Advanced IP Addressing Management
This lecture will cover the following points:
IPv4
Classful Addressing
Subnetting
IP Addressing Crisis
Classless Interdomain Routing CIDR
Route Aggregation and
Supernetting
Supernetting
and Address Allocation
Variable Length Subnet Masking VLSM
Classless
and
Classful Routing Protocols
Route Summarisation
Overview
Route Flapping
Private IP Addresses
Discontiguous Subnets
Network Address Translation
IP Unnumbered
DHCP Overview
DHCP Operation
Configuring a DHCP Pool
Easy IP
Configuring IP
Helper Addresses
IP Helper Address Example
IP Address Issues &
Solutions
IPv6 Address Format
Summary
IPv4
IPv4 is a 32-bit number that describes the network and host identity of
a particular interface on a network. Often seen as dotted decimal.
Networks today are becoming classless in terms of IP addressing schemes
and ignoring the older convention of classful addressing. This is to
overcome the wastage of IP addresses by the classful system and also to
help keep router lookup tables shorter by employing address aggregation
wherever possible. this is helping to keep IPv4 from running out
completely before IPv6 is introduced globally.
Classful Addressing
There are 5 main classes of addresses, A, B, C, D, and E. A, B and C
are used fopr general purpose addressing. Class D addresses (224.0.0.0
to 239.255.255.255) are used for multicasting e.g. EIGRP, OSPF, RIPv2
multicasts (see multicast addresses).
Class
E addresses (240.0.0.0 to 255.255.255.254) are used for
experimental purposes, not for host addressing.
Class A addresses have over 16 million possible host addresses
and need to be subnetted to be of any use.
Class B addresses have 65534 addresses and also will need to be
subnetted.
Class C addresses may need to be subnetted to suit the organisation.
Subnet Masking
See RFC 950. Express the dotted decimal IP address as a binary number.
work out which part of the address relates to the network and which
part relates to the host. Write the subnet mask directly below the
binary version of the IP address.Use 1s for the network and 0s for the
host identity. This will give the subnet mask for that host. Convert
back to dotted decimal.
If a subnet mask is specified on a router, it forces the router to
ignore the classful addressing scheme.
IP Addressing Crisis
Mathematically it can be shown that 50% of IPv4's address space is
taken up by class A addresses, class B 25%, class C 12.5%, classes
D&E 12.5%. Class A occupies addresses 1.0.0.0 to 126.0.0.0 giving
126 organisations the chance to have 16 million plus addresses - not
very likely. Class B offers 16384 companies the chance to have 65534
addresses. Class C offers more addresses but each is limited to 254
hosts.
The IETF published two significant findings in 1992:
1. Exhaustion of IPs - class B almost gone
2. Class C will overload Internet core routers if completely
allocated.
The solution was to retool IPv4 while waiting for IPv6 to be designed
and implemented. IPv6 addresses have 128 bits. One significant solution
for the interim was to introduce PAT - port address translation
otherwise known as NAT with Overloading.
CIDR
CIDR was introduced in 1994 - see RFCs 1517, 1518, 1519, 1520. It
improved the scaleability of IPv4 by:
- Replacing classful addressing with classless
- Enhancing address aggregation otherwise known as
supernetting or route summarisation
- Supernetting - this combines a set of contiguous IP
addresses into one single IP address and a subnet mask.
Route
Aggregation and Supernetting
Supernetting is the same as route aggregation. For instance a
contiguous set of IP addresses in a routing table such as:
155.24.0.0 /16
155.25.0.0 /16
155.26.0.0 /16
155.27.0.0 /16
155.28.0.0 /16
155.29.0.0 /16
155.30.0.0 /16
155.31.0.0 /16
Can be reduced to one entry of 155.24.0.0 /13
Work this out by writing the addresses in binary one above the other as
shown:
10011011.00011000.00000000.00000000
10011011.00011001.00000000.00000000
10011011.00011010.00000000.00000000
10011011.00011011.00000000.00000000
10011011.00011100.00000000.00000000
10011011.00011101.00000000.00000000
10011011.00011110.00000000.00000000
10011011.00011111.00000000.00000000
Note that the first 13 bits are identical and only the last (32 - 13)
19 bits differ. Therefore we can express the whole set of addresses as:
10011011.00011000.00000000.00000000 /13
or 155.24.0.0 /13
The usefulness of this is that an ISP can allocate a contiguous address
space to a company and then aggregate all of these addresses into one
address to advertise to the Internet.
