advanced ip networking series• public vs private: integrating nat • subnetting for performance,...
TRANSCRIPT
Advanced IP Networking Series: “Addressing The Network of Networks“
Wayne M. Pecena, CPBE, CBNE Texas A&M University
Office of Information Technology
Educational Broadcast Services
Advanced IP Networking Series: “Addressing The Network of Networks “
• The Quick IP Networking Fundamentals Review
• IPv4 Addressing Fundamentals
• Public vs Private: Integrating NAT
• Subnetting for Performance, Security, & Policy
• Developing an IP Addressing Plan
• Summary - Takaways
• Plus Bonus Material: CBNE Study Topics: IPv6 Basics
2
Advertised Webinar Scope: Part 4 of the Advanced IP Networking Webinar series continues with “Addressing the Network of Networks”. This webinar will build upon the previous webinars in this series by developing an IP addressing scheme for the segmented or layer network architecture developed throughout the series. A focus upon efficient use of public IPv4 address space will be provided in addition to integration of private IPv4 address space.
Prerequisite Knowledge: Attendees should have knowledge of IP networking concepts that includes OSI Layers 1-3, Ethernet switching, IP routing, and VLAN
principals.
WEBINAR OUTLINE:
The Quick IP Networking
Fundamentals Review
3
5 Things Required To Build a Network
• Send Host
• Receive Host
• Message or Data to Send Between Hosts
• Media to Interconnect Hosts
• Protocol to Define How Data is Transferred
Protocols
Send Host Receive Host
MediaMedia
DATA
Open Systems Interconnection “OSI” Model
5
Application
Session
Presentation
Transport
Physical
Data Link
Network
7
5
6
4
1
2
3
User Application Interaction
Tracks User Sessions
Inter-Host Communications
Standardizes Data Encoding/Decoding/
Compression/Encryption
Manages End-End Connections:
TCP, UDP, & Flow Control
Interfaces to Physical Network, Moves Bits Onto &
Off Network Medium
Provides Network Access Control, Physical
Address (MAC), & Error Detection
Provides Internetwork Routing (path)
Provides Virtual Addressing (IP)
The OSI Model Expanded
6
Application
Session
Presentation
Transport
Physical
Data Link
Network
7
5
6
4
1
2
3
BITS
(data stream)
SEGMENT
PACKET
(Datagram)
FRAME
PORT
IP
ADDRESS
MAC
ADDRESS
SESSION ID
Layer AddressingPDU
Encapsulation Data is “Encapsulated” As It Travels Through the “Stack” From Application
7
The Protocol Data Unit
8
Source PortDestination
PortData
Destination IP Protocol Segment
EtherType
Packet
Source IP
SourceMAC
DestinationMAC
FCS
11010011010111101100101010010001000010101010101000011111111
Segment
Packet
Frame
Bit
“Some
People
Fear
Birthdays”
Layer 2 Standards:
• Project 802 Ethernet Standards:
– 802.1 Bridging
– 802.3 Ethernet
– 802.11 Wireless
9
http://standards.ieee.org/about/get/
Layer 3 Standards:
• Request for Comments – RFC’s
– The “Standards Bible” of the Internet
– Explains All Aspects of IP Networking
10
www.rfc-editor.org/rfc.html
3 Types of IP Packets on an IPv4 Network
• Unicast
– One Send Host TO One Receive Host
• Broadcast
– One Send Host TO ALL Hosts on the Network (within the Broadcast Domain)
• Multicast
– One Send Host TO Specific Hosts (group)
11
Layer 2 & Layer 3 Addressing
• Each Host on an Ethernet Based IP Network Has:
• An Unique MAC Address – Layer 2 Physical Address (local network segment)
• An Unique IP Address – Layer 3 Logical Address (global routed)
172.15.1.1 172.15.2.2 DATA Trailer00:12:3F:8D:4D:A7FF:FF:FF:FF:FF:FF
Destination
MAC
Source
MAC
Destination
IP
Source
IP
IP Packet
Ethernet Frame
Simplified Representation
IPv4 Address Classes “32 Bit Doted Decimal Notation”
IPv4 Provides 232 or 4,294,967,296 IP Addresses
13
IPv4 Header
14
VersionPriority / Type of
ServiceLength Total Length
Identification OffsetFlags
Time to Live Protocol Header Checksum
Source IP Address
Options
Payload Data
Destination IP Address
32 bits
20
Bytes
ARP Process “Address Resolution Protocol”
Maps Virtual IP Address to Physical Hardware (MAC) Address
15
192.168.1.0
.1 .2 .3 .4 .5 .6 .7 .8 .9.10 .11 .12
Who Has IP Address
192.168.1.10 ?
