Embed Size (px)
DESCRIPTION
Citation preview
Veille technologique en TICAspects stratégiques des réseaux
Eric Vyncke
Dernière mise à jour: 27 février 2009
04/10/23 2
References & Misc
• Slides on http://mastertic.blogspot.com/• Contacts
– Main job: Cisco Systems as Distinguished Engineer– Email: [email protected]– Mobile: +32 475 312458
04/10/23 3
Agenda
• Introduction to network
• The acronym soup
• The impact of security
• The impact of IP telephony
• The impact of Virtualization
• Wrap-up: The Questions to be asked
Introduction to Network
04/10/23 5
Why a Section on Networks?
• TIC = Technologie de l’Information et Communication
pas de TIC sans réseaux – Connaître les technos réseaux = faire des bons choix
les réseaux ont impacté le business depuis la fin de 90’s
The Acronyms Soup
Or a small touch of technology
04/10/23 7
Importance de la standardisation
• peu de domaines ont autant besoin de standards– la communication est un domaine complexe: besoin de
spécifications précises– communication entre diverses machines– communication entre divers constructeurs informatiques
• plusieurs types de standards:– standards propriétaires: parfois non public, réservé à un
constructeur: SNA d’IBM, NetWare de Novell, DECnet de Digital, Transdata de Siemens Nixdorf, ...
• Presque disparus mais encore actifs dans les domaines ‘pre-standard’• Voix sur IP: SCCP de Cisco, wireless security, …
– standards ouverts de jure: OSI de l’ISO, IEEE 802.*, X.25, ...– standards ouverts de facto: TCP/IP, Ethernet, ...
04/10/23 8
Généralités
• les communications sont un domaine complexe et en évolution constante => besoin d’un modèle:– établir des spécifications et les tests– comparer des solutions– établir des théories
• le modèle sera en plusieurs couches simples à vocation précise afin de faciliter la compréhension et l’implémentation
04/10/23 9
...AN Based on the Span
• A lot of acronym ending with ...AN– Area Network
• Like– LAN Local Area Network: several 100’s of meters– MAN Metropolitan Area Network: a city, 10’s of km– WAN Wide Area Network: the whole Earth– PAN Personal Area Network: one meter or so– RAN Radio Area Network: from a single antenna
04/10/23 10
...AN Based on Usage
• A lot of acronym ending with ...AN– Area Network
• Like– SAN Storage Area Network:
• linking servers and hard-disks so that server do not know that disk are not attached
04/10/23 11
Local Area Network: LAN
• LAN are usually a layer 2 technology– Using a single media
• Most common Ethernet over twisted pair– 10 Mbps, 100 Mbps (= Fast Ethernet), 1 Gbps, 10 Gbps, ...– Standard IEEE 802.3
• Before over a coax cable now over twisted pair and hub/switch
• Unique Ethernet address on each Network Interface Card (NIC)– 24 bits unique per vendor: 00-02-8A (Cisco)– 24 bits assigned by vendor: 09-07-CF 48-bits unique global address: 00-02-8A-09-07-CF
04/10/23 12
Ethernet TopologiesHow to connect more than 2 hosts?
• bus topology popular through mid 90s– all nodes in same collision domain (can collide with each other)
• today: star topology prevails– active switch in center– each “spoke” runs a (separate) Ethernet protocol (nodes do not
collide with each other)
switch
bus: coaxial cable star
04/10/23 13
Ethernet Hub
• Frames are repeated on all ports...• 8 x 100 Mbps ports ~ 15 €
A C
A B C DA
C
A CA
C
04/10/23 14
Ethernet Switch
• Frames are repeated only on destination port– Don’t disturb other machines– While A sends to C, B can simultaneously send to D
• 5 x 100 Mbps ports ~ 20 €
• High density (8 x 48 ports) => up to 100 € /port
A C
A B C D
A
C
Enterprises always use switches
Enterprises always use switches
04/10/23 15
Virtual LAN: VLAN
A B C D
• Switched can be partitioned in virtual LAN– VLAN#1: ports A & C
– VLAN#2: ports B & D
• Use to separate traffic for security, ...
04/10/23 16
Going Faster than Ethernet
• Ethernet is 1 Gbps (10 Gbps) 109 bit/s 1010 bit/s– 1 CD-ROM 800 MB = 64 108 bits– 1 DVD 4.7 GB = 40 109 bits– Ethernet 1 Gbps transfer
• CD-ROM = 6 seconds
• DVD = 40 seconds
• A very fast hard disk is 800 MB/s write = 6.4 Gbps
• Too slow for High Performance Computing– Needs faster
04/10/23 17
High Performance Computing
Low-latency, High-message rate market data environments
Real-time analytics
Increase accuracy of Reservoir Modeling and Seismic Analysis
Deliver large datasets optimally
Reduce time to market for new products
Better Safety & Product Design through Simulation
Expand Research Capabilities
Complex Research Problems
Greater Industry Outreach
Accelerate time to market
Molecular Modeling and Protein folding experiments for drug discovery
Financial Services
Oil & Gas Manufacturing BiotechAcademic Research
JPMC – 2000+ Servers in Global Deployment
Citi – Fixed Income Trading
Statoil – Multiple Clusters
ONGC
ENI
Occidental
Honda
Ferrari – F1
RedBull Racing
Airbus
Boeing
NCSA @ UIUC
Stanford Univ
MIT
Harvard Univ
UNC Chapel Hill
DE Shaw R&D
Cedar Sinai
Stanford BioX
Scripps Institute
Shorten Time for Tape-Out
Improve Yield
EDA
Intel
Motorola
TSMC
Altis Semiconductor
04/10/23 18
Another LAN: Infiniband
• Point to point link• Each link can be 2, 4 or 8 Gbps• Links can be aggregated (appearing as one)
– 4x => 8, 16 or 32 Gbps– 12x => 24, 48 or 96 Gbps
04/10/23 19
Wide Area Network Services
• WAN: transfer of data over 100’s of km• Enterprises cannot build their own network
– Too expensive
• Service is offered by SP (service provider)– Nation wide: Belgacom, Voo, Mobistar, Telenet– Worldwide: British Telecom, Colt, Verizon, ...
