phase 2
The `new way' of sending AppleTalk over Ethernet. A configurable range of network numbers allows for extremely large numbers of nodes to be used on a single network. Each network number in the range supports 253 nodes. Theoretically you could have 16,515,587 nodes on the network, but a simple Ethernet couldn't support them.

Extended Network
An extended network uses a range of network numbers for addresses, each network number in the range can support 253 nodes. A network range in an extended network can support multiple zones, theoretically up to 255.

FDDI
An acronym for Fiber Distributed Data Interface, FDDI is a 100 Mbit/second token passing ring that uses single or multi-mode fiber as its transmission medium.

FDDITalk
The protocol for sending AppleTalk over an FDDI Ring. It is very similar to EtherTalk.

Internet
1. Short for Research Internet, the Internet is a large group of networks that have been connected world-wide. Originally used primarily for educational and scientific work, it is available to anyone who can afford to purchase a connection. 2. A group of smaller networks that have been hooked together so that traffic can pass between them.

IP
An acronym for Internet Protocol, IP is a network-layer protocol responsible for directing information packets from one computer to another over an internet. IP accepts data in segments, encapsulates the data in packets, and determines the correct path for routing the packet to its destination. [3]

IP address
A 32-bit number assigned to each device on a TCP/IP network. IP addresses are commonly written as 4 8-bit numbers separated by decimal points (dotted decimal notation). This 32-bit number is used to identify the network, subnetwork and host address of each machine. It also can be used to identify a network or subnet.

IPTalk
A way to have AppleTalk encapsulated in IP packets. This is often used with Unix fileservers running the CAP software. If you aren't running this software, you don't usually need to use IPTalk.

LocalTalk
1. The name of the hardware connectors and wires made by Apple to do AppleTalk over these wires. The characteristics of the Apple system include shielded twisted pair wire, and self-terminating connectors. 2. The generic name of a network that uses some brand of connectors to connect Macintosh devices to each other using the built-in AppleTalk port on the device. A LocalTalk supports up to 254 nodes on the network, at a speed of 230 KBits/second.

Network numbers
Each physical AppleTalk network needs a unique network number. AppleTalk network numbers are 16-bit numbers. The network number ensures that traffic from one network can be distinguished from traffic on another network when the two are connected with a router. In particular if a network wishes to be on the campus-wide AppleTalk, the numbers must be unique across campus. How numbering works is different depending on the type of network you are using:

Nonextended Network
A nonextended network uses a single network number that is the address of a LocalTalk or of an EtherTalk Phase 1 network. Each nonextended network can only have a single zone. Two examples of nonextended networks, and how their numbering works are:

LocalTalk
All LocalTalk networks have a single network number, which can theoretically support up to 254 nodes. In reality, 254 is way too many nodes for a LocalTalk network.

EtherTalk Phase 1
Phase 1 works just like the LocalTalk does, with one network number that supports up to 254 nodes. When Ethernet networks started getting larger than 254 nodes, Phase 1 broke. Phase 1 is no longer supported by Apple.

Extended Network
An extended network uses a range of network numbers that are the addresses of an EtherTalk Phase 2 network. A network range in an extended network can support multiple zones, theoretically up to 255. Two examples of extended networks, and how their numbering works are:

EtherTalk Phase 2
Phase 2 is how Apple changed the network numbering scheme. Instead of a single network number, it uses a range of network numbers each of which can support up to 253 nodes. One can make a range of 1 that supports 253 nodes, or a range of 40 that supports 10120 nodes. This allows for significant growth in a network. EtherTalk Phase 2 is commonly just called EtherTalk.

FDDITalk
Uses the same numbering system as EtherTalk Phase 2.
 

Node
A number between 1 and 253 on extended networks, and between 1 and 254 on nonextended networks. It is unique for a device on a physical network. This number is determined by the device at its boot time, and it keeps that number (at least) until it is powered off or restarted. Node numbers 1-127 are "client" numbers (ie: regular Macintoshes), and numbers 128 - 253 (254 for nonextended networks) are "server" numbers (ie: printers and file servers).

Nonextended Network
A nonextended network uses a single network number that is the address the network, and supports 254 nodes on the network. Each nonextended network can have only a single zone.

PhoneNet Connector
The name of the hardware made by Farallon to do LocalTalk over a regular phone cable, in order to utilize existing phone wire like the campus B-Jacks. The connector is not self terminating, so if only 1 cable is connected, a terminating resistor must be used in the empty port on the connector. Both ends of a PhoneNet network must be terminated. If one end of the network goes into a B-Jack, then it is terminated at another location.

Protocol
A set of rules that allows different devices to intercommunicate on a network.

Router
A router is a device that moves some kind of network traffic between two or more networks. It does this by looking at a destination address in the traffic off of the first network, and copying the traffic to whichever network gets the traffic closer to the network that the address in the traffic indicates is the destination. Depending on the type of router, the address could be one of many different protocols, such as AppleTalk, IP, or DECnet.

Socket
A socket is a logical entity in a node connected to an AppleTalk network. A socket is owned by software that can send and receive data through the socket. There can be 254 different sockets on a node, and various sockets are reserved for different things.

TCP
An acronym for Transportation Control Protocol, TCP is responsible for keeping track of packets of data, and retransmitting them if they are lost.

TCP/IP
The common name of the Department of Defense (DOD) protocol suite which is the standard of communication for the Internet. TCP and IP are not the only protocols in the suite, just the two most commonly used ones.

Token Talk
The protocol for sending AppleTalk over an IBM TokenRing. It supports both 4 Mbit and 16 Mbit rings.

