advanced ip networking series• public vs private: integrating nat • subnetting for performance,...

Advanced IP Networking Series: “Addressing The Network of Networks“

Wayne M. Pecena, CPBE, CBNE Texas A&M University

Office of Information Technology

Educational Broadcast Services

Advanced IP Networking Series: “Addressing The Network of Networks “

• The Quick IP Networking Fundamentals Review

• IPv4 Addressing Fundamentals

• Public vs Private: Integrating NAT

• Subnetting for Performance, Security, & Policy

• Developing an IP Addressing Plan

• Summary - Takaways

• Plus Bonus Material: CBNE Study Topics: IPv6 Basics

2

Advertised Webinar Scope: Part 4 of the Advanced IP Networking Webinar series continues with “Addressing the Network of Networks”. This webinar will build upon the previous webinars in this series by developing an IP addressing scheme for the segmented or layer network architecture developed throughout the series. A focus upon efficient use of public IPv4 address space will be provided in addition to integration of private IPv4 address space.

Prerequisite Knowledge: Attendees should have knowledge of IP networking concepts that includes OSI Layers 1-3, Ethernet switching, IP routing, and VLAN

principals.

WEBINAR OUTLINE:

The Quick IP Networking

Fundamentals Review

3

5 Things Required To Build a Network

• Send Host

• Receive Host

• Message or Data to Send Between Hosts

• Media to Interconnect Hosts

• Protocol to Define How Data is Transferred

Protocols

Send Host Receive Host

MediaMedia

DATA

Open Systems Interconnection “OSI” Model

5

Application

Session

Presentation

Transport

Physical

Data Link

Network

7

5

6

4

1

2

3

User Application Interaction

Tracks User Sessions

Inter-Host Communications

Standardizes Data Encoding/Decoding/

Compression/Encryption

Manages End-End Connections:

TCP, UDP, & Flow Control

Interfaces to Physical Network, Moves Bits Onto &

Off Network Medium

Provides Network Access Control, Physical

Address (MAC), & Error Detection

Provides Internetwork Routing (path)

Provides Virtual Addressing (IP)

The OSI Model Expanded

6

Application

Session

Presentation

Transport

Physical

Data Link

Network

7

5

6

4

1

2

3

BITS

(data stream)

SEGMENT

PACKET

(Datagram)

FRAME

PORT

IP

ADDRESS

MAC

ADDRESS

SESSION ID

Layer AddressingPDU

Encapsulation Data is “Encapsulated” As It Travels Through the “Stack” From Application

7

The Protocol Data Unit

8

Source PortDestination

PortData

Destination IP Protocol Segment

EtherType

Packet

Source IP

SourceMAC

DestinationMAC

FCS

11010011010111101100101010010001000010101010101000011111111

Segment

Packet

Frame

Bit

“Some

People

Fear

Birthdays”

Layer 2 Standards:

• Project 802 Ethernet Standards:

– 802.1 Bridging

– 802.3 Ethernet

– 802.11 Wireless

9

http://standards.ieee.org/about/get/

Layer 3 Standards:

• Request for Comments – RFC’s

– The “Standards Bible” of the Internet

– Explains All Aspects of IP Networking

10

www.rfc-editor.org/rfc.html

3 Types of IP Packets on an IPv4 Network

• Unicast

– One Send Host TO One Receive Host

• Broadcast

– One Send Host TO ALL Hosts on the Network (within the Broadcast Domain)

• Multicast

– One Send Host TO Specific Hosts (group)

11

Layer 2 & Layer 3 Addressing

• Each Host on an Ethernet Based IP Network Has:

• An Unique MAC Address – Layer 2 Physical Address (local network segment)

• An Unique IP Address – Layer 3 Logical Address (global routed)

172.15.1.1 172.15.2.2 DATA Trailer00:12:3F:8D:4D:A7FF:FF:FF:FF:FF:FF

Destination

MAC

Source

MAC

Destination

IP

Source

IP

IP Packet

Ethernet Frame

Simplified Representation

IPv4 Address Classes “32 Bit Doted Decimal Notation”

IPv4 Provides 232 or 4,294,967,296 IP Addresses

13

IPv4 Header

14

VersionPriority / Type of

ServiceLength Total Length

Identification OffsetFlags

Time to Live Protocol Header Checksum

Source IP Address

Options

Payload Data

Destination IP Address

32 bits

20

Bytes

ARP Process “Address Resolution Protocol”

Maps Virtual IP Address to Physical Hardware (MAC) Address

15

192.168.1.0

.1 .2 .3 .4 .5 .6 .7 .8 .9.10 .11 .12

Who Has IP Address

192.168.1.10 ?

