63
Version 4.1 Network Addressing Network Addressing Structure Structure CCNA Discovery2: Chapter 4 CCNA Discovery2: Chapter 4
| Date post: | 25-Dec-2015 |
| Category: |
Documents |
| Upload: | douglas-palmer |
| View: | 225 times |
| Download: | 1 times |
Version 4.1
Network Addressing Network Addressing StructureStructure
CCNA Discovery2: Chapter 4CCNA Discovery2: Chapter 4
ContentsContents4.1: IP Addressing & Subnetting Review: IP Addressing & Subnetting Review4.2: VLSM & CIDR: VLSM & CIDR4.3: NAT and PAT: NAT and PAT
IP AddressesIP Addresses IP addresses identify hosts and network devicesIP addresses identify hosts and network devices To send and receive messages on an IP network, To send and receive messages on an IP network,
every host must be assigned a unique 32-bit IP every host must be assigned a unique 32-bit IP addressaddress
IP address are displayed in dotted-decimal IP address are displayed in dotted-decimal notationnotation 192.168.1.1192.168.1.1
Each of the 4 octets represents 8 bitsEach of the 4 octets represents 8 bits IP addresses are hierarchicalIP addresses are hierarchical
The The network portionnetwork portion identifies the network that identifies the network that a host belongs to a host belongs to
The The host portionhost portion identifies an individual host on identifies an individual host on a networka network
Network AddressesNetwork Addresses
The The network portion network portion of the address, is used to of the address, is used to represent the entire network represent the entire network It represents a group of IP addresses that can be It represents a group of IP addresses that can be
used on that networkused on that network The The network address network address consists of the network consists of the network
field plus field plus all 0’sall 0’s in the host portion of the in the host portion of the addressaddress 192.168.18.00000000192.168.18.00000000 192.168.18.0192.168.18.0
The Network address is The Network address is not a usable host not a usable host IP IP addressaddress
Network addresses are Network addresses are only used by routers only used by routers to to decide how to get packets to their destinationdecide how to get packets to their destination
Host vs. Network PortionHost vs. Network Portion
Network Number
Host Number
Broadcast AddressBroadcast Address
A Broadcast Address is the address used to A Broadcast Address is the address used to send messages to every host on the same send messages to every host on the same networknetwork
A A Broadcast AddressBroadcast Address consists of the consists of the Network address, plus all Network address, plus all 1’s in the host 1’s in the host fieldfield
The Broadcast address is NOT a USABLE The Broadcast address is NOT a USABLE host address and can not be assigned to a host address and can not be assigned to a hosthost
Broadcast AddressesBroadcast Addresses
Network AddressNetwork Address Broadcast Broadcast AddressAddress 120.0.0.0120.0.0.0 120.255.255.255120.255.255.255 170.50.0.0. 170.50.0.0. 170.5.255.255170.5.255.255 192.168.10 192.168.10 192.168.10.255192.168.10.255
Usable Host AddressesUsable Host Addresses
As we just saw, the Network address and the As we just saw, the Network address and the Broadcast address are NOT usable host Broadcast address are NOT usable host addressesaddresses
A A usable host IP address usable host IP address is an IP address that: is an IP address that: Is not a Network Address (all 0’s in host field)Is not a Network Address (all 0’s in host field) Is not a Broadcast Address (all 1’s in host field)Is not a Broadcast Address (all 1’s in host field) Is not a reserved Address (127 addresses)Is not a reserved Address (127 addresses) Is a Class A, B or C addressIs a Class A, B or C address
Only a usable host IP address can be assigned Only a usable host IP address can be assigned to a host deviceto a host device
Determining Usable Host Determining Usable Host AddressesAddresses
NetworkNetwork Usable Hosts Usable HostsBroadcastBroadcast
10.0.0.010.0.0.0 10.0.0.1 – 10.255.255.254 10.0.0.1 – 10.255.255.25410.255.255.25510.255.255.255
172.16.0.0172.16.0.0 172.16.0.1-172.16.255.254 172.16.0.1-172.16.255.254172.16.255.255172.16.255.255
192.168.1.0192.168.1.0 192.168.1.1-192.168.1.1254 192.168.1.1-192.168.1.1254192.168.1.255192.168.1.255
Available Host AddressesAvailable Host Addresses The number of available host addresses on a network The number of available host addresses on a network
can be can be calculated with the formula: calculated with the formula: 2 ^ 2 ^ host bits host bits – 2– 2
Network typeNetwork type Available Hosts Available Hosts 255.0.0.0 255.0.0.0 2 ^ 24 -2 = 2 ^ 24 -2 = 16, 277, 214 16, 277, 214 255.255.0.0 255.255.0.0 2 ^ 16- 2 =2 ^ 16- 2 = 65, 534 65, 534 255.255.255.0 255.255.255.0 2 ^ 8 – 2 =2 ^ 8 – 2 = 254 254
The reason we always subtract 2 from the total host The reason we always subtract 2 from the total host addresses to determine the available host addresses, addresses to determine the available host addresses, is because the network address and broadcast address is because the network address and broadcast address are NOT usable host addressare NOT usable host address
