Mr. Mark Welton

doctorheavenlyNetworking and Communications

Oct 24, 2013 (3 years and 7 months ago)

80 views

Mr. Mark
Welton



IPv4 address are 32
-
bit numbers represented in dotted
decimal notation of 8 bit segments


00001010.00001000.01100100.00011000


10.8.100.24


So why 8 bit segments?


We started with a
classful

system (Class
A,B,C,etc
)


Each class is created by 8
-
bits of the binary IP


8
-
bit processing systems where easier and
cheaper to build (RFC 791 published in 1981)

11000000

10101000

0
0000000

0
0000000

Class A

Class B

Class C


We are accustomed to the decimal system a
base 10 system


The number 124
10

is 100+20+4 or


1x10
2
+2x10
1
+4x10
0


1x100+2x10+4x1


The binary number system is a base 2 system


01111100
2

is
0x2
7
+1x2
6
+1x2
5
+1x2
4
+1x2
3
+1x2
2
+0x2
1
+0
x2
0


0x128+1x64+1x32+1x16+1x8+1x4+0x2+
0x1


64+32+16+8+4 or 124
10


So each octet (8
-
bit binary number) goes
from


00000000
2



111111111
2


So what is the value of 111111111
2


128+64+32+16+8+4+2+1 = 255
10


So what is the hexadecimal value?


8+4+2+1 = 15 or F
16

11111111

128

64

32

16

8

4

2

1

2
7

2
6

2
5

2
4

2
3

2
2

2
1

2
0


IP address allocation is rarely done properly


First mistake I see is people not understand
what I just covered


Second mistake I see is not understanding
public
vs

private
vs

reserved IP addresses


Third mistake I see is not understanding how
to take a large prefix and break it down to
usable network prefixes that allow for growth


Fourth mistake I see is people not
understanding why we do it


We divide the IP space to create segments
that makes sense to us


Segmentation = routing


Each IP address allocation is a L2 network
which needs a router to move to the next
network


The better we do this the easier routing and
ACLs are to do


The easier the network is to troubleshoot


RFC 1918 “Address Allocation for Private
Internets”


10.0.0.0


10.255.255.255 (10/8 prefix)


172.16.0.0


172.31.255.255 (172.16/12
prefix)


192.168.0.0


192.168.255.255
(192.168/16)


These are the IP address spaces that can be
used internally in an enterprise


“link local” block


169.254.0.0


169.254.255.255 (169.254.0.0/16)


To be used when a device can not get an IP address
through DHCP


reserves lowest Class B


128.0.0.0
-
128.0.255.255 (128.0.0.0/16)


Not able to be used under old class system but can be
assigned to someone now


Also defines loop back space (RFC 1700)


127.0.0.0


127.255.255.255 (127.0.0.0/8)


Used for a machine to communicate internally


Also defines multicast address space (RFC 5771)


224.0.0.0


239.255.255.255 (224.0.0.0/4)


So you should never use these IP address spaces!


Misuse of Public IP address space can cause
network routing problems for you network


Prefix 10.0.0.0/8 has what subnet mask?


The 8 says the first 8 bits must be ones


So the first octet would be 255 and all others
would be zero


255.0.0.0

11111111

128

64

32

16

8

4

2

1


What about 172.16.0.0/16?


192.168.0.0/24?


172.16.0.0/12?



Redefined how a traditionally
Classful

IP
network could be used and
subnetted

(in
equal size block)


With VLSM, subnets can be any size if they
follow the binary rules


VLSM allows networks to be subdivided

11000000

10101000

00000001

11000000

11111111

11111111

11111111

11111000

11111111

11111111

11111111

11110000

11000000

10101000

00000001

11001000

192.168.1.192

192.168.1.200

/29 255.255.255.248

/28 255.255.255.240


We use it all the time but do you really know
what it is?


CIDR is sort of the inverse of VLSM


Where VLSM
prescibes

rules for subdividing
networks, CIDR prescribes rules for
referencing groups of networks with a single
route statement


Why would we want to do this?

Smaller routing tables are more
logical, easier to understand,
easier to troubleshoot, and
require less CPU and memory
for the routers.


