jozef goetz, 2012 copyright © wiley expanded by jozef goetz, 2012 copyright © the mcgraw-hill...
TRANSCRIPT
Jozef Goetz, 2012
Copyright © Wiley
expanded by Jozef Goetz, 2012
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1
Jozef Goetz, 2012
• About physical addressing.•About logical addressing.•About IPv4 and its limitations.•How to convert binary to decimal and decimal to binary.•What subnetting is and how it works.•How to determine subnets.•About IPv6 and its advantages.•How physical and logical addressing work together to move packets around a network.•What NAT is and how it works.•About public versus private addressing.•How SNAT and PAT are necessary for NAT to work.•About static IP addressing.•About dynamic addressing.•How DHCP works.•What unicast, broadcast, and multicast are and when they are used.
2
Jozef Goetz, 2012
Physical Addressing Physical address is the physical binary
address every network device is given by its manufacturer; hard coded Also known as the device’s MAC address
Physical address of a network device is 48 bits long Made up of 1s and 0s
Physical address generally expressed in hexadecimal format
3
Jozef Goetz, 2012
Physical Addressing Hexadecimal
91-FC-5D-D9-A3-B0
Binary: 10010001111111000101110111011001101
0001110110000
First 24 bits is Organizationally Unique Identifier – represents the company
Last 24 bits is host portion - each manufacturer gives unique portions of their physical address – can generate up to 16,777,216 devices 4
Jozef Goetz, 2012
EUI-60 and EUI-64 Variations on conventional MAC address
60-bit Extended Unique Identifier (EUI-60) The host extension is 36-bits long rather than 24-
bits long 64-bit Extended Unique Identifier (EUI-64)
The host extension is 40 bits long, allowing for more host addresses per OUI
IPv6 can use EUI-64 to create a unique interface identifier
5
Jozef Goetz, 2012
MAC Addressing Refers to the function of the physical
address, while the term “physical address” more often refers to the actual thing
MAC address = physical address
A computer or network device uses the MAC address to move data frames from one computer or network device to an adjacent computer or network device
Hop: Each time a computer or network device hands off data frame to the next computer or network device down the line
6
Jozef Goetz, 2012
Spoofing MAC Addresses To trick other computers on a network
into thinking a computer's MAC address is one physical address when it is actually a different physical address
Hackers use MAC spoofing to gain access to a network
7
Jozef Goetz, 2012
Logical Addressing Every computer on a network needs a
unique logical address
Used to ensure data packet follows best path to destination computer
8
Jozef Goetz, 2012
Internet Protocol Version 4 (IPv4)
IPv4 logical address is 32 bits long 4 groups of 8 bits called octets
Expressed in 8-bit decimal format 11000000100000101110001100011011
expressed in 8-bit decimal format as 192.130.227.27
4 billion addresses in IPv4 address space, but have all been used
9
Jozef Goetz, 2012
Subnetting Breaking up an IP address range into
smaller pieces so a given range of IP addresses can be used in more than one network
IP address has a network portion and a host portion Network: First three octets Host: Last octet
10
Jozef Goetz, 2012
Subnet Masks Subnet mask is a series of 1s and 0s Computer uses subnet mask to determine
which part of the IP address is the network ID versus which part is the host
Subnet mask is all 1s (network) followed by all 0s (host)
For subnet mask 255.255.255.0,binary equivalent is11111111111111111111111100000000
11
Jozef Goetz, 2012
Logical AND Truth Table ANDing
Computer uses a logical AND truth table to compare the full IP address of the computer to the subnet mask
12
Jozef Goetz, 2012
ANDing Example
Result of ANDing 192.130.227.27 with the subnet mask 255.255.255.0
Computer uses a logical AND truth table to compare the full IP address of the computer to the subnet mask
13
<=mask
Jozef Goetz, 2012
Classful IP Addressing Class A, B, C, D, and E A, B, and C used by general
population
Classful IP addressing The classful method of determining what
portion of an IP address is network ID and what portion of an IP address denotes hosts
14
Jozef Goetz, 2012
IP Addresses IP address formats.
The addresses used in with the IP protocol are our standard IP addresses of the form #.#.#.#
where # is written in decimal from 0 -255
• The IP address is not actually the address of the machine, but the address of the network interface.