Supernetting and
Address Allocation
Suppose a company requires 400 host addresses, a single class B address
would waste over 16000 addresses. This could be solved by using 2 class
C addresses, giving 508 host addresses. Assume that the company needs
to route between the two networks. Internet routers would require 2
routing table entries for the company. The solution is to go classless
and use supernetting. Here we would use CIDR and request the address
block from the ISP. The ISP takes on the burden of managing its address
space. Internet routers keep summary routes (supernet routes) to ISP
networks. It is then the responsibility of the ISP to keep the routes
to its own customers. This keeps Internet routing tables much smaller.
Example
207.21.54.0 /24 is 11001111.00010101.00110110.00000000
207.21.55.0 /24 is 11001111.00010101.00110111.00000000
As in the previous example, the first 23 (highlighted) bits are the
same. This gives one supernetted address of 207.21.54.0
/23
In the above figure, the ISP has a block of 256 class C addresses and
allocates 2 of them to the company as shown. The ISP will use its
router to hold details of its customers and takes the responsibility of
routing packets to the correct destination. The ISP will only advertise
its set of addresses 207.21.0.0 /16 back to the Internet.
From this example it can be seen that CIDR gives efficient allocation
of addresses leading to a reduced number of routing table entries.
VLSM
This is sometimes known as subnetting a subnet. Suppose we have a
company with 6 departments. We could divide a class C address up to
suit this. Consider borrowing 3 bits from the host section of a class C
address. /27 creates 8 subnets. This would waste addresses on serial
links as these only require 2 addresses so we have 3 choices to prevent
this:
- Use VLSM with a subnet mask of /30. This produces subnets
with 4 addresses each. First and last are unusable being the network or
wire address and the broadcast address, leaving 2 host addresses
- Use private addressing
- Use IP unnumbered
If we are splitting subnets, use 'no auto-summary' command with
RIPv2 and EIGRP to ensure that subnet masks are sent along in the
packets.
Classless
and Classful Routing Protocols
In order to make use of classless addressing, it is necessary to send
the subnet mask along with routing updates. The following table shows
the protocols that are suited to classless addressing.
Classful
|
Classless
|
RIPv1
|
RIPv2
|
IGRP
|
EIGRP
|
EGP
|
OSPF
|
BGP3
|
ISIS
|
|
BGP4
|
RIPv1 carries no subnet mask, has no authentication and broadcasts
its updates on 255.255.255.255.
RIPv2 (RFC 1723) carries subnet mask, has authentication and multicasts
its updates on 224.0.0.9.
To implement this use the command
router(config)#router
rip
router(config)#version
2
Route Summarisation
Overview
CIDR and VLSM promote route aggregation (summarisation). To make best
use of this use EIGRP or OSPF as the routing protocol.
These techniques will help keep routing table entries down upstream of
these networks. The above figure illustrates that the entire addressing
scheme of the 3 rightmost routers can be advertised back to the
Internet as one single address of 192.168.48.0 /20.
Route Flapping
This is a fault when a router interface repeatedly goes up and
down. Without summarisation, a network e.g. 192.168.56.0 /24 can flap
and would burden its upstream router with updates. The route would
repeatedly enter and then be removed from the routing table. this route
would then be reported as reachable then unreachable to other routers
further upstream.
Summarisation keeps flapping isolated and localised.
Private IP Addresses
(RFC 1918) These are sets of addresses that are not routed (by policy)
on the Internet backbone and are discarded.
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
These addresses can be used on router serial interfaces on the Internet
because they are neither source nor destination addresses. Packets can
travel through links having private addresses. Use of private addresses
saves using up globally unique addresses.
disadvantage: Cannot use ICMP, SNMP or TELNET for contacting these
addresses. It is necessary to contact unique LAN addresses.
Discontiguous Subnets
This occurs when subnets from one major network are separated by a
completely different network or subnet.
RIPv1 and IGRP cannot deal with this situation. Updates sent from B to
A have no subnet information so B is seen as a route to 207.21.24.0 /24
but A is already connected to 207.21.24.0 /27 so rejects the route.
RIPv2 and EIGRP both perform automatic summarisation on classful
boundaries. This is not always desirable especially in discontiguous
subnets. Use the following command to disable automatic summarisation
for RIPv1 and EIGRP
Router(config-router)#
no
auto-summary
If private addresses are used on Internet-connected networks, packets
and routing updates should be filtered to avoid leaking RFC 1918
addresses between ASs. If two adjacent systems used addresses from
192.168.0.0 /16, routers would get confused with updates from both
systems.
