1. Classless IPv4 addressing

1/20 Instituto Superior de Engenharia do Porto (ISEP) – Licenciatura em Engenharia Informática (LEI) – Redes de Computadores (RCOMP) – André Moreira (ASC) – 2019/2020

Computer Networks (Redes de Computadores - RCOMP) – 2019/2020

Laboratory Class 05 (PL05 – 3 hours)

Classless IPv4 addressing. IPv4 networks dimensioning with classless addressing (VLSM). VLAN support in Cisco routers – switching module or sub interfaces. DHCP service configuration in Cisco routers. Packet Tracer activities. Simplifying IPv4 routing tables.

1. Classless IPv4 addressing

Classful addresses (8, 16 and 24 bits masks/prefixes) lead to severe addresses wasting, because often the real needs don’t match the used masks. Some examples:

A two nodes network (dedicated connection) – will require 256 addresses (a C class network)

A network with 300 nodes – will require 65536 addresses (a B class network)

With classless IPv4 addressing, other prefixes can be used, this allows a far better adjustment to the real network required size.

All principles for classful addressing are also valid for classless addressing, however:

- The network mask (prefix) can no longer be established from the value of the address’s first bits, therefore, to identify a network, the network prefix length must be included along with the network address itself.

- The four octet dot-decimal representation is still used, but it’s far less convenient for addresses analysis because now prefix lengths may not match octets. Most address analysis will have to be done in binary representation.

Network masks expressed in dot-decimal representation are now hard to interpret, for instance to represent a 27-bits long prefix, the network mask is 255.255.255.224, this is easier to read from the binary

representation (network bits in red): 11111111.11111111.11111111.11100000.

As an alternative to dot-decimal network masks, the CIDR (Classless Inter-Domain Routing) form can be used. In CIDR notation the network prefix-length is added to the address, separated by a slash. So in the above case, it would be /27.

Most address analysis must now be performed in binary format. In general, addresses and masks must be converted to binary representation, analysis performed and then results converted back to dot-decimal representation.

Usually the binary analysis will be focused in the octet where the network prefix length is located, so there is no need to represent all 32 bits in binary, only that octet.

Let’s take a practical example:

Network: 194.120.8.0/21

With this prefix, the leftmost 21 bits are used to identify the network, and thus, the remaining 11 bits are used to identify nodes within that network.

The number of addresses in the network (address space) is 211 = 2048, the number of valid node address this network can hold is 2046 nodes (2048-2)

The network prefix lies on the third octet, so the binary analysis is relevant only at that octet.


The network mask is: 11111111.11111111.11111000.00000000, using binary representation for the third octet only, we have: 255.255.(11111000)2.0, in dot-decimal 255.255.248.0.

The network address is 194.120.(00001000)2.0, in dot-decimal 194.120.8.0

The first valid node address is 194.120.(00001000)2.1, in dot-decimal 194.120.8.1.

The broadcast address is 194.120.(00001111)2.255, in dot-decimal 194.120.15.255.

1.1. Manual conversion from binary to decimal and vice versa

Manually converting an octet between its binary representation and the decimal representation is fairly simple.

Each bit represents a decimal value, these decimal values are the powers of two, thus, the less significant bit decimal value is one, and each following bit doubles the decimal value of the previous bit.

To convert from binary to decimal you just have to sum the decimal values of all bits with value ine. For instance, 01100101 can be converted to decimal representation by calculating the sum:

64+32+4+1 = 101

Converting from decimal to binary is the reverse operation, you will try to deduct each bit decimal value from the original decimal representation, starting with the most significant bit. If deducting is possible, it means that bit is one, otherwise is zero.

Let´s take an example: 202

202 – 128 = 74 (this means bit with decimal value 128 is one)

74 – 64 = 10 (this means bit with decimal value 64 is also one)

10 – 32 would be negative (this means bit with decimal value 32 is zero)

10 – 16 would be negative (this means bit with decimal value 16 is also zero)

10 – 8 = 2 (bit with decimal value 8 is one)

2 – 4 would be negative (bit with decimal value 4 is also zero)

2 – 2 = 0 (bit with decimal value 2 is one)

0 – 1 would be negative (bit with decimal value 1 is zero)

So, the binary representation of 202 is 11001010


1.2. Practical exercises

For each given network, expressed in CIDR notation, present the network mask in dot-decimal notation, the network’s first valid node address and the broadcast address:

a) 170.20.0.0/22

b) 200.100.20.192/26

c) 120.64.0.0/12

d) 191.123.90.104/30

e) 138.20.64.0/18

2. IPv4 networks dimensioning with classless addressing (VLSM).

IP network dimensioning consists on establishing the appropriate network mask (prefix-length) to meet the maximum number of nodes the network must support.

Each network mask sets the number of bits that will be available to identify nodes within it and, therefore, the maximum number of nodes it can have. We will be calling address block to the set of different addressed within a network, remember however that, from those, two addresses are reserved and cannot be used as node address.

