690 likes | 863 Views
Ch.2 – Advanced IP Address Management. CCNP 1 version 3.0 – Advanced Routing Rick Graziani Cabrillo College. Note to instructors. If you have downloaded this presentation from the Cisco Networking Academy Community FTP Center, this may not be my latest version of this PowerPoint.
E N D
Ch.2 – Advanced IP Address Management CCNP 1 version 3.0 – Advanced Routing Rick Graziani Cabrillo College
Note to instructors • If you have downloaded this presentation from the Cisco Networking Academy Community FTP Center, this may not be my latest version of this PowerPoint. • For the latest PowerPoints for all my CCNA, CCNP, and Wireless classes, please go to my web site: http://www.cabrillo.cc.ca.us/~rgraziani/ • The username is cisco and the password is perlman for all of my materials. • If you have any questions on any of my materials or the curriculum, please feel free to email me at graziani@cabrillo.edu (I really don’t mind helping.) Also, if you run across any typos or errors in my presentations, please let me know. • I will add “(Updated – date)” next to each presentation on my web site that has been updated since these have been uploaded to the FTP center. Thanks! Rick Rick Graziani graziani@cabrillo.edu
Objectives This module explores the evolution and extension of IPv4, including the key scalability features that engineers have added to it over the years: • Subnetting • Classless interdomain routing (CIDR) • Variable length subnet masking (VLSM) • Route summarization Finally, this module examines advanced IP implementation techniques such as the following: • IP unnumbered • Dynamic Host Configuration Protocol (DHCP) • Helper addresses Rick Graziani graziani@cabrillo.edu
A few notes… • The following slides are NOT from the online curriculum. • However, they do cover the same topics, just with different examples. Rick Graziani graziani@cabrillo.edu
IPv4 Address Classes Rick Graziani graziani@cabrillo.edu
IPv4 Address Classes • No medium size host networks • In the early days of the Internet, IP addresses were allocated to organizations based on request rather than actual need. Rick Graziani graziani@cabrillo.edu
IPv4 Address Classes Class D Addresses • A Class D address begins with binary 1110 in the first octet. • First octet range 224 to 239. • Class D address can be used to represent a group of hosts called a host group, or multicast group. Class E AddressesFirst octet of an IP address begins with 1111 • Class E addresses are reserved for experimental purposes and should not be used for addressing hosts or multicast groups. Rick Graziani graziani@cabrillo.edu
IP addressing crisis • Address Depletion • Internet Routing Table Explosion Rick Graziani graziani@cabrillo.edu
IPv4 Addressing Subnet Mask • One solution to the IP address shortage was thought to be the subnet mask. • Formalized in 1985 (RFC 950), the subnet mask breaks a single class A, B or C network in to smaller pieces. Rick Graziani graziani@cabrillo.edu
Network Network Subnet Host Subnet Example Using /24 subnet... 190.52.1.2 190.52.2.2 190.52.3.2 Given the Class B address 190.52.0.0 Class B Network Network Host Host Internet routers still “see” this net as 190.52.0.0 But internal routers think all these addresses are on different networks, called subnetworks Rick Graziani graziani@cabrillo.edu
Network Network Subnet Host Subnet Example Using the 3rd octet, 190.52.0.0 was divided into: 190.52.1.0 190.52.2.0 190.52.3.0 190.52.4.0 190.52.5.0 190.52.6.0 190.52.7.0 190.52.8.0 190.52.9.0 190.52.10.0 190.52.11.0 190.52.12.0 190.52.13.0 190.52.14.0 190.52.15.0 190.52.16.0 190.52.17.0 190.52.18.0 190.52.19.0 and so on ... Rick Graziani graziani@cabrillo.edu
All Zeros and All Ones Subnets Using the All Ones Subnet • There is no command to enable or disable the use of the all-ones subnet, it is enabled by default. Router(config)#ip subnet-zero • The use of the all-ones subnet has always been explicitly allowed and the use of subnet zero is explicitly allowed since Cisco IOS version 12.0. RFC 1878 states, "This practice (of excluding all-zeros and all-ones subnets) is obsolete! Modern software will be able to utilize all definable networks." Today, the use of subnet zero and the all-ones subnet is generally accepted and most vendors support their use, though, on certain networks, particularly the ones using legacy software, the use of subnet zero and the all-ones subnet can lead to problems. CCO: Subnet Zero and the All-Ones Subnethttp://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f18.shtml Rick Graziani graziani@cabrillo.edu
