Professional Documents
Culture Documents
Enterprise Network
1
Objectives
Analyze the features and benefits of a hierarchical IP
addressing structure.
Plan and implement a VLSM IP addressing scheme.
Plan a network using classless routing and CIDR.
Configure and verify both static and dynamic NAT.
2
Features & Benefits of a Hierarchical IP Addressing Structure
Implementing switches reduces the number of collisions that occur within a
local network. However, having an all-switched network often creates a
single broadcast domain. In a single broadcast domain, or flat network, every
device is in the same network and receives each broadcast. In small
networks, a single broadcast domain is acceptable.
With large numbers of hosts, a flat network becomes less efficient. As the
number of hosts increases in a switched network, so do the number of
broadcasts sent and received. Broadcast packets take up a lot of bandwidth,
causing traffic delays and timeouts.Two solutions:
–Create VLANs
–Use routers in a hierarchical network design
3
Features & Benefits of a Hierarchical IP Addressing Structure
A hierarchical addressing structure logically groups
networks into smaller subnetworks
Classful network address in the Core Layer
Successively smaller subnets in the Distribution and
Access Layers
Route Summarization
4
Features & Benefits of a Hierarchical IP
Addressing Structure
Use subnetting to subdivide a network based on:
Physical location or logical grouping
Application and security requirements
Broadcast containment
Hierarchical network design
5
Features & Benefits of a Hierarchical IP
Addressing Structure
6
Plan / Implement a VLSM Addressing Scheme
Subnet mask: 32-bit value
Slash notation (CIDR Notation)
Distinguishes between network and host bits
Can vary in length to accommodate number of hosts on
LAN segment
7
Subnet Mask
The subnet mask indicates whether hosts are in the
same network. The subnet mask is a 32-bit value that
distinguishes between the network bits and the host
bits. It consists of a string of 1s followed by a string
of 0s. The 1 bits represent the network portion and the
0 bits represent the host portion.
9
Purpose of an IP Address and Subnet Mask
When one host needs to communicate with another,
it determines its network address and the
destination network address by applying its subnet
mask to both its IPv4 address and to the
destination IPv4 address. This is done to determine
if the two addresses are on the same local network.
10
Plan / Implement a VLSM Addressing Scheme
Boolean ANDing compares bits in host address to bits
in subnet mask
1 and 1 = 1
1 or 0 and 0 = 0
Resulting value is network address
11
Plan / Implement a VLSM Addressing Scheme
Steps in basic subnetting:
Borrow bits from the host side
Add them to the network side
Change mask to reflect additional bits
12
Plan / Implement a VLSM Addressing Scheme
13
Implementation of IP Addressing in the LAN
14
Implementation of IP Addressing in the LAN
Five host bits mean that there can be 30 hosts per subnet, or 2^5 - 2.
Remember that the all-zeros and all-ones host addresses are reserved for the
network designation and the broadcast address.
15
Plan / Implement a VLSM Addressing Scheme
16
VLSM Addressing Scheme
Variable Length Subnet Masks (VLSM) provide for
efficient use of address space. It also allows for
hierarchal IP addressing which allows routers to take
advantage of route summarization. Route
summarization reduces the size of routing tables in
distribution and core routers. Smaller routing tables
require less CPU time for routing lookups.
VLSM is the concept of subnetting a subnet. It was
initially developed to maximize addressing efficiency.
With the advent of private addressing, the primary
advantage of VLSM now is organization and
summarization.
17
VLSM
Benefits of VLSM:
Allows efficient use of address space
Allows the use of multiple subnet mask lengths
Breaks up an address block into smaller blocks
Allows for route summarization
Provides more flexibility in network design
Supports hierarchical enterprise networks
18
Plan / Implement a VLSM Addressing Scheme
Benefits of Variable Length Subnet Masks (VLSM):
Flexibility
Efficient use of address space
Ability to use route summarization
19
Plan / Implement a VLSM Addressing Scheme
20
Implement a VLSM Addressing Scheme
Designing an IP addressing scheme with VLSM takes
practice and planning.