• Layer 1: transmit elementary bit• Layer 2 (= Data-Link): transmit a frame (like a
packet)
04/10/23 20
WAN: As Layer 1 or 2 Services
• Layer 1: leased line = a pair of copper wire with modem• Like from your ADSL router to Skynet/Belgacom
• Layer 1: optical fiber• Dark fiberDark fiber (you need to add laser transmitter): just for you, €€€
• Shared fiber (each customer uses a different color for laser): cheaper
• Layer 2: point to point link (or star network) where SP handles the layer 1 (modulation) and repeats frame (layer 2)
• Used to be the prevalent solution: X.25, Frame Relay
• But now reserved for MAN with Ethernet
Do we care?Decision based on price for bandwidthSharing issue? May means less bandwidth
04/10/23 21
3: couche réseau
• permet le transfert de paquets via plusieurs couches de liaison de données différentes– Permet de passer de WiFi à ADSL à Internet à Ethernet– Notion de route à suivre– Notion d’adresse réseau unique au niveau mondial
• Exemple: IP (Internet Protocol utilisé sur Internet)
A b Zf
e
04/10/23 22
Network Layer: IP at Home
• IP is the network layer we all use • Our IP packets traverse multiple data links and media
Access Point ADSL Router
Your ISP
Internet =All other ISP
1st data link: wifi
2nd data link: Ethernet
3rd data link: ADSL or Cable
Nth data link: Ethernet or ...
04/10/23 23
What is an IP address?
• In IPv4, an address is a 32 bit quantity that uniquely identifies a network interface.
• In IPv4 there are 232 = 4,294,967,296 unique addresses possible
04/10/23 24
Basic Addressing
64.100.24.1
• IP addresses are written in dotted decimal format.
• Four sections are separated by dots.
• Each section contains a number between 0 and 255.
Dots separate the sections
Each section contains a number between 0 and 255
04/10/23 25
IP Addressing at Home
Access Point ADSL Router
Your ISP
Internet =All other ISP
I’m 192.168.100.2
I’m 192.168.100.1And 192.168.1.2
I’m 192.168.1.1And 80.123.34.89
• If a node has multiple network interfaces, it typically has multiple IP addresses
Network Printer
I’m192.168.1.3
04/10/23 26
IP Address HierarchyFor Mr. Postman
• IP address is divided into two parts to achieve efficient “packet processing”1. Network-id: Represents the physical network commonly called a
“prefix” (often first 24 bits)
2. Host-id: Represents a computer on the network (often last 8 bits)
Tasman Dr.
250 Tasman Dr.
260 Tasman Dr.
Main
St.
100 Main St.
101 Main St.
04/10/23 27
Can we Automate Addressing?
• Defining static IP addresses on each host– Does not scale– Error prone (moving a PC to another network), ...
• Dynamic Host Configuration Protocol (DHCP)– DHCP server (Windows or a router) is configured with the
list of IP addresses for a network– When a host boots, it ask the DHCP for an IP address
(and other information like routing, DNS, ...)
Most enterprises use DHCPexcept for serverskeeping the log to see who is using which address
Most enterprises use DHCPexcept for serverskeeping the log to see who is using which address
04/10/23 28
What is IPv6?