Need a Subnet Review? • If you need a Review of Subnets, please review the following links on my web site: • Subnet Review (PowerPoint) • Subnets Explained (Word Doc) Rick Graziani graziani@cabrillo.edu
Long Term Solution: IPv6 (coming) • IP v6, or IPng (IP – the Next Generation) uses a 128-bit address space, yielding 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses. • IPv6 has been slow to arrive • IPv4 revitalized by new features, making IPv6 a luxury, and not a desperately needed fix • IPv6 requires new software; IT staffs must be retrained • IPv6 will most likely coexist with IPv4 for years to come. • Some experts believe IPv4 will remain for more than 10 years. Rick Graziani graziani@cabrillo.edu
Short Term Solutions: IPv4 Enhancements • CIDR (Classless Inter-Domain Routing) – RFCs 1517, 1518, 1519, 1520 • VLSM (Variable Length Subnet Mask) – RFC 1009 • Private Addressing - RFC 1918 • NAT/PAT (Network Address Translation / Port Address Translation) – RFC Rick Graziani graziani@cabrillo.edu
CIDR (Classless Inter-Domain Routing) • By 1992, members of the IETF were having serious concerns about the exponential growth of the Internet and the scalability of Internet routing tables. • The IETF was also concerned with the eventual exhaustion of 32-bit IPv4 address space. • Projections were that this problem would reach its critical state by 1994 or 1995. • IETF’s response was the concept of Supernetting or CIDR, “cider”. • To CIDR-compliant routers, address class is meaningless. • The network portion of the address is determined by the network subnet mask, network-prefix or prefix-length (/8, /19, etc.) • The network address is NOT determined by the first octet (first two bits), 200.10.0.0/16 or 15.10.160.0/19 • CIDR helped reduced the Internet routing table explosion with supernetting and reallocation of IPv4 address space. Rick Graziani graziani@cabrillo.edu
Active BGP entries http://bgp.potaroo.net/ Report last updated at Thu, 16 Jan 2003 Rick Graziani graziani@cabrillo.edu
CIDR (Classless Inter-Domain Routing) • First deployed in 1994, CIDR dramatically improves IPv4’s scalability and efficiency by providing the following: • Eliminates traditional Class A, B, C addresses allowing for more efficient allocation of IPv4 address space. • Supporting route aggregation (summarization), also known as supernetting, where thousands of routes could be represented by a single route in the routing table. • Route aggregation also helps prevent route flapping on Internet routers using BGP. Flapping routes can be a serious concern with Internet core routers. • CIDR allows routers to aggregate, or summarize, routing information and thus shrink the size of their routing tables. • Just one address and mask combination can represent the routes to multiple networks. • Used by IGP routers within an AS and EGP routers between AS. Rick Graziani graziani@cabrillo.edu
Without CIDR, a router must maintain individual routing table entries for these class B networks. With CIDR, a router can summarize these routes into eight networks by using a 13-bit prefix: 172.24.0.0 /13 Steps: 1. Count the number of left-most matching bits, /13 2. Add all zeros after the last matching bit: 172.24.0.0 = 10101100 00011000 00000000 00000000 Rick Graziani graziani@cabrillo.edu
CIDR (Classless Inter-Domain Routing) • By using a prefix address to summarizes routes, administrators can keep routing table entries manageable, which means the following • More efficient routing • A reduced number of CPU cycles when recalculating a routing table, or when sorting through the routing table entries to find a match • Reduced router memory requirements • Route summarization is also known as: • Route aggregation • Supernetting • Supernetting is essentially the inverse of subnetting. • CIDR moves the responsibility of allocation addresses away from a centralized authority (InterNIC). • Instead, ISPs can be assigned blocks of address space, which they can then parcel out to customers. Rick Graziani graziani@cabrillo.edu
