Advanced IP Addressing

Management
By
Prof. Salman Naseer
 Overview
• A scalable network requires an addressing
scheme that allows for growth.
• However, several unanticipated consequences
can result from unmanaged network growth.
• As new nodes and new networks are added to
the enterprise, existing addresses may need to
be reassigned.
• Excessively large routing tables may slow down
older routers
• Supply of available addresses may simply run
out.
 Overview
• Network designers can choose among many different
network protocols and addressing schemes.
• In addition to TCP/IP, there have been several
proprietary network protocols and addressing schemes
used.
• Companies such as Apple and Novell have recently
migrated their network software to TCP/IP and away
from their proprietary protocols.
• Many organizations choose to run TCP/IP as the only
routed protocol on the network.
• The bottom line is that administrators must find ways to
scale their networks by using IP addressing.
 Overview
• Twenty years ago, IP version 4, (IPv4) offered an
addressing strategy that, although scalable for a time
• Over the past two decades, engineers have successfully
modified IPv4 so that it can survive the exponential
growth of the Internet.
• Meanwhile, an even more extensible and scalable
version of IP, IP version 6 (IPv6), has been defined and
developed.
• Today IPv6 is slowly being implemented in select
networks.
• Eventually, IPv6 may replace IPv4 as the dominant
Internet protocol.
 Overview
• This module explores the evolution and
extension of IPv4, including the key
scalability features that engineers have
added to it over the years:
1. Subnetting
2. Classless interdomain routing (CIDR)
3. Variable length subnet masking (VLSM)
4. Route summarization
Address architecture of the
Internet
 Address architecture of the
Internet
• A class system was Introduced to define
the network and host portions of the
address.
• IPv4 addresses were grouped into five
distinct classes.
• This was done according to the value of
the first few bits in the first octet of the
address.
Address architecture of the
Internet
Subnet masking
 Subnet masking
• Subnet masking, or subnetting, is used to
break one large group into several smaller
subnetworks.
• These subnets can then be distributed
throughout an enterprise.
• This results in less IP address waste and
better logical organization.
 Subnet masking
• Notice that subnet masks are not sent as part of
an IP packet header.
• This means that routers outside of this network
will not know what subnet mask is configured
inside the network.
• An outside router will therefore treat
172.24.100.45 as just one of sixty-five thousand
hosts that belong to the 172.24.0.0 network.
• In effect, subnetting classful IP addresses
provides a logical structure that is hidden from
the outside world
IP addressing crisis
 IP addressing crisis
• Class A and B addresses make up 75 percent of
the IPv4 address space.
• However, a relative handful of organizations,
fewer than 17,000, can be assigned a Class A or
B network number.
• Class C network addresses are far more
numerous than Class A and Class B addresses,
• Although they account for only 12.5 percent of
the possible 4 billion
 IP addressing crisis
• Unfortunately, Class C addresses are limited to
254 hosts, which will not meet the needs of
larger organizations that cannot acquire a Class
A or B address.
• Even if there were more Class A, B, and C
addresses, too many network addresses would
cause Internet routers to crush to a halt under
the weight of enormous routing tables.
• Ultimately, the classful system of IP addressing,
even with subnetting, could not scale to
effectively handle global demand for Internet
connectivity
 IP addressing crisis
• The new protocol, IPv6, solves the
address crisis by using a 128-bit address
space. After years of planning and
development,
• IPv6 promises to be ready for wide scale
implementation.
• One reason that IPv6 has not been rushed
into service is that the short-term
extensions to IPv4 have been so effective
 Classless Interdomain Routing
(CIDR)
• In a classful system, a router determines
the class of an address and then identifies
the network and host octets based on that
class.
• With CIDR, a router uses a bit mask to
determine the network and host portions of
an address.
 Classless Interdomain Routing
(CIDR)
• CIDR dramatically improves the scalability and
efficiency of IPv4
• This shrinks the size of the routing tables used
by the router.
• In other words, just one address and mask
combination can represent the routes to
multiple networks
• Without CIDR and route aggregation, a router
must maintain many individual entries for
different networks.
 Route aggregation
• Example
• Classful routers are forced to handle Class B
networks using these 16 bits.
• Because the first 16 bits of each of these eight
network numbers are unique,
• A classful router sees eight unique networks and
must create a routing table entry for each.
• However, these eight networks do have common
bits .
• the eight network addresses have the first 13
bits in common
 Route aggregation
• A CIDR-compliant router can summarize
routes to these eight networks by using a
13-bit prefix.
• Therefore, a single address and mask
define a classless prefix that summarizes
routes to the eight networks, 172.24.0.0/13
• By using a prefix address to summarize
routes, routing table entries can be kept
more manageable
 Route aggregation
• The following benefits are a result of the
summarized routes:
1. More efficient routing
2. Reduced number of CPU cycles when
recalculating a routing table
3. Reduce processing when sorting through
the routing table entries to find a match
4. Reduced router memory requirements
 Supernetting
• Supernetting is the practice of using a bit mask to group
multiple classful networks as a single network address.
• Supernetting and route aggregation are different names
for the same process.
• The term supernetting is most often applied when the
aggregated networks are under common administrative
control.
• Supernetting takes bits from the network portion of the
network mask, whereas subnetting takes bits from the
host portion of the subnet mask.
