Module 2: Advanced IP Addressing Management
A scalable network requires an addressing scheme that allows for growth. However, several unanticipated consequences can result from unmanaged network growth. As new nodes and new networks are added to the enterprise, existing addresses may need to be reassigned. Excessively large routing tables may slow down older routers, and the supply of available addresses may simply run out. These unpleasant consequences can be avoided with careful planning and deployment of a scalable network addressing system.
Network designers can choose among many different network protocols and addressing schemes. However, with the emergence of the Internet and its nonproprietary protocol, TCP/IP, this has meant that virtually every enterprise must implement an IP addressing scheme. In addition to TCP/IP, there have been several proprietary network protocols and addressing schemes used. Companies such as Apple and Novell have recently migrated their network software to TCP/IP and away from their proprietary protocols. Presently, many organizations choose to run TCP/IP as the only routed protocol on the network. The bottom line is that administrators must find ways to scale their networks by using IP addressing.
Unfortunately, the architects of TCP/IP could not have predicted that their protocol would eventually sustain a global network of information, commerce, and entertainment. Twenty years ago, IP version 4, (IPv4) offered an addressing strategy that, although scalable for a time, resulted in an inefficient allocation of addresses. Over the past two decades, engineers have successfully modified IPv4 so that it can survive the exponential growth of the Internet. Meanwhile, an even more extensible and scalable version of IP, IP version 6 (IPv6), has been defined and developed. Today IPv6 is slowly being implemented in select networks. Eventually, IPv6 may replace IPv4 as the dominant Internet protocol.
This module explores the evolution and extension of IPv4, including the key scalability features that engineers have added to it over the years:
* Classless interdomain routing (CIDR)
* Variable length subnet masking (VLSM)
* Route summarization
* Finally, this module examines advanced IP implementation techniques such as the following:
* IP unnumbered
* Dynamic Host Configuration Protocol (DHCP)
* Helper addresses
2.1 IPv4 Addressing
2.1.1 Address architecture of the Internet
When TCP/IP was first introduced in the 1980s, it relied on a two level addressing scheme. At the time, this scheme offered adequate scalability. The 32-bit long IPv4 address identifies a network number and a host number.
Together, the network number and the host number uniquely identify all hosts connected by way of the Internet. It is possible that the needs of a small networked community, such as a LAN, could be satisfied with just host addresses. However, network addresses are necessary for end systems on different networks to communicate with each other. Routers use the network portion of the address to make routing decisions and facilitate communication between hosts that belong to different networks.
Unlike routers, humans find working with strings of 32 ones and zeros tedious and clumsy. Therefore, 32-bit IP addresses are written using dotted decimal notation. Each 32-bit address is divided into four groups of eight, called octets. Each octet is converted to decimal and then separated by decimal points, or dots.
In the dotted decimal address, 172.30.128.17, which of these four numbers represents the network portion of the address? Which numbers are the host numbers? Finding the answers to these questions is complicated by the fact that IP addresses are not really four numbers. They actually consist of 32 different numbers or 32 bits.
In the early days of TCP/IP, a class system was used to define the network and host portions of the address. IPv4 addresses were grouped into five distinct classes. This was done according to the value of the first few bits in the first octet of the address. Although the class system can still be applied to IP addresses, networks today often ignore the rules of class in favor of a classless IP scheme.
In the next few sections, all of the following topics related to IP addressing will be covered:
* The limitations of the IP address classes
* The subsequent addition of the subnet mask
* The addressing crisis that led to the adoption of a classless system
2.1.2 Class A and B IP addresses
In a class system, IP addresses can be grouped into one of five different classes:
Each of the four octets of an IP address represents either the network portion or the host portion of the address depending on the address class.
Only the first three classes, A, B, and C, are used for addressing actual hosts on IP networks. Class D addresses are used for multicasting. Class E addresses are reserved for experimentation and are not shown in the figure. The following sections explore each of the five classes of addresses.
Class A Addresses
If the first bit of the first octet of an IP address is a binary 0, then the address is a Class A address. With that first bit being a 0, the lowest number that can be represented is 00000000, decimal 0. The highest number that can be represented is 01111111, decimal 127. Any address that starts with a value between 0 and 127 in the first octet is a Class A address. These two numbers, 0 and 127, are reserved and cannot be used as a network address.
Class A addresses were intended to accommodate very large networks, so only the first octet is used to represent the network number. This leaves three octets, or 24 bits, to represent the host portion of the address. With 24 bits total, 224 combinations are possible, yielding 16,777,216 possible addresses. Two of those possibilities, the lowest and highest values, are reserved for special purposes. The low value is 24 zeros and the high value is 24 ones. Therefore, each Class A address can support up to 16,777,214 unique host addresses.
Why are two host addresses reserved for special purposes? Every network requires a network number. A network number is an ID number that is used to refer to the entire range of hosts when building routing tables. The address that contains all 0s in the host portion is used as the network number and cannot be used to address an individual node. 22.214.171.124 is a Class A network number. Similarly, every network requires a broadcast address that can be used to address a message to every host on a network. It is created when there are all 1s in the host portion of the address.
