advanced ip networking series• public vs private: integrating nat • subnetting for performance,...
TRANSCRIPT
![Page 1: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/1.jpg)
Advanced IP Networking Series: “Addressing The Network of Networks“
Wayne M. Pecena, CPBE, CBNE Texas A&M University
Office of Information Technology
Educational Broadcast Services
![Page 2: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/2.jpg)
Advanced IP Networking Series: “Addressing The Network of Networks “
• The Quick IP Networking Fundamentals Review
• IPv4 Addressing Fundamentals
• Public vs Private: Integrating NAT
• Subnetting for Performance, Security, & Policy
• Developing an IP Addressing Plan
• Summary - Takaways
• Plus Bonus Material: CBNE Study Topics: IPv6 Basics
2
Advertised Webinar Scope: Part 4 of the Advanced IP Networking Webinar series continues with “Addressing the Network of Networks”. This webinar will build upon the previous webinars in this series by developing an IP addressing scheme for the segmented or layer network architecture developed throughout the series. A focus upon efficient use of public IPv4 address space will be provided in addition to integration of private IPv4 address space.
Prerequisite Knowledge: Attendees should have knowledge of IP networking concepts that includes OSI Layers 1-3, Ethernet switching, IP routing, and VLAN
principals.
WEBINAR OUTLINE:
![Page 3: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/3.jpg)
The Quick IP Networking
Fundamentals Review
3
![Page 4: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/4.jpg)
5 Things Required To Build a Network
• Send Host
• Receive Host
• Message or Data to Send Between Hosts
• Media to Interconnect Hosts
• Protocol to Define How Data is Transferred
Protocols
Send Host Receive Host
MediaMedia
DATA
![Page 5: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/5.jpg)
Open Systems Interconnection “OSI” Model
5
Application
Session
Presentation
Transport
Physical
Data Link
Network
7
5
6
4
1
2
3
User Application Interaction
Tracks User Sessions
Inter-Host Communications
Standardizes Data Encoding/Decoding/
Compression/Encryption
Manages End-End Connections:
TCP, UDP, & Flow Control
Interfaces to Physical Network, Moves Bits Onto &
Off Network Medium
Provides Network Access Control, Physical
Address (MAC), & Error Detection
Provides Internetwork Routing (path)
Provides Virtual Addressing (IP)
![Page 6: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/6.jpg)
The OSI Model Expanded
6
Application
Session
Presentation
Transport
Physical
Data Link
Network
7
5
6
4
1
2
3
BITS
(data stream)
SEGMENT
PACKET
(Datagram)
FRAME
PORT
IP
ADDRESS
MAC
ADDRESS
SESSION ID
Layer AddressingPDU
![Page 7: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/7.jpg)
Encapsulation Data is “Encapsulated” As It Travels Through the “Stack” From Application
7
![Page 8: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/8.jpg)
The Protocol Data Unit
8
Source PortDestination
PortData
Destination IP Protocol Segment
EtherType
Packet
Source IP
SourceMAC
DestinationMAC
FCS
11010011010111101100101010010001000010101010101000011111111
Segment
Packet
Frame
Bit
“Some
People
Fear
Birthdays”
![Page 9: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/9.jpg)
Layer 2 Standards:
• Project 802 Ethernet Standards:
– 802.1 Bridging
– 802.3 Ethernet
– 802.11 Wireless
9
http://standards.ieee.org/about/get/
![Page 10: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/10.jpg)
Layer 3 Standards:
• Request for Comments – RFC’s
– The “Standards Bible” of the Internet
– Explains All Aspects of IP Networking
10
www.rfc-editor.org/rfc.html
![Page 11: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/11.jpg)
3 Types of IP Packets on an IPv4 Network
• Unicast
– One Send Host TO One Receive Host
• Broadcast
– One Send Host TO ALL Hosts on the Network (within the Broadcast Domain)
• Multicast
– One Send Host TO Specific Hosts (group)
11
![Page 12: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/12.jpg)
Layer 2 & Layer 3 Addressing
• Each Host on an Ethernet Based IP Network Has:
• An Unique MAC Address – Layer 2 Physical Address (local network segment)
• An Unique IP Address – Layer 3 Logical Address (global routed)
172.15.1.1 172.15.2.2 DATA Trailer00:12:3F:8D:4D:A7FF:FF:FF:FF:FF:FF
Destination
MAC
Source
MAC
Destination
IP
Source
IP
IP Packet
Ethernet Frame
Simplified Representation
![Page 13: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/13.jpg)
IPv4 Address Classes “32 Bit Doted Decimal Notation”
IPv4 Provides 232 or 4,294,967,296 IP Addresses
13
![Page 14: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/14.jpg)
IPv4 Header
14
VersionPriority / Type of
ServiceLength Total Length
Identification OffsetFlags
Time to Live Protocol Header Checksum
Source IP Address
Options
Payload Data
Destination IP Address
32 bits
20
Bytes
![Page 15: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/15.jpg)
ARP Process “Address Resolution Protocol”
Maps Virtual IP Address to Physical Hardware (MAC) Address
15
192.168.1.0
.1 .2 .3 .4 .5 .6 .7 .8 .9.10 .11 .12
Who Has IP Address
192.168.1.10 ?
