What does that router do? We all have this box in our homes that we variously refer to as a router, the modem, or the firewall. Most of these devices are an all-in-1 device that is the modem, the router, a wifi access point, a four port switch and even sometimes a voice over IP phone bridge.
What does this device do? Its primary job is to route requests from your computer to the internet and to receive responses. To understand how this works, you should understand that your internet service provider (ISP) grants you one IPv4 address for your router which is your address on the Internet. This IPv4 address looks something like 184.108.40.206.
Since you probably have more than one device in your home on the network, the router allows for this by creating a private address range. These addresses are duplicated in many households and is not accessible from the Internet. A typical IPv4 private address range is 192.168.1.1 to 192.168.1.255. All the devices in your home are granted a unique address in this private address range by your router. The router runs a program called Dynamic Host Configuration Protocol (DHCP) to grant your computer a private address, also the address that the router has on the private network called the gateway, and a subnet mask that tells the computer who it is allowed to talk to.
When your computer wants to go to “google.com”, it goes to the gateway address of the router and the router relays the request to the Internet website for google. Google receives the request and can see that it is from your router public address. For example, Google sees that the request came from 220.127.116.11 and it sends the response back to that address.
How does the router know where the request should go on your home network though? When your computer originally makes the request to google, it encapsulates its private address into the request. That way, on the way back, your router will know which computer on your network to send the response.
The process I just described is called Network Address Translation (NAT) and all routers do it. A computer on the Internet can’t just initiate a conversation with with a PC on your network because it is in this private address range. The idea is that servers on the Internet can’t speak to you unless spoken to. That’s a massive over simplification though.
NAT exists mostly because the IPv4 address range has been largely exhausted worldwide and also this scheme provides a small degree of security. The four numbers from 0-255 in an IPv4 address provide a total of 4,294,967,296 unique addresses. This is not nearly enough. Yet, most of us still use IPv4 on the Internet.
There is another address scheme that can live alongside of IPv4 and does not affect IPv4 at all. The newer protocol is called IPv6. Imagine IPv4 as being Spanish and IPv6 as being German. German and Spanish can be spoken in the same room but they don’t know what each other is saying.
IPv6 was launched worldwide in June of 2012. Though you may not have heard about it, most routers can support it, all ISPs use it, and Windows, Mac, and Linux all support it.
IPv6 addresses are made up of eight numbers from 0 to 65,535). This results in a total number of unique addresses that is 340,282,366,920,938,463,463,374,607,431,768,211,45. Your ISP grants you one IPv4 address on the Internet for your router as was discussed earlier. If you wanted or needed more than one address, you would have to pay a monthly fee for that.
You will be very surprised to hear that your ISP grants each and every customer a total of 4,722,366,482,869,645,213,696 addresses!!! The way IPv6 works is that every computer on your home network has its own IPv6 address on the Internet. So, with IPv6, no NAT is needed. Before you get scared and think this is a giant security hole, In order for your computer to be reachable, you have to have a router firewall rule which allows this connection.
We can talk about Firewall rules and port forwarding pinholes at some point in the future if there is interest. IPv6 is configured at your ISP, but most likely not configured on your router WAN port or on your private network. This will change in the coming years because of the lack of addresses.
Firewall rules on your router come into play when you want to create something that can be connected to from the Internet as opposed to communicating outbound. For example, I have my Website: https://www.scottibyte.com/ and my router has firewall rules that allow you to access it from outside my network.
If you want to dig really deep techie, I have written three blogs on IPv6 in the blogs section of my website which you can read.
Another key point in internet communication is that we all use Internet Names like “www.scottibyte.com” and “google.com”. We don’t bother to remember IP addresses. Remembering an IP address could be a nightmare especially if it were an IPv6 address. The IPv6 address of my PC is 2601:2c4:8100:960:69b:e926:800d:639e. Don’t worry, you can’t reach it because there are no firewall rules making it publically accessible.
To combat having to memorize all these numbered addresses a Domain Name Server (DNS) is used. One of the other things that your router does is that it has a primary and a secondary DNS server address which it sends to every computer as a part of granting the DHCP address to each computer.
By default, your router uses DNS servers from your ISP. This allows your ISP to sell your data to a variety of marketing companies. To avoid this, you can change the default DNS server addresses on your router. I recommend using CloudFlare.com which has 18.104.22.168 and 22.214.171.124 as its DNS server addresses. Cloudflare is much more privacy oriented and their servers are even faster than the Google DNS servers which really like selling your data.
There’s a lot more to talk about, but hopefully this article will bring up some questions.