With almost 17 million host addresses available, a Class A network actually provides too many possibilities for one company or campus. Although it is easy to imagine an enormous global network with that many nodes, the hosts in such a network could not function as members of the same logical group. Administrators require much smaller logical groupings to control broadcasts, apply policies, and troubleshoot problems. Fortunately, the subnet mask allows subnetting, which breaks a large block of addresses into smaller groups called subnetworks. All Class A networks are subnetted. If they were not, Class A networks would represent huge waste and inefficiency.
How many Class A addresses are there? Since only the first octet is used as a network number and it contains a value between 0 and 127, 126 Class A networks exist. Each of the 126 Class A addresses have almost 17 million possible host addresses that make up about half of the entire IPv4 address space. Under this system, a mere handful of organizations control half of the available Internet addresses.
Class B Addresses
Class B addresses start with a binary 10 in the first 2 bits of the first octet. Therefore, the lowest number that can be represented with a Class B address is 10000000, decimal 128. The highest number that can be represented is 10111111, decimal 191. Any address that starts with a value in the range of 128 to 191 in the first octet is a Class B address.
Class B addresses were intended to accommodate medium size networks. Therefore, the first two octets are used to represent the network number, which leaves two octets or 16 bits to represent the host portion of the address. With 16 bits total, 216 combinations are possible, yielding 65,536 Class B addresses. Recall that two of those numbers, the lowest and highest values, are reserved for special purposes. Therefore, each Class B address can support up to 65,534 hosts. Though significantly smaller than the networks created by Class A addresses, a logical group of more than 65,000 hosts is still unmanageable and impractical. Therefore, like Class A networks, Class B addresses are subnetted to improve efficiency.
There are 16,384 Class B networks. The first octet of a Class B address offers 64 possibilities, 128 to 191.The second octet has 256 possibilities, 0 to 255. That yields 16,384 addresses, or 25 percent of the total IP space. Nevertheless, given the popularity and importance of the Internet, these addresses have run out quickly. This essentially leaves only Class C addresses available for new growth.
2.1.3 Classes of IP addresses: C, D, and E
Class C Addresses
A Class C address begins with binary 110. Therefore, the lowest number that can be represented is 11000000, decimal 192. The highest number that can be represented is 11011111, decimal 223. If an IPv4 address contains a number in the range of 192 to 223 in the first octet, it is a Class C address.
Class C addresses were originally intended to support small networks. The first three octets of a Class C address represent the network number. The last octet may be used for hosts. One host octet yields 256 possibilities. After subtracting the all 0s network number and the all 1s broadcast address, only 254 hosts may be addressed on a Class C network. Whereas Class A and Class B networks prove impossibly large without subnetting, Class C networks can impose an overly restrictive limit on hosts.
With 2,097,152 total network addresses containing a mere 254 hosts each, Class C addresses account for 12.5 percent of the Internet address space. Since Class A and B addresses are nearly exhausted, the remaining Class C addresses are all that is left to be assigned to new organizations that need IP networks. The figure summarizes the ranges and availability of three address classes used to address Internet hosts.
Class D Addresses
A Class D address begins with binary 1110 in the first octet. Therefore, the first octet range for Class D addresses is 11100000 to 11101111, or 224 to 239. Class D addresses are not used to address individual hosts. Instead, each Class D address can be used to represent a group of hosts called a host group, or multicast group.
For example, a router configured to run Enhanced Interior Gateway Routing Protocol (EIGRP) joins a group that includes other nodes that are also running EIGRP. Members of this group still have unique IP addresses from the Class A, B, or C range, but they also listen for messages addressed to 126.96.36.199. The 224 octet, designates the address as a Class D address. Therefore, a single routing update message can be sent to 188.8.131.52, and all EIGRP routers will receive it. A single message sent to several select recipients is called a multicast. Class D addresses are also called multicast addresses.
A multicast is different from a broadcast. Every device on a logical network must process a broadcast, whereas only devices configured with Class D address receive a multicast.
Class E Addresses
If the first octet of an IP address begins with 1111, then the address is a Class E address. Class E addresses are reserved for experimental purposes and should not be used for addressing hosts or multicast groups.
2.1.4 Subnet masking
Subnet masking, or subnetting, is used to break one large group into several smaller subnetworks. These subnets can then be distributed throughout an enterprise. This results in less IP address waste and better logical organization. Formalized with RFC 950 in 1985, subnetting introduced a third level of hierarchy to the IPv4 addressing structure. The number of bits available to the network, subnet, and host portions of a given address varies depending on the size of the subnet mask.
A subnet mask is a 32-bit number that acts as a counterpart to the IP address. Each bit in the mask corresponds to its counterpart bit in the IP address. Logical anding is applied to the address and mask. If a bit in the IP address corresponds to a 1 bit in the subnet mask, the IP address bit represents a network number. If a bit in the IP address corresponds to a 0 bit in the subnet mask, the IP address bit represents a host number.
When the subnet mask is known, it overrides the address class to determine whether a bit is either a network or a host. This allows routers to recognize addresses differently than the format dictated by class. The mask can be used to tell hosts that though their addresses are Class B, the first three octets, instead of the first two, are the network number. In this case, the additional octet acts like part of the network number, but only inside the organization where the mask is configured.