The biggest prefix-length applicable in IPv4 is 30 bits, this means only two bits are left to identify addresses within such a network, the block size is four and the number of valid node addresses is only two. This prefix is commonly used for dedicated connections between routers where only two valid node addresses are in fact required.

For each bit reduced in the prefix-length the block size doubles, inversely for each bit added to the prefix-length, the block size is reduced to half. Keeping in mind some significant prefix-length values (highlighted in red in the following table) it’s, therefore, easy to reach the block size for any prefix-length.

Network prefix-length Addresses block size Addresses block size in

dot-decimal Number of valid node addresses

/30 22 = 4 0.0.0.4 4 - 2 = 2

/29 23 = 8 0.0.0.8 8 - 2 = 6

/28 24 = 16 0.0.0.16 16 - 2 = 14

/27 25 = 32 0.0.0.32 32 - 2 = 30

/26 26 = 64 0.0.0.64 64 - 2 = 62

/25 27 = 128 0.0.0.128 128 - 2 = 126

/24 28 = 256 0.0.1.0 256 - 2 = 254

/23 29 = 512 0.0.2.0 512 - 2 = 510

/22 210 = 1024 0.0.4.0 1024 - 2 = 1022

/21 211 = 2048 0.0.8.0 2048 - 2 = 2046

/20 212 = 4096 0.0.16.0 4096 - 2 = 4094

/19 213 = 8192 0.0.32.0 8192 - 2 = 8190

/18 214 = 16384 0.0.64.0 16384 - 2 = 16382

/17 215 = 32768 0.0.128.0 32768 - 2 = 32766

/16 216 = 65536 0.1.0.0 65536 - 2 = 65534

(…) (…) (…)

Expressing the block size in dot-decimal is convenient for prefix-lengths below 24 bits, as we will see ahead when the next network address is calculated by adding to the current network address the block size.


By adding one bit to the prefix-length, a block is split into two blocks of half the size of the original block. One resulting half-size block starts at the same address as the initial block and the other at the middle of the initial block. This is always valid whatever the initial block may by.

By reducing one bit to the prefix, two blocks are merged to form a new block with double size, this is usually referred to as blocks aggregation.

Of course, reducing one prefix-length bit (aggregation) over two existing address blocks is not always valid, it depends on the blocks addresses.

Example:

Blocks (networks) 120.10.5.0/24 and 120.10.6.0/24 cannot be aggregated by reducing the prefix to 23 bits

Let’s try:

120.10.5.0/24 - 120.10.(0000 0101).0

120.10.6.0/24 - 120.10.(0000 0110).0

Reducing the prefix-length to 23 bits results in:

120.10.5.0 - 120.10.(0000 0100).0 , thus, 120.10.4.0/23

120.10.6.0 - 120.10.(0000 0110).0 , thus, 120.10.6.0/23

We can see they end up in different 23 prefix-length address blocks, not the same. So this aggregation is not valid.

However, other aggregations are valid:

120.10.4.0/23 = 120.10.4.0/24 + 120.10.5.0/24

And also: 120.10.6.0/23 = 120.10.6.0/24 + 120.10.7.0/24

And also: 120.10.4.0/22 = 120.10.4.0/23 + 120.10.6.0/23

To summarize: any address block can always be split into two (with half the size each), however, two equal size address blocks may or may not be aggregable into a single double size block.

Once we know the address block size, knowing each network address it’s easy. To get the next network’s address you can simply add the address block’s size to the network’s address, thus, network addresses can be assigned sequentially.

Example:

Given the 190.130.0.0/24 addresses block, use it to establish several IPv4 networks capable of holding up to 20 nodes each.

The best fitted prefix for up to 20 nodes is the 27 bits prefix length, resulting in address blocks of 32 addresses each (up to 30 nodes)

First network - 190.130.0.0/27

Second network – 190.130.0.32/27 ( 0 + 32)

Third network – 190.130.0.64/27 ( 32 + 32 )

Fourth network – 190.130.0.96/27 ( 64 + 32 )

Fifth network – 190.130.0.128/27 ( 96 + 32 )

(…)


Once prefix-lengths are established, the problem consists in taking the provided address space (addresses block) and split it into several non-overlapping address valid spaces (addresses blocks) one for each network.

Because each address space or addresses block is also a valid IPv4 network, the split of a bigger network into several smaller networks is also known as subnetting. And those resulting networks are also called subnets.

Often different sizes will be required for each subnet, so different prefix-lengths must be used for each, this is called Variable Length Subnet Mask (VLSM).

We already know every address block (network) can always be split into two blocks of half size each, consequently, wherever a block starts at that same address also starts any smaller block (bigger prefix-length, smaller network).

This means, even with VLSM, we can still use the sequential assignment strategy as far as bigger blocks (smaller prefixes) are assigned first.

In the sequential assignment strategy, we get the next network address by adding to the current network address its block size, this results in the starting point of the next address block with the same size (same prefix-length), and thus at that same point also starts a block with any bigger prefix-length.

