Addressing in an

Enterprise Network

Introducing Routing and Switching in the Enterprise –

Chapter 4

1
Objectives
 Analyze the features and benefits of a hierarchical IP
addressing structure.
 Plan and implement a VLSM IP addressing scheme.
 Plan a network using classless routing and CIDR.
 Configure and verify both static and dynamic NAT.

2
Features & Benefits of a Hierarchical IP Addressing Structure
 Implementing switches reduces the number of collisions that occur within a
local network. However, having an all-switched network often creates a
single broadcast domain. In a single broadcast domain, or flat network, every
device is in the same network and receives each broadcast. In small
networks, a single broadcast domain is acceptable.
 With large numbers of hosts, a flat network becomes less efficient. As the
number of hosts increases in a switched network, so do the number of
broadcasts sent and received. Broadcast packets take up a lot of bandwidth,
causing traffic delays and timeouts.Two solutions:
–Create VLANs
–Use routers in a hierarchical network design

3
Features & Benefits of a Hierarchical IP Addressing Structure
 A hierarchical addressing structure logically groups
networks into smaller subnetworks
 Classful network address in the Core Layer
 Successively smaller subnets in the Distribution and
Access Layers
 Route Summarization

4
Features & Benefits of a Hierarchical IP
Addressing Structure
Use subnetting to subdivide a network based on:
 Physical location or logical grouping
 Application and security requirements
 Broadcast containment
 Hierarchical network design

5
Features & Benefits of a Hierarchical IP
Addressing Structure

 For example, if an organization uses a 10.0.0.0 network for the

enterprise, they might use an addressing scheme such as
10.X.Y.0, where X represents a geographical location and Y
represents a building or floor within that location. This addressing
scheme allows for:

 255 different geographical locations

 255 buildings in each location
 254 hosts within each building

6
Plan / Implement a VLSM Addressing Scheme
 Subnet mask: 32-bit value
 Slash notation (CIDR Notation)
 Distinguishes between network and host bits
 Can vary in length to accommodate number of hosts on
LAN segment

7
Subnet Mask
 The subnet mask indicates whether hosts are in the
same network. The subnet mask is a 32-bit value that
distinguishes between the network bits and the host
bits. It consists of a string of 1s followed by a string
of 0s. The 1 bits represent the network portion and the
0 bits represent the host portion.

 Class A addresses use a default subnet mask of

255.0.0.0 or a slash notation of /8
 Class B addresses use a default mask of 255.255.0.0
or /16
 Class C addresses use a default mask of
255.255.255.0 or /24
8
Slash Notation

 The /x refers to the number of bits in the subnet

mask that comprise the network portion of the
address.
 In an enterprise network, subnet masks vary in
length. LAN segments often contain varying
numbers of hosts; therefore, it is not efficient to
have the same subnet mask length for all subnets
created.

9
Purpose of an IP Address and Subnet Mask
When one host needs to communicate with another,
it determines its network address and the
destination network address by applying its subnet
mask to both its IPv4 address and to the
destination IPv4 address. This is done to determine
if the two addresses are on the same local network.

10
Plan / Implement a VLSM Addressing Scheme
 Boolean ANDing compares bits in host address to bits
in subnet mask
 1 and 1 = 1
 1 or 0 and 0 = 0
 Resulting value is network address

11
Plan / Implement a VLSM Addressing Scheme
Steps in basic subnetting:
 Borrow bits from the host side
 Add them to the network side
 Change mask to reflect additional bits

12
Plan / Implement a VLSM Addressing Scheme

Elements of an addressing scheme:

 Subnet number
 Network address
 Host range
 Broadcast address

13
Implementation of IP Addressing in the LAN

14
 Implementation of IP Addressing in the LAN

Five host bits mean that there can be 30 hosts per subnet, or 2^5 - 2.
Remember that the all-zeros and all-ones host addresses are reserved for the
network designation and the broadcast address.
15
Plan / Implement a VLSM Addressing Scheme

Elements of an addressing scheme:

 Subnet number
 Network address
 Host range
 Broadcast address

16
VLSM Addressing Scheme
 Variable Length Subnet Masks (VLSM) provide for
efficient use of address space. It also allows for
hierarchal IP addressing which allows routers to take
advantage of route summarization. Route
summarization reduces the size of routing tables in
distribution and core routers. Smaller routing tables
require less CPU time for routing lookups.
 VLSM is the concept of subnetting a subnet. It was
initially developed to maximize addressing efficiency.
With the advent of private addressing, the primary
advantage of VLSM now is organization and
summarization.

