Beruflich Dokumente
Kultur Dokumente
Note to instructors
If you have downloaded this presentation from the Cisco Networking
Academy Community FTP Center, this may not be my latest version of this PowerPoint. For the latest PowerPoints for all my CCNA, CCNP, and Wireless classes, please go to my web site: http://www.cabrillo.cc.ca.us/~rgraziani/ The username is cisco and the password is perlman for all of my materials. If you have any questions on any of my materials or the curriculum, please feel free to email me at graziani@cabrillo.edu (I really dont mind helping.) Also, if you run across any typos or errors in my presentations, please let me know. I will add (Updated date) next to each presentation on my web site that has been updated since these have been uploaded to the FTP center. Thanks! Rick
Rick Graziani graziani@cabrillo.edu 2
Objectives
This module explores the evolution and extension of IPv4, including the key scalability features that engineers have added to it over the years: Subnetting Classless interdomain routing (CIDR) Variable length subnet masking (VLSM) Route summarization Finally, this module examines advanced IP implementation techniques such as the following: IP unnumbered Dynamic Host Configuration Protocol (DHCP) Helper addresses
Rick Graziani graziani@cabrillo.edu 3
A few notes
The following slides are NOT from the online curriculum. However, they do cover the same topics, just with different examples.
No medium size host networks In the early days of the Internet, IP addresses were allocated to
organizations based on request rather than actual need.
Rick Graziani graziani@cabrillo.edu 6
Class D Addresses A Class D address begins with binary 1110 in the first octet. First octet range 224 to 239. Class D address can be used to represent a group of hosts called a host group, or multicast group.
Class E Addresses First octet of an IP address begins with 1111 Class E addresses are reserved for experimental purposes and should not be used for addressing hosts or multicast groups.
Rick Graziani graziani@cabrillo.edu 7
IP addressing crisis
IPv4 Addressing
Subnet Mask One solution to the IP address shortage was thought to be the subnet mask. Formalized in 1985 (RFC 950), the subnet mask breaks a single class A, B or C network in to smaller pieces.
Network Network
Subnet
Host
But internal routers think all these addresses are on different networks, called subnetworks
10
Subnet Example
Network Network Subnet Host
11
The use of the all-ones subnet has always been explicitly allowed and the use
of subnet zero is explicitly allowed since Cisco IOS version 12.0.
RFC 1878 states, "This practice (of excluding all-zeros and all-ones subnets) is obsolete! Modern software will be able to utilize all definable networks." Today, the use of subnet zero and the all-ones subnet is generally accepted and most vendors support their use, though, on certain networks, particularly the ones using legacy software, the use of subnet zero and the all-ones subnet can lead to problems.
CCO: Subnet Zero and the All-Ones Subnet http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a 0080093f18.shtml
Rick Graziani graziani@cabrillo.edu 12
If you need a Review of Subnets, please review the following links on my web site: Subnet Review (PowerPoint) Subnets Explained (Word Doc)
13
IP v6, or IPng (IP the Next Generation) uses a 128-bit address space, yielding 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses. IPv6 has been slow to arrive IPv4 revitalized by new features, making IPv6 a luxury, and not a desperately needed fix IPv6 requires new software; IT staffs must be retrained IPv6 will most likely coexist with IPv4 for years to come. Some experts believe IPv4 will remain for more than 10 years.
14
15
http://bgp.potaroo.net/
Rick Graziani graziani@cabrillo.edu 17
Without CIDR, a router must maintain individual routing table entries for these class B networks.
With CIDR, a router can summarize these routes into eight networks by using a 13-bit prefix: 172.24.0.0 /13
Steps: 1. Count the number of left-most matching bits, /13 2. Add all zeros after the last matching bit: 172.24.0.0 = 10101100 00011000 00000000 00000000
Rick Graziani graziani@cabrillo.edu 19
ISP/NAP Hierarchy - The Internet: Still hierarchical after all these years. Jeff Doyle (Tries to be anyways!)