The subnet mask applied to an address ultimately determines the network and host portions of an IP address. The network and host portions change when the subnet mask changes. If a 16-bit mask, 255.255.0.0, is applied to an IP address only the first 16 bits, or two octets, of the IP address 172.24.100.45 represent the network number. Therefore, the network number for this host address is 172.24.0.0. The green shaded portion of the address in Figure indicates the network number.
Because the rules of class dictate that the first two octets of a Class B address are the network number, this 16-bit mask does not create subnets within the 172.24.0.0 network.
To create subnets with this Class B address, a mask must be used that identifies bits in the third or fourth octet as part of the network number.
If a 24-bit mask such as 255.255.255.0 is applied, then the first 24 bits of the IP address are specified as the network number. The network number for the host in this example is 172.24.100.0. The shaded portion of the address in Figure indicates this.
Routers and hosts configured with this mask will see all eight bits in the third octet as part of the network number. These eight bits are considered to be the subnet field because they represent network bits beyond the two octets prescribed by classful addressing.
Inside this network, devices configured with a 24-bit mask will use the eight bits of the third octet to determine what subnet a host belongs. Because eight bits remain in the host field, 254 hosts may populate each network. Just as hosts must have identical network addresses, hosts must also match subnet fields to communicate with each other directly. Otherwise, the services of a router must be used so that a host on one network or subnet can talk to a host on another.
For a Class B or Class C address, an 8-bit subnet field creates 28, or 256, potential subnets. Because eight bits remain in the host field, 254 hosts may populate each network. Two host addresses are reserved as the network number and broadcast address, respectively. By dividing a Class B network into smaller logical groups, the internetwork can be made more manageable, more efficient, and more scalable.
Notice that subnet masks are not sent as part of an IP packet header. This means that routers outside of this network will not know what subnet mask is configured inside the network. An outside router will therefore treat 172.24.100.45 as just one of sixty-five thousand hosts that belong to the 172.24.0.0 network. In effect, subnetting classful IP addresses provides a logical structure that is hidden from the outside world.
2.2.1 IP addressing crisis
Class A and B addresses make up 75 percent of the IPv4 address space. However, a relative handful of organizations, fewer than 17,000, can be assigned a Class A or B network number. Class C network addresses are far more numerous than Class A and Class B addresses, although they account for only 12.5 percent of the possible 4 billion, or 232 IP hosts.
Unfortunately, Class C addresses are limited to 254 hosts, which will not meet the needs of larger organizations that cannot acquire a Class A or B address. Even if there were more Class A, B, and C addresses, too many network addresses would cause Internet routers to grind to a halt under the weight of enormous routing tables.
Ultimately, the classful system of IP addressing, even with subnetting, could not scale to effectively handle global demand for Internet connectivity. As early as 1992, the Internet Engineering Task Force (IETF) identified two specific concerns:
* Exhaustion of the remaining, unassigned IPv4 network addresses. At the time, the Class B space was on the verge of depletion.
* The rapid and substantial increase in the size of the Internet routing tables is because of its growth. As more Class C addresses came online, the resulting flood of new network information threatened the capability of Internet routers to cope effectively.
In the short term, the IETF decided that a retooled IPv4 would have to hold out long enough for engineers to design and deploy a completely new Internet Protocol. That new protocol, IPv6, solves the address crisis by using a 128-bit address space. After years of planning and development, IPv6 promises to be ready for wide scale implementation. However, IPv6 continues, for the most part, to wait for that implementation.
One reason that IPv6 has not been rushed into service is that the short-term extensions to IPv4 have been so effective. By eliminating the rules of class, IPv4 now enjoys renewed viability.
2.2.2 Classless Interdomain Routing (CIDR)
Routers use a form of IPv4 addressing called Classless Interdomain Routing (CIDR) that ignores class.
CIDR is pronounced cider. In a classful system, a router determines the class of an address and then identifies the network and host octets based on that class. With CIDR, a router uses a bit mask to determine the network and host portions of an address, which are no longer restricted to using an entire octet.
CIDR was first introduced in 1993 by RFC 1517, 1518, 1519, and 1520, and later deployed in 1994. CIDR dramatically improves the scalability and efficiency of IPv4 by providing the following:
* Replacement of classful addressing with a more flexible and less wasteful classless scheme.
* Enhanced route aggregation, also known as supernetting or summarization.
* Supernetting, which is the combination of contiguous network addresses into a new address defined by the subnet mask.
The following sections describe route aggregation, supernetting, and address allocation in more detail.
2.2.3 Route aggregation and supernetting
CIDR allows routers to aggregate, or summarize, routing information. It does this by using a bit mask instead of an address class to determine the network portion of an address. This shrinks the size of the routing tables used by the router. In other words, just one address and mask combination can represent the routes to multiple networks.
Without CIDR and route aggregation, a router must maintain many individual entries for the Class B networks.
The shaded columns in Figure identify the 16 bits that, based on the rules of class, represent the network number. Classful routers are forced to handle Class B networks using these 16 bits. Because the first 16 bits of each of these eight network numbers are unique, a classful router sees eight unique networks and must create a routing table entry for each. However, these eight networks do have common bits.