17
VLSM
Benefits of VLSM:
 Allows efficient use of address space
 Allows the use of multiple subnet mask lengths
 Breaks up an address block into smaller blocks
 Allows for route summarization
 Provides more flexibility in network design
 Supports hierarchical enterprise networks

Classless routing protocols support the use of VLSM because

the subnet mask is sent with all routing update packets.
Classless routing protocols include RIPv2, EIGRP, and OSPF.

18
Plan / Implement a VLSM Addressing Scheme
Benefits of Variable Length Subnet Masks (VLSM):
 Flexibility
 Efficient use of address space
 Ability to use route summarization

19
Plan / Implement a VLSM Addressing Scheme

 VLSM allows the

use of different
masks for each
subnet. After a
network address is
subnetted, further
division of those
subnets creates
sub-subnets.

20
Implement a VLSM Addressing Scheme
 Designing an IP addressing scheme with VLSM takes
practice and planning.

21
Implement a VLSM Addressing Scheme
 When implementing a VLSM subnetting scheme,
always allow for some growth in the number of hosts
when planning subnet requirements.

22
Plan / Implement a VLSM Addressing Scheme
 Apply masks from largest group to smallest
 Avoid assigning addresses that are already allocated
 Allow for some growth in numbers of hosts on each
subnet

23
Classful and Classless Routing
 Technology such as VLSM enables the classful IPv4 addressing
system to evolve into a classless system. Classless addressing has
made the exponential growth of the Internet possible.
 In classful IP addresses, the value of the first octet, or the first three
bits, determines whether the major network is a Class A, B, or C.
Each major network has a default subnet mask of 255.0.0.0,
255.255.0.0, or 255.255.255.0 respectively.

24
Classful and Classless Routing
 Classful routing protocols, such as RIPv1, do not include the
subnet mask in routing updates. Since the subnet mask is not
included, the receiving router makes certain assumptions.
 The sending router advertises the major classful network address
only, not the subnetted address. In this case, the address
advertised is 172.16.0.0.
 The receiving router assumes the default subnet mask for this
network. The default subnet mask for a class B address is
255.255.0.0.

25
 Classful and Classless Routing

 With the rapid depletion of IPv4

addresses, the Internet Engineering Task
Force (IETF) developed Classless Inter-
Domain Routing (CIDR). CIDR uses IPv4
address space more efficiently and for
network address aggregation or
summarizing, which reduces the size of
routing tables.
 The use of CIDR requires a classless
routing protocol, such as RIPv2 or EIGRP
or static routing. To CIDR-compliant
routers, address class is meaningless. The
network subnet mask determines the
network portion of the address. This is
also known as the network prefix, or prefix
length. The class of the address no longer
determines the network address.

26
Classful and Classless Routing
 Classless routing protocols that can support VLSM and CIDR
include interior gateway protocols (IGPs) RIPv2, EIGRP, OSPF,
and IS-IS. ISPs also use exterior gateway protocols (EGPs) such
as Border Gateway Protocol (BGP).
 The difference between the classful routing protocols and
classless routing protocols is that the classless routing protocols
include subnet mask information with the network address
information in the routing updates. Classless routing protocols are
necessary when the mask cannot be assumed or determined by
the value of the first octet.
 The sending router advertises all subnetworks with subnet mask
information.

27
Classful and Classless Routing
 The sending router, by default, summarizes all of the subnets and
advertises the major classful network along with the summarized
subnet mask information. This process is often referred to as
summarizing on a network boundary. While most classless routing
protocols enable summarization on the network boundary by
default, the process of summarizing can be disabled.
 When summarization is disabled, the sending router advertises all
subnetworks with subnet mask information.

28
Plan a Network Using Classless Routing
and CIDR
Classful routing
 Default subnet masks
 Class determined by first
octet
 No subnet mask
information exchanged in
routing updates
Classless routing
 Network prefix
 Slash (/) mask
 Subnet mask information
exchanged in routing
updates
29
Plan a Network Using Classless Routing
and CIDR
 Classless Inter-Domain Routing (CIDR)
 Uses address space efficiently
 Used for network address aggregation or summarizing

30
Creating Custom Subnet Masks
 One useful tool in this address planning process is a
network diagram. A diagram allows to see the networks
and make a more accurate count.
 Start with the locations that require the most hosts and
work down to the point-to-point links. This process
ensures that large enough blocks of addresses are
made available to accommodate the hosts and
networks for these locations.
 Also, plan carefully to ensure that the address blocks
assigned to the subnet do not overlap.