Therefore, every network has 2 addresses that can not Therefore, every network has 2 addresses that can not be assigned to hosts, the very 1be assigned to hosts, the very 1stst address (all 0’s in the address (all 0’s in the host portion) and the very last address (all 1’s in the host portion) and the very last address (all 1’s in the host portion)host portion)
IP Address ClassesIP Address Classes
To create more possible network designations, the To create more possible network designations, the 32-bit address space was organized into five 32-bit address space was organized into five classesclasses. . Class A, B, and CClass A, B, and C:: Commercial networks Commercial networks Class D and EClass D and E: multicast and experimental: multicast and experimental
The class of a network is indicated by the The class of a network is indicated by the values of the first few bits of the IP address, values of the first few bits of the IP address, called the called the high-order bits.high-order bits.
IP Address ClassesIP Address Classes Early Networks were only identified with an 8 bit network Early Networks were only identified with an 8 bit network
addressaddress To create more possible network designations, the 32-bit To create more possible network designations, the 32-bit
address space was organized into five classesaddress space was organized into five classes. . Class A, B, and CClass A, B, and C:: Commercial networks Commercial networks Class D and EClass D and E: multicast and experimental: multicast and experimental
Routers needed to be programmed to look beyond Routers needed to be programmed to look beyond the first 8 bits to identify class B and C networks.the first 8 bits to identify class B and C networks.
Networks were divided in a way that makes it easy Networks were divided in a way that makes it easy for routers and hosts to determine the correct for routers and hosts to determine the correct number of network ID bitsnumber of network ID bits
The class of a network is indicated by the values of The class of a network is indicated by the values of the first few bits of the IP address, called the the first few bits of the IP address, called the high-high-order bits.order bits.
Commercial IP Address ClassesCommercial IP Address Classes Class CClass C addresses are usually assigned to small addresses are usually assigned to small
networksnetworks Use 3 octets for the network and 1 for the hosts Use 3 octets for the network and 1 for the hosts N.N.N.HN.N.N.H The The default subnet mask default subnet mask is 24 bits: 255.255.255.0is 24 bits: 255.255.255.0 2, 097, 150 (2 ^ 2, 097, 150 (2 ^ 2121 – 2) possible networks – 2) possible networks 254 (2 ^ 254 (2 ^ 88 – 2) available host addresses per network – 2) available host addresses per network
Class BClass B addresses are typically used for medium-sized addresses are typically used for medium-sized networksnetworks Use 2 octets for the network and 2 for the hosts Use 2 octets for the network and 2 for the hosts N.N.H.HN.N.H.H The The default subnet mdefault subnet mask is 16 bits: 255.255.0.0ask is 16 bits: 255.255.0.0 16, 382 (2 ^ 16, 382 (2 ^ 1414 – 2) possible networks – 2) possible networks 65, 534 (2 ^ 65, 534 (2 ^ 1616 – 2) available host addresses per network – 2) available host addresses per network
Class AClass A addresses are typically assigned to large addresses are typically assigned to large organizations.organizations. Use 1 octet for the network and 3 for the hosts Use 1 octet for the network and 3 for the hosts N.H.H.HN.H.H.H The The default subnet mask default subnet mask is 8 bits: 255.0.0.0is 8 bits: 255.0.0.0 126 (2 ^ 126 (2 ^ 77 – 2) possible networks – 2) possible networks 16, 777, 214 (2 ^ 16, 777, 214 (2 ^ 2424 – 2) available host addresses per network – 2) available host addresses per network
Class AClass A
The first bit is always 0The first bit is always 0 Addresses start with 0 to 126Addresses start with 0 to 126
Class BClass B
First two bits are always 1 and 0First two bits are always 1 and 0 Addresses start with 128 to 191Addresses start with 128 to 191
Class CClass C
First three bits are always 1, 1 and 0First three bits are always 1, 1 and 0 Addresses start with 192 to 223Addresses start with 192 to 223
Class DClass D
Class EClass E
1 to 126
Private IP AddressesPrivate IP Addresses
Reserved address space for private networksReserved address space for private networks Private IPs are not routable on the InternetPrivate IPs are not routable on the Internet Many networking devices give out private IPs Many networking devices give out private IPs
through DHCPthrough DHCP
The Loopback AddressThe Loopback Address
There are also private addresses that There are also private addresses that can be used for the diagnostic testing of can be used for the diagnostic testing of devices.devices.