ISP/NAP Hierarchy - “The Internet: Still hierarchical after all these years.” Jeff Doyle (Tries to be anyways!) Rick Graziani graziani@cabrillo.edu
Supernetting Example • Company XYZ needs to address 400 hosts. • Its ISP gives them two contiguous Class C addresses: • 207.21.54.0/24 • 207.21.55.0/24 • Company XYZ can use a prefix of 207.21.54.0 /23 to supernet these two contiguous networks. (Yielding 510 hosts) • 207.21.54.0 /23 • 207.21.54.0/24 • 207.21.55.0/24 23 bits in common Rick Graziani graziani@cabrillo.edu
Supernetting Example • With the ISP acting as the addressing authority for a CIDR block of addresses, the ISP’s customer networks, which include XYZ, can be advertised among Internet routers as a single supernet. Rick Graziani graziani@cabrillo.edu
CIDR and the Provider Another example of route aggregation. Rick Graziani graziani@cabrillo.edu
CIDR and the provider 200.199.48.0/25 Even Better: 200.199.48.32/27 11001000 11000111 00110000 0 0100000 200.199.48.64/27 11001000 11000111 00110000 0 1000000 200.199.48.96/27 11001000 11000111 00110000 0 1100000 200.199.48.0/25 11001000 11000111 00110000 0 0000000 (As long as there are no other routes elsewhere within this range, well…) 200.199.56.0/24 11001000 11000111 0011100 0 00000000 200.199.57.0/24 11001000 11000111 0011100 1 00000000 200.199.56.0/23 11001000 11000111 0011100 0 00000000 Summarization from the customer networks to their provider. 200.199.56.0/23 Rick Graziani graziani@cabrillo.edu
CIDR and the provider 200.199.48.0/25 200.199.48.0/25 11001000 11000111 0011 0000 00000000 200.199.49.0/25 11001000 11000111 0011 0001 00000000 200.199.56.0/23 11001000 11000111 0011 1000 00000000 200.199.48.0/20 11001000 11000111 0011 0000 00000000 20 bits in common Further summarization happens with the next upstream provider. 200.199.56.0/23 Rick Graziani graziani@cabrillo.edu
CIDR Restrictions • Dynamic routing protocols must send network address and mask (prefix-length) information in their routing updates. • In other words, CIDR requires classless routing protocols for dynamic routing. • However, you can still configure summarized static routes, after all, that is what a 0.0.0.0/0 route is. Rick Graziani graziani@cabrillo.edu
Summarized and Specific Routes: Longest-bit Match (more later) • Merida receives a summarized /16 update from Quito and a more specific /24 update from Cartago. • Merida will include both routes in the routing table. • Merida will forward all packets matching at least the first 24 bits of 172.16.5.0 to Cartago (172/16/5/0/24), longest-bit match. • Merida will forward all other packets matching at least the first 16 bits to Quito (172.16.0.0/16). Merida Summarized Update Specific Route Update 172.16.0.0/16 172.16.5.0/24 172.16.5.0/24 172.16.1.0/24 Quito Cartago 172.16.2.0/24 172.16.10.0/24 Rick Graziani graziani@cabrillo.edu
Short Term Solutions: IPv4 Enhancements • CIDR (Classless Inter-Domain Routing) – RFCs 1517, 1518, 1519, 1520 • VLSM (Variable Length Subnet Mask) – RFC 1009 • Private Addressing - RFC 1918 • NAT/PAT (Network Address Translation / Port Address Translation) – RFC Rick Graziani graziani@cabrillo.edu
VLSM (Variable Length Subnet Mask) • Limitation of using only a single subnet mask across a given network-prefix (network address, the number of bits in the mask) was that an organization is locked into a fixed-number of of fixed-sized subnets. • 1987, RFC 1009 specified how a subnetted network could use more than one subnet mask. • VLSM = Subnetting a Subnet • “If you know how to subnet, you can do VLSM!” Rick Graziani graziani@cabrillo.edu
VLSM – Simple Example • Subnetting a /8 subnet using a /16 mask gives us 256 subnets with 65,536 hosts per subnet. • Let’s take the 10.2.0.0/16 subnet and subnet it further… 1st octet 2nd octet 3rd octet 4th octet 10.0.0.0/8 10 Host Host Host 10.0.0.0/16 10 Subnet Host Host 10.0.0.0/16 10 0 Host Host 10.1.0.0/16 10 1 Host Host 10.2.0.0/16 10 2 Host Host 10.n.0.0/16 10 … Host Host 10.255.0.0/16 10 255 Host Host Rick Graziani graziani@cabrillo.edu
VLSM – Simple Example • Note: 10.2.0.0/16 is now a summary of all of the 10.2.0.0/24 subnets. • Summarization coming soon! Network Subnet Host Host 10.2.0.0/16 10 2 Host Host 10.2.0.0/24 10 2 Subnet Host 10.2.0.0/24 10 2 0 Host 10.2.1.0/24 10 2 1 Host 10.2.n.0/24 10 2 … Host 10.2.255.0/24 10 2 255 Host Rick Graziani graziani@cabrillo.edu