21
Implement a VLSM Addressing Scheme
When implementing a VLSM subnetting scheme,
always allow for some growth in the number of hosts
when planning subnet requirements.
22
Plan / Implement a VLSM Addressing Scheme
Apply masks from largest group to smallest
Avoid assigning addresses that are already allocated
Allow for some growth in numbers of hosts on each
subnet
23
Classful and Classless Routing
Technology such as VLSM enables the classful IPv4 addressing
system to evolve into a classless system. Classless addressing has
made the exponential growth of the Internet possible.
In classful IP addresses, the value of the first octet, or the first three
bits, determines whether the major network is a Class A, B, or C.
Each major network has a default subnet mask of 255.0.0.0,
255.255.0.0, or 255.255.255.0 respectively.
24
Classful and Classless Routing
Classful routing protocols, such as RIPv1, do not include the
subnet mask in routing updates. Since the subnet mask is not
included, the receiving router makes certain assumptions.
The sending router advertises the major classful network address
only, not the subnetted address. In this case, the address
advertised is 172.16.0.0.
The receiving router assumes the default subnet mask for this
network. The default subnet mask for a class B address is
255.255.0.0.
25
Classful and Classless Routing
26
Classful and Classless Routing
Classless routing protocols that can support VLSM and CIDR
include interior gateway protocols (IGPs) RIPv2, EIGRP, OSPF,
and IS-IS. ISPs also use exterior gateway protocols (EGPs) such
as Border Gateway Protocol (BGP).
The difference between the classful routing protocols and
classless routing protocols is that the classless routing protocols
include subnet mask information with the network address
information in the routing updates. Classless routing protocols are
necessary when the mask cannot be assumed or determined by
the value of the first octet.
The sending router advertises all subnetworks with subnet mask
information.
27
Classful and Classless Routing
The sending router, by default, summarizes all of the subnets and
advertises the major classful network along with the summarized
subnet mask information. This process is often referred to as
summarizing on a network boundary. While most classless routing
protocols enable summarization on the network boundary by
default, the process of summarizing can be disabled.
When summarization is disabled, the sending router advertises all
subnetworks with subnet mask information.
28
Plan a Network Using Classless Routing
and CIDR
Classful routing Classless routing
Default subnet masks Network prefix
Class determined by first Slash (/) mask
octet
Subnet mask information
No subnet mask exchanged in routing
information exchanged in updates
routing updates
29
Plan a Network Using Classless Routing
and CIDR
Classless Inter-Domain Routing (CIDR)
Uses address space efficiently
Used for network address aggregation or summarizing
30
Creating Custom Subnet Masks
One useful tool in this address planning process is a
network diagram. A diagram allows to see the networks
and make a more accurate count.
Start with the locations that require the most hosts and
work down to the point-to-point links. This process
ensures that large enough blocks of addresses are
made available to accommodate the hosts and
networks for these locations.
Also, plan carefully to ensure that the address blocks
assigned to the subnet do not overlap.
31
Creating Custom Subnet Masks
Another helpful tool in this planning process is a spreadsheet.
Place the addresses in columns to visualize the allocation of the addresses.
This further division of the addresses is often called subnetting the subnets.
32
Subnetting a subnet
33
Subnetting a subnet
Case Study
34
Subnetting a subnet
35
Subnetting a subnet
36
Example No 1
37
Example 2
38
Implementation of IP Addressing in the LAN
A general list of improvements that IPv6 proposes are:
More address space
Better address space management
Easier TCP/IP administration
Modernized routing capabilities
Improved support for multicasting, security, and mobility
39
Route Summarisation
40
Route Summarisation
Winnipeg, Calgary, and Edmonton each have to advertise internal networks to the
main router located in Vancouver.
Without route summarization, Vancouver would have to advertise 16 networks to
Seattle.
To mitigate this problem, it is recommended to use route summarization to reduce
the burden on this upstream router.