MAC Address Is
08-3E-8E-82-A6-20
“Broadcast” ARP Request
ARP Reply
Broadcast Domain – Collision Domain
Broadcast Domain
Collision
Domain
Broadcast
Domain
Router
Switch
Hub
1000-Full 100 - Full
10 - Half
10
Half
100
Full
1000
Full
100
Full
100
Full 1000
Full
10
Half10
Half
100 – Full Capable
10
Half
Reference Network “The Network of Networks”
17
ISP
VLAN 1 VLAN 2 VLAN 3
S1 S0
FE 0
FE 0
FE 1
FE 2
FE3
Sales Engineering Production
S0 S1 S2
IPv4 Addressing Fundamentals
18
IP Addressing “Rules” • Each Network MUST Have a Unique Network ID
• Each Host MUST Have a Unique Host ID
• Every IP Address MUST Have a Subnet Mask – Implied for a Classful Network
– Explicit Stated for Classless Network
• An IP Address Must Be Unique Globally If Host on the Public Internet
19
IPv4 Address Classes
20
NETWORK HOST HOST HOST
NETWORKNETWORK
NETWORKNETWORKNETWORK
HOSTHOST
HOST
Class A
Class D
Class C
Class E
Class B
Experimental
Multicast
32 bits
8 bits 8 bits8 bits8 bits
IPv4 “Default” Mask
21
NETWORK HOST HOST HOST
NETWORKNETWORK
NETWORKNETWORKNETWORK
HOSTHOST
HOST
Class A
Class C
Class B
8 bits
16 bits
Default Mask: 255.0.0.0
Default Mask: 255.255.255.0
Default Mask: 255.255.0.0
24 bits
16 bits
8 bits24 bits
Classful IP Addressing
1 - 126 128 - 191 192 - 223First Octet Range
Mask
Host Bits
Network Bits
Available Hosts/Network
Available Networks
Network Range
Class B Class C
1.0.0.0 – 126.0.0.0
126
16,777,214
8
24
255.0.0.0
128.0.0.0 – 191.255.0.0
16,384
65,534
16
16
255.255.0.0
192.0.0.0 – 223.255.255.0
2,097,152
254
24
8
255.255.255.0
2-Part IP Address
23
192
32 bit IP Address
1100000010101000110010011111110
168 100 254
11000000 10101000 1100100 11111110
Subnet
Mask
Determines
Network
Address
Host
Address
Octet 1 Octet 2 Octet 3 Octet 4
4 Bytes
Determining the Class
24
Octet 1 Octet 2 Octet 3 Octet 4
0
Octet 1
1 0
Octet 1
1 01
Octet 1
Class A 1 - 126
Class C 192 - 223
Class B 128 - 191
IPv4 Address
Doted – Decimal Notation
192.168.100.254
or
32 bits Binary Representation
Leading Bit Patterns Indicated the Class
Private vs Public IP Addresses
• RFC 1918 Established “Private” Address Space – Class A: 10.0.0.0 to 10.255.255.255
– Class B: 172.16.0.0 to 172.31.255.255
– Class C: 192.168.0.0 to 192.168.255.255
• Key Points: – Private IP Addresses Are NOT Routable Outside the Local Network
– Widely Used in Home & Industry Networks
– May Be Translated With NAT At An Edge Router
• Map Private Address Space to Public Address Space
25
VLSM RFC 1009
• Variable Length Subnet Masking (VLSM)
– Host Addressing & Routing Inside a Routing Domain
– Allowed “Classless” Subnetting • Mask Information is Explicit – Must Be Specified
– Allows More Efficient Use of Address Space – Taylor Address Space to Fit Network Needs
– Allows You to Subnet a Subnet • Subnetting “Borrows” Host Bits to Create More Networks
26
VLSM
Allows Mask
To Be Moved
CIDR
RFC 1517, 1518, 1519, 1520
• Classless Interdomain Routing (CIDR)
– Class System No Longer Applies
– Routing Between Routing Domains
– Allows “Supernets” To Be Created
• Combining a Group of Class C Addresses Into a Single Block
– CIDR Notation (slanted notation): 172.16.1.1 /16
27
Mask:
11111111.11111111.00000000.00000000
255.255.0.0
IP Address Mask Formats
28
Classful Addressing: 165.95.240.136 (Implied Mask 255.255.0.0) VLSM Addressing: 165.95.240.136 255.255.255.192 (Explicit Mask 255.255.255.192) CIDR Notation : 165.95.240.136 /26
Number of Mask Bits
1 1
The IP Address Subnet Mask “VLSM” - Each IP Address Must Have a Subnet Mask to Define the Network and the Host
32 Bit Address & Subnet Mask Format
Expressed in Decimal as (4) 8-bit Octets using “Doted Decimal Notation”
IP Address: 192.168.1.100 /26
192.168.1.100 /26 or 255.255.255.192
11000000.10101000.00000001.01100100
11111111.11111111.11111111.11000000
Network Host
Special Use “Reserved” IPv4 Address Space RFC 5735
• 0.0.0.0/8 Network Address “This Network or Wire Address”
• 10.0.0.0/8 Private IP Address Space (RFC 1918)
• 127.0.0.0/8 Loopback Address
• 169.254.0.0/16 IETF Zero Configuration Address Space (RFC 3927)
• 172.16.0.0/16 Private IP Address Space (RFC 1918)
• 192.168.0.0/16 Private IP Address Space (RFC 1918)
• 224.0.0.0/4 Multicast Address Space
• 240.0.0.0/4 Experimental Address Space
• 255.255.255.255/32 Broadcast Address
30
The IPv4 Loop Back Address
• What is Special About 127.0.0.1 ?