Figure shows that the eight network addresses have the first 13 bits in common. A CIDR-compliant router can summarize routes to these eight networks by using a 13-bit prefix. It is only these eight networks that share these bits:
To represent this prefix in decimal terms, the rest of the address is padded with zeros and then paired with a 13-bit subnet mask:
10101100 00011000 00000000 00000000 = 172.24.0.0
11111111 11111000 00000000 00000000 = 255.248.0.0
Therefore, a single address and mask define a classless prefix that summarizes routes to the eight networks, 172.24.0.0/13.
By using a prefix address to summarize routes, routing table entries can be kept more manageable. The following benefits are a result of the summarized routes:
* More efficient routing
* Reduced number of CPU cycles when recalculating a routing table or when sorting through the routing table entries to find a match
* Reduced router memory requirements
Supernetting is the practice of using a bit mask to group multiple classful networks as a single network address. Supernetting and route aggregation are different names for the same process. However, the term supernetting is most often applied when the aggregated networks are under common administrative control. Supernetting takes bits from the network portion of the network mask, whereas subnetting takes bits from the host portion of the subnet mask. Supernetting and route aggregation are essentially the inverse of subnetting.
Recall that the Class A and Class B address space is almost exhausted, leaving large organizations little choice but to request multiple Class C network addresses from providers. If a company can acquire a block of contiguous, Class C network addresses, supernetting can be used so that the addresses appear as a single large network, or supernet.
2.2.4 Supernetting and address allocation
Consider Company XYZ, which requires addresses for 400 hosts. Under the classful addressing system, XYZ could apply to a central Internet address authority for a Class B address. If the company got the Class B address and then used it to address one logical group of 400 hosts, tens of thousands of addresses would be wasted. A second option for XYZ would be to request two Class C network numbers, yielding 508, or 2 * 254, host addresses. The drawback to this approach is that XYZ would have to route between its own logical networks. Also, Internet routers would still need to maintain two routing table entries for the XYZ network, rather than just one.
Under a classless addressing system, supernetting allows XYZ to get the address space that it needs without wasting addresses or increasing the size of routing tables unnecessarily. Using CIDR, XYZ asks for an address block from its Internet Service Provider, not a central authority such as the InterNIC. The ISP assesses the needs of XYZ and allocates address space from its own large CIDR block of addresses. Providers assume the burden of managing address space in a classless system. With this system, Internet routers keep only one summary route, or supernet route, to the provider network. The provider keeps routes that are more specific to its customer networks. This method drastically reduces the size of Internet routing tables.
In the following example, XYZ receives two contiguous Class C addresses, 184.108.40.206 and 220.127.116.11. If the shaded portion of Figure is examined, it will be seen that these network addresses have this common 23-bit prefix:
11001111 00010101 0011011
When supernetted with a 23-bit mask, 18.104.22.168/23, the address space provides well over 400, or 29, host addresses without the tremendous waste of a Class B address. With the ISP acting as the addressing authority for a CIDR block of addresses, the ISP's customer networks, which include XYZ, can be advertised among Internet routers as a single supernet. The ISP manages a block of 256 Class C addresses and advertises them to the world using a 16-bit prefix:
When CIDR enabled ISPs to hierarchically distribute and manage blocks of contiguous addresses, IPv4 address space enjoyed the following benefits:
* Efficient allocation of addresses
* Reduced number of routing table entries
2.4.2 Route flapping
Route flapping occurs when a router interface alternates rapidly between the up and down states. This can be caused by a number of factors, including a faulty interface or poorly terminated media.
Summarization can effectively insulate upstream routers from route flapping problems. Consider RTC in the figure. If the RTC interface connected to the 22.214.171.124 network goes down, RTC will remove that route from its table. If the routers were not configured to summarize, RTC would then send a triggered update to RTZ about the removal of the specific network, 126.96.36.199. In turn, RTZ would update the next router upstream, and so on. Every time these routers are updated with new information, their processors must go to work. It is possible, especially in the case of Open Shortest Path First (OSPF) routing, that the processors can work hard enough to noticeably impact performance. Now, consider the impact on performance if the RTC interface to network 188.8.131.52 comes back up after only a few seconds. The routers update each other and recalculate. In addition, what happens when RTC link goes back down seconds later? And then back up? This is route flapping, and it can cripple a router with excessive updates and recalculations.
However, the summarization configuration prevents the RTC route flapping from affecting any other routers. RTC updates RTZ about a supernet, 184.108.40.206/21, that includes eight networks, 220.127.116.11 through 18.104.22.168. The loss of one network does not invalidate the route to the supernet. While RTC may be kept busy dealing with its own route flap, RTZ, and all upstream routers, are unaware of any downstream problem. Summarization effectively insulates the other routers from the problem of route flapping.
2.5.1 Private IP addresses (RFC 1918)
Because TCP/IP is the dominant routed protocol in the world, most network applications and operating systems offer extensive support for it. Therefore, many designers build their networks around TCP/IP, even if they do not require Internet connectivity. Internet hosts require globally unique IP addresses. However, private hosts that are not connected to the Internet can use any valid address, as long as it is unique within the private network.