MAC Address Is
08-3E-8E-82-A6-20
“Broadcast” ARP Request
ARP Reply
![Page 16: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/16.jpg)
Broadcast Domain – Collision Domain
Broadcast Domain
Collision
Domain
Broadcast
Domain
Router
Switch
Hub
1000-Full 100 - Full
10 - Half
10
Half
100
Full
1000
Full
100
Full
100
Full 1000
Full
10
Half10
Half
100 – Full Capable
10
Half
![Page 17: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/17.jpg)
Reference Network “The Network of Networks”
17
ISP
VLAN 1 VLAN 2 VLAN 3
S1 S0
FE 0
FE 0
FE 1
FE 2
FE3
Sales Engineering Production
S0 S1 S2
![Page 18: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/18.jpg)
IPv4 Addressing Fundamentals
18
![Page 19: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/19.jpg)
IP Addressing “Rules” • Each Network MUST Have a Unique Network ID
• Each Host MUST Have a Unique Host ID
• Every IP Address MUST Have a Subnet Mask – Implied for a Classful Network
– Explicit Stated for Classless Network
• An IP Address Must Be Unique Globally If Host on the Public Internet
19
![Page 20: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/20.jpg)
IPv4 Address Classes
20
NETWORK HOST HOST HOST
NETWORKNETWORK
NETWORKNETWORKNETWORK
HOSTHOST
HOST
Class A
Class D
Class C
Class E
Class B
Experimental
Multicast
32 bits
8 bits 8 bits8 bits8 bits
![Page 21: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/21.jpg)
IPv4 “Default” Mask
21
NETWORK HOST HOST HOST
NETWORKNETWORK
NETWORKNETWORKNETWORK
HOSTHOST
HOST
Class A
Class C
Class B
8 bits
16 bits
Default Mask: 255.0.0.0
Default Mask: 255.255.255.0
Default Mask: 255.255.0.0
24 bits
16 bits
8 bits24 bits
![Page 22: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/22.jpg)
Classful IP Addressing
1 - 126 128 - 191 192 - 223First Octet Range
Mask
Host Bits
Network Bits
Available Hosts/Network
Available Networks
Network Range
Class B Class C
1.0.0.0 – 126.0.0.0
126
16,777,214
8
24
255.0.0.0
128.0.0.0 – 191.255.0.0
16,384
65,534
16
16
255.255.0.0
192.0.0.0 – 223.255.255.0
2,097,152
254
24
8
255.255.255.0
![Page 23: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/23.jpg)
2-Part IP Address
23
192
32 bit IP Address
1100000010101000110010011111110
168 100 254
11000000 10101000 1100100 11111110
Subnet
Mask
Determines
Network
Address
Host
Address
Octet 1 Octet 2 Octet 3 Octet 4
4 Bytes
![Page 24: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/24.jpg)
Determining the Class
24
Octet 1 Octet 2 Octet 3 Octet 4
0
Octet 1
1 0
Octet 1
1 01
Octet 1
Class A 1 - 126
Class C 192 - 223
Class B 128 - 191
IPv4 Address
Doted – Decimal Notation
192.168.100.254
or
32 bits Binary Representation
Leading Bit Patterns Indicated the Class
![Page 25: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/25.jpg)
Private vs Public IP Addresses
• RFC 1918 Established “Private” Address Space – Class A: 10.0.0.0 to 10.255.255.255
– Class B: 172.16.0.0 to 172.31.255.255
– Class C: 192.168.0.0 to 192.168.255.255
• Key Points: – Private IP Addresses Are NOT Routable Outside the Local Network
– Widely Used in Home & Industry Networks
– May Be Translated With NAT At An Edge Router