This type of private address is known as This type of private address is known as a loopback address. a loopback address.
The class A, 127.0.0.0 network address, The class A, 127.0.0.0 network address, is reserved for loopback testing. is reserved for loopback testing.
The The loopback IP addressloopback IP address, , 127.0.0.1127.0.0.1 is is used to test a NIC card to verify that it is used to test a NIC card to verify that it is sending and receiving signals. sending and receiving signals.
Subnet MasksSubnet Masks A A subnet masksubnet mask is a 32 bit address which tells is a 32 bit address which tells
devices which part of the IP address is network devices which part of the IP address is network and which part is host and which part is host Let routers & hosts figure out which network or Let routers & hosts figure out which network or
subnet an IP address belongs tosubnet an IP address belongs to
Subnet Masks contain:Subnet Masks contain: all all 1’s 1’s in the in the network fieldnetwork field all all 0’s0’s in the in the host fieldhost field
Example Subnet Masks:Example Subnet Masks: 255.255.255.0255.255.255.0 255.255.0.0255.255.0.0 255.255.255.128255.255.255.128 255.254.0.0255.254.0.0
Subnet Mask FormatsSubnet Mask Formats
Subnet Masks can be written in 2 different Subnet Masks can be written in 2 different formats:formats:
1.1. Dotted Decimal formatDotted Decimal format 192.168.1.1 255.255.255.0192.168.1.1 255.255.255.0
2.2. Bit-Mask FormatBit-Mask Format 192.168.1.1 /24192.168.1.1 /24
This indicates that there are 24 bits ( 24 1’s) in the This indicates that there are 24 bits ( 24 1’s) in the network and subnetwork portion of the address network and subnetwork portion of the address (255.255.255.0)(255.255.255.0)
4.2: Types of Subnetting4.2: Types of Subnetting
The Need for SubnettingThe Need for Subnetting
Networks continued to grow and connect to Networks continued to grow and connect to the Internet throughout the 80s and 90s, the Internet throughout the 80s and 90s, with many organizations adding hundreds, with many organizations adding hundreds, and thousands of hosts to their network. and thousands of hosts to their network.
This created This created 3 needs or problems3 needs or problems: : The need to create separate LANS within a The need to create separate LANS within a
company for security or management purposes. company for security or management purposes. Increased hosts increased the broadcast traffic Increased hosts increased the broadcast traffic
which decreased network performancewhich decreased network performance There are a limited number of Class B and C There are a limited number of Class B and C
addresses availableaddresses available
Example ScenarioExample Scenario
An ISP customer has outgrown its initial network An ISP customer has outgrown its initial network installation - the original integrated wireless router installation - the original integrated wireless router is overloaded with traffic from both wired and is overloaded with traffic from both wired and wireless userswireless users
They have a Class C network addressThey have a Class C network address Solution: Solution:
Add a 2nd networking device (larger integrated service Add a 2nd networking device (larger integrated service router)router)
When adding a device, it is a good practice to place the When adding a device, it is a good practice to place the wired and wireless users on separate local subnetworks wired and wireless users on separate local subnetworks to increase securityto increase security
The new network configuration requires that the The new network configuration requires that the existing Class C network be divided into at least three existing Class C network be divided into at least three subnetworkssubnetworks
Example ScenarioExample Scenario
Subnet 1Subnet 1
Subnet 3Subnet 3
Subnet 2Subnet 2
Subnets DefinedSubnets Defined
RFC 917RFC 917 defines Internet Subnets defines Internet Subnets The The Subnet maskSubnet mask is the method routers use to is the method routers use to
isolate the network portion from an IP address. isolate the network portion from an IP address.