Because many private networks exist alongside public networks, just grabbing any address is strongly discouraged. RFC 1918 sets aside three blocks of IP addresses for all of the following:
* A private or internal use
* A Class A range
* A Class B range
* A Class C range
Addresses in this range will not be routed on the Internet backbone. Internet routers immediately discard private addresses.
If addressing any of the following, these private addresses can be used instead of globally unique addresses:
* A nonpublic intranet
* A test lab
* A home network
Global addresses must be obtained from a provider or a registry at some expense.
RFC 1918 addresses have found a home in production networks as well. Earlier in this module, the advantages of using VLSM to address the point-to-point WAN links in an internetwork were seen. Recall that with VLSM, there was the ability to further subnet one of the subnets left in the address space of a Class C network. Although this solution was better than wasting an entire 30 host subnet on each two host WAN link, it still costs one subnet that could have been used for future growth. A less wasteful solution is to address the WAN links using private network numbers. The WAN links are addressed using subnets from the private address space, 10.0.0.0/8.
How can these routers use private addresses if LAN users at site A, B, C, and D expect to access the Internet? End users at these sites should have no problem because they use globally unique addresses from the 22.214.171.124 network. The routers use their serial interfaces with private addresses merely to forward traffic and exchange routing information. Upstream providers and Internet routers see only the source and destination IP addresses in the packet. Upstream providers do not care if the packet traveled through links with private addresses at some point. In fact, many providers use RFC 1918 network numbers in the core of their network to avoid depleting their supply of globally unique addresses.
There is one trade-off when using private numbers on WAN links. The serial interfaces cannot be the original source of traffic bound for the Internet or the final destination of traffic from the Internet. Routers do not normally spend time surfing the web. Therefore, this limitation typically becomes an issue only when troubleshooting with Internet Control Message Protocol (ICMP), using Simple Network Management Protocol (SNMP), or connecting remotely with Telnet over the Internet. In those cases, the router can be addressed only by its globally unique LAN interfaces.
The following sections discuss implementation of a private addresses scheme, including the pitfalls of discontiguous subnets and the advantages of Network Address Translation (NAT).
2.5.2 Discontiguous subnets
Mixing private addresses with globally unique addresses can create discontiguous subnets. Discontiguous subnets are subnets from the same major network that are separated by a completely different major network or subnet.
In the figure, Site A and Site B both have LANs that are addressed using subnets from the same major network, 126.96.36.199. They are discontiguous because the 10.0.0.4/30 network separates them. Classful routing protocols, notably RIP v1 and IGRP, cannot support discontiguous subnets because the subnet mask is not included in routing updates. If Site A and Site B are running RIP v1, Site A will receive updates about network 188.8.131.52/24 and not about 184.108.40.206/27. This is due to the fact that the subnet mask is not included in the update. Because Site A has an interface directly connected to that network, in this case, E0, Site A will reject the Site B route.
Even some classless routing protocols require additional configuration to solve the problem of discontiguous subnets. RIP v2 and EIGRP automatically summarize on classful boundaries unless explicitly told not to. Usually, this type of summarization is desirable. However, in the case of discontiguous subnets, the following command must be entered for both RIP v2 and EIGRP to disable automatic summarization:
Finally, when using private addresses on a network that is connected to the Internet, packets and routing updates should be filtered. This is done to avoid leaking any RFC 1918 addresses between autonomous systems. If both the LAN and the provider use addresses from the 192.168.0.0/16 block, the routers could get confused if confronted with updates from both systems.
2.5.3 Network Address Translation (NAT)
NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. In practice, NAT is used to allow hosts that are privately addressed, using RFC 1918 addresses, to access the Internet.
A NAT enabled device, such as a UNIX computer or a Cisco router, operates at the border of a stub domain. An example is an internetwork that has a single connection to the outside world. When a host inside the stub domain wants to transmit to a host on the outside, it forwards the packet to the NAT enabled device. The NAT process then looks inside the IP header and, if appropriate, replaces the inside IP address with a globally unique IP address. When an outside host sends a response, the NAT does the following:
* Receives it
* Checks the current table of network address translations
* Replaces the destination address with the original inside source
NAT translations can occur dynamically or statically and can be used for a variety of purposes.
The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same global address. This is sometimes called a many-to-one NAT. With PAT, or address overloading, literally hundreds of privately addressed nodes can access the Internet using only one global address. The NAT router keeps track of the different conversations by mapping TCP and UDP port numbers.
2.6.1 Using IP unnumbered
This module has presented several ways to maximize the use of IP addresses in an organization. In previous sections, it was learned that wasting an entire subnet on the point-to-point serial links could be avoided by using VLSM, or use private addresses instead. Neither technique can be supported by classful routing protocols, such as the popular RIP v1 and IGRP. Fortunately, the Cisco IOS offers a third option for efficiently addressing serial links. This option is known as IP unnumbered.
When a serial interface is configured for IP unnumbered, it does not need its own address. This is because it borrows the IP address of another interface, usually a LAN interface or loopback interface. Not only does IP unnumbered avoid wasting addresses on point-to-point WAN links, but it also can be used with classful routing protocols, where VLSM and discontiguous subnets cannot. If the network runs RIP v1 or IGRP, IP unnumbered may be the only solution to maximize the addresses.