Let’s test this:

Given the 190.130.0.0/24 addresses block we want to assign addresses for three networks: one with up to 20 nodes, another with up to 60 nodes and yet another with up to 100 nodes.

As requirements for each network are different we will be using VLSM

For the, up to 20 nodes network – a 32 addresses block – 27 bits prefix



The sequential assignment strategy can be used, as far as we start by the bigger blocks:

First, the 128 addresses block: 190.130.0.0/25

Second, the 64 addresses block: 190.130.0.128/26 ( 0 + 128 )

Finally, the 32 addresses block: 190.130.0.192/27 ( 128 + 64 )

If we disregard the rule bigger blocks first, the solution may not be valid: First, a 64 addresses block: 190.130.0.0/26 Second, a 128 addresses block: 190.130.0.64/25 ( 0 + 64 ) The problem is the second block doesn’t exist. Notice that, with a 25 bits prefix, the bit with decimal value 64 is beyond the network prefix, and thus, it should be zero when representing the network address.

When handling prefixes with less than 24 bits, block sizes will be above 255 addresses, then to add the address block size to the current network address it’s more convenient to express the block size in dot-decimal representation as well (as presented in the table before).

Example for prefixes less than 24 bits

Given the 190.130.128.0/17 addresses block, use it to assign network addresses to three networks with the following networks capacities: up to 500 nodes, up to 1000 nodes and up to 2000 nodes


500 nodes – 512 addresses block – 23 bits prefix



512 in binary is 10 00000000, in dot-decimal notation 2.0



As before, the sequential assignment strategy can be used if we follow the rule bigger blocks first.

2048 addresses block 190.130.128.0/21

1024 addresses block 190.130.136.0/22 ( 128.0 + 8.0 )

512 addresses block 190.130.140.0/23 ( 136.0 + 4.0 )

This technique of establishing each subnet size (number of addresses) and getting the next subnet address by adding the subnet size to the subnet address is always valid, as far as the bigger blocks first rule is applied. Though other techniques can be used, one most popular is by representing subnets as a binary tree. This comes from the fact that each block is split into two blocks when one bit is added to the prefix-length.

One advantage of this approach is it provides a better overall view of the address space being used, but in fact it’s similar to the previous method.

Let’s use the same example as above, having already established the required prefix-lengths for each subnet, we can start splitting the provided block to the point we need, this should be done step by step, meaning advancing one bit on the prefix-length at a time:

When splitting the original network (190.130.120.0/17) into two subnets, by adding one bit to the prefix-length, one resulting network will have the same address value (190.130.128.0/18). To get the other subnet address value, it’s just a matter of adding the block size, from the table: the /18 prefix-length creates a block with size: 0.0.64.0, so it will be 190.130.120.0 + 0.0.64.0 = 190.130.192.0.

The first biggest subnet to be assigned is using a 21 bits prefix-length, so we are not quite there yet.

We may leave the 190.130.192.0/18 block for later use if needed, and proceed by splitting the 190.130.128.0/18 block in two.

The /19 prefix-length creates blocks with size: 0.0.32.0, so the second subnet address is 190.130.160.0/19, again we may leave this second block for later use and focus on the first one:

190.130.128.0/17

190.130.128.0/18 190.130.192.0/18

190.130.128.0/18

190.130.128.0/19 190.130.160.0/19


The /20 prefix-length creates blocks with size: 0.0.16.0, so the second subnet address is 190.130.144.0/20, again we may leave this second block for later use and focus on the first one:

Now we have a block size matching the biggest subnet to be assigned, so it will be assigned address 190.139.128.0/21. The second block address is obtained by adding the block size (0.0.8.0).

To assign addresses to the remaining two subnets we could use any of the block left being unused (190.130.192.0/18; 190.130.160.0/19; 190.130.192.0/20; 190.130.136.0/21). For the sake of simplifications when latter creating routing tables it’s a good practice to use the block that is nearest to the already assigned, so we may choose block 190.130.136.0/21.

The first block is ready to be assigned to one additional network (/22), so the network with prefix /22 is assigned address 190.130.136.0/22. The second block address is obtained by adding the block size 0.0.4.0. Keeping the same methodology, we will now pick block 190.130.140.0/22 for the remaining network to be assigned (/23).

So the last network to be assigned will have address: 190.130.140.0/23

Several address blocks were left unused, as leftovers, and could be used to assign addresses to additional networks, they are: 190.130.192.0/18; 190.130.160.0/19; 190.130.192.0/20; 190.130.142.0/23.

It this resolution, a step by step style was used, one branch at a time, but the entire binary tree may also be drawn at once, though often it may become more confusing if you get out of drawing space.

190.130.128.0/19

190.130.128.0/20 190.130.192.0/20

190.130.128.0/20

190.130.128.0/21 190.130.136.0/21

190.130.136.0/21

190.130.136.0/22 190.130.140.0/22

190.130.140.0/22

190.130.140.0/23 190.130.142.0/23


3. Practical exercises

3.1. Use the 173.30.60.128/25 addresses block to assign network addresses to two networks capable of supporting up to 30 nodes and one network capable of supporting up to 8 nodes.