• If a computer had two connections to two networks, it would also have two IP addresses. 15
Jozef Goetz, 2012
IP Address Classes and Some Defining Characteristics
16
Jozef Goetz, 2012
The Three Bears Problem
•We can only have 128 Class A networks (/8) with 16 million hosts each – too big.•We can have 16,384 Class B networks (/16) with 65 k hosts each –too large for most organization
this scheme forces medium sized nets to choose class B addresses, which wasted space
b/c more than 50% of all class B network have < 50 hosts•We can have 2 million Class C networks (/24) with 256 hosts each – much too small
10 bits would give 1022 hosts; it would give ½ million networks vs 16 k class B network
Pr: each router in the world should have ½ million entries per network
•There are too many people under-utilizing Class B networks, resulting in a shortage in IP addresses. ADSL users add to the world problem of running out of IP addresses.
17
Jozef Goetz, 2012
Special IP Addresses
• loopback: send to the local network without knowing its #
18
Jozef Goetz, 2012
IP Ranges Set Aside for Various Uses
19
Jozef Goetz, 2012
Classless IP Addressing Host and network portions of an IP
address is calculated based on the subnet mask
The class of an IP address not considered Example: IP address 192.130.227.27
If subnet mask = 255.0.0.0, then 192 is network and the rest host
If subnet mask = 255.255.0.0, then network portion is 192.130 and host portion is 227.27
20
Jozef Goetz, 2012
Classless Inter-Domain Routing (CIDR) Standard (shorthand) notation that
indicates network ID and host ID of an IP address
Format is similar to 192.130.227.27/n /n indicates how many of the total 32
bits of the IP address’ binary form are to be used for the network IP portion i.e., tells what the subnet mask is
/n can be any number between 1 and 32, but 2 through 30 are used in practice 21
Jozef Goetz, 2012
CIDR Examples 192.130.227.27/8 indicates the subnet
mask is 255.0.0.0
192.130.227.27/16 indicates the subnet mask is 255.255.0.0
192.130.227.27/24 indicates the subnet mask is 255.255.255.0
22
Jozef Goetz, 2012
Binary Conversion—Base 10 Example
The number 14,609,182 placed into a base 10 number system table
14,609,182 can be expressed as:
23
Jozef Goetz, 2012
Binary Conversion—Base 2 Example
Binary value 11100011 in base 2 number system out to 8 bits
Add decimal values that have a 1 under them: 128 + 64 + 32 + 2 + 1 = 227
24
Jozef Goetz, 2012
Converting Decimal to Binary
Convert 130 to binary
Which number in second row of table is the largest number that we can subtract from 130 without exceeding 130? Answer: 128
Place a 1 in row 3 under “128” in the table
25
Jozef Goetz, 2012
Converting Decimal to Binary Example
130 – 128 = 2 The largest number in the table that
can be successfully subtracted from 2 is 2, so place a 1 in row 3 under the “2”
26
Jozef Goetz, 2012
Converting Decimal to Binary Example
2 - 2 = 0 There is no 0 place in the table, so we
are finished Put a 0 in all row 3 positions that do not
contain 1s Binary equivalent of 130 is 10000010
27
Jozef Goetz, 2012
Determine Subnet Mask Using CIDR
Ex: CIDR notation is 192.130.227.27/12
Use the value 8 to determine the subnet mask in each octet
12 – 8 = 4
First octet has eight 1s, second octet uses the remaining four 1s An octet with eight 1s is 255, so first octet of
the subnet mask is 25528
Jozef Goetz, 2012
Determine Subnet Mask Using CIDR
With 4 in the /n portion of the CIDR notation, the first four places in the second octet of the subnet mask starting with the leftmost place are all 1s
Binary = 11110000 Enter into table, value converts to 240
29
Jozef Goetz, 2012
Determine Subnet Mask Using CIDR
The value 240 should be in the second octet of the subnet mask
Since 4 is smaller than 8, there are no 1s in the last two octets and so they will equal 0
The subnet mask that results from the CIDR notation 192.130.227.27/12 is therefore 255.240.0.0
30
Jozef Goetz, 2012
Determine Sub-network Ranges Using CIDR
CIDR notation can determine sub-network ranges
Sub-network is where a specific network IP address is divided into smaller networks to make more efficient use of the available IP addresses
31
Jozef Goetz, 2012
Values in Subnetting Class C Subnets
Last octet of Class C
32
Always 2nd + 3rd column = 256
4rd col. is based on 1st
5th : 2 networks are not available for 1st seven rows
based on 1st col.
