of 29
7/30/2019 Advance Dip Management
1/29
20-Oct-
Advanced IP Address Management
1
ObjectivesThis module explores the evolution and extension of IPv4,
including the key scalability features that engineers haveadded to it over the years:
Subnetting Classless interdomain routing (CIDR) Variable length subnet masking (VLSM) Route summarization
Finally, this module examines advanced IP implementation
techniques such as the following: IP unnumbered Dynamic Host Configuration Protocol (DHCP) Helper addresses
2
7/30/2019 Advance Dip Management
2/29
20-Oct-
IPv4 Address Classes
3
IPv4 Address Classes
No medium size host networks
In the early days of the Internet, IP addresses were allocated to organizationsbased on request rather than actual need.
4
7/30/2019 Advance Dip Management
3/29
20-Oct-
IPv4 Address Classes
Class D Addresses
A Class D address begins with binary 1110 in the first octet.
First octet range 224 to 239.
Class D address can be used to represent a group of hosts called a host group,
or multicast group.
Class E AddressesFirst octet of an IP address begins with 1111
Class E addresses are reserved for experimental purposes and should not beused for addressing hosts or multicast groups.
5
IP addressing crisis
Address Depletion Internet Routing Table Explosion
6
7/30/2019 Advance Dip Management
4/29
20-Oct-
IPv4 Addressing
Subnet Mask
One solution to the IP address shortage was thought to be the subnetmask.
Formalized in 1985 (RFC 950), the subnet mask breaks a single class A,B or C network in to smaller pieces.
7
Subnet Example
Using /24subnet...
190.52.1.2190.52.2.2190.52.3.2
8
Network Network Subnet Host
But internalrouters think allthese addresses are on differentnetworks, called subnetworks
Internetrouters still see this net as 190.52.0.0
Class B Network Network Host Host
Given the Class B address 190.52.0.0
7/30/2019 Advance Dip Management
5/29
20-Oct-
Subnet Example
Using the 3rd octet, 190.52.0.0 was
divided into:190.52.1.0 190.52.2.0 190.52.3.0 190.52.4.0
190.52.5.0 190.52.6.0 190.52.7.0 190.52.8.0
190.52.9.0 190.52.10.0 190.52.11.0 190.52.12.0
190.52.13.0 190.52.14.0 190.52.15.0 190.52.16.0
190.52.17.0 190.52.18.0 190.52.19.0 and so on ...
9
Network Network Subnet Host
Long Term Solution: IPv6 (coming) IP v6, or IPng (IP the Next Generation) uses a 128-bit address space,
yielding
340,282,366,920,938,463,463,374,607,431,768,211,456
possible addresses.
IPv6 has been slow to arrive
IPv4 revitalized by new features, making IPv6 a luxury, and not adesperately needed fix
IPv6 requires new software; IT staffs must be retrained
IPv6 will most likely coexist with IPv4 for years to come. Some experts believe IPv4 will remain for more than 10 years.
10
7/30/2019 Advance Dip Management
6/29
20-Oct-
Short Term Solutions: IPv4 Enhancements
CIDR (Classless Inter-Domain Routing) RFCs1517, 1518, 1519, 1520
VLSM (Variable Length Subnet Mask) RFC1009
Private Addressing - RFC 1918
NAT/PAT (Network Address Translation / PortAddress Translation) RFC
11
CIDR (Classless Inter-Domain Routing) By 1992, members of the IETF were having serious concerns about the
exponential growth of the Internet and the scalability of Internet routing
tables.
The IETF was also concerned with the eventual exhaustion of 32-bit IPv4address space.
Projections were that this problem would reach its critical state by 1994 or
1995.
IETFs response was the concept of Supernetting or CIDR, cider.
To CIDR-compliant routers, address class is meaningless.
The network portion of the address is determined by the network subnetmask, network-prefix or prefix-length (/8, /19, etc.)
The network address is NOT determined by the first octet (first two bits),200.10.0.0/16 or 15.10.160.0/19
CIDR helped reduced the Internet routing table explosion with supernetting
and reallocation of IPv4 address space.12
7/30/2019 Advance Dip Management
7/29
20-Oct-
CIDR (Classless Inter-Domain Routing)
First deployed in 1994, CIDR dramatically improves IPv4s scalability andefficiency by providing the following:
Eliminates traditional Class A, B, C addresses allowing for more efficient
allocation of IPv4 address space.