Tunnel
An AppleTalk tunnel is a connection between two networks who have at least one other network between them that is not routing AppleTalk. A typical AppleTalk tunnel would be to have a GatorBox on the first network that encapsulated the AppleTalk packets inside some other kind of packet such as IP, and then sent the packet to a GatorBox on the second network. Then the GatorBox on the second network would take the AppleTalk data out of the IP packet, and put the information out on its network as an AppleTalk packet.

TurboNet Connector
The name of the hardware made by Focus Enhancements Corp. which is basically the same device as Farallon's Phone Net Connector. It costs less and has LEDs that indicate traffic flow. It also has self terminating ports that don't need resistors.

Zone
Also Zones, or Zone Name. A zone is basically a text name that represents some parts or all of a network. Zones make it easy to find groups of devices in the Chooser. A zone can consist of only one network, or it can group together several network numbers into a single "logical" network. This allows devices on EtherTalk and LocalTalk networks to be seen together in the Chooser under one name. Thus allowing all departmental servers and printers to be found in one place, even if they have more than one network. It is also possible to have a list of zone names that are all used by a single extended network. Any zones in that list could also be used on other networks. Here are some examples of the use of zone names on networks:

Network Type Network Number(s) Zone(s)
EtherTalk 4608-4608 CCSO-Staff
CCSO-NDO
LocalTalk 4611 CCSO-NDO
EtherTalk 8448-8449 CCSO-Staff
LocalTalk 8450 CCSO-Staff
EtherTalk 51456-51456 CCSO-Resource Center
CCSO-Staff
LocalTalk 51458 CCSO-Resource Center

Any machine on the network 4608-4608 could choose between zones CCSO-Staff and CCSO-NDO, while a machine on 4611 would have to be in CCSO-NDO. A machine on 8448-8449 or 8450 would have to be in CCSO-Staff, while a machine on 51456-51456 could choose from CCSO-Staff or CCSO-Resouce Center. Any machine on 51458 would have to be in CCSO-Resource Center. So while only three zones would show up in the chooser, there would actually be 6 networks that were connected and accessible.


Appendix D -- IP subnetting

IP routing is a very important part of all UIUC networks. Even though it might not be obvious, IP routing is a very important part of AppleTalk routing on the UIUC networks as well. The most important thing to realize about an IP address, is that even though it is most commonly written as four decimal-seperated numbers, it is really one 32-bit number.[4] Each IP address conveys what network, sub-network, and host the IP address represents. This quick look at IP subnetting does not cover all of the detail of IP subnetting, it only looks at the parts that have something to do with calculating your AppleTalk network numbers.

128.174.0.0 (80AE0000 in hexadecimal, or 2158886912 in decimal) and 130.126.0.0 (827E0000 in hexadecimal, or 2189295616 in decimal) are the addresses of the main networks on the UIUC campus; this is why almost all of the IP addresses on campus start with 128.174 or 130.126. There is no machine with an address of 128.174.0.0, or 130.126.0.0. These numbers represent the networks assigned to UIUC. The information provided by these numbers are used by networks outside of the UIUC network, so that they can route traffic correctly. Since they know that any IP address that starts with 128.174 or 130.126 is located at UIUC, they can send traffic for that IP address to UIUC routers. The local routers then use the rest of the number in the IP address to send the traffic to the correct host.

128.174.18.0 is the address of the subnet assigned to a network on campus. No machine has this address, but the routers on campus know that any IP address that starts with 128.174.18 should be forwarded to this network. 128.174.81.240 is the address of another subnet on campus; even though to many people it looks like it should be a machine on the subnet 128.174.81, it isn't. UIUC uses variable length subnets, and the only way to tell what is the subnet and what is the host is to use the mask.

To understand what masks tell you, you have to think of the IP address and mask in binary. The mask represents the network part of the IP address with ones, and the host part of the address with zeros. For the IP address 128.174.18.2, the netmask is 255.255.255.0 in dotted decimal. To see which part of the IP address is the network and which part is the host, first write the two numbers in binary and line them up: 

128.174.18.2	01000000	10011110	00010010	00000010
255.255.255.0	11111111	11111111	11111111	00000000
network part	01000000	10011110	00010010 
host part					                00000010
first EtherTalk network # (128.174)		00010010	00000000
first EtherTalk network # (130.126)		00010010	11111111


128.174.81.245	01000000	10011110	01010001	11110101
255.255.255.224	11111111	11111111	11111111	11100000
network part	01000000	10011110	01010001	111
host part				                	   10101
first EtherTalk network # (128.174)		01010001	11100000
first EtherTalk network # (130.126)		01010001	11111111


If the host part of an IP address is all zeros, then that IP address is indicating the network, not a specific host. If the host part of an IP address is all ones, then that IP address is indicating all machines on the network (the broadcast address), not a specific host. However, if the host part isn't the entire last 8-bit number then it isn't always obvious that this is what is going on.

The IP network number is what is used to calculate the first EtherTalk network number on a 128.174.0.0 subnet; the IP broadcast address is used to calculate the first EtherTalk network number on a 130.126.0.0 subnet. The second EtherTalk number in a range greater than one (or any other LocalTalk or other network numbers) uses the next few IP addresses on the net, starting with the first usable address of the subnet for the 128.174.0.0 subnets, and the last usable address for the 130.126.0.0 subnets.

[1] When not otherwise qualified, EtherTalk refers to EtherTalk Phase 2, as EtherTalk Phase 1 is no longer supported by Apple, nor is it routed on campus.
[2] If you do not understand why the IP address of your network is not the same as the IP address of your router, please see Appendix D.
[3] From the Cayman GatorBox manual, Appendix A: Glossary (available from ftp.cayman.com as glossary.txt and glossary.ps).
[4] A 32-bit number is a number that if written in binary would have no more than 32 ones or zeros. An 8-bit number has no more than 8 ones or zeros, etc.