Last col. : 2 hosts are not available for 3rd to 8th rows
Jozef Goetz, 2012
Value Changes by Increments of 64 in the Last Octet of
207.253.187.0/26
Step 1: Last octet for 207.253.187.0/26 is 1100 0000 = 192 b/c 26 / 8 = 3 octets reminder 2 bits left over 3 octets. So 2 bits should have 1s. Then Value Changes by Increments of 64 = 26 . The corresponding subnet mask is 255.255.255. 192
33
Problem: The company need 3 networks with a min of 25 IP addresses in each one.
The solution is to break up the network range 207.253.187.0 through 207.253.187.255 into smaller networks
Jozef Goetz, 2012
Absolute Network Ranges UsingCIDR 207.253.187.0/26
34
Step 2: Usable Network Ranges from all usable networks, using CIDR 207.153.187.0/26
• R1: the 1st and last IP addresses in any given range of networks cannot be used and
• R2: the 1st one and the last one is not usable for Network 2 and 3 (for the network ID and for broadcasting purpose)
Jozef Goetz, 2012
Values in Subnetting Class C Subnets
Step 3: We need 3 usable networks: the 5th row gives us => so we need to go every 32 increments,
35
Jozef Goetz, 2012
The 207.253.187.0/27 Network
36
Solution for the company: By subnetting the 207.253.187.0/27 network the company has 6 usable networks with each network containing 30 usable IP addresses .This meets the company requirements.
Jozef Goetz, 2012
Internet Protocol Version 6 (IPv6)
Uses 128-bit IP addresses (instead of 32 bit => 4 billions IP addresses) Addresses expressed in hexadecimal numbers 32 numbers and letters, 0–9 and A–F
First 16 hexadecimal digits are network ID, last 16 hexadecimal digits are host ID
Example: 13D4:FA97:0000:1258:AD8B:1009:34D6:1800
No subnetting needed
37
Jozef Goetz, 2012
Binary to Hexadecimal Conversion
Replace every four 1s and 0s with the equivalent hexadecimal value
38
Jozef Goetz, 2012
IPv6 Address Double Colon Technique
Not all 16-bit groups in IPv6 address need to be shown
If IPv6 address has a group of 16 bits equal to all 0s, that 16-bit section can be skipped
13D4:0000:0000:0000:0000:1009:34D6:1800
can be written as
13D4::1009:34D6:1800
39
Jozef Goetz, 2012
Extended Unique ID =>EUI-64
Host can automatically assign itself a unique 64-bit interface identifier
Two steps:1. Divide MAC address (48 bit) between the
Organizationally Unique Identifier (OUI) and the host portion of the MAC address Add hexadecimal value FFFE between two
portions of the MAC address So a 64-bit MAC is called a EUI-64
40
Jozef Goetz, 2012
EUI-64 (Continued)2. Invert 7th bit of MAC address so it
is opposite of what it was previously This bit is called the universal/local flag Normally set to 0; to invert, change to 1
Result is a Modified EUI-64 address Can be used by IPv6 as a unique
interface identifier on a device connected to a network
41
Jozef Goetz, 2012
How Physical and Logical Addressing Work Together
This portion of lesson shows how logical addresses and physical addresses work together to ensure that data finds destination across a large network
For illustration purposes, assume represented network uses Ethernet for both its LAN and WAN portions
42
Jozef Goetz, 2012
Simplified Form of an internetwork
43
Jozef Goetz, 2012
Internetwork with Letters Representing MAC Addresses
44
Jozef Goetz, 2012
Internetwork Segments Large network needs to be broken down
into smaller components Avoids overwhelming network capacity
Each component is called a segment Also called collision domains or broadcast
domains
45
Jozef Goetz, 2012
Different Segments or Collision Domains of the Internetwork
46
Jozef Goetz, 2012
Segments Need Unique Logical Addresses
Each network segment requires a unique network or logical address, represented by an IP address
47
Jozef Goetz, 2012
Internetwork Segments with Unique Logical Addresses Assigned to Each
Device
48
Each network interface within each segment also requires a unique network or logical address
Network address for each device within a segment must contain the network address of the entire segment as well as a unique identifier for each interface
Jozef Goetz, 2012
Source Computer and Its Intended Destination in
Internetwork
49
Jozef Goetz, 2012
Resetting Source and Destination Physical