• Map Private Address Space to Public Address Space
25
![Page 26: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/26.jpg)
VLSM RFC 1009
• Variable Length Subnet Masking (VLSM)
– Host Addressing & Routing Inside a Routing Domain
– Allowed “Classless” Subnetting • Mask Information is Explicit – Must Be Specified
– Allows More Efficient Use of Address Space – Taylor Address Space to Fit Network Needs
– Allows You to Subnet a Subnet • Subnetting “Borrows” Host Bits to Create More Networks
26
VLSM
Allows Mask
To Be Moved
![Page 27: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/27.jpg)
CIDR
RFC 1517, 1518, 1519, 1520
• Classless Interdomain Routing (CIDR)
– Class System No Longer Applies
– Routing Between Routing Domains
– Allows “Supernets” To Be Created
• Combining a Group of Class C Addresses Into a Single Block
– CIDR Notation (slanted notation): 172.16.1.1 /16
27
Mask:
11111111.11111111.00000000.00000000
255.255.0.0
![Page 28: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/28.jpg)
IP Address Mask Formats
28
Classful Addressing: 165.95.240.136 (Implied Mask 255.255.0.0) VLSM Addressing: 165.95.240.136 255.255.255.192 (Explicit Mask 255.255.255.192) CIDR Notation : 165.95.240.136 /26
Number of Mask Bits
1 1
![Page 29: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/29.jpg)
The IP Address Subnet Mask “VLSM” - Each IP Address Must Have a Subnet Mask to Define the Network and the Host
32 Bit Address & Subnet Mask Format
Expressed in Decimal as (4) 8-bit Octets using “Doted Decimal Notation”
IP Address: 192.168.1.100 /26
192.168.1.100 /26 or 255.255.255.192
11000000.10101000.00000001.01100100
11111111.11111111.11111111.11000000
Network Host
![Page 30: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/30.jpg)
Special Use “Reserved” IPv4 Address Space RFC 5735
• 0.0.0.0/8 Network Address “This Network or Wire Address”
• 10.0.0.0/8 Private IP Address Space (RFC 1918)
• 127.0.0.0/8 Loopback Address
• 169.254.0.0/16 IETF Zero Configuration Address Space (RFC 3927)
• 172.16.0.0/16 Private IP Address Space (RFC 1918)
• 192.168.0.0/16 Private IP Address Space (RFC 1918)
• 224.0.0.0/4 Multicast Address Space
• 240.0.0.0/4 Experimental Address Space
• 255.255.255.255/32 Broadcast Address
30
![Page 31: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/31.jpg)
The IPv4 Loop Back Address
• What is Special About 127.0.0.1 ?
– Actually Any 127.0.0.0/8 Address Works OR the Range of 127.0.0.1 to 127.255.255.255
• Known as a “Loop-Back” Address
• Useful For:
– Test Local IP Stack and Network Adapter Test
– May Be Used by Client-Server Ap on Host
31
![Page 32: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/32.jpg)
Public vs Private: Integrating NAT
32
![Page 33: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/33.jpg)
Network Address Translation – NAT RFC 3022
33
Inside
Network
(private)
Outside
Network
RFC 1918
Addressed Hosts
Public
Address
Space
(Usually)
Gateway Router
w/ NAT Services
• NAT Allows a Host Without a Valid Public IP Address to Communicate With a Host That Has a Public IP Address
• HOW?
– Simply Changes the IP Addresses as Packet Passes Through the NAT Device
• WHY?