– Actually Any 127.0.0.0/8 Address Works OR the Range of 127.0.0.1 to 127.255.255.255
• Known as a “Loop-Back” Address
• Useful For:
– Test Local IP Stack and Network Adapter Test
– May Be Used by Client-Server Ap on Host
31
Public vs Private: Integrating NAT
32
Network Address Translation – NAT RFC 3022
33
Inside
Network
(private)
Outside
Network
RFC 1918
Addressed Hosts
Public
Address
Space
(Usually)
Gateway Router
w/ NAT Services
• NAT Allows a Host Without a Valid Public IP Address to Communicate With a Host That Has a Public IP Address
• HOW?
– Simply Changes the IP Addresses as Packet Passes Through the NAT Device
• WHY?
– Conserve Public IP Address Space
– Security by Obscurity (hide actual host IP address)
NAT • Types of NAT:
– Static – One-to-One Translation
– Dynamic – Pool of Public Addresses Made Available to Outbound Traffic Client Traffic
– NAT Overloading or Port Address Translation (PAT) – Translates to a Single Public IP by Use of a Unique Port Number
• NAT Addressing Terminology: – Inside Local or Inside Private
– Inside Global or Inside Global
– Outside Global or Outside Public
– Outside Local or Outside Private
34
Inside
Network
(private)
Outside
Network
Gateway Router
w/ NAT Services
Inside Local
Inside Global
Outside Local
Outside Global
In General:
Inside Addresses Are Local
Global Addresses Are Public
Static NAT
35
10.0.0.2 /24
Gateway
Router
w/ NAT Services
10.0.0.2 mapped to 128.194.247.2
10.0.0.3 mapped to 128.194.247.3
10.0.0.4 mapped to 128.194.247.4
10.0.0.3 /24
10.0.0.4 /24
128.194.247.2 mapped to 10.0.0.2
128.194.247.3 mapped to 10.0.0.3
128.194.247.4 mapped to 10.0.0.4
Public Network Space
Private Network Space
10.0.0.2 128.194.300.2 Payload 128.194.247.2 128.194.300.2 Payload
128.194.300.2 /24
Source IP Address Changed by NAT
Simple Layer 3 Packet
128.194.247.2 10.0.0.2 Payload 128.194.300.2 128.194.247.2 Payload
Simple Layer 3 Packet
Source IP Destination IP
Destination IP Address Changed by NAT
Source IP Destination IP
128.194.247.0 /2410.0.0.0/24
Dynamic NAT
36
10.0.0.2 /24
Gateway
Router
w/ NAT Services
10.0.0.3 /24
10.0.0.4 /24
Public Network Space
Private Network Space
Pool Of
AVAILABLE
Public
IP
Addresses
10.0.0.2 128.194.247 10
NAT Table
IP Address Chosen from
Pool of Public IP Addresses:
128.194.247.2 – 128.194.247.14
Dynamic Entry Remains if Traffic Flows (timeout)
Common to Have More Private Hosts Than Public IP Address Space
NAT Overloading or – PAT Port Address Translation
Single Address NAT / Port-Level Multiplexed NAT
37
10.0.0.2 /24
Gateway
Router
w/ NAT Services
10.0.0.3 /24
10.0.0.4 /24
Public Network
Space
Private Network
Space
128.194.247.10
10.0.0.2:1024 128.194.247.10:1024
NAT Table
Inside Local Inside Global
10.0.0.3:1026 128.194.247.10:1026
10.0.0.4:1028 128.194.247.10:1028
Source Address
&
Port
Destination
Address
&
Port
NAT Drawbacks!