MAC Address Is

08-3E-8E-82-A6-20

“Broadcast” ARP Request

ARP Reply

Broadcast Domain – Collision Domain

Broadcast Domain

Collision

Domain

Broadcast

Domain

Router

Switch

Hub

1000-Full 100 - Full

10 - Half

10

Half

100

Full

1000

Full

100

Full

100

Full 1000

Full

10

Half10

Half

100 – Full Capable

10

Half

Reference Network “The Network of Networks”

17

ISP

VLAN 1 VLAN 2 VLAN 3

S1 S0

FE 0

FE 0

FE 1

FE 2

FE3

Sales Engineering Production

S0 S1 S2

IPv4 Addressing Fundamentals

18

IP Addressing “Rules” • Each Network MUST Have a Unique Network ID

• Each Host MUST Have a Unique Host ID

• Every IP Address MUST Have a Subnet Mask – Implied for a Classful Network

– Explicit Stated for Classless Network

• An IP Address Must Be Unique Globally If Host on the Public Internet

19

IPv4 Address Classes

20

NETWORK HOST HOST HOST

NETWORKNETWORK

NETWORKNETWORKNETWORK

HOSTHOST

HOST

Class A

Class D

Class C

Class E

Class B

Experimental

Multicast

32 bits

8 bits 8 bits8 bits8 bits

IPv4 “Default” Mask

21

NETWORK HOST HOST HOST

NETWORKNETWORK

NETWORKNETWORKNETWORK

HOSTHOST

HOST

Class A

Class C

Class B

8 bits

16 bits

Default Mask: 255.0.0.0

Default Mask: 255.255.255.0

Default Mask: 255.255.0.0

24 bits

16 bits

8 bits24 bits

Classful IP Addressing

1 - 126 128 - 191 192 - 223First Octet Range

Mask

Host Bits

Network Bits

Available Hosts/Network

Available Networks

Network Range

Class B Class C

1.0.0.0 – 126.0.0.0

126

16,777,214

8

24

255.0.0.0

128.0.0.0 – 191.255.0.0

16,384

65,534

16

16

255.255.0.0

192.0.0.0 – 223.255.255.0

2,097,152

254

24

8

255.255.255.0

2-Part IP Address

23

192

32 bit IP Address

1100000010101000110010011111110

168 100 254

11000000 10101000 1100100 11111110

Subnet

Mask

Determines

Network

Address

Host

Address

Octet 1 Octet 2 Octet 3 Octet 4

4 Bytes

Determining the Class

24

Octet 1 Octet 2 Octet 3 Octet 4

0

Octet 1

1 0

Octet 1

1 01

Octet 1

Class A 1 - 126

Class C 192 - 223

Class B 128 - 191

IPv4 Address

Doted – Decimal Notation

192.168.100.254

or

32 bits Binary Representation

Leading Bit Patterns Indicated the Class

Private vs Public IP Addresses

• RFC 1918 Established “Private” Address Space – Class A: 10.0.0.0 to 10.255.255.255

– Class B: 172.16.0.0 to 172.31.255.255

– Class C: 192.168.0.0 to 192.168.255.255

• Key Points: – Private IP Addresses Are NOT Routable Outside the Local Network

– Widely Used in Home & Industry Networks

– May Be Translated With NAT At An Edge Router

• Map Private Address Space to Public Address Space

25

VLSM RFC 1009

• Variable Length Subnet Masking (VLSM)

– Host Addressing & Routing Inside a Routing Domain

– Allowed “Classless” Subnetting • Mask Information is Explicit – Must Be Specified

– Allows More Efficient Use of Address Space – Taylor Address Space to Fit Network Needs

– Allows You to Subnet a Subnet • Subnetting “Borrows” Host Bits to Create More Networks

26

VLSM

Allows Mask

To Be Moved

CIDR

RFC 1517, 1518, 1519, 1520

• Classless Interdomain Routing (CIDR)

– Class System No Longer Applies

– Routing Between Routing Domains

– Allows “Supernets” To Be Created

• Combining a Group of Class C Addresses Into a Single Block

– CIDR Notation (slanted notation): 172.16.1.1 /16

27

Mask:

11111111.11111111.00000000.00000000

255.255.0.0

IP Address Mask Formats

28

Classful Addressing: 165.95.240.136 (Implied Mask 255.255.0.0) VLSM Addressing: 165.95.240.136 255.255.255.192 (Explicit Mask 255.255.255.192) CIDR Notation : 165.95.240.136 /26

Number of Mask Bits

1 1

The IP Address Subnet Mask “VLSM” - Each IP Address Must Have a Subnet Mask to Define the Network and the Host