• The current IP is version 4– Limited address space (32 bits), exhaustion in 2010
• The next IP is version 6– Addresses are 128-bits wide– No more exhaustion– Else nothing has changed– Already in Windows Vista or Mac OS/X or Linux
• Windows XP: ‘ipv6 install’
IPv6 will rule in 2010 at the latestALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6
IPv6 will rule in 2010 at the latestALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6
04/10/23 29
IPv4 Address Fractal Map Jan-2000
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085Reserved
084Reserved
083Reserved
080Reserved
079Reserved
078Reserved
065Reserved
086Reserved
087Reserved
082Reserved
081Reserved
076Reserved
077Reserved
066Reserved
064ARIN
063ARIN
060Reserved
067Reserved
062RIPE
061APnic
089Reserved
088Reserved
093Reserved
094Reserved
075Reserved
072Reserved
071Reserved
068Reserved
049Reserved
050Reserved
090Reserved
091Reserved
092Reserved
095Reserved
074Reserved
073Reserved
070Reserved
069Reserved
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125Reserved
124Reserved
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126Reserved
059Reserved
058Reserved
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Reserved
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189Reserved
188Reserved
213RIPE
214US DoD
217Reserved
218Reserved
212RIPE
215US DoD
216ARIN
219Reserved
211APnic
210APnic
221Reserved
220Reserved
208ARIN
209ARIN
222Reserved
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200Reserved
201Reserved
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190Reserved
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 30
IPv4 Address Fractal Map Jan-2001
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085Reserved
084Reserved
083Reserved
080Reserved
079Reserved
078Reserved
065ARIN
086Reserved
087Reserved
082Reserved
081Reserved
076Reserved
077Reserved
066ARIN
064ARIN
063ARIN
060Reserved
067Reserved
062RIPE
061APnic
089Reserved
088Reserved
093Reserved
094Reserved
075Reserved
072Reserved
071Reserved
068Reserved
049Reserved
050Reserved
090Reserved
091Reserved
092Reserved
095Reserved
074Reserved
073Reserved
070Reserved
069Reserved
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125Reserved
124Reserved
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126Reserved
059Reserved
058Reserved
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Reserved
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189Reserved
188Reserved
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219Reserved
211APnic
210APnic
221Reserved
220Reserved
208ARIN
209ARIN
222Reserved
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
236Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200Reserved
201Reserved
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190Reserved
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 31
IPv4 Address Fractal Map Jan-2002
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085Reserved
084Reserved
083Reserved
080RIPE
079Reserved
078Reserved
065ARIN
086Reserved
087Reserved
082Reserved
081RIPE
076Reserved
077Reserved
066ARIN
064ARIN
063ARIN
060Reserved
067Reserved
062RIPE
061APnic
089Reserved
088Reserved
093Reserved
094Reserved
075Reserved
072Reserved
071Reserved
068Reserved
049Reserved
050Reserved
090Reserved
091Reserved
092Reserved
095Reserved
074Reserved
073Reserved
070Reserved
069Reserved
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125Reserved
124Reserved
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126Reserved
059Reserved
058Reserved
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189Reserved
188Reserved
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221Reserved
220APnic
208ARIN
209ARIN
222Reserved
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200Reserved
201Reserved
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190Reserved
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 32
IPv4 Address Fractal Map Jan-2003
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085Reserved
084Reserved
083Reserved
080RIPE
079Reserved
078Reserved
065ARIN
086Reserved
087Reserved
082RIPE
081RIPE
076Reserved
077Reserved
066ARIN
064ARIN
063ARIN
060Reserved
067ARIN
062RIPE
061APnic
089Reserved
088Reserved
093Reserved
094Reserved
075Reserved
072Reserved
071Reserved
068ARIN
049Reserved
050Reserved
090Reserved
091Reserved
092Reserved
095Reserved
074Reserved
073Reserved
070Reserved
069ARIN
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125Reserved
124Reserved
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126Reserved
059Reserved
058Reserved
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189Reserved
188Reserved
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222Reserved
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200Reserved
201Reserved
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190Reserved
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 33
IPv4 Address Fractal Map Jan-2004
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085Reserved
084Reserved
083Reserved
080RIPE
079Reserved
078Reserved
065ARIN
086Reserved
087Reserved
082RIPE
081RIPE
076Reserved
077Reserved
066ARIN
064ARIN
063ARIN
060Reserved
067ARIN
062RIPE
061APnic
089Reserved
088Reserved
093Reserved
094Reserved
075Reserved
072Reserved
071Reserved
068ARIN
049Reserved
050Reserved
090Reserved
091Reserved
092Reserved
095Reserved
074Reserved
073Reserved
070Reserved
069ARIN
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125Reserved
124Reserved
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126Reserved
059Reserved
058Reserved
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189Reserved
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190Reserved
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 34
IPv4 Address Fractal Map Jan-2005
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085Reserved
084Reserved
083Reserved
080RIPE
079Reserved
078Reserved
065ARIN
086Reserved
087RIPE
082RIPE
081RIPE
076Reserved
077Reserved