31
Creating Custom Subnet Masks
 Another helpful tool in this planning process is a spreadsheet.
 Place the addresses in columns to visualize the allocation of the addresses.
 This further division of the addresses is often called subnetting the subnets.

32
Subnetting a subnet

33
Subnetting a subnet
 Case Study

34
Subnetting a subnet

35
Subnetting a subnet

36
Example No 1

37
Example 2

38
Implementation of IP Addressing in the LAN
A general list of improvements that IPv6 proposes are:
 More address space
 Better address space management
 Easier TCP/IP administration
 Modernized routing capabilities
 Improved support for multicasting, security, and mobility

39
Route Summarisation

 Route summarization, or supernetting, is needed to

reduce the number of routes that a router advertises to
its neighbor.
 Remember that for every route that is advertised, the
size of the update grows.
 It has been said that if there were no route
summarization, the Internet backbone would have
collapsed from the sheer size of its own routing tables
back in 1997!

40
Route Summarisation

 Winnipeg, Calgary, and Edmonton each have to advertise internal networks to the
main router located in Vancouver.
 Without route summarization, Vancouver would have to advertise 16 networks to
Seattle.
 To mitigate this problem, it is recommended to use route summarization to reduce
the burden on this upstream router.
41
Route Summarisation - Summarize Winnipeg’s
Routes

 172.16.64.0 = 10101100.00010000.01000000.00000000
 172.16.65.0 = 10101100.00010000.01000001.00000000
 172.16.66.0 = 10101100.00010000.01000010.00000000
 172.16.67.0 = 10101100.00010000.01000011.00000000
 Common bits: 10101100.00010000.010000xx.xxxxxxxx
 The first 22 bits of the four networks are common. the summarized
address of
 172.16.64.0/22
42
Route Summarisation - Summarize Edmonton’s
Routes
 172.16.72.0 = 10101100.00010000.01001000.00000000
 172.16.73.0 = 10101100.00010000.01001001.00000000
 172.16.74.0 = 10101100.00010000 01001010.00000000
 172.16.75.0 = 10101100.00010000 01001011.00000000
 172.16.76.0 = 10101100.00010000.01001100.00000000
 172.16.77.0 = 10101100.00010000.01001101.00000000
 172.16.78.0 = 10101100.00010000.01001110.00000000
 172.16.79.0 = 10101100.00010000.01001111.00000000
 Common bits: 10101100.00010000.01001xxx
 For Edmonton, the first 21 bits are common.
 The summarized route is therefore 172.16.72.0/21

43
Route Summarisation

 To create route summarization, there are some

necessary requirements:
 • Routers need to be running a classless routing
protocol, as they carry subnet mask information with
them in routing updates. (Examples are RIP v2, OSPF,
EIGRP, IS-IS, and BGP.)
 • Addresses need to be assigned in a hierarchical
fashion for the summarized address to have the same
high-order bits.
 It does no good if Winnipeg has network 172.16.64.0
and 172.16.67.0 while 172.16.65.0 resides in Calgary
and 172.16.66.0 is assigned in Edmonton. No
summarization could take place from the edge routers
to Vancouver.
44
 Plan a Network Using Classless Routing
and CIDR
Route summarization:
 Use single address to represent group of contiguous
subnets
 Occurs at network boundary
 Smaller routing table, faster lookups

45
Example

46
Plan a Network Using Classless Routing and CIDR
 Classful routing results in each router advertising the major
Class C network without a subnet mask. As a result, the
middle router receives advertisements about the same
network from two different directions. This scenario is called
a discontiguous network.
 Discontiguous subnets cause unreliable routing
 Avoid separating subnets with a different network

47
Discontiguous networks

Discontiguous networks cause unreliable or suboptimal

routing. To avoid this condition, an administrator can:

 Modify the addressing scheme, if possible

 Use a classless routing protocol, such as RIPv2 or OSPF
 Turn automatic summarization off
 Manually summarize at the classful boundary

