Discovery Routing Switching Chapter4-New

1

Addressing in an Enterprise Network

Introducing Routing and Switching in the Enterprise – Chapter 4

2

Objectives

Analyze the features and benefits of a hierarchical IP addressing structure.

Plan and implement a VLSM IP addressing scheme.

Plan a network using classless routing and CIDR.

Configure and verify both static and dynamic NAT.

3

Features & Benefits of a Hierarchical IP Addressing Structure Implementing switches reduces the number of collisions that occur within a

local network. However, having an all-switched network often creates a single broadcast domain. In a single broadcast domain, or flat network, every device is in the same network and receives each broadcast. In small networks, a single broadcast domain is acceptable.

With large numbers of hosts, a flat network becomes less efficient. As the number of hosts increases in a switched network, so do the number of broadcasts sent and received. Broadcast packets take up a lot of bandwidth, causing traffic delays and timeouts.Two solutions:

–Create VLANs

–Use routers in a hierarchical network design

4

Features & Benefits of a Hierarchical IP Addressing Structure

A hierarchical addressing structure logically groups networks into smaller subnetworks

Classful network address in the Core Layer

Successively smaller subnets in the Distribution and Access Layers

Route Summarization

5


Use subnetting to subdivide a network based on:

Physical location or logical grouping

Application and security requirements

Broadcast containment

Hierarchical network design

6


For example, if an organization uses a 10.0.0.0 network for the enterprise, they might use an addressing scheme such as 10.X.Y.0, where X represents a geographical location and Y represents a building or floor within that location. This addressing scheme allows for:

255 different geographical locations

255 buildings in each location

254 hosts within each building

7

Plan / Implement a VLSM Addressing Scheme Subnet mask: 32-bit value

Slash notation (CIDR Notation)

Distinguishes between network and host bits

Can vary in length to accommodate number of hosts on LAN segment

8

Subnet Mask The subnet mask indicates whether hosts are in the

same network. The subnet mask is a 32-bit value that distinguishes between the network bits and the host bits. It consists of a string of 1s followed by a string of 0s. The 1 bits represent the network portion and the 0 bits represent the host portion.

Class A addresses use a default subnet mask of 255.0.0.0 or a slash notation of /8

Class B addresses use a default mask of 255.255.0.0 or /16

Class C addresses use a default mask of 255.255.255.0 or /24

9

Slash Notation

The /x refers to the number of bits in the subnet mask that comprise the network portion of the address.

In an enterprise network, subnet masks vary in length. LAN segments often contain varying numbers of hosts; therefore, it is not efficient to have the same subnet mask length for all subnets created.

10

Purpose of an IP Address and Subnet MaskWhen one host needs to communicate with another, it determines its network address and the destination network address by applying its subnet mask to both its IPv4 address and to the destination IPv4 address. This is done to determine if the two addresses are on the same local network.

11

Plan / Implement a VLSM Addressing Scheme

Boolean ANDing compares bits in host address to bits in subnet mask

1 and 1 = 1

1 or 0 and 0 = 0

Resulting value is network address

12


Steps in basic subnetting:

Borrow bits from the host side

Add them to the network side

Change mask to reflect additional bits

13


Elements of an addressing scheme:

Subnet number

Network address

Host range

Broadcast address

14

Implementation of IP Addressing in the LAN

15

Five host bits mean that there can be 30 hosts per subnet, or 2^5 - 2. Remember that the all-zeros and all-ones host addresses are reserved for the network designation and the broadcast address.


16


Elements of an addressing scheme:

Subnet number

Network address

Host range

Broadcast address

17

VLSM Addressing Scheme Variable Length Subnet Masks (VLSM) provide for

efficient use of address space. It also allows for hierarchal IP addressing which allows routers to take advantage of route summarization. Route summarization reduces the size of routing tables in distribution and core routers. Smaller routing tables require less CPU time for routing lookups.

VLSM is the concept of subnetting a subnet. It was initially developed to maximize addressing efficiency. With the advent of private addressing, the primary advantage of VLSM now is organization and summarization.