Supporting route aggregation (summarization), also known assupernetting, where thousands of routes could be represented by a single
route in the routing table.
Route aggregation also helps prevent route flapping on Internetrouters using BGP. Flapping routes can be a serious concern with
Internet core routers.
CIDR allows routers to aggregate, or summarize, routing information and thusshrink the size of their routing tables.
Just one address and mask combination can represent the routes tomultiple networks.
Used by IGP routers within an AS and EGP routers between AS.
13
Without CIDR, arouter must
maintainindividual routingtable entries forthese class Bnetworks.
14
With CIDR, arouter cansummarizethese routesinto eightnetworks by
using a 13-bitprefix:172.24.0.0 /13
1. Count the number of left-most matching bits, /13
2. Add all zeros after the last matching bit:
172.24.0.0 = 10101100 00011000 00000000 00000000
Steps:
7/30/2019 Advance Dip Management
8/29
20-Oct-
CIDR (Classless Inter-Domain Routing)
By using a prefix address to summarizes routes, administrators can keeprouting table entries manageable, which means the following
More efficient routing
A reduced number of CPU cycles when recalculating a routing table, orwhen sorting through the routing table entries to find a match
Reduced router memory requirements
Route summarization is also known as:
Route aggregation
Supernetting
Supernetting is essentially the inverse of subnetting.
CIDR moves the responsibility of allocation addresses away from a
centralized authority (InterNIC).
Instead, ISPs can be assigned blocks of address space, which they can then
parcel out to customers.
15
16
Subscribers Subscribers Subscribers Subscribers Subscribers Subscribers Subscribers Subscribers
ISP ISP ISP ISP ISP ISP ISP ISP
RegionalService
Provider
RegionalService
Provider
RegionalService
Provider
RegionalService
Provider
NetworkServiceProvider
NetworkServiceProvider
NAP (Network Access Point)
7/30/2019 Advance Dip Management
9/29
20-Oct-
Supernetting Example Company XYZ needs to address 400 hosts. Its ISP gives them two contiguous Class C addresses:
207.21.54.0/24
207.21.55.0/24
Company XYZ can use a prefix of 207.21.54.0 /23 to supernet these twocontiguous networks. (Yielding 510 hosts)
207.21.54.0 /23
207.21.54.0/24
207.21.55.0/24
1723 bits in common
Supernetting Example
With the ISP acting as the addressing authority for a CIDR block of addresses, theISPs customer networks, which include XYZ, can be advertised among Internet
routers as a single supernet.
Hc vin mng Bch Khoa - Website:
www.bkacad.com18
7/30/2019 Advance Dip Management
10/29
20-Oct-
CIDR and the Provider
19
Another example of route aggregation.
CIDR and the provider
Even Better:
200.199.48.32/27 11001000 11000111 00110000 0 0100000
200.199.48.64/27 11001000 11000111 00110000 0 1000000
200.199.48.96/27 11001000 11000111 00110000 0 1100000
200.199.48.0/25 11001000 11000111 00110000 0 0000000
(As long as there are no other routes elsewhere within this range, well)
200.199.56.0/24 11001000 11000111 0011100 0 00000000
200.199.57.0/24 11001000 11000111 0011100 1 00000000
200.199.56.0/23 11001000 11000111 0011100 0 0000000020
200.199.56.0/23
200.199.48.0/25
Summarization from
the customernetworks to their
provider.
7/30/2019 Advance Dip Management
11/29
20-Oct-
CIDR and the provider
200.199.48.0/25 11001000 11000111 0011 0000 00000000
200.199.49.0/25 11001000 11000111 0011 0001 00000000
200.199.56.0/23 11001000 11000111 0011 1000 00000000
200.199.48.0/20 11001000 11000111 0011 0000 00000000
20 bits in common
21
200.199.48.0/25
200.199.56.0/23 Further summarizationhappens with the next
upstream provider.