3.2. Define network addresses for networks A, B and C within the 180.30.0.0/20 addresses block. Network A must support up to 2000 nodes, network B up to 500 nodes and network C up to 200 nodes.

3.3. Reconsidering a problem from last week

See the following diagram representing several IPv4 networks interconnected by routers.

a) Use the 10.48.0.0/14 addresses block to assign addresses to all represented networks (A; B; C; D and

E), they must be capable of housing the represented number of workstations, find a solution using the least possible addresses from the provided addresses block.

b) Accordingly, set the IPv4 node addresses for each router interface. c) Define each router’s static routing table. Important remarks:

- The image presents the number of workstations to be supported on each network, however, when establishing the number of node to be supported, connected routers must be taken in account.

- In this layout the dedicated connection between Router 1 and Router 2 is clearly identified as a network and referred on the text, nevertheless, even if that was not the case, this exercise resolution should always encompass it.


4. VLAN support in Cisco routers

We already know end nodes can also be VLAN-aware and handle IEEE 802.1q frames, this allows a single network interface to operate as several independent interfaces, each one connected to a different VLAN. End nodes, operating at layer three, can then assign a different network IP addresses to each interface, and thus use all VLANs at the same time.

4.1. Switching module for Cisco routers

This is, in fact, a workaround for connecting VLANs to Cisco routers, not a generic definitive solution. It’s based on a hardware module that contains a VLAN-aware layer two switch with four Ethernet ports at 100 Mbps. Once attached to the router every VLAN defined on it will be known to the router.

The image above shows the Cisco HWIC-4ESW module, it may be attached to some Cisco routers, for instance the 2811 model in the image below:

This is a four ports layer two switch, not four independent network interfaces for the router, the router will not be able to use these ports directly, however, it will be able to use every VLAN defined on the switch as an independent network interface.

Packet Tracer forms can be used to configure the switch VLANs as with any other switch. Afterwards, new interfaces become available to the router, they can be referred to as vlan ID, where ID represents the used VLANID.

For instance, if we define a VLAN with VLANID=25 on the switch and assign it to some switch ports, we can then connect the router to that VLAN by using the following commands:

(config) interface vlan 25

(config-if) ip address 192.168.0.10 255.255.255.0

The router will be using IP address 192.168.0.10/24 on that VLAN.

4.2. Sub-interfaces

Although the switching hardware module can do the trick, it requires additional hardware. And the same goal can be achieved without additional hardware. This is a more generic solution that may be used on any Cisco router.

Notice, added hardware may have restrictions on its own, for instance, the described hardware module works only at 100 Mbps and is not available for all router models.

Cisco IOS (Cisco devices’ operating system) and similar systems allow the creation of sub-interfaces over existing physical interfaces. Sub-interfaces overlap the physical interface and multiple sub-interfaces over the same physical interface overlap each other. Yet, each sub-interface can have its own IP address and be independent of others.

Sub-interfaces are identified by the physical interface name with a numeric suffix separated by a dot, the first sub-interface will have suffix one and so on. For instance interfaces FastEthernet0/0.1, FastEthernet0/0.2, and FastEthernet0/0.3 are FastEthernet0/0 sub-interfaces.


To make sub-interfaces match VLAN’s, we can use the encapsulation dot1q command to add VLAN IEEE 802.1q tagging to sub-interfaces, thus, providing traffic separation within the network physical connection. This command has one additional argument, the VLANID. Once applied the interface will receive only 802.1q frames with that VLANID, likewise, any frame sent through this interface will be an 802.1q frame carrying that VLANID.

Let’s take an example: we want to use interface FastEthernet0/0 to connect the router to two VLANs with IDs 50 and 60, this can be achieved by the following commands:

(config) interface FastEthernet 0/0.1

(config-subif) encapsulation dot1Q 50

(config-subif) ip address 195.1.0.20 255.255.255.0

(config-subif) no shutdown

(config-subif) exit

(config) interface FastEthernet 0/0.2

(config-subif) encapsulation dot1Q 60

(config-subif) ip address 190.5.0.2 255.255.255.0

(config-subif) no shutdown

(config-subif) exit

Of course, for this configuration to make sense, this router’s interface is supposed to be connected to the port of a switch with both these VLANs defined and assigned to that port (in trunk-mode).

4.3. Packet Tracer practice

Download the following Packet Tracer layout from Moodle (pl05-a.pkt). It encompasses only physical connections, all configurations are left for you to do.

Here we have two routers and three physical networks (LANs), however, there are five IPv4 networks from A to E, networks A and B are different VLANs over one same LAN and the same goes for networks D and E.

a) Proceed with configuration of VLANs:


On switch SW1 define VLANs with VLANIDs 5 and 6 for IPv4 networks A and B, switch SW1 is connected to the previously referred hardware switching module (HWIC-4ESW) attached to router RT1. Define the same VLANs on router R1 switching module and change the connection to trunk-mode.