41
Route Summarisation - Summarize Winnipeg’s
Routes
172.16.64.0 = 10101100.00010000.01000000.00000000
172.16.65.0 = 10101100.00010000.01000001.00000000
172.16.66.0 = 10101100.00010000.01000010.00000000
172.16.67.0 = 10101100.00010000.01000011.00000000
Common bits: 10101100.00010000.010000xx.xxxxxxxx
The first 22 bits of the four networks are common. the summarized
address of
172.16.64.0/22
42
Route Summarisation - Summarize Edmonton’s
Routes
172.16.72.0 = 10101100.00010000.01001000.00000000
172.16.73.0 = 10101100.00010000.01001001.00000000
172.16.74.0 = 10101100.00010000 01001010.00000000
172.16.75.0 = 10101100.00010000 01001011.00000000
172.16.76.0 = 10101100.00010000.01001100.00000000
172.16.77.0 = 10101100.00010000.01001101.00000000
172.16.78.0 = 10101100.00010000.01001110.00000000
172.16.79.0 = 10101100.00010000.01001111.00000000
Common bits: 10101100.00010000.01001xxx
For Edmonton, the first 21 bits are common.
The summarized route is therefore 172.16.72.0/21
43
Route Summarisation
45
Example
46
Plan a Network Using Classless Routing and CIDR
Classful routing results in each router advertising the major
Class C network without a subnet mask. As a result, the
middle router receives advertisements about the same
network from two different directions. This scenario is called
a discontiguous network.
Discontiguous subnets cause unreliable routing
Avoid separating subnets with a different network
47
Discontiguous networks
48
Plan a Network Using Classless Routing
and CIDR
Use routing protocols that support VLSM
Plan subnetting to complement hierarchical design
Disable auto-summarization if necessary
Update router IOS
Allow for future growth
49
VLSM Best Practices
Use newer routing protocols that support VLSM and
discontiguous subnets.
Disable auto-summarization if necessary.
Use the same routing protocol throughout the network.
Keep the router IOS up-to-date to support the use of subnet
zero.
Avoid intermixing private network address ranges in the
same internetwork.
Avoid discontiguous subnets where possible.
Use VLSM to maximize address efficiency.
Assign VLSM ranges based on requirements from the largest
to the smallest.
Plan for summarization using hierarchical network design
and contiguous addressing design.
Summarize at network boundaries.
Use /30 ranges for WAN links.
Allow for future growth when planning for the number of
subnets and hosts supported.
50
Configure and Verify Static and Dynamic NAT
RFC 1918: private IP address space - Private addresses are
available for anyone to use in their enterprise networks
because private addresses route internally, they never appear
on the Internet.
Routed internally, never on the Internet
51
Private addressing
Class A: 10.0.0.0 - 10.255.255.255
Class B: 172.16.0.0 - 172.31.255.255
Class C: 192.168.0.0 - 192.168.255.255
52
Configure and Verify Static and Dynamic NAT
Organizations create huge LANs and WANs with private
addressing and connect to the Internet using Network
Address Translation (NAT).
NAT translates internal private addresses into one or more
public addresses for routing onto the Internet. NAT changes
the private IP source address inside each packet to a publicly
registered IP address before sending it out onto the Internet.
54
Configure and Verify Static and Dynamic NAT
Static NAT maps a single inside local address to a single
global, or public address. This mapping ensures that a
particular inside local address always associates with the
same public address.
Dynamic NAT uses an available pool of Internet public
addresses and assigns them to inside local addresses.
Dynamic NAT assigns the first available IP address in the
pool of public addresses to an inside device.
The address that one internal host uses to connect to
another internal host is the inside local address. The public
address assigned to the organization is called the inside
global address.
The NAT router manages the translations between the
inside local addresses and the inside global addresses by
maintaining a table that lists each address pair.