Network Address
Translation
See RFC 1631. This technology swaps one IP address for another across a
NAT device e.g. a UNIX system or a router. This is used on stub
networks only. NAT can be static when an inside resource e.g. web
server needs to be accessed from outside or dynamic where addresses for
inside hosts are allocated automatically. This works on a 1 to 1 basis.
Port Address Translation, PAT allows many inside local addresses to map
to one global IP address. This can also be known as Many to 1 NAT or
Overloading. TCP and UDP port numbers are mapped to keep track of
inside local addresses.
Inside local addresses are stored with the same port and a global IP
address is chosen plus a new spare port. These can be re-mapped when a
response is received.
Using IP Unnumbered
VLSM and private addresses cannot be supported by RIPv1 nor IGRP. IOS
allows IP unnumbered and this can be used with classful routing.To
operate, the IP address of another interface or a loopback interface is
borrowed.
To implement:
Give E0 an IP number. Now go to int S1 &
type:
ip unnumbered e0
Then do the same operation on the other end of the serial link.
This only works if:
- The interface is serial AND connected point to point
- We use the same major network and same mask OR different
major networks with no subnetting
Drawbacks:
- no ping can be made to the serial interface
- no booting of IOS image over unnumbered interface
- IP security options are not supported on unnumbered
interfaces
The LAN address is 'borrowed' and applied to the WAN interface.
DHCP Overview
DHCP is used to configure desktop clients. IOS offers EasyIP, a
combination of DHCP and NAT.
DHCP leases IP addresses to a client. On expiry, client makes another
request and usually gets the same number. NT/ 2000/ 2003 server or
UNIX/ LINUX are used for DHCP but IOS offers DHCP. The IOS version
gives a default address lease life of 24 hours. These addresses are
chosen form a specified pool of addresses.
The DHCP server in IOS can also supply:
- DNS server address
- WINS server address
- Default gateway
- Domain Name
DHCP allows the ability to specify MAC addresses of clients and
assign the same number each time (in the case of a server).
DHCP uses UDP ports 67 and 68 (the same ports as BOOTP) see RFC 951.
DHCP Operation
At boot, the client broadcasts a DHCPDISCOVER on UDP 67 and any DHCP
server listening will reply with a DHCPOFFER on UDP 68. The client
replies to the first DHCPOFFER that it receives. The DHCPREQUEST is
broadcast to let all other DHCP servers know which offer was accepted
by the client. The DHCP server then checks the availability of the
given address with a default of 2 pings to that address. Finally a
DHCPACK is sent back to the client by the DHCP server that issued the
address.
DHCP has 2 major mechanisms:
1. A protocol to deliver configuration parameters to hosts
2. A mechanism to allocate addresses to hosts
There are 3 main methods to assign IP addresses to hosts:
1. Automatic - Permanent and assigned by DHCP
2. Dynamic - DHCP leases an address
3. Manual - Administrator defines an address for the client -
DHCP just delivers it
To turn on DHCP on a router use the command:
dhcp service
To get to DHCP pool configuration mode, use:
ip dhcp pool {name} - where name defines the pool purpose
e.g.engineering
Manual bindings are possible. IP addresses are mapped to MAC addresses
of hosts in the DHCP database. Manual bindings are stored in NVRAM.
Configuring a DHCP Pool
DHCP is enabled by default. It can be toggled with
[no] service dhcp
Set up a DHCP pool and give it a meaningful name.
Specify the network
Return to global config and exclude addresses if the need arises (for
servers etc).
Example
ip dhcp pool
engineering
network
192.168.1.0 255.255.255.0
exit
ip dhcp
excluded-address 192.168.1.1 192.168.1.10 (for the use of servers etc)
Set up DNS and NBNS and Default Gateway
ip dhcp pool
engineering
dns-server {address 1 address 2 ...}
netbios-name-server
{address 1 address 2 ...}
default router {address}
domain-name {domain} e.g.
eng lease [days[hours[minutes]| infinite]
Note that up to 8 dns and netbios server addresses can be specified
Useful commands to use with DHCP
The following show commands can be useful when troubleshooting
DHCP:
show ip dhcp
binding [address] gives a list of bindings
show
ip dhcp conflict [address] gives a list of address
conflicts
show
ip dhcp database [url]
shows recent activity
show
ip dhcp server statistics gives detailed
statistics for DHCP server and sent and received messages
Easy IP
This uses DHCP itself to obtain a single WAN address from the ISP. Uses
NAT Overload on router inside private LANs. Allows for 'plug-and-play'
routing.
Using IP Helper Addresses
A router does not forward broadcasts by default. Broadcasts are used to
locate TACACS+ (an authentication server), DHCP, DNS, TFTP servers.