Routers read subnet masks left to right, bit Routers read subnet masks left to right, bit for bitfor bit Bits set to 1 are read as part of the network IDBits set to 1 are read as part of the network ID Bits set to 0 are read as part of the host IDBits set to 0 are read as part of the host ID
Altering the Address HierarchyAltering the Address Hierarchy
In the original IP address hierarchy, there In the original IP address hierarchy, there are 2 levels: are 2 levels: Network field (network bits)Network field (network bits) Host field (host bits)Host field (host bits)
Subdividing a classful network adds a new Subdividing a classful network adds a new level to the network hierarchylevel to the network hierarchy
It creates It creates 3 levels of Hierarchy3 levels of Hierarchy in a IP in a IP Address:Address: Network (network bits)Network (network bits) Subnetwork (subnet bits)Subnetwork (subnet bits) Host (host bits)Host (host bits)
Classful SubnettingClassful Subnetting
Traditional Traditional classful subnettingclassful subnetting has these has these characteristics:characteristics:1.1. Uses a Uses a fixed numberfixed number of of subnets subnets 2.2. Has a Has a fixed numberfixed number of of hostshosts per subnet per subnet 3.3. All subnets All subnets must be the same sizemust be the same size4.4. Each subnet must use the Each subnet must use the same subnet masksame subnet mask
Also known as Also known as fixed-length subnettingfixed-length subnetting All subnets must be the same size, which means All subnets must be the same size, which means
that the maximum number of hosts that each that the maximum number of hosts that each subnet can support is the same for all subnets subnet can support is the same for all subnets createdcreated The more bits that are taken for the subnet ID, the The more bits that are taken for the subnet ID, the
fewer bits left for host IDsfewer bits left for host IDs
Limits of Classful SubnettingLimits of Classful Subnetting
The original classful subnetting method required The original classful subnetting method required that all subnets of a single classed network be the that all subnets of a single classed network be the same size. same size.
This was because This was because routers did not include subnet routers did not include subnet mask informationmask information in their routing updates in their routing updates
A router programmed with 1 subnet address and A router programmed with 1 subnet address and mask on an interface automatically applied that mask on an interface automatically applied that same mask to the other network subnets in its same mask to the other network subnets in its routing table. routing table.
This limitation required the use of fixed-length This limitation required the use of fixed-length subnets and subnet maskssubnets and subnet masks
This technique This technique wasteswastes a significant number of IP a significant number of IP addresses. addresses.
Example: Classful SubnettingExample: Classful Subnetting
Subnet 1: 30 hostsSubnet 1: 30 hosts
192.168.1.32 /27192.168.1.32 /27
Subnet 3: 2 hostsSubnet 3: 2 hosts
172.16.1.96 /27172.16.1.96 /27
Subnet 2: 10 hostsSubnet 2: 10 hosts
172.16.1.64 /27172.16.1.64 /27
Network: 192.168.1.0 /24Network: 192.168.1.0 /24
Example: Classful SubnettingExample: Classful Subnetting
Original Network address: 192.168.1.0 /24Original Network address: 192.168.1.0 /24 Subnet 1 needs 30 hosts so subnets will have to Subnet 1 needs 30 hosts so subnets will have to
be created that support at least 30 hostsbe created that support at least 30 hosts 3 bits are borrowed = 255.255.255.224 mask3 bits are borrowed = 255.255.255.224 mask 5 host bits are left unborrowed5 host bits are left unborrowed This provides 30 addresses per subnetThis provides 30 addresses per subnet Subnet Addresses are:Subnet Addresses are:
192.168.1.32192.168.1.32 192.168.1.64192.168.1.64 192.168.1.96192.168.1.96
This wastes many addresses in Subnet 2 and 3This wastes many addresses in Subnet 2 and 3
VLSMVLSM
Variable length subnet masking (VLSM) helps Variable length subnet masking (VLSM) helps solve the limits of classful subnetttingsolve the limits of classful subnettting
VLSMVLSM allows an address space to be divided into allows an address space to be divided into subnets of various sizessubnets of various sizes This is done by This is done by subnetting subnetssubnetting subnets
Characteristics of VLSMCharacteristics of VLSM Each subnet can be a Each subnet can be a different sizedifferent size Each subnet can be designed to support the Each subnet can be designed to support the
number of hosts number of hosts neededneeded Each subnet can have a Each subnet can have a different subnet maskdifferent subnet mask
How does it workHow does it work
In order for VLSM to work, Routers must be In order for VLSM to work, Routers must be aware of how the network was subnetted.aware of how the network was subnetted.