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089Reserved
088RIPE
093Reserved
094Reserved
075Reserved
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090Reserved
091Reserved
092Reserved
095Reserved
074Reserved
073Reserved
070Reserved
069ARIN
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125Reserved
124Reserved
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126Reserved
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189Reserved
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190Reserved
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 35
IPv4 Address Fractal Map Jan-2006
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079Reserved
078Reserved
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077Reserved
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093Reserved
094Reserved
075ARIN
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090RIPE
091RIPE
092Reserved
095Reserved
074ARIN
073ARIN
070ARIN
069ARIN
101Reserved
100Reserved
099Reserved
096Reserved
117Reserved
118Reserved
121Reserved
122Reserved
102Reserved
103Reserved
098Reserved
097Reserved
116Reserved
119Reserved
120Reserved
123Reserved
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125APnic
124APnic
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126APnic
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041Reserved
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190LACnic
191Various
192Various
195RIPE
196AfrNIC
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 36
IPv4 Address Fractal Map Jan-2007
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079RIPE
078RIPE
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077RIPE
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093Reserved
094Reserved
075ARIN
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090RIPE
091RIPE
092Reserved
095Reserved
074ARIN
073ARIN
070ARIN
069ARIN
101Reserved
100Reserved
099ARIN
096ARIN
117Reserved
118Reserved
121APnic
122APnic
102Reserved
103Reserved
098ARIN
097ARIN
116Reserved
119Reserved
120Reserved
123APnic
105Reserved
104Reserved
109Reserved
110Reserved
115Reserved
114Reserved
125APnic
124APnic
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126APnic
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041AFRNic
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186Reserved
180Reserved
183Reserved
184Reserved
187Reserved
179Reserved
178Reserved
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190LACnic
191Various
192Various
195RIPE
196AFRnic
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 37
IPv4 Address Fractal Map Jan-2008
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079RIPE
078RIPE
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077RIPE
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093RIPE
094RIPE
075ARIN
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090RIPE
091RIPE
092RIPE
095RIPE
074ARIN
073ARIN
070ARIN
069ARIN
101Reserved
100Reserved
099ARIN
096ARIN
117APnic
118APnic
121APnic
122APnic
102Reserved
103Reserved
098ARIN
097ARIN
116APnic
119APnic
120APnic
123APnic
105Reserved
104Reserved
109Reserved
110Reserved
115APnic
114APnic
125APnic
124APnic
106Reserved
107Reserved
108Reserved
111Reserved
112Reserved
113Reserved
126APnic
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014PDN
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041AFRNic
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173Reserved
174Reserved
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186LACnic
180Reserved
183Reserved
184Reserved
187LACnic
179Reserved
178Reserved
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190LACnic
191Various
192Various
195RIPE
196AFRnic
197Reserved
250Class E
251Class E
252Class E
255Class E
04/10/23 38
IPv4 Address Fractal Map Jan-2009
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079RIPE
078RIPE
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077RIPE
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093RIPE
094RIPE
075ARIN
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090RIPE
091RIPE
092RIPE
095RIPE
074ARIN
073ARIN
070ARIN
069ARIN
101Reserved
100Reserved
099ARIN
096ARIN
117APnic
118APnic
121APnic
122APnic
102Reserved
103Reserved
098ARIN
097ARIN
116APnic
119APnic
120APnic
123APnic
105Reserved
104Reserved
109Reserved
110APnic
115APnic
114APnic
125APnic
124APnic
106Reserved
107Reserved
108ARIN
111APnic
112APnic
113APnic
126APnic
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014Reserved
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041AFRNic
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173ARIN
174ARIN
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186LACnic
180Reserved
183Reserved
184ARIN
187LACnic
179Reserved
178Reserved
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190LACnic
191Various
192Various
195RIPE
196AFRnic
197AFRINic
250Class E
251Class E
252Class E
255Class E
04/10/23 39
IPv4 Address Fractal Map - Today
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079RIPE
078RIPE
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077RIPE
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093RIPE
094RIPE
075ARIN
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090RIPE
091RIPE
092RIPE
095RIPE
074ARIN
073ARIN
070ARIN
069ARIN
101Reserved
100Reserved
099ARIN
096ARIN
117APnic
118APnic
121APnic
122APnic
102Reserved
103Reserved
098ARIN
097ARIN
116APnic
119APnic
120APnic
123APnic
105Reserved
104Reserved
109Reserved
110APnic
115APnic
114APnic
125APnic
124APnic
106Reserved
107Reserved
108ARIN
111APnic
112APnic
113APnic
126APnic
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014Reserved
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041AFRNic
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173ARIN
174ARIN
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186LACnic
180Reserved
183Reserved
184ARIN
187LACnic
179Reserved
178Reserved
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Reserved
176Reserved
177Reserved
190LACnic