VLSM – Simple Example 10.0.0.0/8 “subnetted using /16” Subnet1st hostLast hostBroadcast 10.0.0.0/16 10.0.0.1 10.0.255.254 10.0.255.255 10.1.0.0/16 10.1.0.1 10.1.255.254 10.1.255.255 10.2.0.0/16 “sub-subnetted using /24” • Subnet1st host Last hostBroadcast • 10.2.0.0/24 10.2.0.1 10.2.0.254 10.2.0.255 • 10.2.1.0/24 10.2.1.1 10.2.1.254 10.2.1.255 • 10.2.2.0/24 10.2.2.1 10.2.2.254 10.2.2.255 • Etc. • 10.2.255.0/24 10.2.255.1 10.2.255.254 10.2.255.255 10.3.0.0/16 10.3.0.1 10.3.255.254 10.0.255.255 Etc. 10.255.0.0/16 10.255.0.1 10.255.255.254 10.255.255.255 Rick Graziani graziani@cabrillo.edu
VLSM – Simple Example • Your network can now have 255 /16 subnets with 65,534 hosts each AND256 /24 subnets with 254 hosts each. • All you need to make it work is a classless routing protocol that passes the subnet mask with the network address in the routing updates. • Classless routing protocols: RIPv2, EIGRP, OSPF, IS-IS, BGPv4 (coming) An example of VLSM, NOT of good network design. Subnets 10.0.0.0/16 10.1.0.0/16 10.2.0.0/16 10.2.0.0/24 • 10.2.1.0/24 • 10.2.2.0/24 • Etc. • 10.2.255.0/24 10.3.0.0/16 Etc. 10.255.0.0/16 10.2.0.0/24 10.1.0.0/16 10.7.0.0/16 10.2.1.0/24 10.3.0.0/16 10.2.6.0/24 10.2.8.0/24 10.8.0.0/16 10.4.0.0/16 10.5.0.0/16 10.2.4.0/24 10.2.3.0/24 10.2.5.0/24 10.6.0.0/16 Rick Graziani graziani@cabrillo.edu
Another VLSM Example using /30 subnets • This network has seven /27 subnets with 30 hosts each ANDeight /30 subnets with 2 hosts each. • /30 subnets are very useful for serial networks. 207.21.24.0/24 network subnetted into eight /27 (255.255.255.224) subnets 207.21.24.192/27 subnet, subnetted into eight /30 (255.255.255.252) subnets Rick Graziani graziani@cabrillo.edu
207.21.24.192/27 207.21.24. 11000000 /30 Hosts Bcast 2 Hosts 0 207.21.24.192/30 207.21.24. 110 00000 01 10 11 .193 & .194 1 207.21.24.196/30 207.21.24. 110 00100 01 10 11 .197 & .198 2 207.21.24.200/30 207.21.24.110 01000 01 10 11 .201 & .202 3 207.21.24.204/30 207.21.24.110 01100 01 10 11 .205 & .206 4 207.21.24.208/30 207.21.24. 110 10000 01 10 11 .209 & .210 5 207.21.24.212/30 207.21.24.110 10100 01 10 11 .213 & .214 6 207.21.24.216/30 207.21.24.110 11000 01 10 11 .217 & .218 7 207.21.24.220/30 207.21.24.110 11100 01 10 11 .221 & .222 Rick Graziani graziani@cabrillo.edu
This network has seven /27 subnets with 30 hosts each AND seven /30 subnets with 2 hosts each (one left over). • /30 subnets with 2 hosts per subnet do not waste host addresses on serial networks . 207.21.24.192/30 207.21.24.204/30 207.21.24.216/30 207.21.24.128/27 207.21.24.96/27 207.21.24.64/27 207.21.24.208/30 207.21.24.212/30 207.21.24.196/30 207.21.24.200/30 207.21.24.32/27 207.21.24.0/27 207.21.24.160/27 207.21.24.224/27 Rick Graziani graziani@cabrillo.edu
VLSM and the Routing Table (more later) Displays one subnet mask for all child routes. Classful mask is assumed for the parent route. Routing Table without VLSM RouterX#show ip route 207.21.24.0/27 is subnetted, 4 subnets C 207.21.24.192is directly connected, Serial0 C 207.21.24.196 is directly connected, Serial1 C 207.21.24.200 is directly connected, Serial2 C 207.21.24.204 is directly connected, FastEthernet0 Routing Table with VLSM RouterX#show ip route 207.21.24.0/24 is variably subnetted, 4 subnets, 2 masks C 207.21.24.192 /30 is directly connected, Serial0 C 207.21.24.196 /30 is directly connected, Serial1 C 207.21.24.200 /30 is directly connected, Serial2 C 207.21.24.96 /27 is directly connected, FastEthernet0 Each child routes displays its own subnet mask. Classful mask is included for the parent route. • Parent Route shows classful mask instead of subnet mask of the child routes. • Each Child Routes includes its subnet mask. Rick Graziani graziani@cabrillo.edu
Final Notes on VLSM • Whenever possible it is best to group contiguous routes together so they can be summarized (aggregated) by upstream routers. (coming soon!) • Even if not all of the contiguous routes are together, routing tables use the longest-bit match which allows the router to choose the more specific route over a summarized route. • Coming soon! • You can keep on sub-subnetting as many times and as “deep” as you want to go. • You can have various sizes of subnets with VLSM. Rick Graziani graziani@cabrillo.edu