With classful subnetting, we know that the With classful subnetting, we know that the Subnet Mask information was not shared Subnet Mask information was not shared with other routerswith other routers
With VLSM, routers must share With VLSM, routers must share subnet mask subnet mask information, information, so routers will know how many so routers will know how many bits have been used for the network portion bits have been used for the network portion of each subnet addressof each subnet address
VLSM VLSM saves thousands of IP addresses saves thousands of IP addresses that that would be wasted with traditional classfull would be wasted with traditional classfull subnettingsubnetting
Example: VLSMExample: VLSM
Subnet 1: 30 hostsSubnet 1: 30 hosts
192.168.1.32 /27192.168.1.32 /27
Subnet 3: 2 hostsSubnet 3: 2 hosts
192.168.1.80 /30192.168.1.80 /30
Subnet 2: 10 hostsSubnet 2: 10 hosts
192.168.1.64 /28192.168.1.64 /28
Network: 192.168.1.0 /24Network: 192.168.1.0 /24
Example: VLSMExample: VLSM Original Network Address: Original Network Address: 192.168.1.0 /24192.168.1.0 /24 Subnet 1Subnet 1 needs 30 hosts: needs 30 hosts:
Need 30 hosts, so 5 bits must be left in the host portionNeed 30 hosts, so 5 bits must be left in the host portion Borrow 3 bits = 255.255.255.224 maskBorrow 3 bits = 255.255.255.224 mask Subnet Address: Subnet Address: 192.168.1.32 /27192.168.1.32 /27 This provides 30 addresses per subnetThis provides 30 addresses per subnet
Subnet 2Subnet 2 needs 10 hosts needs 10 hosts Take the next available Subnet : Take the next available Subnet : 192.168.1.64192.168.1.64 Need 10 hosts, so 4 host bits must be left overNeed 10 hosts, so 4 host bits must be left over Borrow 4 bitsBorrow 4 bits Subnet mask = 255.255.255.240Subnet mask = 255.255.255.240 Subnet Address: Subnet Address: 192.168.1.64 /28192.168.1.64 /28
Subnet 3Subnet 3 needs 2 hosts needs 2 hosts Take the next available subnet: Take the next available subnet: 192.168.1.80192.168.1.80 Need 2 hosts, so 2 host bits must be left overNeed 2 hosts, so 2 host bits must be left over Borrow 6 bitsBorrow 6 bits Subnet mask = 255.255.255.252Subnet mask = 255.255.255.252 Subnet Address: Subnet Address: 192.168.1.80 /30192.168.1.80 /30
CIDRCIDR CIDRCIDR = Classless Inter-Domain Routing = Classless Inter-Domain Routing CIDR is a type of network addressing that ignores CIDR is a type of network addressing that ignores
the traditional network classes (Class A, B and C)the traditional network classes (Class A, B and C) CIDR Assigns Blocks of AddressesCIDR Assigns Blocks of Addresses, based on the , based on the
number of hosts needednumber of hosts needed Can be though of as assigning a Subnet of a Class A or Can be though of as assigning a Subnet of a Class A or
Class B address to a company as a block of AddressesClass B address to a company as a block of Addresses It identifies networks based solely on the It identifies networks based solely on the number number
of bits in the network prefixof bits in the network prefix Example: Example: 172.16.64.0 / 18172.16.64.0 / 18
/18 bits in the network portion of the address/18 bits in the network portion of the address This block contains the Addresses: 172.16.64.1 to This block contains the Addresses: 172.16.64.1 to
172.16.127.255172.16.127.255
CIDRCIDR CIDR protocols freed routers from using only the high-CIDR protocols freed routers from using only the high-
order bits to determine the network prefixorder bits to determine the network prefix registered IP addresses do NOT need to be assigned by classregistered IP addresses do NOT need to be assigned by class
Before CIDR, an ISP requiring 3,000 host addresses could Before CIDR, an ISP requiring 3,000 host addresses could request either a full Class B address space or multiple request either a full Class B address space or multiple Class C network addresses to meet its requirements. Class C network addresses to meet its requirements. With a Class B address space, the ISP would waste thousands of With a Class B address space, the ISP would waste thousands of
registered addresses.registered addresses. With multiple Class C addresses, it could be difficult to design the With multiple Class C addresses, it could be difficult to design the
ISP network so that no single section required more than 254 host ISP network so that no single section required more than 254 host addresses. addresses.