48
Plan a Network Using Classless Routing
and CIDR
 Use routing protocols that support VLSM
 Plan subnetting to complement hierarchical design
 Disable auto-summarization if necessary
 Update router IOS
 Allow for future growth

49
VLSM Best Practices
 Use newer routing protocols that support VLSM and
discontiguous subnets.
 Disable auto-summarization if necessary.
 Use the same routing protocol throughout the network.
 Keep the router IOS up-to-date to support the use of subnet
zero.
 Avoid intermixing private network address ranges in the
same internetwork.
 Avoid discontiguous subnets where possible.
 Use VLSM to maximize address efficiency.
 Assign VLSM ranges based on requirements from the largest
to the smallest.
 Plan for summarization using hierarchical network design
and contiguous addressing design.
 Summarize at network boundaries.
 Use /30 ranges for WAN links.
 Allow for future growth when planning for the number of
subnets and hosts supported.
50
Configure and Verify Static and Dynamic NAT
 RFC 1918: private IP address space - Private addresses are
available for anyone to use in their enterprise networks
because private addresses route internally, they never appear
on the Internet.
 Routed internally, never on the Internet

 “Hides” internal addresses from other networks

51
Private addressing
 Class A: 10.0.0.0 - 10.255.255.255
 Class B: 172.16.0.0 - 172.31.255.255
 Class C: 192.168.0.0 - 192.168.255.255

Using private addressing has these benefits:

 It alleviates the high cost associated with the
purchase of public addresses for each host.
 It allows thousands of internal employees to use a
few public addresses.
 It provides a level of security, because users from
other networks or organizations cannot see the
internal addresses.

52
 Configure and Verify Static and Dynamic NAT
 Organizations create huge LANs and WANs with private
addressing and connect to the Internet using Network
Address Translation (NAT).
 NAT translates internal private addresses into one or more
public addresses for routing onto the Internet. NAT changes
the private IP source address inside each packet to a publicly
registered IP address before sending it out onto the Internet.

Using NAT on boundary

routers improves
security. Internal private
addresses translate to
different public
addresses each time.

This hides the actual

address of hosts and
servers in the
enterprise.
53
Configure and Verify Static and Dynamic NAT

 Static NAT: map single inside local address to single

public address
 Dynamic NAT: use a pool of public addresses to
assign as needed

54
 Configure and Verify Static and Dynamic NAT
 Static NAT maps a single inside local address to a single
global, or public address. This mapping ensures that a
particular inside local address always associates with the
same public address.
 Dynamic NAT uses an available pool of Internet public
addresses and assigns them to inside local addresses.
Dynamic NAT assigns the first available IP address in the
pool of public addresses to an inside device.
 The address that one internal host uses to connect to
another internal host is the inside local address. The public
address assigned to the organization is called the inside
global address.
 The NAT router manages the translations between the
inside local addresses and the inside global addresses by
maintaining a table that lists each address pair.
55
Configure and Verify Static and Dynamic
NAT
 Port Address Translation (PAT)
 Dynamically translate multiple inside local addresses to
one public address

56
Summary
 Hierarchical network design groups users into subnets
 VLSM enables different masks for each subnet
 VLSM requires classless routing protocols
 CIDR network addresses are determined by prefix
length
 Route summarization, route aggregation, or
supernetting, is done on a boundary router
 NAT translates private addresses into public addresses
that route over the Internet
 PAT translates multiple local addresses into a single
public address

57
 Using Network Address Translation in a Network
 Network Address Translation (NAT) allows a large group of private users
to access the Internet by sharing a small pool of public IP addresses.
 NAT can also provide security to PCs, servers, and networking devices
by withholding their actual IP host addresses from direct Internet access.

58
Using Network Address Translation in a Network
 The main advantage of NAT is IP address reuse, and the
sharing of globally unique IP addresses between many hosts
from a single LAN.
 NAT also serves users transparently. In other words, they do
not need to know about NAT to get on the Internet from a
private network.
 NAT helps shield users of a private network against access
from the outside.

59
 Using Network Address Translation in a Network
 The outside global network is any network attached to the router that is external
to the LAN and that does not recognize the private addresses assigned to hosts
on the LAN.
 An inside local address is the private IP address configured on a host on an
inside network. It is an address that must be translated before it can travel
outside the local network addressing structure.

60
Using Network Address Translation in a Network
 An inside global address is the IP address of an
inside host as it appears to the outside network. This is
the translated IP address.