32 Bit Address & Subnet Mask Format

Expressed in Decimal as (4) 8-bit Octets using “Doted Decimal Notation”

IP Address: 192.168.1.100 /26

192.168.1.100 /26 or 255.255.255.192

11000000.10101000.00000001.01100100

11111111.11111111.11111111.11000000

Network Host

Special Use “Reserved” IPv4 Address Space RFC 5735

• 0.0.0.0/8 Network Address “This Network or Wire Address”

• 10.0.0.0/8 Private IP Address Space (RFC 1918)

• 127.0.0.0/8 Loopback Address

• 169.254.0.0/16 IETF Zero Configuration Address Space (RFC 3927)

• 172.16.0.0/16 Private IP Address Space (RFC 1918)

• 192.168.0.0/16 Private IP Address Space (RFC 1918)

• 224.0.0.0/4 Multicast Address Space

• 240.0.0.0/4 Experimental Address Space

• 255.255.255.255/32 Broadcast Address

30

The IPv4 Loop Back Address

• What is Special About 127.0.0.1 ?

– Actually Any 127.0.0.0/8 Address Works OR the Range of 127.0.0.1 to 127.255.255.255

• Known as a “Loop-Back” Address

• Useful For:

– Test Local IP Stack and Network Adapter Test

– May Be Used by Client-Server Ap on Host

31

Public vs Private: Integrating NAT

32

Network Address Translation – NAT RFC 3022

33

Inside

Network

(private)

Outside

Network

RFC 1918

Addressed Hosts

Public

Address

Space

(Usually)

Gateway Router

w/ NAT Services

• NAT Allows a Host Without a Valid Public IP Address to Communicate With a Host That Has a Public IP Address

• HOW?

– Simply Changes the IP Addresses as Packet Passes Through the NAT Device

• WHY?

– Conserve Public IP Address Space

– Security by Obscurity (hide actual host IP address)

NAT • Types of NAT:

– Static – One-to-One Translation

– Dynamic – Pool of Public Addresses Made Available to Outbound Traffic Client Traffic

– NAT Overloading or Port Address Translation (PAT) – Translates to a Single Public IP by Use of a Unique Port Number

• NAT Addressing Terminology: – Inside Local or Inside Private

– Inside Global or Inside Global

– Outside Global or Outside Public

– Outside Local or Outside Private

34

Inside

Network

(private)

Outside

Network

Gateway Router

w/ NAT Services

Inside Local

Inside Global

Outside Local

Outside Global

In General:

Inside Addresses Are Local

Global Addresses Are Public

Static NAT

35

10.0.0.2 /24

Gateway

Router

w/ NAT Services

10.0.0.2 mapped to 128.194.247.2

10.0.0.3 mapped to 128.194.247.3

10.0.0.4 mapped to 128.194.247.4

10.0.0.3 /24

10.0.0.4 /24

128.194.247.2 mapped to 10.0.0.2

128.194.247.3 mapped to 10.0.0.3

128.194.247.4 mapped to 10.0.0.4

Public Network Space

Private Network Space

10.0.0.2 128.194.300.2 Payload 128.194.247.2 128.194.300.2 Payload

128.194.300.2 /24

Source IP Address Changed by NAT

Simple Layer 3 Packet

128.194.247.2 10.0.0.2 Payload 128.194.300.2 128.194.247.2 Payload

Simple Layer 3 Packet

Source IP Destination IP

Destination IP Address Changed by NAT

Source IP Destination IP

128.194.247.0 /2410.0.0.0/24

Dynamic NAT

36

10.0.0.2 /24

Gateway

Router

w/ NAT Services

10.0.0.3 /24

10.0.0.4 /24

Public Network Space

Private Network Space

Pool Of

AVAILABLE

Public

IP

Addresses

10.0.0.2 128.194.247 10

NAT Table

IP Address Chosen from

Pool of Public IP Addresses:

128.194.247.2 – 128.194.247.14

Dynamic Entry Remains if Traffic Flows (timeout)

Common to Have More Private Hosts Than Public IP Address Space

NAT Overloading or – PAT Port Address Translation

Single Address NAT / Port-Level Multiplexed NAT

37

10.0.0.2 /24

Gateway

Router

w/ NAT Services

10.0.0.3 /24

10.0.0.4 /24

Public Network

Space

Private Network

Space

128.194.247.10

10.0.0.2:1024 128.194.247.10:1024

NAT Table

Inside Local Inside Global

10.0.0.3:1026 128.194.247.10:1026

10.0.0.4:1028 128.194.247.10:1028

Source Address

&

Port

Destination

Address

&

Port

NAT Drawbacks!