Switch SW2 is fully dedicated to the IPv4 network C, and thus, no VLANs are required here, this network is using the default VLAN (VLANID=1).

On switch SW3 define VLANs with VLANIDs 10 and 11 for IPv4 networks D and E, switch SW3 is connected to a standard router interface of RT2, on the switch change this connection to trunk-mode, on the router’s side, use sub-interfaces.

b) Assign to all nodes the shown IPv4 addresses.

On router RT1 addresses on networks A and B are assigned to VLAN interfaces.

On router RT2 addresses on networks D and E are assigned to sub-interfaces.

c) Configure routing (default-gateways on end nodes, and routing tables on routers).

Every end-node must have a default-gateway (the local router’s node address, e.g. for PC0 the default-gateway is 190.12.65.1. For PC2 either RT1 or RT2 can be the default-gateway.

Router RT1 must be informed networks D and E exist, add them to its routing table.

Router RT2 must be informed networks A and B exist, add them to its routing table.

d) In simulation mode, test IPv4 connectivity by sending ICMP echo requests between all nodes.

All nodes should be able to reach every other node regardless of the network they are connected to.

Mind that first ping tests may fail due to timeout, this happens when ARP tables are empty and the time it takes for ARP to fill them is longer than the ping test timeout.

5. DHCP (Dynamic Host Configuration Protocol)

Thanks to DHCP, when a node is plugged into a network it gets all required IPv4 configuration information automatically. This only works if the network has at least one running DHCP service.

Among others, most relevant data provided by the DHCP service to the client node are a unique IPv4 address for the node to use, the network mask, the default gateway and DNS configuration data.

The DHCP service can manage static and dynamic IPv4 addresses. Static IPv4 addresses are manually assigned by the service administrator to specific client nodes (identified by their MAC addresses). Dynamic IPv4 addresses are automatically assigned by the DHCP service from an address pool provided by the service administrator. The DHCP service identifies client nodes by their MAC address and ensures assigned IPv4 addresses are unique.

DHCP itself uses UDP over IPv4 for messages transport. At first glance, this would result in a cyclic dependency for the client node: needs DHCP to get the IPv4 configuration and DHCP requires IPv4 to be operating.

Nevertheless, this is overcome by using some special-purpose IPv4 addresses. The first message sent by the client node (DHCP Discover) is transported by an IPv4 packet with source address 0.0.0.0 (unknown IPv4 source address) and destination address 255.255.255.255 (local network IPv4 broadcast address).


Because the first contact from the client node to the DHCP service is made using broadcast, it will only work if both the node and the service are in the same broadcast domain (LAN/VLAN).

Every DHCP service within the broadcast domain will receive the discover message and reply with an offer message. The client can then select one and send a unicast request to start using the provided configuration data.

Finally, the DHCP service sends back an ACK (acknowledgement) message.

The configuration assigned to the client node is valid during the lease time period, if the node wants to keep using the same data it must send a new request before the lease time expires.

5.1. Setting up the DHCP service on Cisco routers

Several types of network nodes can be used to supply a DHCP service to a network, including Windows and Linux servers, however, a Cisco router can also provide this service.

Because broadcast is used, one requirement to be meet is that the node providing the service must have a direct interface connection to the network. Although this requirement is generally true, a DHCP Relay Agent can be used to work around it. The DHCP Relay Agent must be directly connected to the network, but it will retransmit local DHCP messages to a remote DHCP service.

Although Cisco routers support static IPv4 addresses assignment as well, we usually want dynamic assignment. To achieve that on a Cisco router, one DHCP pool must be defined for each IPv4 network we want to offer the service on.

The DHCP pool is identified by an arbitrary administrative name, the ip dhcp pool POOL-NAME command can be used to create a new DHCP pool or edit an existing one. In will enter a specific sub-configuration level to manage that pool configuration, for instance:

(config)# ip dhcp pool NETWORK1

(dhcp-config)# network 192.168.5.0 255.255.255.0

The network command shown above associates the pool to a directly connected IPv4 network (192.168.5.0/24 on the example). The service assumes every valid node address within this network is available to be dynamically assigned to clients, addresses already in use on the network must be explicitly excluded.

With this information, the DHCP service is already capable of dynamically assigning IPv4 node addresses to clients and also inform them about the network address and network mask. Additional data is,


nevertheless, required by clients, the default-router command settles the default gateway to be used by clients. The following example also shows how to set the default DNS domain, and DNS servers the clients should use.

(config)# ip dhcp pool NETWORK1

(dhcp-config)# network 192.168.5.0 255.255.255.0

(dhcp-config)# default-router 192.168.5.1

(dhcp-config)# domain-name dei.isep.ipp.pt

(dhcp-config)# dns-server 192.168.20.4

Node addresses that are being used for other purposes must be excluded from DHCP management, starting with the router own address, but including servers and other devices with manual IPv4 address configuration.