– Conserve Public IP Address Space
– Security by Obscurity (hide actual host IP address)
![Page 34: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/34.jpg)
NAT • Types of NAT:
– Static – One-to-One Translation
– Dynamic – Pool of Public Addresses Made Available to Outbound Traffic Client Traffic
– NAT Overloading or Port Address Translation (PAT) – Translates to a Single Public IP by Use of a Unique Port Number
• NAT Addressing Terminology: – Inside Local or Inside Private
– Inside Global or Inside Global
– Outside Global or Outside Public
– Outside Local or Outside Private
34
Inside
Network
(private)
Outside
Network
Gateway Router
w/ NAT Services
Inside Local
Inside Global
Outside Local
Outside Global
In General:
Inside Addresses Are Local
Global Addresses Are Public
![Page 35: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/35.jpg)
Static NAT
35
10.0.0.2 /24
Gateway
Router
w/ NAT Services
10.0.0.2 mapped to 128.194.247.2
10.0.0.3 mapped to 128.194.247.3
10.0.0.4 mapped to 128.194.247.4
10.0.0.3 /24
10.0.0.4 /24
128.194.247.2 mapped to 10.0.0.2
128.194.247.3 mapped to 10.0.0.3
128.194.247.4 mapped to 10.0.0.4
Public Network Space
Private Network Space
10.0.0.2 128.194.300.2 Payload 128.194.247.2 128.194.300.2 Payload
128.194.300.2 /24
Source IP Address Changed by NAT
Simple Layer 3 Packet
128.194.247.2 10.0.0.2 Payload 128.194.300.2 128.194.247.2 Payload
Simple Layer 3 Packet
Source IP Destination IP
Destination IP Address Changed by NAT
Source IP Destination IP
128.194.247.0 /2410.0.0.0/24
![Page 36: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/36.jpg)
Dynamic NAT
36
10.0.0.2 /24
Gateway
Router
w/ NAT Services
10.0.0.3 /24
10.0.0.4 /24
Public Network Space
Private Network Space
Pool Of
AVAILABLE
Public
IP
Addresses
10.0.0.2 128.194.247 10
NAT Table
IP Address Chosen from
Pool of Public IP Addresses:
128.194.247.2 – 128.194.247.14
Dynamic Entry Remains if Traffic Flows (timeout)
Common to Have More Private Hosts Than Public IP Address Space
![Page 37: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/37.jpg)
NAT Overloading or – PAT Port Address Translation
Single Address NAT / Port-Level Multiplexed NAT
37
10.0.0.2 /24
Gateway
Router
w/ NAT Services
10.0.0.3 /24
10.0.0.4 /24
Public Network
Space
Private Network
Space
128.194.247.10
10.0.0.2:1024 128.194.247.10:1024
NAT Table
Inside Local Inside Global
10.0.0.3:1026 128.194.247.10:1026
10.0.0.4:1028 128.194.247.10:1028
Source Address
&
Port
Destination
Address
&
Port
![Page 38: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/38.jpg)
NAT Drawbacks!
• Accountability Limited Globally
– Multiple Internal Hosts Share Global IP Address
• Breaks IP Concept of End-End Connectivity
• Complicates Process of Allowing a Global IP Host to Establish Session With an Internal Host
38
![Page 39: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/39.jpg)
Subnetting for Performance,
Security, & Policy
39
![Page 40: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/40.jpg)
The Flat Network
40
192.168.1.0
.1 .2 .3 .4 .5 .6 .7 .8 .9.10 .11 .12
![Page 41: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/41.jpg)
The Hierarchical Network
41
192.168.1.0
192.168.1.0 /26
192.168.1.64 /26
192.168.1.128 /26
![Page 42: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/42.jpg)
Subnets
Switch 1
Switch 2
Router A Router B
How Many Networks (subnets) Are Shown?
Network 1
Network 3
Network 2
![Page 43: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/43.jpg)
IP Addressing / Subnetting • Classless IP Addressing Has Replaced Class-Full Addressing !
• Why Subnet?
– Allows Flexible Network Design
– Efficient Use of IP Address Space
• Dividing Networks Into the “Right” Size
– Performance
• Create “Smaller” Broadcast Domains
– Enhance Routing Efficiency – Reduce Routing Table Size
– Network Management Policy and Segmentation
• Grouping Hosts by Function or Purpose
• Grouping Hosts by Ownership
• Grouping Hosts Geographically
– Job Security for Network Engineers!
43
![Page 44: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/44.jpg)
Subnetting Basics An IP Address Must Have a Subnet Mask
• The Subnet Mask Identifies the Boundary Between Network and Hosts
• “Subnetting” Simply Moves the Boundary! – Moves Boundary to the Right
– IP Address Subnetting Applies to All Classes
– Boundary Position Determined by the Subnet “Netmask”
• Expressed in Several Forms: – Doted Decimal Notation (same as IP address)
– Slash Notation (also known as CIDR notation)
44
IP Address 165.95.240.100 with Netmask of 255.255.255.0
OR
165.95.240.100 /24
![Page 45: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/45.jpg)
IP Address Block Size Understanding the Power of 2: 2n
45
2n
128
64
32
16
8
4
2
1 LSB
![Page 46: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/46.jpg)
What You Need To Know About a Network?