The RTA E0, 220.127.116.11, and RTB E0, 18.104.22.168, can communicate using TCP/IP over this serial link, even though they do not belong to the same IP network. This is possible because the serial link is a point-to-point link, so there is no confusion about which device a packet is originating from or destined for. In this case, the command ip unnumbered e0 would be entered in serial 1 interface configuration mode on both RTA and RTB. There are two ground rules for configuring IP unnumbered on an interface:
The interface is both serial and connected by way of a point-to-point link.
The same major network with the same mask is used to address the LAN interfaces that lend their IP address on both sides of the WAN link. OR Different major networks with no subnetting are used to address the LAN interfaces on both sides of the WAN link.
There are certain drawbacks that come with using IP unnumbered:
* The use of ping cannot determine whether the interface is up because the interface has no IP address.
* A network IOS image cannot boot over an unnumbered serial interface.
* IP security options cannot be supported on an unnumbered interface.
2.7.1 DHCP overview
After designing a scalable IP addressing scheme for the enterprise, the next step is implementation. Routers, servers, and other key nodes usually require special attention from administrators. However, desktop clients are often automatically assigned IP configurations using Dynamic Host Configuration Protocol (DHCP). Because desktop clients typically make up the bulk of network nodes, DHCP is good news for systems administrators. Small offices and home offices can also take advantage of DHCP by using Easy IP, a Cisco IOS feature set that combines DHCP with NAT functions.
DHCP works by configuring servers to give out IP configuration information to clients. Clients lease the information from the server for an administratively defined period. When the lease is up, the host must ask for another address, although the host is typically reassigned the same one. –
Administrators typically prefer to use a Microsoft NT server or a UNIX computer to offer DHCP services because these solutions are highly scalable and relatively easy to manage. Even so, the Cisco IOS offers an optional fully featured DHCP server, which leases configurations for 24 hours by default.
Administrators set up DHCP servers to assign addresses from predefined pools. DHCP servers can also offer other information:
* DNS server addresses
* WINS server addresses
* Domain names
Most DHCP servers also allow the ability to define specifically what client MAC addresses can be serviced and to automatically assign the same number to a particular host each time.
BootP was originally defined in RFC 951 in 1985. It is the predecessor of DHCP, and it shares some operational characteristics. Both protocols use UDP ports 67 and 68, which are well known as BootP ports because BootP came before DHCP.
2.7.2 DHCP operation
The DHCP client configuration process is shown in Figures and . This process follows these steps:
1. When a client is set up for DHCP and needs an IP configuration, typically at boot time, it tries to locate a DHCP server by sending a broadcast called a DHCPDISCOVER.
2. The server sends a DHCPOFFER unicast to the client. When the server receives the broadcast, it determines whether it can service the request from its own database. If it cannot, the server may forward the request on to another DHCP server or servers, depending on its configuration. If it can, the DHCP server offers the client IP configuration information in the form of a unicast DHCPOFFER. The DHCPOFFER is a proposed configuration that may include IP address, DNS server address, and lease time.
3. The client sends a DHCPREQUEST broadcast to all nodes. If the client finds the offer agreeable, it will send another broadcast. This broadcast is a DHCPREQUEST, specifically requesting those particular IP parameters. Why does the client broadcast the request instead of unicasting it to the server? A broadcast is used because the very first message, the DHCPDISCOVER, may have reached more than one DHCP server. After all, it was a broadcast. If more than one server makes an offer, the broadcasted DHCPREQUEST lets the servers know which offer was accepted, which is usually the first offer received.
4. The server sends a DHCPACK unicast to the client. The server that receives the DHCPREQUEST makes the configuration official by sending a unicast acknowledgment, the DHCPACK. Notice that it is possible but highly unlikely that the server will not send the DHCPACK because it may have leased that information to another client in the interim. Receipt of the DHCPACK message enables the client to begin using the assigned address immediately.
Depending on the policies of an organization, it may be possible for an end user or an administrator to statically assign a host an IP address that belongs in the DHCP server address pool. Just in case, the Cisco IOS DHCP server always checks to make sure that an address is not in use before the server offers it to a client. The server issues ICMP echo requests, ping, to a pool address before sending the DHCPOFFER to a client. Although configurable, the default number of pings used to check for potential IP address conflict is two. The more pings, the longer the configuration process takes.
2.7.3 Configuring IOS DHCP server
The DHCP server process is enabled by default on versions of the Cisco IOS that support it. If for some reason the DHCP server process becomes disabled, it can be re-enabled by using the service dhcp global configuration command. The no service dhcp command disables the server.
Like NAT, DHCP servers require that the administrator define a pool of addresses. In Figure the ip dhcp pool command defines which addresses will be assigned to hosts.
The first command, ip dhcp pool room12, creates a pool named room12 and puts the router in a specialized DHCP configuration mode. In this mode, use the network statement to define the range of addresses to be leased. If specific addresses are to be excluded on this network, return to global configuration mode.
The ip dhcp excluded-address command configures the router to exclude 172.16.1.1 through 172.16.1.10 when assigning addresses to clients. The ip dhcp excluded-address command may be used to reserve addresses that are statically assigned to key hosts.
A DHCP server is capable of configuring much more than an IP address. Other IP configuration values can be set from the DHCP configuration mode.