If fact, before assigning a new address, the DHCP service tests if anyone is replying to ICMP echo requests on that address, and skips that address if so.

At general configuration-level, the ip dhcp excluded-address command allows the definition of one IPv4 address or a range of IPv4 addresses that should never be assigned to clients by DHCP, for instance:

(config)# ip dhcp excluded-address 192.168.5.1 192.168.5.100

Used together with the previous commands, this will make the DHCP service assign to clients only addresses between 192.168.5.101 and 192.168.5.254.

The ip dhcp excluded-address command may be used several times to exclude different addresses, possibly belonging to different DHCP pools.

5.2. Download the following Packet Tracer layout from Moodle (pl05-b.pkt)

This encompasses only physical connections, all configurations are left for you to do.

a) Define routers’ IPv4 addresses and static routing tables

For every router interface in use, assign a valid IP address on the network. You may use any valid node address as far as it belongs to the connected IPv4 networks shown on the image. Usually, but not mandatory, the network’s first addresses are assigned to routers.

Regarding the IPv4 address to be assigned to RT2 connection to the internet, it’s implicitly established because the other node address on this connection is 195.1.1.1/30. Mind the DSL modem and Cloud-PT are layer two, so they don’t have IP addresses.

Don’t assign IPv4 addresses to end-nodes, they will be assigned by the DHCP service running in router RT1, the default-gateway for end-nodes will be, as well, assigned by DHCP.

For RT1 routing table, the default route is sufficient, it will point out (next-hop) to RT2.


For RT2, the default route should point to the internet, so the next-hop is 195.1.1.1, however, this router’s routing table must first state that if the destination address is Network A, then the next-hop is router RT1.

Router RT-ISP (on the Internet) would have a default-route pointing to the next router, deeper into the internet. We don’t have data to settle that. However when the destination node belongs to networks A or B it should send to RT2. Also notice networks A and B can be aggregated into a single network address.

b) Configure the DHCP service on router RT1 to assign IPv4 address to all end nodes

Because nodes are spread in two networks, two DHCP pools are required.

Within each pool, set the correct default gateway each node must use (default-router command). For PC’s in Network B it should be RT2 because it’s closer to the Internet connection than RT1.

Don’t forget to exclude from DHCP already in use addresses, namely routers’ addresses.

Check that every PC is getting the proper configuration through DHCP from router RT1.

c) Test ICMP echo requests between all nodes, including the router RT-ISP

They should all work.

d) In simulation mode, send an ICMP echo request to a locally unknown IPv4 addresses

If everything is working as it is supposed to, those requests will reach the ISP Router and be rejected there. They are rejected because it has no routes pointing towards the internet as it would happen in reality.

6. Packet Tracer exercise

Use Packet Tracer to implement the following physical infrastructure

It looks rather odd! Router 1 has a single connection? Router 0 has two connections to the same switch? The point is, physical connections don’t mean much, as it all depends on VLANs.


6.1. Over the preceding infrastructure, use VLANs to define the following IPv4 networks

a) Define de required VLANs using VTP

There’s not much to wonder about, for each independent IPv4 network a VLAN is required, so a total of five VLANs are necessary. From the image above we can establish the following table:

VLAN name VLANID IPv4 network

VLAN-A 100 190.10.7.0/25

VLAN-B 101 190.10.8.0/23

VLAN-C 102 190.10.7.192/30

VLAN-D 103 190.10.1.0/24

VLAN-E 104 190.10.16.0/22

Assigned VLANIDs are arbitrary, as far as they are unique and don’t overlap others in use.

Here there are only three switches, the five VLANs could be manually created on each. However, VLAN Trunking Protocol (VTP) offers a better solution. By using VTP we can define all VLANs in a single switch (the VTP server) and spread them to all other switches (VTP clients). To works together, both the VTP server and the VTP clients must belong to the same VTP domain.

One switch must be elected to be the VTP server, say Switch0. Enter Switch0 CLI and set it as the VTP server for a VTP domain, say rcomp VTP domain.

(config)# vtp domain rcomp (config)# vtp mode server

The other switches will be VTP clients on the rcomp VTP domain.

(config)# vtp domain rcomp (config)# vtp mode client

From now on, any change on VLANs defined in Switch0 (VLAN database) gets propagated to Switch1 and Switch2.

So you can now use the Packet Tracer form to define the VLAN database on Switch0.

b) Ensure all VLANs are available on all switches

Every switch port connected to another switch must be in trunk-mode, so that corresponding VLANs are effectively interconnected between switches. On Cisco switches, ports are by default in


dynamic mode, thus, if one end of the connection is manually changed to trunk-mode, the other end will automatically also change to trunk-mode.

c) Assign VLANs to switch ports connected to end nodes

These end nodes (PCs) are not VLAN-aware, for each PC check to which switch port it’s connected, then and assign to that port the appropriate VLAN in access-mode.

d) Assign VLANs to switch ports connected to routers

Router1 has a single connected physical interface, however, we need three network connections. The connected switch port must, therefore, be in trunk-mode.