• Accountability Limited Globally

– Multiple Internal Hosts Share Global IP Address

• Breaks IP Concept of End-End Connectivity

• Complicates Process of Allowing a Global IP Host to Establish Session With an Internal Host

38

Subnetting for Performance,

Security, & Policy

39

The Flat Network

40

192.168.1.0

.1 .2 .3 .4 .5 .6 .7 .8 .9.10 .11 .12

The Hierarchical Network

41

192.168.1.0

192.168.1.0 /26

192.168.1.64 /26

192.168.1.128 /26

Subnets

Switch 1

Switch 2

Router A Router B

How Many Networks (subnets) Are Shown?

Network 1

Network 3

Network 2

IP Addressing / Subnetting • Classless IP Addressing Has Replaced Class-Full Addressing !

• Why Subnet?

– Allows Flexible Network Design

– Efficient Use of IP Address Space

• Dividing Networks Into the “Right” Size

– Performance

• Create “Smaller” Broadcast Domains

– Enhance Routing Efficiency – Reduce Routing Table Size

– Network Management Policy and Segmentation

• Grouping Hosts by Function or Purpose

• Grouping Hosts by Ownership

• Grouping Hosts Geographically

– Job Security for Network Engineers!

43

Subnetting Basics An IP Address Must Have a Subnet Mask

• The Subnet Mask Identifies the Boundary Between Network and Hosts

• “Subnetting” Simply Moves the Boundary! – Moves Boundary to the Right

– IP Address Subnetting Applies to All Classes

– Boundary Position Determined by the Subnet “Netmask”

• Expressed in Several Forms: – Doted Decimal Notation (same as IP address)

– Slash Notation (also known as CIDR notation)

44

IP Address 165.95.240.100 with Netmask of 255.255.255.0

OR

165.95.240.100 /24

IP Address Block Size Understanding the Power of 2: 2n

45

2n

128

64

32

16

8

4

2

1 LSB

What You Need To Know About a Network?

• Network Address?

• Broadcast Address?

• IP Address Range? – Range of Useable Addresses

• Subnet Mask?

• Default Gateway Address?

46

Where is the Default Gateway

47

ISP

VLAN 1 VLAN 2 VLAN 3

165.95.240.100/25

S1 S0

35

Hosts

Sales

17

Hosts

Engineering

27

Hosts

Production

1 3

Default Gateway

VLAN 3 Interface IP Address

Default Gateway

VLAN 1 Interface IP Address

IP Address Subnetting Charts

48

Subnet Calculation Tools

49

Reference Network “The Network of Networks”

50

ISP

VLAN 1 VLAN 2 VLAN 3

S1 S0

FE 0

FE 0

FE 1

FE 2

FE3

Sales Engineering Production

S0 S1 S2

Developing an IP Addressing Plan

51

Hints for Subnetting

52

128 1248163264

128 255254252248240224192VLSM

Mask

Block

Size

/25 /32/31/30/29/28/27/26 CIDR

4th

Octect

AND

0 00

0 01

1 00

1 11

OR

0 00

0 11

1 10

1 11

Remember George Boole

53

IP Addressing Reverse Engineering “A Useful Troubleshooting Tool”

• Verifying Proper Subnet Configuration When Given an IP Address and Subnet Mask – Determine Subnet Address Range

– Determine “Assignable” IP Addresses

– Determine Broadcast Address

• Subnetting When Given A Network Requirement

• Subnetting When Given A Host Requirement

54

You Are Provided:

IP Address / IP Mask

55

56

57

ISP

VLAN 1 VLAN 2 VLAN 3

165.95.240.100/25

S1 S0

FE 0

FE 0

FE 1

FE 2

FE3

35

Hosts

Sales

17

Hosts

Engineering

27

Hosts

Production

S0 S1 S2

Network: 165.95.240.0

Broadcast: 165.95.240.127

Useable Range (126 hosts):

165.95.240.1 - 126

58

32

32

64

59

Subnet Number:

Broadcast IP Address:

First IP Address:

Subnet Mask:

Last IP Address:

192.168.100.0

255.255.255.192

192.168.100.62

192.168.100.63

192.168.100.1

Subnet Number:

Broadcast IP Address:

First IP Address:

Subnet Mask:

Last IP Address:

192.168.100.64

255.255.255.224

192.168.100.94

192.168.100.95

192.168.100.65

Subnet Number:

Broadcast IP Address:

First IP Address:

Subnet Mask:

Last IP Address:

192.168.100.96

255.255.255.224

192.168.100.126

192.168.100.127

192.168.100.97

What additional IP configuration information is required to configure

hosts on this network?