NAP (Network Access Point)
ISP
ISP
ISP
ISP
ISP
ISP
ISP
ISP
Subscribers
Subscribers
Subscribers
Subscribers
Subscribers
Subscribers
Subscribers
Subscribers
21
Supernetting Example
Company XYZ needs to address 400 hosts. Its ISP gives them two contiguous Class C addresses:
207.21.54.0/24 207.21.55.0/24 Company XYZ can use a prefix of 207.21.54.0 /23 to supernet these two contiguous networks. (Yielding 510 hosts) 207.21.54.0 /23 207.21.54.0/24 207.21.55.0/24
23 bits in common
22
Supernetting Example
With the ISP acting as the addressing authority for a CIDR block of addresses, the ISPs customer networks, which include XYZ, can be advertised among Internet routers as a single supernet.
23
200.199.56.0/23
Even Better: 200.199.48.32/27 11001000 11000111 00110000 0 0100000 200.199.48.64/27 11001000 11000111 00110000 0 1000000 200.199.48.96/27 11001000 11000111 00110000 0 1100000 200.199.48.0/25 11001000 11000111 00110000 0 0000000 (As long as there are no other routes elsewhere within this range, well)
200.199.56.0/24 200.199.57.0/24 200.199.56.0/23 11001000 11000111 0011100 0 00000000 11001000 11000111 0011100 1 00000000 11001000 11000111 0011100 0 00000000
25
200.199.56.0/23
11001000 11000111 0011 0000 00000000 11001000 11000111 0011 0001 00000000 11001000 11000111 0011 1000 00000000 11001000 11000111 0011 0000 00000000
20 bits in common
26
CIDR Restrictions
Dynamic routing protocols must send network address and mask
(prefix-length) information in their routing updates. In other words, CIDR requires classless routing protocols for dynamic routing. However, you can still configure summarized static routes, after all, that is what a 0.0.0.0/0 route is.
27
172.16.5.0/24
Quito
Cartago
172.16.2.0/24 172.16.10.0/24
29
Limitation of using only a single subnet mask across a given network-prefix (network address, the number of bits in the mask) was that an organization is locked into a fixed-number of of fixed-sized subnets. 1987, RFC 1009 specified how a subnetted network could use more than one subnet mask. VLSM = Subnetting a Subnet If you know how to subnet, you can do VLSM!
30
10
10 10 10 10 10 10
Host
Subnet 0 1 2 255
Host
Host Host Host Host Host Host
Host
Host Host Host Host Host Host
Subnetting a /8 subnet using a /16 mask gives us 256 subnets with 65,536 hosts per subnet. Lets take the 10.2.0.0/16 subnet and subnet it further
31
10 10 10
2 2 2
Host Subnet 0
10 10 10
2 2 2
1 255
Note: 10.2.0.0/16 is now a summary of all of the 10.2.0.0/24 subnets. Summarization coming soon!
32
10.2.0.0/16 sub-subnetted using /24 Subnet 1st host Last host Broadcast 10.2.0.0/24 10.2.0.1 10.2.0.254 10.2.0.255 10.2.1.0/24 10.2.1.1 10.2.1.254 10.2.1.255 10.2.2.0/24 10.2.2.1 10.2.2.254 10.2.2.255 Etc. 10.2.255.0/24 10.2.255.1 10.2.255.254 10.2.255.255 10.3.0.0/16 Etc. 10.255.0.0/16 10.3.0.1 10.3.255.254 10.0.255.255
10.3.0.0/16
10.2.6.0/24 10.4.0.0/16 10.5.0.0/16 10.8.0.0/16 10.2.8.0/24
10.2.3.0/24
10.2.5.0/24
10.6.0.0/16
10.2.4.0/24
Your network can now have 255 /16 subnets with 65,534 hosts each AND 256 /24 subnets with 254 hosts each. All you need to make it work is a classless routing protocol that passes the subnet mask with the network address in the routing updates. Classless routing protocols: RIPv2, EIGRP, OSPF, IS-IS, BGPv4 (coming)
Rick Graziani graziani@cabrillo.edu 34
This network has seven /27 subnets with 30 hosts each AND eight /30 subnets with 2 hosts each. /30 subnets are very useful for serial networks.