CIDR Restrictions Dynamic routing protocols must send network address and mask(prefix-
length) information in their routing updates.
In other words, CIDR requires classless routing protocols for dynamic routing.
However, you can still configure summarized static routes, after all, that iswhat a 0.0.0.0/0 route is.
22
7/30/2019 Advance Dip Management
12/29
20-Oct-
Summarized and Specific Routes: Longest-bit Match
(more later)
Merida receives a summarized /16 update from Quito and a more specific/24 update from Cartago.
Merida will include both routes in the routing table. Merida will forward all packets matching at least the first 24 bits of172.16.5.0 to Cartago (172/16/5/0/24), longest-bit match.
Merida will forward all other packets matching at least the first 16 bits toQuito (172.16.0.0/16).
23
172.16.2.0/24 172.16.10.0/24
172.16.1.0/24172.16.5.0/24
172.16.0.0/16 172.16.5.0/24
Summarized Update Specific Route Update
Merida
Quito Cartago
Short Term Solutions: IPv4 Enhancements
CIDR (Classless Inter-Domain Routing) RFCs1517, 1518, 1519, 1520
VLSM (Variable Length Subnet Mask) RFC1009
Private Addressing - RFC 1918
NAT/PAT (Network Address Translation / Port
Address Translation) RFC
24
7/30/2019 Advance Dip Management
13/29
20-Oct-
VLSM (Variable Length Subnet Mask)
Limitation of using only a single subnet maskacross a given network-prefix(network
address, the number of bits in the mask) was
that an organization is locked into a fixed-
number of of fixed-sized subnets.
1987, RFC 1009 specified how a subnettednetwork could use more than one subnet mask.
VLSM = Subnetting a SubnetIf you know how to subnet, you can do VLSM!
25
VLSM Simple Example
Subnetting a /8 subnet using a /16 mask gives us 256 subnets with 65,536 hostsper subnet.
Lets take the 10.2.0.0/16 subnet and subnet it further26
10.0.0.0/8
10.0.0.0/16
10 Host Host Host
10 Subnet Host Host
1st octet 2nd octet 3rd octet 4th octet
10.0.0.0/16 10 0 Host Host
10.1.0.0/16 10 1 Host Host
10.2.0.0/16 10 2 Host Host
10.n.0.0/16 10 Host Host
10.255.0.0/16 10 255 Host Host
7/30/2019 Advance Dip Management
14/29
20-Oct-
VLSM Simple Example
Note: 10.2.0.0/16 is now a summary of all of the 10.2.0.0/24subnets.
Summarization coming soon!
27
10.2.0.0/16 10 2 Host Host
Network Subnet HostHost
10.2.0.0/24 10 2 Subnet Host
10.2.0.0/24 10 2 0 Host
10.2.1.0/24 10 2 1 Host
10.2.n.0/24 10 2 Host
10.2.255.0/24 10 2 255 Host
VLSM Simple Example10.0.0.0/8 subnetted using /16
Subnet 1st host Last host Broadcast
10.0.0.0/16 10.0.0.1 10.0.255.254 10.0.255.255
10.1.0.0/16 10.1.0.1 10.1.255.254 10.1.255.255
10.2.0.0/16 sub-subnetted using /24
Subnet 1st host Last host Broadcast10.2.0.0/24 10.2.0.1 10.2.0.254 10.2.0.25510.2.1.0/24 10.2.1.1 10.2.1.254 10.2.1.255
10.2.2.0/24 10.2.2.1 10.2.2.254 10.2.2.255 Etc.10.2.255.0/24 10.2.255.1 10.2.255.254 10.2.255.255
10.3.0.0/16 10.3.0.1 10.3.255.254 10.0.255.255
Etc.
10.255.0.0/16 10.255.0.1 10.255.255.254 10.255.255.255
28
7/30/2019 Advance Dip Management
15/29
20-Oct-
VLSM Simple Example
Your network can now have 255 /16 subnets with 65,534 hosts eachAND 256 /24subnets with 254 hosts each.
All you need to make it work is a classless routing protocol that passes the subnetmaskwith the network address in the routing updates.