By ignoring the traditional address classes, CIDR enables By ignoring the traditional address classes, CIDR enables ISPs to ISPs to request a block of addresses based on the number request a block of addresses based on the number of host addresses it requiresof host addresses it requires. .
CIDR is defined in CIDR is defined in RFC 1519RFC 1519
SupernetsSupernets
Supernets Supernets are created by are created by combining a group of combining a group of Class C addresses into one large blockClass C addresses into one large block
This enables addresses to be assigned more This enables addresses to be assigned more efficientlyefficiently
Example: 192.168.0.0/19Example: 192.168.0.0/19 19 bits are used for the network prefix 19 bits are used for the network prefix This block contains the addresses 192.168.32.1 to This block contains the addresses 192.168.32.1 to
192.168.63.255192.168.63.255 This allows 8,190 possible host addresses (2This allows 8,190 possible host addresses (21313))
An ISP can use the supernet as one large network An ISP can use the supernet as one large network or divide it into as many smaller networks as or divide it into as many smaller networks as needed to meet its requirements.needed to meet its requirements.
Why learn classed addressing?Why learn classed addressing?
Although classed addressing and fixed-Although classed addressing and fixed-length subnet masking are becoming less length subnet masking are becoming less common, it is important to understand how common, it is important to understand how these addressing methods work. these addressing methods work.
Many networking devices still use the Many networking devices still use the default subnet mask if no custom subnet default subnet mask if no custom subnet mask is specified.mask is specified.
Router Interface AddressingRouter Interface Addressing Each subnet is a separate network and a Router is Each subnet is a separate network and a Router is
needed to communicate between Subnetsneeded to communicate between Subnets Every Router InterfaceEvery Router Interface must have a valid host IP must have a valid host IP
AddressAddress: this includes both WAN and LAN interfaces: this includes both WAN and LAN interfaces WAN Interfaces:WAN Interfaces: when 2 routers are connected, when 2 routers are connected,
there must be a separate network, or there must be a separate network, or subnet subnet assigned to the connection between themassigned to the connection between them
The interfaces on both routers must be assigned host IP The interfaces on both routers must be assigned host IP addresses in that network or subnetaddresses in that network or subnet
LAN InterfacesLAN Interfaces: Each router interface connected to : Each router interface connected to a LAN must have an IP address in the same subnet a LAN must have an IP address in the same subnet as the LANas the LAN
Each router interface is the default gateway for its subnetEach router interface is the default gateway for its subnet
Usually, router interfaces are assigned either the Usually, router interfaces are assigned either the first first or or last last host address available in the subnet. This host address available in the subnet. This assures consistency. assures consistency.
Communicate between SubnetsCommunicate between Subnets
Subnet 1Subnet 1Subnet 2Subnet 2
Subnet 3Subnet 3
WAN InterfacesWAN Interfaces
LAN InterfacesLAN Interfaces
4.3: NAT4.3: NAT
Network Address TranslationNetwork Address Translation NAT allows a group of private users to NAT allows a group of private users to
access the Internet by sharing one or more access the Internet by sharing one or more public IP addressespublic IP addresses
NAT translates private IP addresses into 1 NAT translates private IP addresses into 1 or more public IP addresses for routing on or more public IP addresses for routing on the Internetthe Internet
NAT AdvantagesNAT Advantages
NAT has several NAT has several advantages:advantages:1.1. Saves registered IP addresses Saves registered IP addresses
IP addresses can be re-used and many hosts on a IP addresses can be re-used and many hosts on a single LAN can share globally unique IP addressessingle LAN can share globally unique IP addresses
2.2. Increased security byIncreased security by Withholds hosts actual IP host addresses from Withholds hosts actual IP host addresses from
direct Internet accessdirect Internet access
3.3. Transparent to end usersTransparent to end users
4.4. Adds Scalability to LANAdds Scalability to LAN
NAT DisadvantagesNAT Disadvantages
1.1. Incompatible with certain applicationsIncompatible with certain applications
2.2. Prevents legitimate remote access to Prevents legitimate remote access to networknetwork
3.3. Requires increased processing by router Requires increased processing by router which negatively affects network which negatively affects network performanceperformance
NAT AnalogyNAT Analogy
As a company adds employees, at some point, As a company adds employees, at some point, they no longer run a public phone line directly to they no longer run a public phone line directly to each employee desk. each employee desk.