Rick Graziani graziani@cabrillo.edu 35
207.21.24. 11000000 /30 207.21.24. 110 00000 207.21.24. 110 00100 207.21.24. 110 01000 207.21.24. 110 01100 207.21.24. 110 10000 207.21.24. 110 10100 207.21.24. 110 11000 207.21.24. 110 11100
Hosts Bcast 01 10 11 01 10 11 01 10 11 01 10 11 01 10 11 01 10 11 01 10 11 01 10 11
2 Hosts .193 & .194 .197 & .198 .201 & .202 .205 & .206 .209 & .210 .213 & .214 .217 & .218 .221 & .222
36
207.21.24.192/30 207.21.24.96/27
207.21.24.196/30
207.21.24.208/30 207.21.24.200/30
207.21.24.160/27
207.21.24.224/27
207.21.24.32/27
207.21.24.0/27
This network has seven /27 subnets with 30 hosts each AND seven /30 subnets with 2 hosts each (one left over). /30 subnets with 2 hosts per subnet do not waste host addresses on serial networks .
Rick Graziani graziani@cabrillo.edu 37
Displays one subnet mask for all child routes. Classful mask is assumed for the parent route.
4 subnets connected, connected, connected, connected,
Routing Table with VLSM RouterX#show ip route 207.21.24.0/24 is variably subnetted, 4 subnets, 2 masks C 207.21.24.192 /30 is directly connected, Serial0 C 207.21.24.196 /30 is directly connected, Serial1 C 207.21.24.200 /30 is directly connected, Serial2 C 207.21.24.96 /27 is directly connected, FastEthernet0
Each child routes displays its own subnet mask. Classful mask is included for the parent route.
Parent Route shows classful mask instead of subnet mask of the child routes.
Each Child Routes includes its subnet mask.
Rick Graziani graziani@cabrillo.edu 38
Whenever possible it is best to group contiguous routes together so they can be summarized (aggregated) by upstream routers. (coming soon!)
Even if not all of the contiguous routes are together, routing tables use the longest-bit match which allows the router to choose the more specific route over a summarized route. Coming soon!
You can keep on sub-subnetting as many times and as deep as you want to go. You can have various sizes of subnets with VLSM.
39
Route flapping
Route flapping occurs when a router interface alternates rapidly between the up and down states. Route flapping, and it can cripple a router with excessive updates and recalculations. However, the summarization configuration prevents the RTC route flapping from affecting any other routers. The loss of one network does not invalidate the route to the supernet. While RTC may be kept busy dealing with its own route flap, RTZ, and all upstream routers, are unaware of any downstream problem. Summarization effectively insulates the other routers from the problem of route Rick flapping. Graziani graziani@cabrillo.edu 40
41
If addressing any of the following, these private addresses can be used instead of globally unique addresses: A non-public intranet A test lab A home network Global addresses must be obtained from a provider or a registry at some expense.
Rick Graziani graziani@cabrillo.edu 42
Discontiguous subnets
discontiguous subnets. Not the main cause however Discontiguous subnets, are subnets from the same major network that are separated by a completely different major network or subnet.
Question: If a classful routing protocol like RIPv1 or IGRP is being used, what do the routing updates look like between Site A router and Site B router?
43
Discontiguous subnets
Classful routing protocols, notably RIPv1 and IGRP, cant support discontiguous subnets, because the subnet mask is not included in routing updates. RIPv1 and IGRP automatically summarize on classful boundaries. Site A and Site B are all sending each other the classful address of 207.21.24.0/24. A classless routing protocol (RIPv2, EIGRP, OSPF) would be needed:
to not summarize the classful network address and to include the subnet mask in the routing updates.