55
Configure and Verify Static and Dynamic
NAT
Port Address Translation (PAT)
Dynamically translate multiple inside local addresses to
one public address
56
Summary
Hierarchical network design groups users into subnets
VLSM enables different masks for each subnet
VLSM requires classless routing protocols
CIDR network addresses are determined by prefix
length
Route summarization, route aggregation, or
supernetting, is done on a boundary router
NAT translates private addresses into public addresses
that route over the Internet
PAT translates multiple local addresses into a single
public address
57
Using Network Address Translation in a Network
Network Address Translation (NAT) allows a large group of private users
to access the Internet by sharing a small pool of public IP addresses.
NAT can also provide security to PCs, servers, and networking devices
by withholding their actual IP host addresses from direct Internet access.
58
Using Network Address Translation in a Network
The main advantage of NAT is IP address reuse, and the
sharing of globally unique IP addresses between many hosts
from a single LAN.
NAT also serves users transparently. In other words, they do
not need to know about NAT to get on the Internet from a
private network.
NAT helps shield users of a private network against access
from the outside.
59
Using Network Address Translation in a Network
The outside global network is any network attached to the router that is external
to the LAN and that does not recognize the private addresses assigned to hosts
on the LAN.
An inside local address is the private IP address configured on a host on an
inside network. It is an address that must be translated before it can travel
outside the local network addressing structure.
60
Using Network Address Translation in a Network
An inside global address is the IP address of an
inside host as it appears to the outside network. This is
the translated IP address.
61
Using Network Address Translation in a Network
The outside local address is the destination address of the packet while
it is on the local network. Usually this address is the same as the outside
global address.
An outside global address is the actual public IP address of an external
host. The address is allocated from a globally routable address or
network space.
62
Using Network Address Translation in a Network
One way to provide access to a local host from the Internet is to assign
that device a static address translation.
63
Static and Dynamic Nat
64
Configuration - NAT
65
Configuration – Static NAT
1. Determine the public IP address that outside
users should use to access the inside
device/server. Administrators tend to use
addresses from either the beginning or end of the
range for static NAT. Map the inside, or private
address to the public address.
2. Configure the inside and outside interfaces.
66
Configuration – Dynamic NAT
1. Identify the pool of public IP addresses
available for use.
2. Create an access control list (ACL) to identify
hosts that require translation.
3. Assign interfaces as either inside or outside.
4. Link the access list with the address pool.
67
NAT Issues
Most of the time, NAT operates invisibly.
The big issue with NAT is the additional work load necessary
to support IP address and port translations.
Some applications increase the work load of the router
because they embed an IP address as part of the
encapsulated data. The router must replace the source IP
addresses and port combinations that are contained within
the data, as well as the source addresses in the IP header.
With all this activity taking place in a router because of NAT,
its implementation in a network requires good network
design, careful selection of equipment, accurate
configuration and regularly scheduled maintenance.
Users on the outside network cannot reliably initiate a
connection to a host on a network that uses PAT. Not only is
it impossible to predict the local or global port number of the
host, but a gateway does not even create a translation unless
a host on the inside network initiates the communication.
68
Using Network Address Translation in a Network
When an organization has a very small registered IP address pool, or
perhaps even just a single IP address, it can still enable multiple users to
simultaneously access the public network with a mechanism called NAT
overload, or port address translation (PAT).
It uses an IP address and port number combination to keep track of each
individual conversation with the destination host.
In PAT, the gateway translates the local source address and port combination
in the packet to a single global IP address and a unique port number above
1024.
69
Using Network Address Translation in a Network
Since the translation is specific to the local address and local port,
each connection, which generates a new source port, requires a
separate translation.
Users on the outside network cannot reliably initiate a connection to
a host on a network that uses PAT.
70
Configuration – PAT
Configuring PAT requires the same basic steps and
commands as configuring NAT. However, instead of
translating to a pool of addresses, PAT translates to a
single address. The following command translates the
inside addresses to the IP address of the serial interface:
71
NAT and PAT Troubleshooting commands
72
Summary
73