61
 Using Network Address Translation in a Network
The outside local address is the destination address of the packet while
it is on the local network. Usually this address is the same as the outside
global address.
An outside global address is the actual public IP address of an external
host. The address is allocated from a globally routable address or
network space.

62
 Using Network Address Translation in a Network
 One way to provide access to a local host from the Internet is to assign
that device a static address translation.

63
Static and Dynamic Nat

 One way to provide access to a local host from the Internet is to

assign that device a static address translation.
 Static translations ensure that an individual host private IP address
is always translated to the same registered global IP address.
 It also ensures that no other local host will be translated to the
same registered address.
 Dynamic NAT occurs when a router is configured to assign an IP
address from an available pool of outside global addresses to an
inside private network device.
 As long as the session is open, the router watches for that inside
global address and sends acknowledgments to the initiating inside
device. When the session ends, the router simply returns the
inside global address to the pool.

64
Configuration - NAT

When configuring either static or dynamic NAT.

 List any servers that require a permanent outside

address.
 Determine which internal hosts require translation.
 Determine which interfaces source the internal
traffic. These will become the inside interfaces.
 Determine which interface sends traffic to the
Internet. This will become the outside interface.
 Determine the range of public addresses available.

65
Configuration – Static NAT
1. Determine the public IP address that outside
users should use to access the inside
device/server. Administrators tend to use
addresses from either the beginning or end of the
range for static NAT. Map the inside, or private
address to the public address.
2. Configure the inside and outside interfaces.

66
Configuration – Dynamic NAT
 1. Identify the pool of public IP addresses
available for use.
 2. Create an access control list (ACL) to identify
hosts that require translation.
 3. Assign interfaces as either inside or outside.
 4. Link the access list with the address pool.

67
NAT Issues
 Most of the time, NAT operates invisibly.
 The big issue with NAT is the additional work load necessary
to support IP address and port translations.
 Some applications increase the work load of the router
because they embed an IP address as part of the
encapsulated data. The router must replace the source IP
addresses and port combinations that are contained within
the data, as well as the source addresses in the IP header.
 With all this activity taking place in a router because of NAT,
its implementation in a network requires good network
design, careful selection of equipment, accurate
configuration and regularly scheduled maintenance.
 Users on the outside network cannot reliably initiate a
connection to a host on a network that uses PAT. Not only is
it impossible to predict the local or global port number of the
host, but a gateway does not even create a translation unless
a host on the inside network initiates the communication.

68
 Using Network Address Translation in a Network
 When an organization has a very small registered IP address pool, or
perhaps even just a single IP address, it can still enable multiple users to
simultaneously access the public network with a mechanism called NAT
overload, or port address translation (PAT).
 It uses an IP address and port number combination to keep track of each
individual conversation with the destination host.
 In PAT, the gateway translates the local source address and port combination
in the packet to a single global IP address and a unique port number above
1024.

69
Using Network Address Translation in a Network

 Since the translation is specific to the local address and local port,
each connection, which generates a new source port, requires a
separate translation.
 Users on the outside network cannot reliably initiate a connection to
a host on a network that uses PAT.

70
Configuration – PAT
 Configuring PAT requires the same basic steps and
commands as configuring NAT. However, instead of
translating to a pool of addresses, PAT translates to a
single address. The following command translates the
inside addresses to the IP address of the serial interface:

 ip nat inside source list 1 interface serial 0/0/0 overload

71
 NAT and PAT Troubleshooting commands

 Verfiy NAT and PAT functionality with the following commands.

show ip nat translations
 This command displays active translations. If the translation is not
used, it ages out after a period of time. Static NAT entries remain
in the table permanently. A dynamic NAT entry requires some
action from the host to a destination on the outside of the network.
If configured correctly, a simple ping or trace creates an entry in
the NAT table.
show ip nat statistics
 This command displays translation statistics, including the number
of addresses used and the number of hits and misses. The output
also includes the access list that specifies internal addresses, the
global address pool, and the range of addresses defined.

72
Summary

 IP addressing can be tailored to the needs of the

network design through the use of custom subnet
masks.
 Classless subnetting gives classful IP addressing
schemes more flexibility through the use of variable
length subnet masks.
 Network Address Translation (NAT) is a way to shield
private addresses from outside users.
 Port Address Translation (PAT) translates multiple local
addresses to a single global IP address, maximizing the
use of both private and public IP addresses.

73