Rick Graziani graziani@cabrillo.edu 44
Discontiguous subnets
RIPv2 and EIGRP automatically summarize on classful boundaries. When using RIPv2 and EIGRP, to disable automatic summarization (on both routers): Router(config-router)#no auto-summary SiteB now receives 207.21.24.0/27 SiteB now receives 207.21.24.32/27
45
46
NAT: Network Address Translatation NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. In practice, NAT is used to allow hosts that are privately addressed to access the Internet.
47
2.2.2.2 TCP Source Port 1923 2.2.2.2 TCP Source Port 1924
NAT translations can occur dynamically or statically. The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same global address. This is sometimes called a many-to-one NAT. With PAT, or address overloading, literally hundreds of privately addressed nodes can access the Internet using only one global address. The NAT router keeps track of the different conversations by mapping TCP and UDP port numbers. Rick Graziani graziani@cabrillo.edu
48
Using IP unnumbered
There are certain drawbacks that come with using IP unnumbered: The use of ping cannot determine whether the interface is up because the interface has no IP address. A network IOS image cannot boot over an unnumbered serial interface. IP security options cannot be supported on an unnumbered interface.
Rick Graziani graziani@cabrillo.edu 49
DHCP
DHCP overview DHCP operation Configuring IOS DHCP server Easy IP
50
DHCP overview
DHCP operation
The client sends a DHCPREQUEST broadcast to all nodes. If the client finds the offer agreeable, it will send another broadcast. This broadcast is a DHCPREQUEST, specifically requesting those particular IP parameters. Why does the client broadcast the request instead of unicasting it to the server? A broadcast is used because the very first message, the DHCPDISCOVER, may have reached more than one DHCP server. After all, it was a broadcast. If more than one server makes an offer, the broadcasted DHCPREQUEST lets the servers know which offer was accepted, which is usually the first offer received.
52
More options
53
54
Easy IP
55
56
57
Broadcast
Unicast
To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands: RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.9
Rick Graziani graziani@cabrillo.edu 58
Broadcast
Unicast
Helper address configuration that relays broadcasts to all servers on the segment.
Directed Broadcast
Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses. However, the output shows that for this interface, directed broadcast forwarding is disabled. This means that the router will not convert the logical broadcast 172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF. To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will need to be configured to forward directed broadcasts with the following command:
60
L3 Broadcast
L2 Broadcast
Helper address configuration that relays broadcasts to all servers on the segment. RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.255 RTA(config)#interface e3 RTA(config-if)#ip directed-broadcast
Rick Graziani graziani@cabrillo.edu 61
It will not be easy for organizations deeply invested in the IPv4 scheme to migrate to a totally new architecture. As long as IPv4, with its recent extensions and CIDR enabled hierarchy, remains viable, administrators will shy away from adopting IPv6. A new IP protocol requires new software, new hardware, and new methods of administration. It is likely that IPv4 and IPv6 will coexist, even within an autonomous system, for years to come.
Rick Graziani graziani@cabrillo.edu 62
IPv6
Three general types of addresses exist: Unicast An identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address. Anycast An identifier for a set of interfaces that typically belong to different nodes. A packet sent to an anycast address is delivered to the nearest, or first, interface in the anycast group. Multicast An identifier for a set of interfaces that typically belong to different nodes. A packet sent to a multicast address is delivered to all interfaces in the multicast group.
Rick Graziani graziani@cabrillo.edu 63
IPv6
64
IPv6
IP v6, or IPng (IP the Next Generation) uses a 128-bit address space, yielding 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses.
65
Summary
This module described how all of the following could enable more efficient use of IP addresses: Subnet masks VLSMs Private addressing Network address translation (NAT)
66