Classless routing protocols: RIPv2, EIGRP, OSPF, IS-IS, BGPv4 (coming)29
Subnets10.0.0.0/1610.1.0.0/1610.2.0.0/16
10.2.0.0/2410.2.1.0/2410.2.2.0/24
Etc.10.2.255.0/24
10.3.0.0/16Etc.
10.255.0.0/16
10.1.0.0/16
An example of VLSM, NOT of good network design.
10.3.0.0/16
10.4.0.0/16 10.5.0.0/16
10.6.0.0/16
10.7.0.0/1610.2.0.0/24
10.2.3.0/24 10.2.4.0/2410.2.5.0/24
10.2.8.0/24
10.8.0.0/16
10.2.6.0/24
10.2.1.0/24
Another VLSM Example using /30
subnets
This network has seven /27 subnets with 30 hosts eachAND eight/30 subnets with 2 hosts each.
/30 subnets are very useful for serial networks.30
207.21.24.0/24 network subnetted into eight /27 (255.255.255.224)subnets
207.21.24.192/27 subnet, subnetted into eight /30(255.255.255.252) subnets
7/30/2019 Advance Dip Management
16/29
20-Oct-
207.21.24.192/27 207.21.24. 11000000
/30 Hosts Bcast 2 Hosts
0 207.21.24.192/30 207.21.24. 110 00000 01 10 11 .193 & .194
1 207.21.24.196/30 207.21.24. 110 00100 01 10 11 .197 & .198
2 207.21.24.200/30 207.21.24. 110 01000 01 10 11 .201 & .202
3 207.21.24.204/30 207.21.24. 110 01100 01 10 11 .205 & .206
4 207.21.24.208/30 207.21.24. 110 10000 01 10 11 .209 & .210
5 207.21.24.212/30 207.21.24. 110 10100 01 10 11 .213 & .214
6 207.21.24.216/30 207.21.24. 110 11000 01 10 11 .217 & .218
7 207.21.24.220/30 207.21.24. 110 11100 01 10 11 .221 & .222
31
This network has seven /27 subnets with 30 hosts eachAND seven /30 subnetswith 2 hosts each (one left over).
/30 subnets with 2 hosts per subnet do not waste host addresses on serialnetworks . 32
207.21.24.192/30
207.21.24.196/30 207.21.24.200/30
207.21.24.204/30
207.21.24.208/30 207.21.24.212/30
207.21.24.32/27
207.21.24.64/27
207.21.24.96/27 207.21.24.128/27
207.21.24.160/27 207.21.24.224/27 207.21.24.0/27
207.21.24.216/30
7/30/2019 Advance Dip Management
17/29
20-Oct-
VLSM and the Routing Table (more later)
Routing Table without VLSM
RouterX#show ip route
207.21.24.0/27 is subnetted, 4 subnets
C 207.21.24.192 is directly connected, Serial0
C 207.21.24.196 is directly connected, Serial1
C 207.21.24.200 is directly connected, Serial2
C 207.21.24.204 is directly connected, FastEthernet0
Routing Table with VLSM
RouterX#show ip route
207.21.24.0/24 is variably subnetted, 4 subnets, 2 masks
C 207.21.24.192 /30 is directly connected, Serial0
C 207.21.24.196 /30 is directly connected, Serial1
C 207.21.24.200 /30 is directly connected, Serial2
C 207.21.24.96 /27 is directly connected, FastEthernet0
33
Parent Route shows classful mask instead of subnet mask of the childroutes.
Each Child Routes includes its subnet mask.
Displays one subnet mask for all child routes.
Classful mask is assumed for the parent route.
Each child routes displays its own subnet mask.Classful mask is included for the parent route.
Final Notes on VLSM Whenever possible it is best to group contiguous routes together so
they can be summarized (aggregated) by upstream routers. (coming
soon!)
Even if not all of the contiguous routes are together,
routing tables use the longest-bit match which allows
the router to choose the more specific route over a
summarized route.
Coming soon!
You can keep on sub-subnetting as many times and as deep as youwant to go.
You can have various sizes of subnets with VLSM.
34
7/30/2019 Advance Dip Management
18/29
20-Oct-
Route flapping
Route flapping occurs when a router interface alternates rapidly between the up anddown states.