Default Gateway

Summary & Takeaways

60

Takeaways: • IP Addressing: Virtual Layer 3 Address

• An IP Address Contains Two Parts: – Network Identification

– Host Identification

• Each IP Address Has a Subnet Mask: – Implied for Classful Network

– Stated for Classless Network

• Recognize Classes of IPv4 Addresses, but Realize That VLSM Used Extensively Today!

• Private Addresses are NOT Routable on the Global Internet

• NAT Utilized to Translate Between Private & Public Addresses

• Subnetting Allows More Networks to Be Created: – Networks Bits Are “Borrowed”, But Result is Less Hosts per Network

61

IP Addressing Best Practices “The Rules”

• Each Network MUST Have a Unique Network ID

• Each Host MUST Have a Unique Host ID

• Every IP Address MUST Have a Subnet Mask

• Design Hierarchical Networks

• Segment Networks for: – Security

– Performance

– Manageability

• Subnet for Optimum IPv4 Address Space Utilization

• Remember IPv4 Block Sizes: 2n (n= # of bits)

62

2n

128

64

32

16

8

4

2

1

Plus Bonus Material CBNE Study Topics:

IPv6 Basics

63

IPv6 Address Space IETF - RFC 2460

IPv6 Provides Expanded IP Address Space 2128 =

340,282,366,920,938,463,463,374,607,431,768,211,456 (three hundred forty UNDECILLION addresses)

3.4 x 1038

• But, IPv6 is More Than Expanded Address Space:

– An Opportunity to Re-Engineer IPv4 • Improved Support for Multicasting, Security, & Mobile Aps

• Multiple Addresses per Interface

• Host Auto-Configuration Capability

• Security Incorporated

• MTU Discovery Incorporated

• Traffic Engineering Provisions Incorporate

The IPv6 Address

128-Bit Address Binary Format: 001001100000011110111000000000001111101010100000000000110010000110010101100110001000011110111100010010000010100011110001

Subdivide Into Eight (8) 16-bit Groups: 0010011000000111 1011100000000000 0000111110101010 0000000000000011 0010000110010101 1001100010000111 1011110001001000 0010100011110001

Convert Each 16-bit Group to Hexadecimal: (separate with a colon)

2607:b800:0faa:0003:2195:9887:bc48:28f1 2607:b800:faa:3:2195:9887:bc48:28f1

IPv6 Address Types

• Unicast – One-to-One Mapping – Global Unicast Address

– Unique-Local Unicast Address (non-Routable or Private)

– Link-Local Unicast

• Multicast – One-to Many Mapping – Multicast Groups Established

• Anycast – One-to-Nearest Mapping – Packets Are Delivered to the “Closest, Nearest, or Lowest-Cost”

Interface • Global Anycast

• Site-Local Anycast

• Link-Local Anycast

66

Why IPv6? • Reduction of Dependency Upon IPv4 Address Space for Growth

• Restores the End-End Communications Path Model of the Global Internet

• Enhances Overall Routing Efficiency

• Improved Security Increases Security and Confidentially

IPv4 and IPv6 Comparison Summary

IPv4 Developed: 1973-1977

Deployed: 1981

232 or 4.3 Billion Addresses

“More Than Anyone Could Possibly

Use”

Address Based Assignment Unit /32

IPv6 Developed: mid 1990’s

Deployed: 1999

2128 or 340 Undecillion Addresses

“More Than Anyone Could Possibly

Use”

Network Based Assignment Unit /64

An Ipv6 Address You Can Remember

The IPv6 Loopback Address

::1 Summarized from: 0:0:0:0:0:0:0:1

Further Study:

70

Web Reference Sources: • RFC Documents:

– www.rfc-editor.org

• Subnet Calculation Tools:

– www.subnet-calculator.com

– www.solarwinds.com/products/freetools/free_subnet_calculator.aspx

– iPhone / iPad Aps: (iTunes Store): Numerous Choices

My Favorite: The MASK

• IP Address Subnet Block Size Chart:

– https://www.arin.net/knowledge/cidr.pdf

– http://packetlife.net/media/library/15/IPv4_Subnetting.pdf

• IP Subnetting – Cisco Networkers “Magic Box” Tutorial:

https://learningnetwork.cisco.com/docs/DOC-5893

71

Web Reference Sources continued…….

Cisco IP Subnetting Game:

https://learningnetwork.cisco.com/docs/DOC-1802

72

73

Thank You for Attending!

Wayne M. Pecena Texas A&M University w-pecena@tamu.edu N1WP@tamu.edu 979.845.5662

74

? Questions ?

76