IP clients will not get very far without a default gateway, which can be set by using the default-router command. The address of the DNS server, dns-server, and WINS server, netbios-name-server, can be configured here as well. The IOS DHCP server can configure clients with virtually any TCP/IP information.
Figure lists the key IOS DHCP server commands. These commands are entered in DHCP pool configuration mode, identified by the router(dhcp-config)#prompt.
Use the EXEC mode commands to monitor DHCP server operation.
2.7.4 Easy IP
Easy IP is a combination suite of Cisco IOS features that allows a router to negotiate its own IP address and to do NAT through that negotiated address. Easy IP is typically deployed on a small office, home office (SOHO) router. It is useful in cases where a small LAN connects to the Internet by way of a provider that dynamically assigns only one IP address for the entire remote site.
A SOHO router with the Easy IP feature set uses DHCP to automatically address local LAN clients with RFC 1918 addresses. When the router dynamically receives its WAN interface address by way of the Point-to-Point Protocol, it uses NAT overload to translate between local inside addresses and its single global address. Therefore, both the LAN side and the WAN side are dynamically configured with little or no administrative intervention. In effect, Easy IP offers plug-and-play routing.
2.8.1 Using helper addresses
DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices may use broadcasts to locate TFTP servers. Some clients may need to broadcast to locate a TACACS security server. In a complex hierarchical network, clients may not reside on the same subnet as key servers. Such remote clients will broadcast to locate these servers, but routers, by default, will not forward client broadcasts beyond their subnet. Some clients are unable to make a connection without services such as DHCP. For this reason, the administrator must provide DHCP and DNS servers on all subnets, or use the Cisco IOS helper address feature. Running services such as DHCP or DNS on several computers creates overhead and administrative problems, so the first option is not very appealing. When possible, administrators use the ip helper-address command to relay broadcast requests for these key UDP services.
By using the ip helper-address command, a router can be configured to accept a broadcast request for a User Datagram Protocol (UDP) service and then forward it as a unicast to a specific IP address. Alternately, the router can forward these requests as directed broadcasts to a specific network or subnetwork.
2.8.2 Configuring IP helper addresses
To configure the helper address, identify the router interface that will be receiving the broadcasts for UDP services. In the interface configuration mode, use the ip helper-address command to define the address to which UDP broadcasts for services should be forwarded.
By default, the ip helper-address command forwards the eight UDPs services shown in Figure .
What if Company XYZ needs to forward requests for a service not on this list? The Cisco IOS provides the global configuration command ip forward-protocol to allow an administrator to forward any UDP port in addition to the default eight. In order to forward UDP on port 517, use the global configuration command, ip forward-protocol udp 517. This command is used not only to add a UDP port to the default eight, but also to subtract an unwanted service from the default group. When forwarding DHCP, TFTP, and DNS without forwarding Time, TACACS, and NetBIOS, the Cisco IOS requires that the router be configured according to the syntax in Figure .
2.8.3 IP helper address example
Consider this complex sample helper address configuration. Assume it is desired that Host A must automatically obtain its IP configuration from the DHCP server at 172.24.1.9. Because RTA will not forward the Host A DHCPDISCOVER broadcast, RTA must be configured to help Host A.
To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands:
RTA(config-if)#ip helper-address 172.24.1.9
With this simple configuration, Host A broadcasts using any of the eight default UDP ports will be relayed to the IP address of the DHCP server. However, what if Host A also needs to use the services of the NetBIOS server at 172.24.1.5? As configured, RTA will forward NetBIOS broadcasts from Host A to the DHCP server. Moreover, if Host A sends a broadcast TFTP packet, RTA will also forward this to the DHCP server at 172.24.1.9. What is needed in this example is a helper address configuration that relays broadcasts to all servers on the segment. The following commands configure a directed broadcast to the IP subnet that is being used as a server farm:
RTA(config-if)#ip helper-address 172.24.1.255
Configuring a directed broadcast to the server segment, 172.24.1.255, is more efficient than entering the IP address of every server that could potentially respond to the Host A UDP broadcasts.
Finally, some devices on the Host A segment need to broadcast to the TACACS server, which does not reside in the server farm. Configure the RTA e0 to make it work by adding the command ip helper-address 172.16.1.2.
Verify the correct helper configuration with the show ip interface command.
Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses. However, the output shows that for this interface, directed broadcast forwarding is disabled. This means that the router will not convert the logical broadcast 172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FF-FF. To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will need to be configured to forward directed broadcasts with the following command:
2.9.1 IP address issues solutions
This module has shown that IPv4 addressing faces two major issues:
* The depletion of addresses, particularly the key medium-sized space
* The pervasive growth of Internet routing tables
In the early 1990s, CIDR ingeniously built on the concept of the address mask and stepped forward to temporarily alleviate these overwhelming problems. The hierarchical nature of CIDR dramatically improved the scalability of IPv4. Once again, a hierarchical design has proven to be a scalable one.
Yet even with subnetting in 1985, variable length subnetting in 1987, and CIDR in 1993, a hierarchical structure could not save IPv4 from one simple problem. The problem is that there simply are not enough addresses to meet future needs. At roughly four billion possibilities, the IPv4 address space is formidable. However, it will not suffice in a future world of mobile Internet enabled devices and IP addressable household appliances.