18

VLSMBenefits of VLSM: Allows efficient use of address space Allows the use of multiple subnet mask lengths Breaks up an address block into smaller blocks Allows for route summarization Provides more flexibility in network design Supports hierarchical enterprise networks

Classless routing protocols support the use of VLSM because the subnet mask is sent with all routing update packets. Classless routing protocols include RIPv2, EIGRP, and OSPF.

19

Plan / Implement a VLSM Addressing SchemeBenefits of Variable Length Subnet Masks (VLSM):

Flexibility

Efficient use of address space

Ability to use route summarization

20


VLSM allows the use of different masks for each subnet. After a network address is subnetted, further division of those subnets creates sub-subnets.

21

Implement a VLSM Addressing Scheme Designing an IP addressing scheme with VLSM takes

practice and planning.

22

Implement a VLSM Addressing Scheme

When implementing a VLSM subnetting scheme, always allow for some growth in the number of hosts when planning subnet requirements.

23


Apply masks from largest group to smallest

Avoid assigning addresses that are already allocated

Allow for some growth in numbers of hosts on each subnet

24

Classful and Classless Routing Technology such as VLSM enables the classful IPv4 addressing

system to evolve into a classless system. Classless addressing has made the exponential growth of the Internet possible.

In classful IP addresses, the value of the first octet, or the first three bits, determines whether the major network is a Class A, B, or C. Each major network has a default subnet mask of 255.0.0.0, 255.255.0.0, or 255.255.255.0 respectively.

25

Classful and Classless Routing Classful routing protocols, such as RIPv1, do not include the

subnet mask in routing updates. Since the subnet mask is not included, the receiving router makes certain assumptions.

The sending router advertises the major classful network address only, not the subnetted address. In this case, the address advertised is 172.16.0.0.

The receiving router assumes the default subnet mask for this network. The default subnet mask for a class B address is 255.255.0.0.

26

Classful and Classless Routing

With the rapid depletion of IPv4 addresses, the Internet Engineering Task Force (IETF) developed Classless Inter-Domain Routing (CIDR). CIDR uses IPv4 address space more efficiently and for network address aggregation or summarizing, which reduces the size of routing tables.

The use of CIDR requires a classless routing protocol, such as RIPv2 or EIGRP or static routing. To CIDR-compliant routers, address class is meaningless. The network subnet mask determines the network portion of the address. This is also known as the network prefix, or prefix length. The class of the address no longer determines the network address.

27

Classful and Classless Routing Classless routing protocols that can support VLSM and CIDR

include interior gateway protocols (IGPs) RIPv2, EIGRP, OSPF, and IS-IS. ISPs also use exterior gateway protocols (EGPs) such as Border Gateway Protocol (BGP).

The difference between the classful routing protocols and classless routing protocols is that the classless routing protocols include subnet mask information with the network address information in the routing updates. Classless routing protocols are necessary when the mask cannot be assumed or determined by the value of the first octet.

The sending router advertises all subnetworks with subnet mask information.

28

Classful and Classless Routing The sending router, by default, summarizes all of the subnets and

advertises the major classful network along with the summarized subnet mask information. This process is often referred to as summarizing on a network boundary. While most classless routing protocols enable summarization on the network boundary by default, the process of summarizing can be disabled.

When summarization is disabled, the sending router advertises all subnetworks with subnet mask information.

29

Plan a Network Using Classless Routing and CIDR

Classful routing

Default subnet masks

Class determined by first octet

No subnet mask information exchanged in routing updates

Classless routing

Network prefix

Slash (/) mask

Subnet mask information exchanged in routing updates

30


Classless Inter-Domain Routing (CIDR)

Uses address space efficiently

Used for network address aggregation or summarizing

31

One useful tool in this address planning process is a network diagram. A diagram allows to see the networks and make a more accurate count.