191Various
192Various
195RIPE
196AFRnic
197AFRINic
250Class E
251Class E
252Class E
255Class E
04/10/23 40
IPv4 Address Fractal Map Jan-2010
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079RIPE
078RIPE
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077RIPE
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093RIPE
094RIPE
075ARIN
072ARIN
071ARIN
068ARIN
049Reserved
050Reserved
090RIPE
091RIPE
092RIPE
095RIPE
074ARIN
073ARIN
070ARIN
069ARIN
101Next
100Next
099ARIN
096ARIN
117APnic
118APnic
121APnic
122APnic
102Next
103Next
098ARIN
097ARIN
116APnic
119APnic
120APnic
123APnic
105Next
104Next
109Next
110APnic
115APnic
114APnic
125APnic
124APnic
106Next
107Next
108ARIN
111APnic
112APnic
113APnic
126APnic
059APnic
058APnic
005Reserved
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Reserved
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014Reserved
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Reserved
033US DoD
032AT&T
031Reserved
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Reserved
036Reserved
027Reserved
024Cable
023Reserved
020CsC
127Loopback
042Reserved
041AFRNic
038PSI
037Reserved
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173ARIN
174ARIN
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Reserved
182Reserved
185Reserved
186LACnic
180Next
183Next
184ARIN
187LACnic
179Next
178Next
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Reserved
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Next
176Next
177Next
190LACnic
191Various
192Various
195RIPE
196AFRnic
197AFRINic
250Class E
251Class E
252Class E
255Class E
04/10/23 41
IPv4 Address Fractal Map Jan-2011
Fra
ctal ma
p: Layou
t by R
and
all Mu
nroe
, Tim
e Se
quen
ce by To
ny Hain
, Hig
hlighted
by Jeff A
pcar
085RIPE
084RIPE
083RIPE
080RIPE
079RIPE
078RIPE
065ARIN
086RIPE
087RIPE
082RIPE
081RIPE
076ARIN
077RIPE
066ARIN
064ARIN
063ARIN
060APnic
067ARIN
062RIPE
061APnic
089RIPE
088RIPE
093RIPE
094RIPE
075ARIN
072ARIN
071ARIN
068ARIN
049Next
050Next
090RIPE
091RIPE
092RIPE
095RIPE
074ARIN
073ARIN
070ARIN
069ARIN
101Next
100Next
099ARIN
096ARIN
117APnic
118APnic
121APnic
122APnic
102Next
103Next
098ARIN
097ARIN
116APnic
119APnic
120APnic
123APnic
105Next
104Next
109Next
110APnic
115APnic
114APnic
125APnic
124APnic
106Next
107Next
108ARIN
111APnic
112APnic
113APnic
126APnic
059APnic
058APnic
005Next
004L3
003GE
000Reserved
056US Postal
057SITA
006US DoD
007ARIN
002Next
001Reserved
055US DoD
054Merck
009IBM
008L3
013Xerox
014Next
048Prudential
051UK DSS
052El duPONT
053Cap Debis
010Private
011US DoD
012AT&T
015HP
047Bell North
046Next
033US DoD
032AT&T
031Next
030US DoD
017Apple
016DEC
044Radio
045Interop
034Haliburton
035MERIT
028US DoD
029US DoD
018MIT
019Ford
043Inet
040Eli Lily
039Next
036Next
027Next
024Cable
023Next
020CsC
127Loopback
042Next
041AFRNic
038PSI
037Next
026US DoD
025UK Defense
022US DoD
021US DoD
149Various
148Various
150Various
151Various
153Various
152Various
154Various
155Various
147Various
144Various
146Various
145Various
157Various
158Various
156Various
159Various
165Various
164Various
166Various
169Various
170Various
167Various
168Various
171Various
163Various
160Various
162Various
161Various
173ARIN
174ARIN
143Various
142Various
140Various
141Various
139Various
136Various
138Various
137Various
129Various
128Various
130Various
135Various
134Various
131Various
132Various
133Various
181Next
182Next
185Next
186LACnic
180Next
183Next
184ARIN
187LACnic
179Next
178Next
189LACnic
188Various
213RIPE
214US DoD
217RIPE
218APnic
212RIPE
215US DoD
216ARIN
219APnic
211APnic
210APnic
221APnic
220APnic
208ARIN
209ARIN
222APnic
223Next
229Multicast
228Multicast
227Multicast
224Multicast
230Multicast
231Multicast
226Multicast
225Multicast
233Multicast
232Multicast
237Multicast
238Multicast
234Multicast
235Multicast
236Multicast
239Multicast
207ARIN
204ARIN
203APnic
202APnic
206ARIN
205ARIN
200LACnic
201LACnic
245Class E
246Class E
244Class E
247Class E
243Class E
242Class E
240Class E
241Class E
192RIPE
194RIPE
199ARIN
198Various
249Class E
248Class E
253Class E
254Class E
172Various
175Next
176Next
177Next
190LACnic
191Various
192Various
195RIPE
196AFRnic
197AFRINic
250Class E
251Class E
252Class E
255Class E
04/10/23 42
Wide Area NetworkAs a Layer 3 Service• The prevalent solution
– Service offered by a Service Provider (SP)– Transfer IP packets from your site to another site
• Customers does not care about routing– Looks like the Internet but more € but with quality defined (see later)– Typical technology: MPLS (also called IP service)
SP Layer 3Services
SP managesLayer 1: cableLayer 2: Ethernet or ...Layer 3: addressing and routingEasier for enterpriseFixed budget...... But you loose control
04/10/23 43
Wide Area NetworkLayer 3 Service or In House Network?
SP Layer 3Services
04/10/23 44
Layer 3 ServicePros and Cons
• Pros– Outsource the WAN to SP: no more CAPEX, reduce OPEX– Easier to deploy– Easier international WAN
• Specially in weird countries
• Cons– Lost of network ownership
• Could be impossible for some business
– Need to check quality of delivered service (SLA see later)• NB: the cost is not a deal breaker usually
04/10/23 45
What about Congestion?
• Congestion: too many packets arriving in a too many packets arriving in a router/switchrouter/switch– Specially when input throughput > output throughput– Routers/switches will store the peak in memory
• Issue: packets wait in queue, longer delay
– Memory exhausted? dropping packets• Issue: packets are lost forever (hence the need of TCP for
retransmission)
ADSL Router
100 Mbps =100.000 pps
1 Mbps =1.000 pps
04/10/23 46
Quality of Service: QoS
• QoS is a sense of quality for packet transfer– Packet loss: due to congestion or frame corruption (rare)– Latency (or delay): the time to transfer data from source
to destination– Jitter: variation of the delay (see next slide)
04/10/23
Delay Variation—“Jitter”
t
t
Sender Transmits
B Receives
C B A
C B A
d1d2
D1 = d1D2 = d2Jitter
04/10/23 48
How to Guarantee QoS?