IP address allocation is rarely done properly


First mistake I see is people not understand what
I just covered
Check


Second mistake I see is not understanding public
vs

private
vs

reserved IP addresses

Check


Third mistake I see is not understanding how to
take a large prefix and break it down to usable
network prefixes that allow for growth
Not Yet


Fourth mistake I see is people not understanding
why we do it



Allocate a block of IP addresses that can be
referenced with a single access
-
list (filter)
entry


Always allocate more IP addresses than
requested


Need 30 IP addresses for a server farm of
database servers


Should we use a /27 255.255.255.224?


Need 30 IP addresses for a server farm of
database servers


Should we use a /27 255.255.255.224?


Allowing for 30 percent growth is a good rule
of thumb


Round up to the next binary boundary


64 IP addresses or a /26 255.255.255.192


Now let say the server farm subnet was
already allocated using 10.100.100.0/24


There are currently 10 servers in place


.1 for the router and 2
-
11 for the servers


You need to issue 30 more IP addresses on
this subnet


Now what???


Just give them 12
-
42 right???


Allocating groups of devices into
subnettable

ranges


allows you to remove them from the network and
place them elsewhere without significant changes
to the IP network design


You could allocate the range of 32
-
63


Access
-
list 101 permit
ip

any 10.100.100.32 255.255.255.224
eq

web


So we are good right???


You should think ahead and allocate 64 IP
addresses on a bit boundary


So you should allocate 64
-
127


Right???


Access
-
list 101 permit
ip

any 10.100.100.64
255.255.255.192
eq

web


Meets both rules so we are good???


IP address allocation is rarely done properly


First mistake I see is people not understand what
I just covered
Check


Second mistake I see is not understanding public
vs

private
vs

reserved IP addresses

Check


Third mistake I see is not understanding how to
take a large prefix and break it down to usable
network prefixes that allow for growth
Not Yet


Fourth mistake I see is people not understanding
why we do it
Know why you are allocating the IP
and allow for growth


There are three methods you can use to allocate IP
addresses and IP subnets



Sequential


assign the first numerical subnet and
then the next and so on, most commonly used. It is
easy to understand


Divide by half
-

every time a network is allocated, the
smallest available chunk is divided by half for use
while preserving a large portion of IP address space
for additional growth


Reverse binary


subnets are allocated by counting in
binary with the most and least significant bits
reversed. Is the most logical method, but is hard to
understand


Some of us have been doing this for so long
we remember the rule of all
-
zeros and all
-
ones as it relates to subnets


RFC 1878 states, “This practice


(of excluding all
-
zeros and all
-
ones subnets)
is obsolete. Modern software will be able to


utilize all definable networks.”


Sometimes you maybe in an environment
where legacy equipment can not do this


Or the staff still think they have to follow the
rule


For the Cisco people in the class. You will
need to know Cisco’s way to pass the CCNA


or know how to get the answer to the question based on
how Cisco or vendor X tests


Everyone knows (or should now) that two IP
addresses are used in every subnet (one for
the gateway and one for broadcast)


Unless you have done enough networking to know you
can use a /31 for to routers in a point
-
to
-
point
connection. DO NOT ASKING IF YOU ARE NOT GOING TO
TAKE CCDP!!!


A /24 subnet has 256 host IP addresses


254 IP are usable by host devices


Everything is based on the subnet masks
which is based on binary


Everything will be powers of 2 and will either
produce 256 or be divisible by 256


The maximum value of an octet is 255 (but
remember we count from 0 so 256 number)


Subnet masks are, by their nature, inclusive


There are only nine values that are possible
for any octet in a subnet mask


What the author is trying to say is a /24 or
255.255.255.0 would have 256 host with
16,777,216 possible
subets

(256*256*256*1)


I find an expanded for of the horizontal
format very useful

Increment

Number

of
hosts

128

64

32

16

8

4

2

1

CIDR

/25

/26

/27

/28

/29

/30

/31

/32

mask

128

192

224

240

248

252

254

255

Usable
Hosts

126

62

30

14

6

2

-

-