Start with the locations that require the most hosts and work down to the point-to-point links. This process ensures that large enough blocks of addresses are made available to accommodate the hosts and networks for these locations.

Also, plan carefully to ensure that the address blocks assigned to the subnet do not overlap.

Creating Custom Subnet Masks

32

Another helpful tool in this planning process is a spreadsheet. Place the addresses in columns to visualize the allocation of the addresses. This further division of the addresses is often called subnetting the subnets.

Creating Custom Subnet Masks

33

Subnetting a subnet

34

Case Study

Subnetting a subnet

35

Subnetting a subnet

36

Subnetting a subnet

37

Example No 1

38

Example 2

39


A general list of improvements that IPv6 proposes are: More address space Better address space management Easier TCP/IP administration Modernized routing capabilities Improved support for multicasting, security, and mobility

40

Route Summarisation

Route summarization, or supernetting, is needed to reduce the number of routes that a router advertises to its neighbor.

Remember that for every route that is advertised, the size of the update grows.

It has been said that if there were no route summarization, the Internet backbone would have collapsed from the sheer size of its own routing tables back in 1997!

41

Winnipeg, Calgary, and Edmonton each have to advertise internal networks to the main router located in Vancouver.

Without route summarization, Vancouver would have to advertise 16 networks to Seattle.

To mitigate this problem, it is recommended to use route summarization to reduce the burden on this upstream router.

Route Summarisation

42

172.16.64.0 = 10101100.00010000.01000000.00000000 172.16.65.0 = 10101100.00010000.01000001.00000000 172.16.66.0 = 10101100.00010000.01000010.00000000 172.16.67.0 = 10101100.00010000.01000011.00000000 Common bits: 10101100.00010000.010000xx.xxxxxxxx The first 22 bits of the four networks are common. the summarized

address of 172.16.64.0/22

Route Summarisation - Summarize Winnipeg’s Routes

43

172.16.72.0 = 10101100.00010000.01001000.00000000

172.16.73.0 = 10101100.00010000.01001001.00000000

172.16.74.0 = 10101100.00010000 01001010.00000000

172.16.75.0 = 10101100.00010000 01001011.00000000

172.16.76.0 = 10101100.00010000.01001100.00000000

172.16.77.0 = 10101100.00010000.01001101.00000000

172.16.78.0 = 10101100.00010000.01001110.00000000

172.16.79.0 = 10101100.00010000.01001111.00000000

Common bits: 10101100.00010000.01001xxx

For Edmonton, the first 21 bits are common.

The summarized route is therefore 172.16.72.0/21

Route Summarisation - Summarize Edmonton’s Routes

44

To create route summarization, there are some necessary requirements:

• Routers need to be running a classless routing protocol, as they carry subnet mask information with them in routing updates. (Examples are RIP v2, OSPF, EIGRP, IS-IS, and BGP.)

• Addresses need to be assigned in a hierarchical fashion for the summarized address to have the same high-order bits.

It does no good if Winnipeg has network 172.16.64.0 and 172.16.67.0 while 172.16.65.0 resides in Calgary and 172.16.66.0 is assigned in Edmonton. No summarization could take place from the edge routers to Vancouver.

Route Summarisation

45


Route summarization:

Use single address to represent group of contiguous subnets

Occurs at network boundary

Smaller routing table, faster lookups

46

Example

47

Plan a Network Using Classless Routing and CIDR Classful routing results in each router advertising the major

Class C network without a subnet mask. As a result, the middle router receives advertisements about the same network from two different directions. This scenario is called a discontiguous network.