• Accountability Limited Globally
– Multiple Internal Hosts Share Global IP Address
• Breaks IP Concept of End-End Connectivity
• Complicates Process of Allowing a Global IP Host to Establish Session With an Internal Host
38
Subnetting for Performance,
Security, & Policy
39
The Flat Network
40
192.168.1.0
.1 .2 .3 .4 .5 .6 .7 .8 .9.10 .11 .12
The Hierarchical Network
41
192.168.1.0
192.168.1.0 /26
192.168.1.64 /26
192.168.1.128 /26
Subnets
Switch 1
Switch 2
Router A Router B
How Many Networks (subnets) Are Shown?
Network 1
Network 3
Network 2
IP Addressing / Subnetting • Classless IP Addressing Has Replaced Class-Full Addressing !
• Why Subnet?
– Allows Flexible Network Design
– Efficient Use of IP Address Space
• Dividing Networks Into the “Right” Size
– Performance
• Create “Smaller” Broadcast Domains
– Enhance Routing Efficiency – Reduce Routing Table Size
– Network Management Policy and Segmentation
• Grouping Hosts by Function or Purpose
• Grouping Hosts by Ownership
• Grouping Hosts Geographically
– Job Security for Network Engineers!
43
Subnetting Basics An IP Address Must Have a Subnet Mask
• The Subnet Mask Identifies the Boundary Between Network and Hosts
• “Subnetting” Simply Moves the Boundary! – Moves Boundary to the Right
– IP Address Subnetting Applies to All Classes
– Boundary Position Determined by the Subnet “Netmask”
• Expressed in Several Forms: – Doted Decimal Notation (same as IP address)
– Slash Notation (also known as CIDR notation)
44
IP Address 165.95.240.100 with Netmask of 255.255.255.0
OR
165.95.240.100 /24
IP Address Block Size Understanding the Power of 2: 2n
45
2n
128
64
32
16
8
4
2
1 LSB
What You Need To Know About a Network?
• Network Address?
• Broadcast Address?
• IP Address Range? – Range of Useable Addresses
• Subnet Mask?
• Default Gateway Address?
46
Where is the Default Gateway
47
ISP
VLAN 1 VLAN 2 VLAN 3
165.95.240.100/25
S1 S0
35
Hosts
Sales
17
Hosts
Engineering
27
Hosts
Production
1 3
Default Gateway
VLAN 3 Interface IP Address
Default Gateway
VLAN 1 Interface IP Address
IP Address Subnetting Charts
48
Subnet Calculation Tools
49
Reference Network “The Network of Networks”
50
ISP
VLAN 1 VLAN 2 VLAN 3
S1 S0
FE 0
FE 0
FE 1
FE 2
FE3
Sales Engineering Production
S0 S1 S2
Developing an IP Addressing Plan
51
Hints for Subnetting
52
128 1248163264
128 255254252248240224192VLSM
Mask
Block
Size
/25 /32/31/30/29/28/27/26 CIDR
4th
Octect
AND
0 00
0 01
1 00
1 11
OR
0 00
0 11
1 10
1 11
Remember George Boole
53
IP Addressing Reverse Engineering “A Useful Troubleshooting Tool”
• Verifying Proper Subnet Configuration When Given an IP Address and Subnet Mask – Determine Subnet Address Range
– Determine “Assignable” IP Addresses
– Determine Broadcast Address
• Subnetting When Given A Network Requirement
• Subnetting When Given A Host Requirement
54
You Are Provided:
IP Address / IP Mask
55
56
57
ISP
VLAN 1 VLAN 2 VLAN 3
165.95.240.100/25
S1 S0
FE 0
FE 0
FE 1
FE 2
FE3
35
Hosts
Sales
17
Hosts
Engineering
27
Hosts
Production
S0 S1 S2
Network: 165.95.240.0
Broadcast: 165.95.240.127
Useable Range (126 hosts):
165.95.240.1 - 126
58
32
32
64
59
Subnet Number:
Broadcast IP Address:
First IP Address:
Subnet Mask:
Last IP Address:
192.168.100.0
255.255.255.192
192.168.100.62
192.168.100.63
192.168.100.1
Subnet Number:
Broadcast IP Address:
First IP Address:
Subnet Mask:
Last IP Address:
192.168.100.64
255.255.255.224
192.168.100.94
192.168.100.95
192.168.100.65
Subnet Number:
Broadcast IP Address:
First IP Address:
Subnet Mask:
Last IP Address:
192.168.100.96
255.255.255.224
192.168.100.126
192.168.100.127
192.168.100.97
What additional IP configuration information is required to configure
hosts on this network?