Route flapping • Route flapping occurs when a router interface alternates rapidly between the up and down states. • Route flapping, and it can cripple a router with excessive updates and recalculations. • However, the summarization configuration prevents the RTC route flapping from affecting any other routers. • The loss of one network does not invalidate the route to the supernet. • While RTC may be kept busy dealing with its own route flap, RTZ, and all upstream routers, are unaware of any downstream problem. • Summarization effectively insulates the other routers from the problem of route flapping. Rick Graziani graziani@cabrillo.edu
Short Term Solutions: IPv4 Enhancements • CIDR (Classless Inter-Domain Routing) – RFCs 1517, 1518, 1519, 1520 • VLSM (Variable Length Subnet Mask) – RFC 1009 • Private Addressing - RFC 1918 • NAT/PAT (Network Address Translation / Port Address Translation) – RFC Rick Graziani graziani@cabrillo.edu
Private IP addresses (RFC 1918) If addressing any of the following, these private addresses can be used instead of globally unique addresses: • A non-public intranet • A test lab • A home network Global addresses must be obtained from a provider or a registry at some expense. Rick Graziani graziani@cabrillo.edu
Discontiguous subnets • “Mixing private addresses with globally unique addresses can create discontiguous subnets.” – Not the main cause however… • Discontiguous subnets, are subnets from the same major network that are separated by a completely different major network or subnet. • Question: If a classful routing protocol like RIPv1 or IGRP is being used, what do the routing updates look like between Site A router and Site B router? Rick Graziani graziani@cabrillo.edu
Discontiguous subnets • Classful routing protocols, notably RIPv1 and IGRP, can’t support discontiguous subnets, because the subnet mask is not included in routing updates. • RIPv1 and IGRP automatically summarize on classful boundaries. • Site A and Site B are all sending each other the classful address of 207.21.24.0/24. • A classless routing protocol (RIPv2, EIGRP, OSPF) would be needed: • to not summarize the classful network address and • to include the subnet mask in the routing updates. Rick Graziani graziani@cabrillo.edu
Discontiguous subnets • RIPv2 and EIGRP automatically summarize on classful boundaries. • When using RIPv2 and EIGRP, to disable automatic summarization (on both routers): Router(config-router)#no auto-summary • SiteB now receives 207.21.24.0/27 • SiteB now receives 207.21.24.32/27 Rick Graziani graziani@cabrillo.edu
Short Term Solutions: IPv4 Enhancements • CIDR (Classless Inter-Domain Routing) – RFCs 1517, 1518, 1519, 1520 • VLSM (Variable Length Subnet Mask) – RFC 1009 • Private Addressing - RFC 1918 • NAT/PAT (Network Address Translation / Port Address Translation) – RFC Rick Graziani graziani@cabrillo.edu
Network Address Translation (NAT) NAT: Network Address Translatation • NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. • In practice, NAT is used to allow hosts that are privately addressed to access the Internet. Rick Graziani graziani@cabrillo.edu
Network Address Translation (NAT) • NAT translations can occur dynamically or statically. • The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same global address. • This is sometimes called a many-to-one NAT. • With PAT, or address overloading, literally hundreds of privately addressed nodes can access the Internet using only one global address. • The NAT router keeps track of the different conversations by mapping TCP and UDP port numbers. TCP Source Port 1026 2.2.2.2 TCP Source Port 1923 TCP Source Port 1026 2.2.2.2 TCP Source Port 1924 Rick Graziani graziani@cabrillo.edu
Using IP unnumbered There are certain drawbacks that come with using IP unnumbered: • The use of ping cannot determine whether the interface is up because the interface has no IP address. • A network IOS image cannot boot over an unnumbered serial interface. • IP security options cannot be supported on an unnumbered interface. Rick Graziani graziani@cabrillo.edu
DHCP • DHCP overview • DHCP operation • Configuring IOS DHCP server • Easy IP Rick Graziani graziani@cabrillo.edu