Discontiguous subnets cause unreliable routing

Avoid separating subnets with a different network

48

Discontiguous networks

Discontiguous networks cause unreliable or suboptimal routing. To avoid this condition, an administrator can:

Modify the addressing scheme, if possible

Use a classless routing protocol, such as RIPv2 or OSPF

Turn automatic summarization off

Manually summarize at the classful boundary

49


Use routing protocols that support VLSM

Plan subnetting to complement hierarchical design

Disable auto-summarization if necessary

Update router IOS

Allow for future growth

50

VLSM Best Practices Use newer routing protocols that support VLSM and

discontiguous subnets. Disable auto-summarization if necessary. Use the same routing protocol throughout the network. Keep the router IOS up-to-date to support the use of subnet

zero. Avoid intermixing private network address ranges in the same

internetwork. Avoid discontiguous subnets where possible. Use VLSM to maximize address efficiency. Assign VLSM ranges based on requirements from the largest

to the smallest. Plan for summarization using hierarchical network design and

contiguous addressing design. Summarize at network boundaries. Use /30 ranges for WAN links. Allow for future growth when planning for the number of

subnets and hosts supported.

51

Configure and Verify Static and Dynamic NAT

RFC 1918: private IP address space - Private addresses are available for anyone to use in their enterprise networks because private addresses route internally, they never appear on the Internet.

Routed internally, never on the Internet

“Hides” internal addresses from other networks

52

Private addressing

Class A: 10.0.0.0 - 10.255.255.255

Class B: 172.16.0.0 - 172.31.255.255

Class C: 192.168.0.0 - 192.168.255.255

Using private addressing has these benefits:

It alleviates the high cost associated with the purchase of public addresses for each host.

It allows thousands of internal employees to use a few public addresses.

It provides a level of security, because users from other networks or organizations cannot see the internal addresses.

53

Configure and Verify Static and Dynamic NAT Organizations create huge LANs and WANs with private

addressing and connect to the Internet using Network Address Translation (NAT).

NAT translates internal private addresses into one or more public addresses for routing onto the Internet. NAT changes the private IP source address inside each packet to a publicly registered IP address before sending it out onto the Internet.

Using NAT on boundary routers improves security. Internal private addresses translate to different public addresses each time.

This hides the actual address of hosts and servers in the enterprise.

54


Static NAT: map single inside local address to single public address

Dynamic NAT: use a pool of public addresses to assign as needed

55

Configure and Verify Static and Dynamic NAT Static NAT maps a single inside local address to a single

global, or public address. This mapping ensures that a particular inside local address always associates with the same public address.

Dynamic NAT uses an available pool of Internet public addresses and assigns them to inside local addresses. Dynamic NAT assigns the first available IP address in the pool of public addresses to an inside device.

The address that one internal host uses to connect to another internal host is the inside local address. The public address assigned to the organization is called the inside global address.

The NAT router manages the translations between the inside local addresses and the inside global addresses by maintaining a table that lists each address pair.

56


Port Address Translation (PAT)

Dynamically translate multiple inside local addresses to one public address

57

Summary Hierarchical network design groups users into subnets

VLSM enables different masks for each subnet

VLSM requires classless routing protocols

CIDR network addresses are determined by prefix length

Route summarization, route aggregation, or supernetting, is done on a boundary router

NAT translates private addresses into public addresses that route over the Internet

PAT translates multiple local addresses into a single public address

58

Using Network Address Translation in a Network Network Address Translation (NAT) allows a large group of private users to access the Internet by sharing a small pool of

public IP addresses. NAT can also provide security to PCs, servers, and networking devices by withholding their actual IP host addresses from

direct Internet access.

59

The main advantage of NAT is IP address reuse, and the sharing of globally unique IP addresses between many hosts from a single LAN.

NAT also serves users transparently. In other words, they do not need to know about NAT to get on the Internet from a private network.

NAT helps shield users of a private network against access from the outside.

Using Network Address Translation in a Network

60


The outside global network is any network attached to the router that is external to the LAN and that does not recognize the private addresses assigned to hosts on the LAN.

An inside local address is the private IP address configured on a host on an inside network. It is an address that must be translated before it can travel outside the local network addressing structure.

61

Using Network Address Translation in a Network An inside global address is the IP address of an

inside host as it appears to the outside network. This is the translated IP address.

62


The outside local address is the destination address of the packet while it is on the local network. Usually this address is the same as the outside global address.