• Classify & mark– Each IP packet is marked with its priority (precedence)
• The is a byte reserved for it in IP packet• By the host• By a network device based on TCP/UDP ports
• Enforce– Make different queues: routine, normal, priority, ...– In case of congestion
• Drop packets from routine queue• Always process priority packets first
– Think about fire trucks in traffic jam
04/10/23 49
CampusBackbone
MultimediaTrainingServers
Order Entry, Order Entry, Finance, Finance,
ManufacturingManufacturing
FinanceManager
RemoteCampus
QoS in Action
Classification
Classification
Enforcement
04/10/23 50
Service Level Agreement: SLA
• This is the contract between– A customer– A provider
• About– Penalties (discount) when SLA not met– Quality of service:
• Data traffic: packet loss, latency, jitter• Availability:
– 99,999% availability is 5 minutes down per year– Maintenance window (scheduled network down) don’t count
• Change request: time to establish a new circuit
Never forget to put SLA in any service
Never forget to put SLA in any service
The Security Impact
04/10/23 52
100% Security
“
”
The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a
concrete bunker, and is surrounded by nerve gas and very highly
paid armed guards. Even then, I wouldn’t stake my life on it….
Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University
04/10/23 53
Risk Assessment in 2006
In the 2004 CSI/FBI survey (481 US organizations):
Over 52% reported security breaches.
Reported security incidents totaled losses over $52 million. in decrease Highest source of loss was virus – over $15 million alone followed by unauthorized use $10 million.Of the top causes of loss, insider misuse of resources was in top 3.
-Source: CSI/FBI 2006 Computer Crime & Security Survey
04/10/23 54
Insiders…
“
”
Over 75% of hacking is done by insiders and it’s easy to see why. The person on
the inside is on the right side of the firewall—they know the computer
systems and they have access to the passwords
Neil Barrett, Bull Information Systems,
‘Computer Crime Fighter’—Personal Computer World, Feb 1999
04/10/23 55
Regulations and Compliance...
• EU directives on data protection & privacy– Identity Theft legislation, Personal Data Protection (Directive 95/46/EC on the
protection of personal data)
• Sarbanes Oaxley– Mainly for US companies (listed on Wall Street)– But also for their WW partners
• Section 302 requires CEO and CFO to make quarterly and annual certifications regarding company’s internal control over financial reporting.
• Section 404 requires management assessment and audit report regarding management’s assessment.
• Basel II• Payment Card Industry Data Security Standard: PCI DSS• Even ISO 27001 (or BS 7799)
04/10/23 56
Facts about PCI DSS• Published January 2005
– v1.1 released Sept 7, 2006– All new audits must use v.1.1
• Impacts ALL who– Process– Transmit– Store: cardholder data
• Developed by MasterCard and Visa, endorsed by other brands
• Global reach– Account Information Security
(AIS) regulation outside of US
Payment Card Industry Data Security Standard
January 2005
04/10/23 57
The Principles of Security: C I A
I
C
A
Confidentiality- Ability to ensure secrecy
Availability-Of service-Of data
Integrity- Ability to ensure asset/data in not modified
security
04/10/23
Attack against Confidentiality
telnet foo.bar.orgusername: danpassword:
m-y-p-a-s-s-w-o-r-d d-a-n
04/10/23
Attack on Integrity
BankCustomer
Deposit $1000 in Bob’s Account
Deposit $900 inMallet’s Account
and $100 inBob’s Account
04/10/23 60
Attacks of Integrity: Web Defacing
04/10/23
Denial of Service (DoS)
Prevents authorised peoplefrom using a service
04/10/23 62
Handling Risk…
• Transfer: to an insurance company• Reduce: implement countermeasure(s)
– Also called controls
• Rejecting/Ignoring: foolish…• Accepting: when cost of CM does not make sense
04/10/23 63
Controls
• Administrative controls– Policies, standards, procedures– Screening personnel, education
• Technical controls– Access control, encryption, security devices
• Physical controls– Facility protection, security guards, locks, monitoring,
intrusion detection
• All the above to protect company assetsAll the above to protect company assets
04/10/23 64
Technical Control:Access Control
• SubjectSubject– Active entity– Request access – E.g.: users, program, process, …
• Object:Object:– Passive entity– Contain information or other objects– E.g.: computer, disk, file, …
• Access:Access:– Flow of information between subject and object
• Access Control:Access Control:– Mechanisms to control the access
04/10/23 65
Access ControlId, Authen, Author, Account
• Consecutive steps for access control1. Identification: who are you ?
2. Authentication: prove it !
3. Authorization: what can you do ?
4. Accounting/Auditing: what have you done ?(after the object access)
• Sometimes called AAAAAA for Authentication, Authorization and Accounting
04/10/23 66
Technical Control:Cryptography
• The science of hiding a message
Plaintext:Hello
Plaintext:Hello
Encryption Decryption
Ciphertext:%z$*@
Encryption keys
04/10/23 67
Some Words on Cryptography
• Encryption/decryption– mathematical functions with 2 parameters
• Message (plain text or cipher text)• Key
– Strength: linked to function and size of key– Two classes of crypto systems
• Symmetric crypto systems: encryption key = decryption key• Asymmetric crypto systems: encryption key ≠ decryption key
04/10/23 68
Technical ControlsMore Words on Crypto
• Symmetric cryptosystems– Current minimum key size: 128 bits– Examples: AES (from Belgium), RC4– Very fast: 1 Gbps– Issue: how can we safely share a key?
