1 1 1 Objectives This module explores the evolution and extension of IPv4, including the key scalability features that engineers have added to it over the years: • Subnetting • Classless interdomain routing (CIDR) • Variable length subnet masking (VLSM) • Route summarization Finally, this module examines advanced IP implementation techniques such as the following: • IP unnumbered • Dynamic Host Configuration Protocol (DHCP) • Helper addresses
Transcript
1 1 1
Objectives
This module explores the evolution and extension of IPv4, including the key scalability features that engineers have added to it over the years:
• Subnetting
• Classless interdomain routing (CIDR)
• Variable length subnet masking (VLSM)
• Route summarization
Finally, this module examines advanced IP implementation techniques such as the following:
• IP unnumbered
• Dynamic Host Configuration Protocol (DHCP)
• Helper addresses
2 2 2
A few notes…
• The following slides are NOT from the online curriculum.
• However, they do cover the same topics using different examples.
3 3 3
IPv4 Address Classes
4 4 4
IPv4 Address Classes
• No medium size host networks
• In the early days of the Internet, IP addresses were allocated to organizations based on request rather than actual need.
5 5 5
IPv4 Address Classes
Class D Addresses
• A Class D address begins with binary 1110 in the first octet.
• First octet range 224 to 239.
• Class D address can be used to represent a group of hosts called a host group, or multicast group.
Class E Addresses First octet of an IP address begins with 1111
• Class E addresses are reserved for experimental purposes and should not be used for addressing hosts or multicast groups.
6 6 6
IP addressing crisis
• Address Depletion
• Internet Routing Table Explosion
7 7 7
IPv4 Addressing
Subnet Mask
• One solution to the IP address shortage was thought to be the subnet mask.
• Formalized in 1985 (RFC 950), the subnet mask breaks a single class A, B or C network in to smaller pieces.
8 8 8
Using /24 subnet...
190.52.1.2
190.52.2.2
190.52.3.2
Network Network Subnet Host
But internal routers think all
these addresses are on different
networks, called subnetworks
Internet routers still “see” this net as 190.52.0.0
Class B Network Network Host Host
Given the Class B address 190.52.0.0
Subnet Example
9 9 9
Using the 3rd octet, 190.52.0.0 was divided into:
190.52.1.0 190.52.2.0 190.52.3.0 190.52.4.0
190.52.5.0 190.52.6.0 190.52.7.0 190.52.8.0
190.52.9.0 190.52.10.0 190.52.11.0 190.52.12.0
190.52.13.0 190.52.14.0 190.52.15.0 190.52.16.0
190.52.17.0 190.52.18.0 190.52.19.0 and so on ...
Network Network Subnet Host
Subnet Example
10 10 10
All Zeros and All Ones Subnets
Using the All Ones Subnet
• There is no command to enable or disable the use of the all-ones subnet, it is enabled by default.
Router(config)#ip subnet-zero
• The use of the all-ones subnet has always been explicitly allowed and the use of subnet zero is explicitly allowed since Cisco IOS version 12.0.
RFC 1878 states, "This practice (of excluding all-zeros and all-ones subnets) is obsolete! Modern software will be able to utilize all definable networks." Today, the use of subnet zero and the all-ones subnet is generally accepted and most vendors support their use, though, on certain networks, particularly the ones using legacy software, the use of subnet zero and the all-ones subnet can lead to problems.
CCO: Subnet Zero and the All-Ones Subnet http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f18.shtml
11 11 11
Long Term Solution: IPv6
• IP v6, or IPng (IP – the Next Generation) uses a 128-bit address space, yielding
• By 1992, members of the IETF were having serious concerns about the exponential growth of the Internet and the scalability of Internet routing tables.
• The IETF was also concerned with the eventual exhaustion of 32-bit IPv4 address space.
• Projections were that this problem would reach its critical state by 1994 or 1995.
• IETF’s response was the concept of Supernetting or CIDR, “cider”.
• To CIDR-compliant routers, address class is meaningless.
The network portion of the address is determined by the network subnet mask, network-prefix or prefix-length (/8, /19, etc.)
The network address is NOT determined by the first octet (first two bits), 200.10.0.0/16 or 15.10.160.0/19
• CIDR helped reduced the Internet routing table explosion with supernetting and reallocation of IPv4 address space.