Route flapping, and it can cripple a router with excessive updates and recalculations. However, the summarization configuration prevents the RTC route flapping from
affecting any other routers.
The loss of one network does not invalidate the route to the supernet.
While RTC may be kept busy dealing with its own route flap, RTZ, and all upstreamrouters, are unaware of any downstream problem.
Summarization effectively insulates the other routers from the problem of routeflapping.
35
Short Term Solutions: IPv4
Enhancements CIDR (Classless Inter-Domain Routing) RFCs
1517, 1518, 1519, 1520
VLSM (Variable Length Subnet Mask) RFC1009
Private Addressing - RFC 1918
NAT/PAT (Network Address Translation / PortAddress Translation) RFC
36
7/30/2019 Advance Dip Management
19/29
20-Oct-
Private IP addresses (RFC 1918)
If addressing any of the following, these private addresses can be used instead of globally uniqueaddresses:
A non-public intranet
A test lab
A home network
Global addresses must be obtained from a provider or a registry at some expense. 37
Discontiguous subnets
Mixing private addresses with globally unique addresses can create
discontiguous subnets. Not the main cause however
Discontiguous subnets, are subnets from the same major network that areseparated by a completely different major network or subnet.
Question: If a classful routing protocol like RIPv1 or IGRP is being used, what do therouting updates look like between Site A router and Site B router?
38
7/30/2019 Advance Dip Management
20/29
20-Oct-
Discontiguous subnets
Classful routing protocols, notably RIPv1 and IGRP, cant support discontiguoussubnets, because the subnet mask is not included in routing updates.
RIPv1 and IGRP automatically summarize on classful boundaries.
Site A and Site B are all sending each other the classful address of207.21.24.0/24.
A classless routing protocol (RIPv2, EIGRP, OSPF) would be needed:
to not summarize the classful network address and to include the subnet mask in the routing updates.
39
Discontiguous subnets
RIPv2 and EIGRP automatically summarize on classful boundaries.
When using RIPv2 and EIGRP, to disable automatic summarization (on both routers):
Router(config-router)#no auto-summary
SiteB now receives 207.21.24.0/27
SiteB now receives 207.21.24.32/27
40
7/30/2019 Advance Dip Management
21/29
20-Oct-
Short Term Solutions: IPv4
Enhancements CIDR (Classless Inter-Domain Routing) RFCs
1517, 1518, 1519, 1520
VLSM (Variable Length Subnet Mask) RFC1009
Private Addressing - RFC 1918
NAT/PAT (Network Address Translation / PortAddress Translation) RFC
41
Network Address Translation (NAT)
NAT: Network Address Translatation NAT, as defined by RFC 1631, is the process of swapping one address for
another in the IP packet header.
In practice, NAT is used to allow hosts that are privately addressed to accessthe Internet.
42
7/30/2019 Advance Dip Management
22/29
20-Oct-
Network Address Translation (NAT)
NAT translations can occur dynamically or statically. The most powerful feature of NAT routers is their capability to use port address translation
(PAT), which allows multiple inside addresses to map to the same global address.
This is sometimes called a many-to-one NAT. With PAT, or address overloading, literally hundreds of privately addressed nodes can
access the Internet using only one global address.
The NAT router keeps track of the different conversations by mapping TCP and UDP portnumbers.
43
2.2.2.2 TCP Source Port 1923
2.2.2.2 TCP Source Port 1924
TCP Source Port 1026
TCP Source Port 1026
Using IP unnumbered
There are certain drawbacks that come with using IP unnumbered:
The use ofping cannot determine whether the interface is up because the interface has no IP address.
A network IOS image cannot boot over an unnumbered serial interface.
IP security options cannot be supported on an unnumbered interface.
44
7/30/2019 Advance Dip Management
23/29
20-Oct-
DHCP
DHCP overview
DHCP operation
Configuring IOS DHCP server
Easy IP
45
DHCP overview
Administrators set up DHCP servers to assign addresses from predefinedpools. DHCP servers can also offer other information:
DNS server addresses
WINS server addresses
Domain names Most DHCP servers also allow the ability to define specifically what client
MAC addresses can be serviced and to automatically assign the same numberto a particular host each time.