• Asymmetric cryptosystems– Current minimum key size: 2048 bits– Examples: RSA– Very slow: 100 kbps– No shared key, easy to deploy– Mainly used for signatures (non reputable proof of origin) or for
authentication (who you are)
04/10/23 69
Crypto on Networks
• IPsec– Used to encrypt all IP packets between two routers/hosts– Virtual Private Network (VPN)
• Linking remote branches over the public Internet• Linking a remote user over the public Internet
• Secure Session Layer (SSL)– Used to encrypt a single TCP (like HTTP) connection
• https:// allows for e-commerce• Also used for remote user over the public Internet
Cryptography alone is NEVER ENOUGH to guarantee security!
Cryptography alone is NEVER ENOUGH to guarantee security!
04/10/23 70
Technical ControlsPerimeter Security and Firewalls
• Security often relies on segregation of security domains– Trusted– Untrusted: Internet, …
• Trusted domains are protected by a perimeter– Hence the term of security perimeter
• When a point of passage between domains is required– Firewall: security policy enforcement
04/10/23 71
Technical ControlsSecurity Perimeter
Trusted Zone
Untrusted Zone
firewall
04/10/23
Technical ControlsUsual Firewall Locations
Internet
intranet Partner XPartner Y
HR Network Source: Cisco Systems
04/10/23 73
Technical Controls: FirewallsDeep Packet Inspection
• More and more protocols run over HTTP– SOAP (= XML over HTTP)– …
• Security policy must be enforced for those new protocols need to also inspect the payload of HTTP
• This is called Deep Packet Inspection
Impact of Voice
04/10/23 75
Why Voice over IP?
• Before voice had a separated network• If voice is over IP then
– Single network to operate (or to outsource)– Toll by-pass:
• Data communication is usually cheaper than voice communication
– More functions in phones• Video
• User directory
– Data and voice applications can merge• Voice mail
• Web conferencing
• Customer Relation Management systems
04/10/23 76
Voice PayloadVoice Payload
Voice PayloadRTP
Voice PayloadRTPUDP
Voice PayloadRTPUDPIP
1. Transform usual voice (analog) in digital with CODEC2. Cut voice in small chunks3. Transport those chunks over IP
Voice in an IP Packet
04/10/23 77
Analog Audio Source
= 0101
G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0
EverythingIs Bits
EverythingIs Bits
SampleCompandQuantizeEncode
Frame
4000 HzAnalogSignal
=Sample 8,000/secNyquist Frequency
Quantize 256 StepsUsing 8 Bits
DS064 Kbps
What Is a CODEC?Analog to Digital Conversion
04/10/23 78
IP Telephony vs. Voice over IP
• IP telephony is a super-set of services over IP– Pure Voice over IP transport– Conferencing– Voice mail– ...
04/10/23 79
Network Requirements for Voice
• Power over the Ethernet– No need for power cord for the phone
• Quality of service– Voice is delay sensitive (< 150 msec)
• Other issue– Relationships between
• Network department• Voice department
04/10/23 80
The Skype Service
• P2P based VoIP software• Founded by the founders of
Kazaa• Can be downloaded free at:
– http://www.skype.com• Services
– Both paid and free services available
– Free- Instant Messaging- Voice and Video communication (PC to PC)
A typical Skype user interface
04/10/23 81
Skype Architecture
Hierarchical P2P architecture but involves a central Skype authority for registration and certification services
Skype Architecture: Normal peers, super nodes, and centralized Skype server
04/10/23 82
Should You Use Skype?
• If you can answer yes to four questions:
– Are you willing to circumvent the perimeter controls of your network?
– Do you trust the Skype developers to implement security correctly (being closed-source)?
– Do you trust the ethics of the Skype developers?
– Can you tolerate the Skype network being unavailable?
Impact of Virtualization
04/10/23 84
What is Virtualization
• Separation of location and services– Services can run anywhere– Users cannot see the difference
• Corollary– Several services in the same location
04/10/23 85
“[Virtualization is] a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource.”