CIDR (Classless Inter-Domain Routing)
14 14 14
Active BGP entries
http://bgp.potaroo.net/
Report last updated at Thu, 16 Jan 2003
15 15 15
• First deployed in 1994, CIDR dramatically improves IPv4’s scalability and efficiency by providing the following:
Eliminates traditional Class A, B, C addresses allowing for more efficient allocation of IPv4 address space.
Supporting route aggregation (summarization), also known as supernetting, where thousands of routes could be represented by a single route in the routing table.
Route aggregation also helps prevent route flapping on Internet routers using BGP. Flapping routes can be a serious concern with Internet core routers.
• CIDR allows routers to aggregate, or summarize, routing information and thus shrink the size of their routing tables.
Just one address and mask combination can represent the routes to multiple networks.
Used by IGP routers within an AS and EGP routers between AS.
CIDR (Classless Inter-Domain Routing)
16 16 16
Without CIDR, a router must maintain individual routing table entries for these class B networks.
With CIDR, a router can summarize these routes into eight networks by using a 13-bit prefix: 172.24.0.0 /13
1. Count the number of left-most matching bits, /13
2. Add all zeros after the last matching bit:
172.24.0.0 = 10101100 00011000 00000000 00000000
Steps:
17 17 17
CIDR (Classless Inter-Domain Routing)
• By using a prefix address to summarizes routes, administrators can keep routing table entries manageable, which means the following
More efficient routing
A reduced number of CPU cycles when recalculating a routing table, or when sorting through the routing table entries to find a match
Reduced router memory requirements
• Route summarization is also known as:
Route aggregation
Supernetting
• Supernetting is essentially the inverse of subnetting.
• CIDR moves the responsibility of allocation addresses away from a centralized authority (InterNIC).
• Instead, ISPs can be assigned blocks of address space, which they can then parcel out to customers.
ISP/NAP Hierarchy - “The Internet: Still hierarchical after all
these years.” Jeff Doyle (Tries to be anyways!)
19 19 19
• Company XYZ needs to address 400 hosts.
• Its ISP gives them two contiguous Class C addresses:
207.21.54.0/24
207.21.55.0/24
• Company XYZ can use a prefix of 207.21.54.0 /23 to supernet these two contiguous networks. (Yielding 510 hosts)
• 207.21.54.0 /23
207.21.54.0/24
207.21.55.0/24
23 bits in common
Supernetting Example
20 20 20
• With the ISP acting as the addressing authority for a CIDR block of addresses, the ISP’s customer networks, which include XYZ, can be advertised among Internet routers as a single supernet.
• Limitation of using only a single subnet mask across a given network-prefix (network address, the number of bits in the mask) was that an organization is locked into a fixed-number of of fixed-sized subnets.
• 1987, RFC 1009 specified how a subnetted network could use more than one subnet mask.
• VLSM = Subnetting a Subnet
“If you know how to subnet, you can do VLSM!”
28 28 28
VLSM – Simple Example
• Subnetting a /8 subnet using a /16 mask gives us 256 subnets with 65,536 hosts per subnet.
• Let’s take the 10.2.0.0/16 subnet and subnet it further…
10.0.0.0/8
10.0.0.0/16
10 Host Host Host
10 Subnet Host Host
1st octet 2nd octet 3rd octet 4th octet
10.0.0.0/16 10 0 Host Host
10.1.0.0/16 10 1 Host Host
10.2.0.0/16 10 2 Host Host
10.n.0.0/16 10 … Host Host
10.255.0.0/16 10 255 Host Host
29 29 29
VLSM – Simple Example
• Note: 10.2.0.0/16 is now a summary of all of the 10.2.0.0/24 subnets.
• Summarization coming soon!
10.2.0.0/16 10 2 Host Host
Network Subnet Host Host
10.2.0.0/24 10 2 Subnet Host
10.2.0.0/24 10 2 0 Host
10.2.1.0/24 10 2 1 Host
10.2.n.0/24 10 2 … Host
10.2.255.0/24 10 2 255 Host
30 30 30
VLSM – Simple Example
10.0.0.0/8 “subnetted using /16” Subnet 1st host Last host Broadcast 10.0.0.0/16 10.0.0.1 10.0.255.254 10.0.255.255 10.1.0.0/16 10.1.0.1 10.1.255.254 10.1.255.255 10.2.0.0/16 “sub-subnetted using /24”
• This network has seven /27 subnets with 30 hosts each AND seven /30 subnets with 2 hosts each (one left over).