Instead, they use a system that allows the Instead, they use a system that allows the company to assign each employee an extension company to assign each employee an extension number. number.
The company can do this because not all The company can do this because not all employees use the phone at the same time. employees use the phone at the same time.
Using private extension numbers enables the Using private extension numbers enables the company to purchase a smaller number of company to purchase a smaller number of external phone lines from the phone company.external phone lines from the phone company.
NAT at WorkNAT at Work
Inside local networkInside local network A network that is part of A network that is part of
the privately addressed the privately addressed LANLAN
Outside global networkOutside global network A network that is A network that is
external to the LAN and external to the LAN and does not recognize the does not recognize the private addresses private addresses assigned to hosts on assigned to hosts on the LANthe LAN
Inside vs. Outside NetworkInside vs. Outside Network
Inside & Outside AddressesInside & Outside Addresses Inside local address Inside local address
A Private IP address configured on a host on an inside A Private IP address configured on a host on an inside network network
Must be translated before it can travel outside the local Must be translated before it can travel outside the local network addressing structurenetwork addressing structure
Inside global addressInside global address The NAT translated IP address The NAT translated IP address The IP address of an inside host as it appears to the The IP address of an inside host as it appears to the
outside networkoutside network Outside local addressOutside local address
The Destination address of the packet while it is on the The Destination address of the packet while it is on the local networklocal network
Usually, this is the same as the outside global address.Usually, this is the same as the outside global address. Outside global addressOutside global address
The Public IP address of an external hostThe Public IP address of an external host
Inside & Outside AddressesInside & Outside Addresses
Inside Global Address = NAT Translated Public IP Address
Dynamic NATDynamic NAT Dynamic NATDynamic NAT dynamicallydynamically translates each translates each
inside local addresses to an inside global inside local addresses to an inside global address by using 1 public IP address, or a address by using 1 public IP address, or a pool of addressespool of addresses
Static NATStatic NAT
What if one or more of the hosts within a network What if one or more of the hosts within a network are running services that need to be accessed are running services that need to be accessed from the Internet?from the Internet?
Static NATStatic NAT translates a permanent registered translates a permanent registered global address to particular hostsglobal address to particular hosts Static NAT is used for Servers that need a consistent IP Static NAT is used for Servers that need a consistent IP
addressaddress Static translations ensure that an individual host private Static translations ensure that an individual host private
IP address is always translated to the same registered IP address is always translated to the same registered global IP addressglobal IP address
Static NAT allows hosts on the public network to access Static NAT allows hosts on the public network to access selected hosts on a private networkselected hosts on a private network
PATPAT PAT (PAT (Port Address Translation) translates Port Address Translation) translates
multiple inside local addresses to a multiple inside local addresses to a single global single global address address using Port numbersusing Port numbers
PAT is also called PAT is also called NAT overloadNAT overload PAT translates every inside local address to the PAT translates every inside local address to the
same inside global address, by using same inside global address, by using PORT PORT NUMBERSNUMBERS to represent the different private to represent the different private internal addressesinternal addresses When a source host sends a message to a destination When a source host sends a message to a destination
host, it uses an IP address and port number host, it uses an IP address and port number combination to keep track of each individual combination to keep track of each individual conversation with the destination hostconversation with the destination host
How PAT worksHow PAT works PAT translates the local source address and PAT translates the local source address and
port combination in an outgoing packet to a port combination in an outgoing packet to a single global IP address and a single global IP address and a unique port unique port numbernumber above 1024 above 1024 Each host is translated into the same global IP Each host is translated into the same global IP
address, but the port number associated with address, but the port number associated with the conversation is unique.the conversation is unique.
Responding traffic is addressed to the Responding traffic is addressed to the translated IP address and port number used translated IP address and port number used by the host. by the host.
A table in the router contains a list of the A table in the router contains a list of the inside Local addresses and port numbersinside Local addresses and port numbers
PATPAT
PAT SecurityPAT Security PAT conversations use a unique and combination of PAT conversations use a unique and combination of
the private IP address and port numberthe private IP address and port number Example:Example: 192.168.1.106: 7000 192.168.1.106: 7000 Uses Port numbers above 1024Uses Port numbers above 1024
PAT PAT Maximizes securityMaximizes security Each private IP address/port number translation is ONLY Each private IP address/port number translation is ONLY
created when a host on the inside network initiates created when a host on the inside network initiates communicationcommunication
The translation is only in place for the duration of the The translation is only in place for the duration of the connection, so a given user does not keep the same connection, so a given user does not keep the same global IP address and port number combination after the global IP address and port number combination after the conversation ends. conversation ends.