Default Gateway
Summary & Takeaways
60
Takeaways: • IP Addressing: Virtual Layer 3 Address
• An IP Address Contains Two Parts: – Network Identification
– Host Identification
• Each IP Address Has a Subnet Mask: – Implied for Classful Network
– Stated for Classless Network
• Recognize Classes of IPv4 Addresses, but Realize That VLSM Used Extensively Today!
• Private Addresses are NOT Routable on the Global Internet
• NAT Utilized to Translate Between Private & Public Addresses
• Subnetting Allows More Networks to Be Created: – Networks Bits Are “Borrowed”, But Result is Less Hosts per Network
61
IP Addressing Best Practices “The Rules”
• Each Network MUST Have a Unique Network ID
• Each Host MUST Have a Unique Host ID
• Every IP Address MUST Have a Subnet Mask
• Design Hierarchical Networks
• Segment Networks for: – Security
– Performance
– Manageability
• Subnet for Optimum IPv4 Address Space Utilization
• Remember IPv4 Block Sizes: 2n (n= # of bits)
62
2n
128
64
32
16
8
4
2
1
Plus Bonus Material CBNE Study Topics:
IPv6 Basics
63
IPv6 Address Space IETF - RFC 2460
IPv6 Provides Expanded IP Address Space 2128 =
340,282,366,920,938,463,463,374,607,431,768,211,456 (three hundred forty UNDECILLION addresses)
3.4 x 1038
• But, IPv6 is More Than Expanded Address Space:
– An Opportunity to Re-Engineer IPv4 • Improved Support for Multicasting, Security, & Mobile Aps
• Multiple Addresses per Interface
• Host Auto-Configuration Capability
• Security Incorporated
• MTU Discovery Incorporated
• Traffic Engineering Provisions Incorporate
The IPv6 Address
128-Bit Address Binary Format: 001001100000011110111000000000001111101010100000000000110010000110010101100110001000011110111100010010000010100011110001
Subdivide Into Eight (8) 16-bit Groups: 0010011000000111 1011100000000000 0000111110101010 0000000000000011 0010000110010101 1001100010000111 1011110001001000 0010100011110001
Convert Each 16-bit Group to Hexadecimal: (separate with a colon)
2607:b800:0faa:0003:2195:9887:bc48:28f1 2607:b800:faa:3:2195:9887:bc48:28f1
IPv6 Address Types
• Unicast – One-to-One Mapping – Global Unicast Address
– Unique-Local Unicast Address (non-Routable or Private)
– Link-Local Unicast
• Multicast – One-to Many Mapping – Multicast Groups Established
• Anycast – One-to-Nearest Mapping – Packets Are Delivered to the “Closest, Nearest, or Lowest-Cost”
Interface • Global Anycast
• Site-Local Anycast
• Link-Local Anycast
66
Why IPv6? • Reduction of Dependency Upon IPv4 Address Space for Growth
• Restores the End-End Communications Path Model of the Global Internet
• Enhances Overall Routing Efficiency
• Improved Security Increases Security and Confidentially
IPv4 and IPv6 Comparison Summary
IPv4 Developed: 1973-1977
Deployed: 1981
232 or 4.3 Billion Addresses
“More Than Anyone Could Possibly
Use”
Address Based Assignment Unit /32
IPv6 Developed: mid 1990’s
Deployed: 1999
2128 or 340 Undecillion Addresses
“More Than Anyone Could Possibly
Use”
Network Based Assignment Unit /64
An Ipv6 Address You Can Remember
The IPv6 Loopback Address
::1 Summarized from: 0:0:0:0:0:0:0:1
Further Study:
70
Web Reference Sources: • RFC Documents:
– www.rfc-editor.org
• Subnet Calculation Tools:
– www.subnet-calculator.com
– www.solarwinds.com/products/freetools/free_subnet_calculator.aspx
– iPhone / iPad Aps: (iTunes Store): Numerous Choices
My Favorite: The MASK
• IP Address Subnet Block Size Chart:
– https://www.arin.net/knowledge/cidr.pdf
– http://packetlife.net/media/library/15/IPv4_Subnetting.pdf
• IP Subnetting – Cisco Networkers “Magic Box” Tutorial:
https://learningnetwork.cisco.com/docs/DOC-5893
71
Web Reference Sources continued…….
Cisco IP Subnetting Game:
https://learningnetwork.cisco.com/docs/DOC-1802
72
73
Thank You for Attending!
Wayne M. Pecena Texas A&M University [email protected] [email protected] 979.845.5662
74
? Questions ?
76