• Network Address?
• Broadcast Address?
• IP Address Range? – Range of Useable Addresses
• Subnet Mask?
• Default Gateway Address?
46
![Page 47: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/47.jpg)
Where is the Default Gateway
47
ISP
VLAN 1 VLAN 2 VLAN 3
165.95.240.100/25
S1 S0
35
Hosts
Sales
17
Hosts
Engineering
27
Hosts
Production
1 3
Default Gateway
VLAN 3 Interface IP Address
Default Gateway
VLAN 1 Interface IP Address
![Page 48: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/48.jpg)
IP Address Subnetting Charts
48
![Page 49: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/49.jpg)
Subnet Calculation Tools
49
![Page 50: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/50.jpg)
Reference Network “The Network of Networks”
50
ISP
VLAN 1 VLAN 2 VLAN 3
S1 S0
FE 0
FE 0
FE 1
FE 2
FE3
Sales Engineering Production
S0 S1 S2
![Page 51: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/51.jpg)
Developing an IP Addressing Plan
51
![Page 52: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/52.jpg)
Hints for Subnetting
52
128 1248163264
128 255254252248240224192VLSM
Mask
Block
Size
/25 /32/31/30/29/28/27/26 CIDR
4th
Octect
AND
0 00
0 01
1 00
1 11
OR
0 00
0 11
1 10
1 11
Remember George Boole
![Page 53: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/53.jpg)
53
![Page 54: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/54.jpg)
IP Addressing Reverse Engineering “A Useful Troubleshooting Tool”
• Verifying Proper Subnet Configuration When Given an IP Address and Subnet Mask – Determine Subnet Address Range
– Determine “Assignable” IP Addresses
– Determine Broadcast Address
• Subnetting When Given A Network Requirement
• Subnetting When Given A Host Requirement
54
You Are Provided:
IP Address / IP Mask
![Page 55: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/55.jpg)
55
![Page 56: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/56.jpg)
56
![Page 57: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/57.jpg)
57
ISP
VLAN 1 VLAN 2 VLAN 3
165.95.240.100/25
S1 S0
FE 0
FE 0
FE 1
FE 2
FE3
35
Hosts
Sales
17
Hosts
Engineering
27
Hosts
Production
S0 S1 S2
Network: 165.95.240.0
Broadcast: 165.95.240.127
Useable Range (126 hosts):
165.95.240.1 - 126
![Page 58: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/58.jpg)
58
32
32
64
![Page 59: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/59.jpg)
59
Subnet Number:
Broadcast IP Address:
First IP Address:
Subnet Mask:
Last IP Address:
192.168.100.0
255.255.255.192
192.168.100.62
192.168.100.63
192.168.100.1
Subnet Number:
Broadcast IP Address:
First IP Address:
Subnet Mask:
Last IP Address:
192.168.100.64
255.255.255.224
192.168.100.94
192.168.100.95
192.168.100.65
Subnet Number:
Broadcast IP Address:
First IP Address:
Subnet Mask:
Last IP Address:
192.168.100.96
255.255.255.224
192.168.100.126
192.168.100.127
192.168.100.97
What additional IP configuration information is required to configure
hosts on this network?
Default Gateway
![Page 60: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/60.jpg)
Summary & Takeaways
60
![Page 61: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/61.jpg)
Takeaways: • IP Addressing: Virtual Layer 3 Address
• An IP Address Contains Two Parts: – Network Identification
– Host Identification
• Each IP Address Has a Subnet Mask: – Implied for Classful Network
– Stated for Classless Network
• Recognize Classes of IPv4 Addresses, but Realize That VLSM Used Extensively Today!