Assuming Router1 physically connected interface is FastEthernet0/0 and addresses to be assigned to the router are 190.10.7.193/30 for VLAN-C, 190.10.1.1/24 for VLAN-D and 190.10.0.1/22 for VLAN-E. Configuration commands are:

(config)# interface FastEthernet0/0.1 (config-subif)# encapsulation dot1Q 102 (config-subif)# ip address 190.10.7.193 255.255.255.252 (config)# interface FastEthernet0/0.2 (config-subif)# encapsulation dot1Q 103 (config-subif)# ip address 190.10.1.1 255.255.255.0 (config)# interface FastEthernet0/0.3 (config-subif)# encapsulation dot1Q 104 (config-subif)# ip address 190.10.16.1 255.255.252.0

Concerning Router0, it has two connected physical interfaces and, as with Router1, three network connections are required. If physically connected interfaces are FastEthernet0/0 and FastEthernet0/1, we can for instance use one interface for one VLAN and the other interface for the other two VLANs. Use the following commands:

(config)# interface FastEthernet0/0 (config-if)# ip address 190.10.7.194 255.255.255.252 (config)# interface FastEthernet0/1.1 (config-subif)# encapsulation dot1Q 100 (config-subif)# ip address 190.10.7.1 255.255.255.128 (config)# interface FastEthernet0/1.2 (config-subif)# encapsulation dot1Q 101 (config-subif)# ip address 190.10.8.1 255.255.254.0

Establish the correct configuration for each switch port these routers’ interfaces are connected. Both in trunk-mode? Apply the correct VLAN configurations to the connected switch.

e) Use the two routers to offer the DHCP service on networks A, B, D, and E

Each router can serve only directly connected networks, so, for Router0 networks A and B, and for Router1 networks D and E.

On Router0:


(config)# ip dhcp excluded-address 190.10.7.1 (config)# ip dhcp excluded-address 190.10.8.1 (config)# ip dhcp pool NET-A (dhcp-config)# default-router 190.10.7.1 (dhcp-config)# network 190.10.7.0 255.255.255.128 (config)# ip dhcp pool NET-B (dhcp-config)# default-router 190.10.8.1 (dhcp-config)# network 190.10.8.0 255.255.254.0

On Router1:

(config)# ip dhcp excluded-address 190.10.1.1 (config)# ip dhcp excluded-address 190.10.16.1 (config)# ip dhcp pool NET-D (dhcp-config)# default-router 190.10.1.1 (dhcp-config)# network 190.10.1.0 255.255.255.0 (config)# ip dhcp pool NET-E (dhcp-config)# default-router 190.10.16.1 (dhcp-config)# network 190.10.16.0 255.255.252.0

Check that all end nodes receive their configuration from the DHCP service. Confirm the IPv4 network each node belongs to.

f) Move end nodes between VLANs

Let’s move PC0 to network A and PC2 to network D.

Thanks to VLANs no physical connections changes are necessary, all is required is changing the VLAN assigned to the corresponding switch port.

Force DHCP clients on PC0 and PC2 to request new configuration data and confirm they have moved to the desired IPv4 network.

7. Simplifying IPv4 routing tables

Routers’ routing tables can often be simplified, this means reducing the number of lines, and yet keeping the same behaviour.

In routing terms, the same behaviour expresses the fact that same next-hops are used for the same cases as before. The advantage is, a shorter routing table improves the router’s performance.

The generic principle for simplifying a routing table is searching for a pair of lines that could be replaced by a single line, which has the same effect of the original two lines.

There’s one first fundamental condition for such a simplification to be possible:

Both original lines need to have the same next-hop.

Once we notice two routing table lines have the same next-hop, only then, we should proceed and check if they may be reduced to a single line (and keeping the same behaviour).


7.1. Aggregation to default-route

If there’s a default-route in the routing table (0.0.0.0/0 line), it means any IPv4 address not matching previous lines will match it, and thus the corresponding next-hop will be used. Typically this next-hop pinpoints toward the internet connection and is called the default-router or default-gateway.

In most cases, if there’s a routing table line with a next-hop equal to the next-hop of the default-route, then the line can simply be removed, leaving only the default-route.

This is true because we assume that, in the absence of the removed line, the default-route is going be reached, and therefore the same next-hop will be used as before. We must be aware that there are exceptions to this assumption, the following routing table presents one of those cases:

Destination Next-hop 190.200.30.0/24 170.10.10.1 190.200.0.0/16 170.10.10.5

0.0.0.0/0 170.10.10.1

We would assume the first rule could be removed because the next-hop is the same as the default-route next-hop. However, in this specific case that’s not true.

The issue is, the second line includes the first line addresses, therefore, the assumption that removing the first line will make the corresponding addresses match the default-route is, in this case false. They would match the second line, and thus, they would be sent to a different next-hop.