• /30 subnets with 2 hosts per subnet do not waste host addresses on serial networks .
35 35 35
VLSM and the Routing Table
Routing Table without VLSM
RouterX#show ip route
207.21.24.0/27 is subnetted, 4 subnets
C 207.21.24.192 is directly connected, Serial0
C 207.21.24.196 is directly connected, Serial1
C 207.21.24.200 is directly connected, Serial2
C 207.21.24.204 is directly connected, FastEthernet0
Routing Table with VLSM
RouterX#show ip route
207.21.24.0/24 is variably subnetted, 4 subnets, 2 masks
C 207.21.24.192 /30 is directly connected, Serial0
C 207.21.24.196 /30 is directly connected, Serial1
C 207.21.24.200 /30 is directly connected, Serial2
C 207.21.24.96 /27 is directly connected, FastEthernet0
• Parent Route shows classful mask instead of subnet mask of the child routes.
• Each Child Routes includes its subnet mask.
Displays one subnet mask for all child routes. Classful mask is assumed for the parent route.
Each child routes displays its own subnet mask. Classful mask is included for the
parent route.
36 36 36
Final Notes on VLSM
• Whenever possible it is best to group contiguous routes together so they can be summarized (aggregated) by upstream routers. (coming soon!)
Even if not all of the contiguous routes are together, routing tables use the longest-bit match which allows the router to choose the more specific route over a summarized route.
Coming soon!
• You can keep on sub-subnetting as many times and as “deep” as you want to go.
• You can have various sizes of subnets with VLSM.
37 37 37
Route flapping
• Route flapping occurs when a router interface alternates rapidly between the up and down states.
• Route flapping, and it can cripple a router with excessive updates and recalculations.
• However, the summarization configuration prevents the RTC route flapping from affecting any other routers.
• The loss of one network does not invalidate the route to the supernet.
• While RTC may be kept busy dealing with its own route flap, RTZ, and all upstream routers, are unaware of any downstream problem.
• Summarization effectively insulates the other routers from the problem of route flapping.
If addressing any of the following, these private addresses can be used instead of globally unique addresses:
• A non-public intranet
• A test lab
• A home network
Global addresses must be obtained from a provider or a registry at some expense.
40 40 40
Discontiguous subnets
• “Mixing private addresses with globally unique addresses can create discontiguous subnets.” – Not the main cause however…
• Discontiguous subnets, are subnets from the same major network that are separated by a completely different major network or subnet.
• Question: If a classful routing protocol like RIPv1 or IGRP is being used, what do the routing updates look like between Site A router and Site B router?
41 41 41
Discontiguous subnets
• Classful routing protocols, notably RIPv1 and IGRP, can’t support discontiguous subnets, because the subnet mask is not included in routing updates.
• RIPv1 and IGRP automatically summarize on classful boundaries.
• Site A and Site B are all sending each other the classful address of 207.21.24.0/24.
• A classless routing protocol (RIPv2, EIGRP, OSPF) would be needed:
to not summarize the classful network address and
to include the subnet mask in the routing updates.
42 42 42
Discontiguous subnets
• RIPv2 and EIGRP automatically summarize on classful boundaries.
• When using RIPv2 and EIGRP, to disable automatic summarization (on both routers):
• NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header.
• In practice, NAT is used to allow hosts that are privately addressed to access the Internet.
45 45 45
Network Address Translation (NAT)
• NAT translations can occur dynamically or statically.
• The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same global address.
• This is sometimes called a many-to-one NAT.
• With PAT, or address overloading, literally hundreds of privately addressed nodes can access the Internet using only one global address.
• The NAT router keeps track of the different conversations by mapping TCP and UDP port numbers.
2.2.2.2 TCP Source Port 1923
2.2.2.2 TCP Source Port 1924
TCP Source Port 1026
TCP Source Port 1026
46 46 46
Using IP unnumbered
There are certain drawbacks that come with using IP unnumbered:
• The use of ping cannot determine whether the interface is up because the interface has no IP address.