Recent short-term IPv4 solutions to the address crunch have been developed. These include RFC 1918, which sets aside private addresses for unlimited internal use, and NAT, which allows thousands of hosts to access the Internet with only a handful of valid addresses.
However, the ultimate solution to the address shortage is the introduction of IPv6 and its 128-bit address. Developed to create a supply of addresses that would outlive demand, IPv6 is on course to eventually replace IPv4. The large address space of IPv6 will provide not only far more addresses than IPv4, but additional levels of hierarchy as well.
128 bits allows for 340,282,366,920,938,463, 463,374,607,431,768,211,456 possibilities.
In 1994, the Internet Engineering Task Force (IETF) proposed IPv6 in RFC 1752 and a number of working groups were formed in response. IPv6 covers issues such as the following:
* Address depletion
* Quality of service
* Address autoconfiguration
It will not be easy for organizations deeply invested in the IPv4 scheme to migrate to a totally new architecture. As long as IPv4, with its recent extensions and CIDR enabled hierarchy, remains viable, administrators will shy away from adopting IPv6. A new IP protocol requires new software, new hardware, and new methods of administration. It is likely that IPv4 and IPv6 will coexist, even within an autonomous system, for years to come.
2.9.2 IPv6 address format
As defined first by RFC 1884 and later revised by RFC 2373, IPv6 addresses are 128-bit identifiers for interfaces and sets of interfaces, not nodes. Three general types of addresses exist:
* Unicast – An identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address.
* Anycast – An identifier for a set of interfaces that typically belong to different nodes. A packet sent to an anycast address is delivered to the nearest, or first, interface in the anycast group.
* Multicast – An identifier for a set of interfaces that typically belong to different nodes. A packet sent to a multicast address is delivered to all interfaces in the multicast group.
To write 128-bit addresses so that they are readable to human eyes, the IPv6 architects abandoned dotted decimal notation in favor of a hexadecimal format. Therefore, IPv6 is written as 32 hex digits, with colons separating the values of the eight 16-bit pieces of the address.
Under current plans, IPv6 nodes that connect to the Internet will use what is called an aggregatable global unicast address. This is the familiar counterpart to the IPv4 global addresses. Like CIDR enhanced IPv4, aggregatable global unicast addresses rely on hierarchy to keep Internet routing tables manageable. IPv6 global unicast addresses feature three levels of hierarchy:
* Public topology – The collection of providers that provide Internet connectivity.
* Site topology – The level local to an organization that does not provide connectivity to nodes outside itself.
* Interface identifier – The level specific to the individual interface of a node.
This three level hierarchy is reflected by the structure of the aggregatable global unicast address, which includes the following fields:
* Format Prefix (FP) field, 3 bits – The 3-bit FP is used to identify the type of address, unicast, multicast, and so on. The bits 001 identify aggregatable global unicasts.
* Top-Level Aggregation Identifier (TLA ID) field, 13 bits – The TLA ID field is used to identify the authority responsible for the address at the highest level of the routing hierarchy. Internet routers will necessarily maintain routes to all TLA IDs. With 13 bits set aside, this field can represent up to 8,192 TLAs.
* Reserved (Res) field, 8 bits – IPv6 architecture defined the Res field so that the TLA or NLA IDs could be expanded as future growth warrants. Currently, this field must be set to zero.
* Next-Level Aggregation Identifier (NLA ID) field, 24 bits – The NLA ID field is used to identify ISPs. The field itself can be organized hierarchically to reflect a hierarchy or multi-tiered relationship among providers.
* Site-Level Aggregation Identifier (SLA ID) field, 16 bits – The SLA ID is used by an individual organization to create its own local addressing hierarchy and to identify subnets.
* Interface ID field, 64 bits – The Interface ID field is used to identify individual interfaces on a link. This field is analogous to the host portion of an IPv4 address, but it is derived using the IEEE EUI-64 format. When this field is on LAN interfaces, the Interface ID adds a 16-bit field to the interface MAC address.
In addition to the global unicast address space, IPv6 offers internal network numbers, or site local use addresses. These are analogous to RFC 1918 addresses. If a node is not normally addressed with a global unicast address or an internal site local use address, it can be addressed using a link local use address, which is specific to a network segment.
2.10.1 Configuring VLSM and IP unnumbered
2.10.3 Using DHCP and IP helper addresses
2.10.4 Network address translation
This module described how all of the following could enable more efficient use of IP addresses:
* Subnet masks
* Private addressing
* Network address translation (NAT)
It also showed that hierarchical addressing allows for efficient allocation of addresses and a reduced number of routing table entries. VLSMs, specifically, provide the capability to include more than one subnet mask within a network and the capability to subnet an already subnetted network address. Proper IP addressing is required to ensure the most efficient network operations. Finally, the IPv6 addressing format was presented.
- prepara tu examen ccna.
- prepara tu examen ccnp.
- prepara tu certificacion ccnp.
- prepara tu certificacion ccna.
- prepara tu examenes ccna.
- prepara tu examenes ccnp.
- prepara tu certificaciones ccnp.
- prepara tu certificacion ccna.