• Private Addresses are NOT Routable on the Global Internet
• NAT Utilized to Translate Between Private & Public Addresses
• Subnetting Allows More Networks to Be Created: – Networks Bits Are “Borrowed”, But Result is Less Hosts per Network
61
![Page 62: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/62.jpg)
IP Addressing Best Practices “The Rules”
• Each Network MUST Have a Unique Network ID
• Each Host MUST Have a Unique Host ID
• Every IP Address MUST Have a Subnet Mask
• Design Hierarchical Networks
• Segment Networks for: – Security
– Performance
– Manageability
• Subnet for Optimum IPv4 Address Space Utilization
• Remember IPv4 Block Sizes: 2n (n= # of bits)
62
2n
128
64
32
16
8
4
2
1
![Page 63: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/63.jpg)
Plus Bonus Material CBNE Study Topics:
IPv6 Basics
63
![Page 64: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/64.jpg)
IPv6 Address Space IETF - RFC 2460
IPv6 Provides Expanded IP Address Space 2128 =
340,282,366,920,938,463,463,374,607,431,768,211,456 (three hundred forty UNDECILLION addresses)
3.4 x 1038
• But, IPv6 is More Than Expanded Address Space:
– An Opportunity to Re-Engineer IPv4 • Improved Support for Multicasting, Security, & Mobile Aps
• Multiple Addresses per Interface
• Host Auto-Configuration Capability
• Security Incorporated
• MTU Discovery Incorporated
• Traffic Engineering Provisions Incorporate
![Page 65: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/65.jpg)
The IPv6 Address
128-Bit Address Binary Format: 001001100000011110111000000000001111101010100000000000110010000110010101100110001000011110111100010010000010100011110001
Subdivide Into Eight (8) 16-bit Groups: 0010011000000111 1011100000000000 0000111110101010 0000000000000011 0010000110010101 1001100010000111 1011110001001000 0010100011110001
Convert Each 16-bit Group to Hexadecimal: (separate with a colon)
2607:b800:0faa:0003:2195:9887:bc48:28f1 2607:b800:faa:3:2195:9887:bc48:28f1
![Page 66: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/66.jpg)
IPv6 Address Types
• Unicast – One-to-One Mapping – Global Unicast Address
– Unique-Local Unicast Address (non-Routable or Private)
– Link-Local Unicast
• Multicast – One-to Many Mapping – Multicast Groups Established
• Anycast – One-to-Nearest Mapping – Packets Are Delivered to the “Closest, Nearest, or Lowest-Cost”
Interface • Global Anycast
• Site-Local Anycast
• Link-Local Anycast
66
![Page 67: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/67.jpg)
Why IPv6? • Reduction of Dependency Upon IPv4 Address Space for Growth
• Restores the End-End Communications Path Model of the Global Internet
• Enhances Overall Routing Efficiency
• Improved Security Increases Security and Confidentially
![Page 68: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/68.jpg)
IPv4 and IPv6 Comparison Summary
IPv4 Developed: 1973-1977
Deployed: 1981
232 or 4.3 Billion Addresses
“More Than Anyone Could Possibly
Use”
Address Based Assignment Unit /32
IPv6 Developed: mid 1990’s
Deployed: 1999
2128 or 340 Undecillion Addresses
“More Than Anyone Could Possibly
Use”
Network Based Assignment Unit /64
![Page 69: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/69.jpg)
An Ipv6 Address You Can Remember
The IPv6 Loopback Address
::1 Summarized from: 0:0:0:0:0:0:0:1
![Page 70: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/70.jpg)
Further Study:
70
![Page 71: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/71.jpg)
Web Reference Sources: • RFC Documents:
– www.rfc-editor.org
• Subnet Calculation Tools:
– www.subnet-calculator.com
– www.solarwinds.com/products/freetools/free_subnet_calculator.aspx
– iPhone / iPad Aps: (iTunes Store): Numerous Choices
My Favorite: The MASK
• IP Address Subnet Block Size Chart:
– https://www.arin.net/knowledge/cidr.pdf
– http://packetlife.net/media/library/15/IPv4_Subnetting.pdf
• IP Subnetting – Cisco Networkers “Magic Box” Tutorial:
https://learningnetwork.cisco.com/docs/DOC-5893
71
![Page 72: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/72.jpg)
Web Reference Sources continued…….
Cisco IP Subnetting Game:
https://learningnetwork.cisco.com/docs/DOC-1802
72
![Page 73: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/73.jpg)
73
![Page 74: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/74.jpg)
Thank You for Attending!
Wayne M. Pecena Texas A&M University [email protected] [email protected] 979.845.5662
74
? Questions ?
![Page 75: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/75.jpg)
![Page 76: Advanced IP Networking Series• Public vs Private: Integrating NAT • Subnetting for Performance, Security, & Policy • Developing an IP Addressing Plan • Summary - Takaways •](https://reader034.vdocuments.mx/reader034/viewer/2022050213/5f5f57d1819f0555f76afeae/html5/thumbnails/76.jpg)
76