• A network IOS image cannot boot over an unnumbered serial interface.
• IP security options cannot be supported on an unnumbered interface.
47 47 47
DHCP
• DHCP overview
• DHCP operation
• Configuring IOS DHCP server
• Easy IP
48 48 48
DHCP overview
• Administrators set up DHCP servers to assign addresses from predefined pools. DHCP servers can also offer other information:
DNS server addresses
WINS server addresses
Domain names
• Most DHCP servers also allow the ability to define specifically what client MAC addresses can be serviced and to automatically assign the same number to a particular host each time.
• Note: BootP was originally defined in RFC 951 in 1985. It is the predecessor of DHCP, and it shares some operational characteristics. Both protocols use UDP ports 67 and 68, which are well known as BootP ports because BootP came before DHCP.
49 49 49
DHCP operation
• The client sends a DHCPREQUEST broadcast to all nodes.
• If the client finds the offer agreeable, it will send another broadcast.
• This broadcast is a DHCPREQUEST, specifically requesting those particular IP parameters.
• Why does the client broadcast the request instead of unicasting it to the server?
• A broadcast is used because the very first message, the DHCPDISCOVER, may have reached more than one DHCP server.
• After all, it was a broadcast. If more than one server makes an offer, the broadcasted DHCPREQUEST lets the servers know which offer was accepted, which is usually the first offer received.
50 50 50
Configuring IOS DHCP server
• Note: The network statement enables DHCP on any router interfaces belonging to that network.
Basic
More
options…
51 51 51
Configuring IOS DHCP server (1 of 2)
52 52 52
Configuring IOS DHCP server (2 of 2)
53 53 53
Easy IP
54 54 54
Using helper addresses
55 55 55
Configuring IP helper addresses
By default, the ip helper-address command forwards the eight UDPs services.
56 56 56
Configuring IP helper addresses
To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands:
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.9
Broadcast Unicast
57 57 57
Configuring IP helper addresses
Helper address configuration that relays broadcasts to all servers on the segment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.255
But will RTA forward the broadcast?
Broadcast Unicast
58 58 58
Directed Broadcast
• Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses.
• However, the output shows that for this interface, directed broadcast forwarding is disabled.
• This means that the router will not convert the logical broadcast 172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF.
• To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will need to be configured to forward directed broadcasts with the following command:
RTA(config)#interface e3
RTA(config-if)#ip directed-broadcast
59 59 59
Configuring IP helper addresses
Helper address configuration that relays broadcasts to all servers on the segment.
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.255
RTA(config)#interface e3
RTA(config-if)#ip directed-broadcast
L3 Broadcast L2 Broadcast
60 60 60
IP address issues solutions
This module has shown that IPv4 addressing faces two major issues:
• The depletion of addresses, particularly the key medium-sized space
• The pervasive growth of Internet routing tables
In 1994, the Internet Engineering Task Force (IETF) proposed IPv6 in RFC 1752 and a number of working groups were formed in response. IPv6 covers issues such as the following:
• Address depletion
• Quality of service
• Address autoconfiguration
• Authentication
• Security
It will not be easy for organizations deeply invested in the IPv4 scheme to migrate to a totally new architecture. As long as IPv4, with its recent extensions and CIDR enabled hierarchy, remains viable, administrators will shy away from adopting IPv6. A new IP protocol requires new software, new hardware, and new methods of administration. It is likely that IPv4 and IPv6 will coexist, even within an autonomous system, for years to come.
61 61 61
IPv6
Three general types of addresses exist:
• Unicast – An identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address.
• Anycast – An identifier for a set of interfaces that typically belong to different nodes. A packet sent to an anycast address is delivered to the nearest, or first, interface in the anycast group.
• Multicast – An identifier for a set of interfaces that typically belong to different nodes. A packet sent to a multicast address is delivered to all interfaces in the multicast group.
62 62 62
IPv6
• To write 128-bit addresses so that they are readable to human eyes, the IPv6 architects abandoned dotted decimal notation in favor of a hexadecimal format.
• Therefore, IPv6 is written as 32 hex digits, with colons separating the values of the eight 16-bit pieces of the address.
63 63 63
IPv6
• IP v6, or IPng (IP – the Next Generation) uses a 128-bit address space, yielding