This means one of these servers per subnet unless IOS Helper Address is
enabled.
Use the command:
ip helper-address
This relays broadcast messages for key UDP services across the router.
Can be used to send a unicast to a certain IP address OR forward a
directed broadcast to a specific network or subnet.
This technology increases packet duplication which reduces router and
network performance in networks with redundancy.
UDP flooding should be used here if 2 routers connect to the same
network. 1 is used for UDP broadcasts, 2 is used for UDP unicasts.
UDP flooding is more efficient than IP Helper.
Configuring IP
Helper Addresses
Identify the router interface that will receive UDP broadcasts e.g.
int f0/0
ip
helper-address [address]
Now specify the UDP broadcasts that will be forwarded
ip
forward-protocol udp 53
This allows DNS broadcasts to be forwarded.
There are 8 ports that can be specified:
Time
37
TACACS+
49
DNS
53
BOOTP & DHCP Server 67
BOOTP & DHCP Client 68
TFTP
69
NBNS
137
Netbios Datagram Service 138
If a service is required that is not in the list, use the following
(e.g. for UDP on port 517)
ip
forward-protocol udp 517
We can also subtract a service by using the no form of the
above command, e.g.
no ip
forward-protocol udp 37 (stops time broadcast
forwarding)
IP Helper Address Example
A unicast helper-address will not be useful if Host A wants more than
one service from the server farm.
A directed broadcast to 172.24.1.255 is required.
To get to the TACACS+ server, use ip helper address
172.16.1.2.
Check int E3 for Directed Broadcast Forwarding - it may be disabled. If
so:
int E3
ip
directed-broadcast
IP Address Issues &
Solutions
There are several problems associated with IPv4
depletion of addresses especially class B
Growth of routing tables on the Internet
Solutions that have been proposed are:
Subnetting 1985
VLSM 1987
CIDR 1993
But none of these can save IPv4. Mobile devices and household
appliances will cause the available addresses to run out.
Solution is IPv6 with 128-bit addresses. IPv6 will address the issues
of address depletion, QoS, address autoconfiguration, authentication
and security.
As long as IPv4 is viable, IPv6 will be kept away as it requires new
hardware, software and administration methods.
See http://www.ipv6.org
IPv6 Address Format
See RFC 1884 & RFC 2373
These addresses will be written in Hex e.g.
1080:0000:0000:0000:0008:0800:200C:417A
Instances of repeated 0s can be removed, but BEWARE, only one set of
repeated 0 fields may be omitted otherwise the original address cannot
be recovered.
1080:0:0:0:0008:0800:200C:417A can be shortened to:
1080:: 8:800:200C:417A
IPv6 addresses are 128 bit identifiers for interfaces and sets of
interfaces, not nodes.
There are 3 types of addresses:
Unicast - sent to ONE interface
Multicast - defines a set of interfaces to send to
Anycast - delivers to the first or nearest interface in an anycast group
There is a hierarchy in IPv6 addresses
Public Topology - a collection of providers that supply Internet
connectivity
Site Topology - local to an organisation that does not provide
connectivity to nodes outside itself
Interface Identifier - level specific to a node interface
bits
|
3
|
13
|
8
|
24
|
16
|
64
|
Name
|
FP
|
TLAID
|
RES
|
NLAID
|
SLAID
|
Interface ID
|
FP defines the type of address, UNICAST, MULTICAST, ANYCAST (e.g. 001
is UNICAST)
TLAID - Top Level Aggregation ID - identifies the authority responsible
for address at the highest level of the routing hierarchy
RES - reserved for growth of TLAID or NLAID as growth continues
NLAID - Next Level Aggregation ID - identifies
ISPs
SLAID - Site Level Aggregation ID - used by an organisation
to create an addressing hierarchy and identify subnetworks
Interface ID - identifies individual interfaces on a link. Derived from
IEEE EUI-64.
IPv6 also offers RFC 1918 addresses for local use only.
Summary
Subnet Masks, VLSM, Private Addressing and NAT technologies have been
introduced to extend the life of IPv4 as long as possible before IPv6
has to be introduced.
Aggregation of addresses can help to simplify upstream router tables.
NAT and DHCP are offered by IOS so that these services may be provided
without a standalone server. NAT gives the ability to swap IP addresses
at a boundary so that private addresses may be used within a stub
network.
IOS also provides the mechanism of IP Helper Address to forward UDP
broadcasts to servers on different subnets.
IPv6 addresses are 128 bits and contain fields to identify the type of
traffic and Top, Next and Site Level IDs.