Note: BootP was originally defined in RFC 951 in 1985. It is the predecessorof DHCP, and it shares some operational characteristics. Both protocols useUDP ports 67 and 68, which are well known as BootP ports because BootPcame before DHCP.
46
7/30/2019 Advance Dip Management
24/29
20-Oct-
DHCP operation
The client sends a DHCPREQUEST broadcast to all nodes. If the client finds the offer agreeable, it will send another broadcast. This broadcast is a DHCPREQUEST, specifically requesting those particular IP
parameters.
Why does the client broadcast the request instead of unicasting it to the server? A broadcast is used because the very first message, the DHCPDISCOVER, may have
reached more than one DHCP server. After all, it was a broadcast. If more than one server makes an offer, the broadcasted
DHCPREQUEST lets the servers know which offer was accepted, which is usually thefirst offer received.
47
Easy IP
48
7/30/2019 Advance Dip Management
25/29
20-Oct-
Using helper addresses
49
Configuring IP helper addresses
50
By default, the ip helper-address command forwards the eight UDPs services.
7/30/2019 Advance Dip Management
26/29
20-Oct-
Configuring IP helper addresses
To configure RTA e0, the interface that receives the Host A broadcasts, to relay
DHCP broadcasts as a unicast to the DHCP server, use the followingcommands:
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.951
Broadcast Unicast
Configuring IP helper addresses
Helper address configuration that relays broadcasts to all servers on the segment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address172.24.1.255
But will RTA forward the broadcast?52
Broadcast Unicast
7/30/2019 Advance Dip Management
27/29
20-Oct-
Directed Broadcast
Notice that the RTA interface e3, which connects to the server farm, is not configured
with helper addresses.
However, the output shows that for this interface, directed broadcast forwarding isdisabled.
This means that the router will not convert the logical broadcast 172.24.1.255 into aphysical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF.
To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will
need to be configured to forward directed broadcasts with the following command:
RTA(config)#interface e3
RTA(config-if)#ip directed-broadcast
53
Configuring IP helper addresses
Helper address configuration that relays broadcasts to all servers on thesegment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.255
RTA(config)#interface e3
RTA(config-if)#ip directed-broadcast54
L3 Broadcast L2 Broadcast
7/30/2019 Advance Dip Management
28/29
20-Oct-
IP address issues solutions
This module has shown that IPv4 addressing faces two major issues:
The depletion of addresses, particularly the key medium-sized space The pervasive growth of Internet routing tables
In 1994, the Internet Engineering Task Force (IETF) proposed IPv6 in RFC 1752 and a numberof working groups were formed in response. IPv6 covers issues such as the following:
Address depletion Quality of service Address autoconfiguration Authentication Security
It will not be easy for organizations deeply invested in the IPv4 scheme to migrate to atotally new architecture. As long as IPv4, with its recent extensions and CIDR enabledhierarchy, remains viable, administrators will shy away from adopting IPv6. A new IPprotocol requires new software, new hardware, and new methods of administration. Itis likely that IPv4 and IPv6 will coexist, even within an autonomous system, for years tocome.
55
IPv6
Three general types of addresses exist:
Unicast An identifier for a single interface. A packet sent to a unicast address is deliveredto the interface identified by that address.
Anycast An identifier for a set of interfaces that typically belong to different nodes. Apacket sent to an anycast address is delivered to the nearest, or first, interface in theanycast group.
Multicast An identifier for a set of interfaces that typically belong to different nodes. Apacket sent to a multicast address is delivered to all interfaces in the multicast group.
56
7/30/2019 Advance Dip Management
29/29
20-Oct-
IPv6
To write 128-bit addresses so that they are readable to human eyes, the IPv6architects abandoned dotted decimal notation in favor of a hexadecimal
format.
Therefore, IPv6 is written as 32 hex digits, with colons separating the valuesof the eight 16-bit pieces of the address.
57
Summary
This module described how all of the following
could enable more efficient use of IP
addresses:
Subnet masks
VLSMs
Private addressing Network address translation (NAT)
58