An outside global address is the actual public IP address of an external host. The address is allocated from a globally routable address or network space.

63


One way to provide access to a local host from the Internet is to assign that device a static address translation.

64

Static and Dynamic Nat

One way to provide access to a local host from the Internet is to assign that device a static address translation.

Static translations ensure that an individual host private IP address is always translated to the same registered global IP address.

It also ensures that no other local host will be translated to the same registered address.

Dynamic NAT occurs when a router is configured to assign an IP address from an available pool of outside global addresses to an inside private network device.

As long as the session is open, the router watches for that inside global address and sends acknowledgments to the initiating inside device. When the session ends, the router simply returns the inside global address to the pool.

65

Configuration - NAT

When configuring either static or dynamic NAT.

List any servers that require a permanent outside address.

Determine which internal hosts require translation.

Determine which interfaces source the internal traffic. These will become the inside interfaces.

Determine which interface sends traffic to the Internet. This will become the outside interface.

Determine the range of public addresses available.

66

Configuration – Static NAT1. Determine the public IP address that outside

users should use to access the inside device/server. Administrators tend to use addresses from either the beginning or end of the range for static NAT. Map the inside, or private address to the public address.

2. Configure the inside and outside interfaces.

67

Configuration – Dynamic NAT 1. Identify the pool of public IP addresses

available for use.

2. Create an access control list (ACL) to identify hosts that require translation.

3. Assign interfaces as either inside or outside.

4. Link the access list with the address pool.

68

NAT Issues Most of the time, NAT operates invisibly.

The big issue with NAT is the additional work load necessary to support IP address and port translations.

Some applications increase the work load of the router because they embed an IP address as part of the encapsulated data. The router must replace the source IP addresses and port combinations that are contained within the data, as well as the source addresses in the IP header.

With all this activity taking place in a router because of NAT, its implementation in a network requires good network design, careful selection of equipment, accurate configuration and regularly scheduled maintenance.

Users on the outside network cannot reliably initiate a connection to a host on a network that uses PAT. Not only is it impossible to predict the local or global port number of the host, but a gateway does not even create a translation unless a host on the inside network initiates the communication.

69

Using Network Address Translation in a Network When an organization has a very small registered IP address pool, or perhaps

even just a single IP address, it can still enable multiple users to simultaneously access the public network with a mechanism called NAT overload, or port address translation (PAT).

It uses an IP address and port number combination to keep track of each individual conversation with the destination host.

In PAT, the gateway translates the local source address and port combination in the packet to a single global IP address and a unique port number above 1024.

70

Since the translation is specific to the local address and local port, each connection, which generates a new source port, requires a separate translation.

Users on the outside network cannot reliably initiate a connection to a host on a network that uses PAT.


71

Configuration – PAT Configuring PAT requires the same basic steps and

commands as configuring NAT. However, instead of translating to a pool of addresses, PAT translates to a single address. The following command translates the inside addresses to the IP address of the serial interface:

ip nat inside source list 1 interface serial 0/0/0 overload

72

NAT and PAT Troubleshooting commands

Verfiy NAT and PAT functionality with the following commands.

show ip nat translations

This command displays active translations. If the translation is not used, it ages out after a period of time. Static NAT entries remain in the table permanently. A dynamic NAT entry requires some action from the host to a destination on the outside of the network. If configured correctly, a simple ping or trace creates an entry in the NAT table.

show ip nat statistics

This command displays translation statistics, including the number of addresses used and the number of hits and misses. The output also includes the access list that specifies internal addresses, the global address pool, and the range of addresses defined.

73

Summary

IP addressing can be tailored to the needs of the network design through the use of custom subnet masks.

Classless subnetting gives classful IP addressing schemes more flexibility through the use of variable length subnet masks.

Network Address Translation (NAT) is a way to shield private addresses from outside users.

Port Address Translation (PAT) translates multiple local addresses to a single global IP address, maximizing the use of both private and public IP addresses.

Documents

Discovery Routing Switching Chapter4-New