Addresses at Each Hop
50
Jozef Goetz, 2012
Second Hop A to J
51
Jozef Goetz, 2012
Third Hop L to T
52
•No destination IP is available within segments directly connected to the 2nd router. So go futher.•Logical source and destination addresses are not changed when the frame moves
Jozef Goetz, 2012
Final Hop
53
Jozef Goetz, 2012
Broadcast Domain All devices on a network or a segment
are connected together so they all receive the same broadcast signal from a computer – it is called Broadcast Domain Signal received cannot pass through a
switch, router, or similar device
54
Jozef Goetz, 2012
Collision Domain Two or more devices on the same
segment or network are able to cause their signal to interfere with the signal from another device on the same segment or network
A hub => many devices connected form a collision and a broadcast domain
A switch used in place of the hub=> many devices connected cannot form a collision but a broadcast is formed
55
Jozef Goetz, 2012
Other Addressing Technologies to overcome
limitations of IPv4
Supernetting Network Address Translation (NAT) Assigning IP addresses Addressing schemes
56
Jozef Goetz, 2012
Supernetting The process of combining several IP
ranges, usually Class C ranges, into one larger network
Example Two IP address ranges: 204.214.56.0 and
204.214.57.0 Combine (supernet) them into one
aggregate range of IP addresses Use the CIDR notation of 204.214.56.0/23 => 9
bits for hosts for each network
57
Jozef Goetz, 2012
Network Address Translation (NAT)
58
Take an IP address from an ISP or other location and use that one IP address to allow all Internet-enable devices to which it is connected to access the Internet
Jozef Goetz, 2012
Types of NAT Source Network Address Translation
(SNAT) - when the network changes the source IP address to trick the modem – see aan example later
Port Address Translation (PAT) is what NAT uses to keep track of which device asked for info in order to route back correctly. A table found in the device keeps private and
public addresses.59
Jozef Goetz, 2012
Public versus Private Addresses
Public IP addresses can be used on the Internet – registered with the Network Information Center
Private IP addresses cannot be used on the Internet (can be used internally – NAT) Three address ranges set aside that can never
be used on public networks: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255
60
Jozef Goetz, 2012
Automatic Private Internet Protocol Addressing (APIPA) Service
169.254.0.1 to 169.254.255.254
Bougght and used by Microsoft operating systems
In home environment routers automatically set up NAT based off the IP addresses assigned by windows
Acts as a failover in case there is a problem when trying to connect to an IP address range in some other way
61
Jozef Goetz, 2012
Pulling NAT All Together
62
•The picture illustrates APIPA – Automatic Private Protocol Addressing and private IP addresses. •Private IP addresses are on the computers – they are not allowed on the Internet.
•The same IP addresses are part of the range that Microsoft uses for its Automatic Private IP Addressing Service. The person who set up the home network simply let Microsoft assign IP address as it saw it. •PAT (Port Address Translation)
and SNAT (Source Network Address Translation) working together in this matter is called Networking Address Translation – NAT
•PAT function: The router/switch assigns the port # to the private IPs: 25381, 25382, 25383
•SNAT function: Keeps the same ports # attached to the public IP
•NAT function: during the transmission translates to the proper IP addresses
Jozef Goetz, 2012
Assigning IP Addresses Static
IP addresses assigned to computers manually by the network administrator – he needs to make sure the address is unique
IP is not broadcasted, so it is more difficult to get by hackers
Dynamic Dynamic Host Configuration Protocol
(DHCP) Allows to assign IP addresses dynamically without requiring constant input from network administrator 63
Jozef Goetz, 2012
Network Segment with a DHCP Server and Clients
64
Once DHCP is set up on a DHCP server, IP addresses are automatically assigned to the clients as they come to the network or as their old addresses expire.