Users on the outside network cannot reliably Users on the outside network cannot reliably initiate initiate a connectiona connection to a host on a network that uses PAT. to a host on a network that uses PAT.
IP Nat issuesIP Nat issues
1.1. Requires additional network workload to Requires additional network workload to support IP addresses and port translationssupport IP addresses and port translations
Some applications embed an IP address as part of Some applications embed an IP address as part of the encapsulated datathe encapsulated data
The router must replace the source IP addresses The router must replace the source IP addresses and port in the data, and the source addresses in and port in the data, and the source addresses in the IP header. the IP header.
2.2. Requires careful network design and Requires careful network design and equipment selectionequipment selection
Routers must support PATRouters must support PAT
3.3. Requires accurate configurationRequires accurate configuration
IPv.6IPv.6 3 Solutions3 Solutions were developed to provide were developed to provide
to temporarily alleviate the problem of to temporarily alleviate the problem of IPv4 address depletion: IPv4 address depletion: 1.1. SubnettingSubnetting
2.2. Private IP addressingPrivate IP addressing
3.3. NAT / PATNAT / PAT
IPv6 IPv6 was proposed as a permanent was proposed as a permanent solution to the problem of IPv4 address solution to the problem of IPv4 address depletiondepletion Outlined in 1998 in RFC 2460Outlined in 1998 in RFC 2460 The transition to IPv6 is ongoingThe transition to IPv6 is ongoing
IPv6 IPv6 Uses a Uses a 128 bit128 bit Address Address Represented as Represented as 32 hexadecimal32 hexadecimal digits digits
separated by colons (separated by colons ( 8 groups of 48 groups of 4
Ex:Ex: 2001:0db8:3c55:0015:0000:0000:abcd:ff13 2001:0db8:3c55:0015:0000:0000:abcd:ff13 Uses a Uses a 3-part hierarchy3-part hierarchy: :
Global PrefixGlobal Prefix:: assigned to an organization by an assigned to an organization by an Internet names registryInternet names registry 12 Hex digits12 Hex digits
Subnet: Subnet: identifies the Subnetidentifies the Subnet 4 Hex digits4 Hex digits
Interface Identifier: Interface Identifier: identifies the hostidentifies the host 16 Hex digits16 Hex digits
IPv6 AddressIPv6 Address
IPv6IPv6 Improvements Improvements
IPv6 offers many improvement over IPv4: IPv6 offers many improvement over IPv4: 1.1. Allows for more address space Allows for more address space
2.2. Creates better space managementCreates better space management
3.3. Allows easier TCP/IP administrationAllows easier TCP/IP administration
4.4. Incorporates modern Routing capabilitiesIncorporates modern Routing capabilities
5.5. Provides support for advanced network Provides support for advanced network capabilitiescapabilities
SummarySummary Devices that want to communicate over a network need a unique IP Devices that want to communicate over a network need a unique IP
addressaddress IP addressing can be tailored to the needs of the network design IP addressing can be tailored to the needs of the network design
through the use of through the use of custom subnet masks.custom subnet masks. A network can be divided into A network can be divided into subnetssubnets to provide security and to provide security and
preserve addressespreserve addresses Subnets and custom subnet masks can be created by Subnets and custom subnet masks can be created by extending the extending the
number of bitsnumber of bits used for the network portion of the address used for the network portion of the address Communication between subnets requires a Communication between subnets requires a routerrouter Classful subnetting Classful subnetting uses the same subnet mask for each subnetuses the same subnet mask for each subnet Classless subnettingClassless subnetting gives classful IP addressing schemes more gives classful IP addressing schemes more
flexibility through the use of variable length subnet masks.flexibility through the use of variable length subnet masks. Network Address TranslationNetwork Address Translation (NAT) allows a group of private IP (NAT) allows a group of private IP
addresses to share a small pool of public IP addressesaddresses to share a small pool of public IP addresses Port Address TranslationPort Address Translation (PAT) translates multiple local addresses to (PAT) translates multiple local addresses to
a single global IP address, maximizing the use of both private and a single global IP address, maximizing the use of both private and public IP addresses.public IP addresses.
IPv6IPv6 offers improvements over IPv4 offers improvements over IPv4