Due to that, this routing table can’t be simplified.

Nevertheless, aggregation to the default-route is pretty simple and it should always be the first strategy to be used. Only after getting rid of all removable lines through aggregation to the default-route, then the next step, addresses blocks aggregation, ought to be tried.

7.2. Addresses blocks aggregation

From IPv4 classless addressing study, we already know that two same size addresses blocks can, in some cases, be aggregated into a single block with the double size. Formally, viewing addresses blocks as sets of addresses, the aggregation result block is the union between the two original addresses blocks. If the routing table contains two lines with equal sizes addresses blocks (same prefix-length) and the same next-hop, there’s the chance these two lines can be replaced by a single line with an addresses block that is the union of the first two.

Criteria that must be checked for addresses block aggregation of two routing table lines: 1st – Same next-hop (the basic criterion) 2nd – Same block size (same prefix-length/network mask) 3rd – The two original blocks can be aggregated into a single block Once the first two rules are verified, we must test the third rule. The test is rather simple:

Two blocks can be aggregated if, by reducing one bit to the prefix-length on both blocks, we end up with the same resulting block.


By reducing one bit to the prefix, one bit is transferred from the network area to the node area of the address, thus depending on the transferred bit being zero or one, the resulting network address will remain the same or will change.

Of course that, for the resulting network address to be the same, the two original networks addresses must to be very similar, they can only differ on the value of one bit around the prefix-length position.

Example: simplify the following routing table.

Destination Next-hop

195.20.80.0/20 178.10.10.1

195.20.64.0/20 178.10.10.1

195.30.64.0/20 178.10.10.1

195.20.96.0/19 178.10.10.1

0.0.0.0/0 178.10.10.80

We can see no aggregation to default-route is possible, this is because no other line has the same next-hop as the default-route (178.10.10.80).

Though, the remaining lines all share the same next-hop (178.10.10.1), so we can analyse aggregations between them. The aggregation is only possible between same mask networks, so we have three possible candidates with a 20-bits prefix length.

Nevertheless, the third candidate (195.30.64.0/20) can be immediately excluded. For the reason that is the value of the second octet is different and the prefix-length is on the middle of the third octet. Obviously, there’s no way changing a bit on the third octet will change the second octet’s value.

For now, we are left with 195.20.80.0/20 and 195.20.64.0/20, the first two criteria are met: same next-hop and same prefix-length, also addresses are similar and differ only on the octet where the prefix-length is located.

Let’s test one bit prefix-length reduction to a 19-bits network prefix-length on both networks:

195.20.80.0/20 = 195.20.(01010000)2.0/20

By reducing one bit, the 20th-bit having value one will no longer be part of the network address, thus the address becomes 195.20.64.0/19

195.20.64.0/20 = 195.20.(01000000)2.0/20

By reducing one bit, the 20th-bit having value zero will no longer be part of the network address, however, because it zero, the address remains the same: 195.20.64.0/19

We end up with the same network address on both cases, therefore, we conclude: 195.20.64.0/19 is the union of 195.20.80.0/20 and 195.20.64.0/20

Thus, for now, the simplified table becomes:


195.20.64.0/19 178.10.10.1

195.30.0.0/20 178.10.10.1

195.20.96.0/19 178.10.10.1

0.0.0.0/0 178.10.10.80

We can now restart the procedure, because again, two lines meet the requirements for aggregation: 195.20.64.0/19 and 195.20.96.0/19


(Same next-hop, same prefix-length, and similar addresses, different only on the octet where the prefix-length is located)

Let’s again test one bit prefix-length reduction, now to an 18-bits network mask on both networks:

195.20.64.0/19 – 195.20.(01000000)2.0/19

By reducing one bit, the 19th-bit having value zero will no longer be part of the network address, thus the address remains the same: 195.20.64.0/18

195.20.96.0/20 – 195.20.(01100000)2.0/19

By reducing one bit, the 19th-bit having value one will no longer be part of the network address, thus the address becomes 195.20.64.0/18

We can, therefore, conclude: 195.20.64.0/18 is the union of 195.20.64.0/19 and 195.20.96.0/19

So, the simplified table becomes:


195.20.64.0/18 178.10.10.1

195.30.0.0/20 178.10.10.1

0.0.0.0/0 178.10.10.80

No further simplifications are possible. (To start with, the only two lines with the same next-hop have different prefix-lengths, and in addition network addresses are very different)

8. Practical exercise (IPv4 networks dimensioning and static routing)

The following diagram represents some IPv4 networks interconnected by routers:

The image shows the maximum number of workstations to be supported in each network.

a) Use the 194.56.224.0/23 addresses block to assign an address to each network.

b) Define routers’ IPv4 addresses in each network.

c) Define each router’s static routing table.

d) Simplify to the extent possible each routing table defined in c).

Date post:	18-Dec-2021
Category:	Documents
Upload:	others
View:	18 times
Download:	2 times

1. Classless IPv4 addressing

Documents