A DHCP server should be on the same segment as the clients.
Jozef Goetz, 2012
DHCP Process
65
Assume that the DHCP server has been set up and configured correctly.
by broadcasting IP = 255.255.255.255
which includes IP address and the expiration time
and other DHCP servers on the segment
on the server term
DISCOVER
OFFERREQUEST
ACK
Jozef Goetz, 2012
Addressing Schemes
66
Computer communicate with each other by using 3 methods:
Sends a unicast packet only to the computer that packet is intended to
A message is sent to all computers on the network or segment:-- Client sends DHCPDISCOVER looking for DHCP server-- DHCP server accpts IP offered by client -- sends alert to all computers about a problem on the network--the update on the state of router or other devices on the network
Is between unicast and broadcast.Sends packets (the same info) to multiple computers but not all. Ex: sends stream video to several computerson thenetwork at the same time
Jozef Goetz, 2012
Summary A physical address is the physical binary address
every network device is given by its manufacturer; it is hard coded.
The physical address of a network device is 48 bits long and is made up of 1s and 0s.
Every computer on a network needs a unique logical address.
Subnetting breaks up an IP address range into smaller pieces so a given range of IP addresses can be used in more than one network.
67
Jozef Goetz, 2012
Summary Classful IP addressing is the classful method of
determining what portion of an IP address is the network ID and what portion denotes hosts.
Classless Inter-Domain Routing (CIDR) is standard notation that indicates the network ID and host ID of an IP address.
IPv6 uses 128-bit IP addresses. Addresses are expressed in hexadecimal numbers, 32 numbers and letters, 0–9 and A–F.
The first 16 hexadecimal digits of an IPv6 address are the network ID, the last 16 digits the host ID.
68
Jozef Goetz, 2012
Summary In a broadcast domain, all devices on a network
or a segment are connected together so they all receive the same broadcast signal from a computer.
In a collision domain, two or more devices on the same segment or network are able to cause their signal to interfere with the signal from another device on the same segment or network.
Supernetting is the process of combining several IP ranges, usually Class C ranges, into one larger network.
69
Jozef Goetz, 2012
Summary Network Address Translation (NAT) takes
an IP address from an ISP or other location and uses that one IP address to allow all Internet-enable devices to which it is connected to access the Internet.
Static IP addresses are assigned manually.
Dynamic IP addresses are assigned automatically using Dynamic Host Configuration Protocol (DHCP).
70
Jozef Goetz, 2012
Figure: IP addresses
•Figure shows a part of an internet with two routers connecting three LANs. •Each device (computer or router) has a pair of addresses (logical and physical) for each connection. •In this case, each computer is connected to only one link and therefore has only one pair of addresses. •Each router, however, is connected to 3 networks (only two are shown in the figure).
•So each router has 3 pairs of addresses, one for each connection.
Jozef Goetz, 2012
ObjectivesObjectivesExam Objective MatrixTechnology Skill Covered Exam Objective Exam Objective
NumberPhysical Addressing Classify how applications, devices,
and protocols relate to the OSI model layers.• MAC AddressExplain the purpose and properties of IP addressing.• MAC address format
1.2
1.3
Logical Addressing Classify how applications, devices, and protocols relate to the OSImodel layers.• EUI-64Explain the purpose and properties of IP addressing.• Classes of addresses• A, B, C and D• Classless (CIDR)• IPv4 vs. IPv6 (formatting)• Subnetting
1.2
1.3
72
Jozef Goetz, 2012
ObjectivesObjectivesExam Objective MatrixTechnology Skill Covered Exam Objective Exam Objective
NumberHow Physical and Logical Addressing Work Together
Explain the purpose and properties of IP addressing.• MAC address formatExplain the purpose and properties of routing and switching.• Broadcast domain vs. collision domain
1.3
1.4
Other Addressing Technologies Explain the purpose and properties of IP addressing.• Classes of addresses• Public vs. Private• Multicast vs. unicast vs. broadcast• APIPAGiven a scenario, install and configure routers and switches.• NAT• PATExplain the purpose and properties of DHCP.• Static vs. dynamic IP addressingGiven a scenario, install and configure a basic firewall.• NAT/PAT
1.3
2.1
2.3
5.5
73