Mann, Andi, Virtualization 101
Enterprise Management Associates (EMA)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85BRKDCT-187014484_04_2008_c2
04/10/23 86
Why Virtualization
• Flexibility– Can add a new server/service in less than 1 second– Can move a service to a better server
• Being faster, more secure, cheaper
• Cost efficiency– Share a physical €€€ server by several application
• Green– No need to power 10 servers for 10 services if all 10
services can run on a single server
04/10/23 87
“By 2008, 50% of Today’s Data Centers Will Have Insufficient Power and Cooling Capacity to Meet the Demands of High-Density Equipment”
Data Center Trends
Days to Deploy Applications
Server/Storage Utilization
Annual Storage Growth
DC Records Retention (Years)
DC Power and Cooling Costs
Data Center Operations
Source: Gartner, 2008
60–180
< 25%
40–400%
7–10
~ 25–30%
> 30%
04/10/23 88
Data Center Virtualization
• Enables consolidation or sharing of physical assets to increase utilization Reduces physical devices and cabling, space,
power, and cooling
Enables rapid deployment and redeployment of resources to meet business objectives
04/10/23 89
Consolidation of physical SANs
Improved storage utilization
Greater flexibility
Storage Virtualization
Consolidation of physical servers
Improved server utilization
Greater flexibility
Server Virtualization
Network Virtualization
Data Center Virtualization
• Consolidation of physical networks
• Greater flexibility
• Improved capacity utilization
OS
App
Hypervisor
OS
App
OS
App
OS
App
OS
App
NetworkVirtualization
Storage Virtualization
Server Virtualization
04/10/23 90
Network Virtualization
• The basis of other virtualization– Virtual LAN: sharing an Ethernet switch for several
independent LAN– Virtual Private Network (VPN) sharing a WAN
infrastructure among several independent WAN
04/10/23 91
Storage Virtualization
• Network Attached Storage– Attaching a hard-disk to ONE computer via USB/Network– NOT a real virtualization: computer is aware of the
remote disk
• Storage Area Network (SAN)– Attaching hard-disk to SEVERAL computers via network– Virtualization because computers are unaware of the
disks being remote– Network must be really fast: Infiniband or Fibre Channel
04/10/23 92
Why SAN?
• Virtualization allows– Sharing disk– Adding storage easily without disruption– Single place for all storage
• Easier to secure• Easier to take back-up
– Storage is no more local to the computer• Can move the computer and keep the same disk• Important when the computer becomes virtual
04/10/23 93
Storage Volume Virtualization
• Adding more storage requires administrative changes
• Administrative overhead, prone to errors
• Complex coordination of data movement between arrays
Target
SANFabric
Initiator
Initiator Target
04/10/23 94
SANFabric
Storage Volume Virtualization
• A SCSI operation from the host is mapped in one or more SCSI operations to the SAN-attached storage
• Zoning connects real initiator and virtual target or virtual initiator and real storage
• Works across heterogeneous arrays
Virtual Volume2
Virtual Target 1
VSAN_10
Virtual Volume1
Virtual Target 2
VSAN_20
Virtual Initiator
VSAN_30
Virtual Initiator
VSAN_30
Initiator VSAN_20
Initiator VSAN_10
04/10/23 95
Server Virtualization
• Multiple Computers inside a Computer– Guest OS can be different than host OS– Guest machines are isolated by default
CPU
mem
ory
Modified Stripped Down OS with
Hypervisor
Guest OS
App
VM
CPU
mem
ory
Host OS
VM
Hypervisor
VMware Microsoft
Guest OS
App
Guest OS
App
Guest OS
App
04/10/23
VMware Virtualization Layer
Virtual Server Migration
• VMotion, aka VM Migration allows a VM to be reallocated on a different Hardware without having to interrupt service.
• Downtime in the order of few milliseconds to few minutes, not hours or days
• Can be used to perform Maintenance on a server,
• Can be used to shift workloads more efficiently
VMware Virtualization LayerOS OS C
on
so
leO
S
OS
App. App. App.
CPUm
emory
CPUm
emory
Co
ns
ole
OS
Hypervisor Hypervisor
How to Deploy a Network?
Or the right questions to be asked?
04/10/23 98
Basic Networking
• IPv6 Readiness• Addressing (mainly technical)
– Use of DHCP?– Important for mobile user
• Routing (mainly technical)
04/10/23 99
Levels of Security
• Does the security policy include network?• Risk management: assets, confidentiality
requirements– Specific requirements for some business: Basel II, PCI
• Which are my security domains?– HR – Sales?– Guests– What about contractors?
04/10/23 100
QoS
• Do you need QoS in your network?– Probably for IP telephony
• What are my critical application?– ERP?– Emails?– Back-up?
04/10/23 101
High Availability
• Availability is usually important• Redundancy
– Hot or cold standby?– Redundant links?– Redundant Service Providers?
• What are your disaster recovery procedure?
04/10/23 102
Open Standards
• Pros– Competition means lower price– Can switch vendors easily
• Cons– Having multiple vendors cost a lot of € (training the
operators and users)– Lagging (not leading edge)
• Be prepared for some compromise– But ask your vendor for commitment to support future
standards
04/10/23 103
Future Proof...
• Find the balance between– Proven technologies: but obsolete in a few years
• Think IPv4 vs. IPv6
– Leading edge technos: but unstable and expensive
04/10/23 104
Operation Cost
• Cheap to buy ≠ cheap to run
04/10/23 105
Outsourcing Network
• Pros– Reduces CAPEX– Improves balance sheet
• Cons– Your business relies on another party (could go bankrupt
or be acquired by competitor)– Less flexibility– Long process cycle
• Never forget about SLA in the contract
04/10/23 106
Outsourcing Web Portal
• Pros– Learning curve pretty small– Cheaper (CAPEX & OPEX)– More secure (no link to your real data)
• Cons– Less control– No access to your life data
• No e-business
04/10/23 107
Green Impact
• A tornado since early 2008• Sometime a simple excuse to reduce cost• Power consumption
– Faster means more power means more cooling...– Data Center location is no more based on salary but
power stability & price– Turn off devices when not in use: RFID, electronics, ...– Reduce consumption => slower device?– SHARE equipment: importance of virtualization
04/10/23 108
End
THE END