• Supernetting and route aggregation are essentially the
inverse of subnetting.
 Supernetting
• Because Class A and Class B address space is
almost exhausted,
• leaving large organizations little choice but to
request multiple Class C network addresses
from providers.
• If a company can acquire a block of contiguous,
Class C network addresses, supernetting can be
used so that the addresses appear as a single
large network, or supernet.
 Supernetting and address
allocation
• Consider Company XYZ, which requires
addresses for 400 hosts.
• Under the classful addressing system,
XYZ could apply to a central Internet
address authority for a Class B address.
• If the company got the Class B address
and then used it to address one logical
group of 400 hosts, tens of thousands of
addresses would be wasted.
 Supernetting and address
allocation
• A second option for XYZ would be to
request two Class C network numbers,
yielding 508, or 2 * 254, host addresses.
• The drawback to this approach is that XYZ
would have to route between its own
logical networks.
• Also, Internet routers would still need to
maintain two routing table entries for the
XYZ network, rather than just one.
 Supernetting and address
allocation
• Under a classless addressing system,
supernetting allows XYZ to get the address
space that it needs without wasting addresses or
increasing the size of routing tables
unnecessarily.
• Using CIDR, XYZ asks for an address block
from its Internet Service Provider, not a central
authority.
• The ISP assesses the needs of XYZ and
allocates address space from its own large CIDR
block of addresses.
 Supernetting and address
allocation
• Providers assume the burden of managing
address space in a classless system.
• With this system, Internet routers keep
only one summary route, or supernet
route, to the provider network.
• The provider keeps routes that are more
specific to its customer networks.
• This method drastically reduces the size of
Internet routing tables.
Supernetting and address
allocation
 Supernetting and address
allocation
• In this example, XYZ receives two contiguous
Class C addresses, 207.21.54.0 and
207.21.55.0.
• These network addresses have this common 23-
bit prefix:
• 11001111 00010101 0011011
• When supernetted with a 23-bit mask,
207.21.54.0/23, the address space provides well
over 400, host addresses
• without the tremendous waste of a Class B
address
 Supernetting and address
allocation
• With the ISP acting as the addressing
authority for a CIDR block of addresses,
the ISP's customer networks, which
include XYZ, can be advertised among
Internet routers as a single supernet.
• The ISP manages a block of 256 Class C
addresses and advertises them to the
world using a 16-bit prefix:
• 207.21.0.0/16
 Supernetting and address
allocation
• When CIDR enabled ISPs hierarchically
distribute and manage blocks of
contiguous addresses, IPv4 address
space enjoyed the following benefits:
1. Efficient allocation of addresses
2. Reduced number of routing table entries
 Variable-Length Subnet Masks
• Variable-Length Subnet Mask (VLSM) allows an
organization to use more than one subnet mask
within the same network address space.
• Implementing VLSM is often referred to as
subnetting a subnet and it can be used to
maximize addressing efficiency
• Consider the subnets created by borrowing
three bits from the host portion of the Class C
address, 207.21.24.0
• This masking creates seven usable subnets of
30 hosts each.
• Four of these subnets can be used to address
remote offices at sites A, B, C, and D.
Variable-Length Subnet Masks
 Variable-Length Subnet Masks
• Unfortunately, there are only three subnets left
for future growth and three point-to-point WAN
links between the four sites remain to be
addressed.
• If the three remaining subnets were assigned to
the WAN links, the supply of IP addresses would
be completely exhausted.
• This addressing scheme would also waste more
than a third of the available address space
 Variable-Length Subnet Masks
• When VLSM is applied to an addressing
problem, it breaks the address up into
groups or subnets of various sizes.
• Large subnets are created for addressing
LANs
• And very small subnets are created for
WAN links and other special cases.
 Variable-Length Subnet Masks
• A 30-bit mask is used to create subnets with two valid
host addresses.
• This is the exact number needed for a point-to-point
connection.
• Figure shows result if one of the three remaining subnets
is subnetted again, using a 30-bit mask.
 Variable-Length Subnet Masks
• Subnetting the 207.21.24.192/27 subnet in this
way supplies another eight ranges of addresses
to be used for point-to-point networks.
• For example, the network 207.21.24.192/30 can
be used to address the point-to-point serial link
between the Site A router and the Site B router
---------
 An overview of route
summarization
• The use of CIDR and VLSM not only
prevents address waste, but it also
promotes route aggregation, or
summarization.
• Without route summarization, Internet
backbone routing would likely have
collapsed sometime before 1997.
 An overview of route
summarization
• How route summarization reduces the burden on
upstream routers.
• This complex hierarchy of variable sized networks and
subnetworks is summarized at various points using a
prefix address until the entire network is advertised as a
single aggregate route of 192.168.48.0/20.
 An overview of route
summarization
• Recall that this kind of route summarization, or
supernetting, is possible only if the network
routers run a classless routing protocol, such as
OSPF or EIGRP.
• Classless routing protocols carry the prefix
length and subnet mask with the 32-bit address
in routing updates.
• In the figure, the summary route that eventually
reaches the provider contains a 20-bit prefix
common to all of the addresses in the
organization.
 An overview of route
summarization
• This prefix is 192.168.48.0/20 or
11000000.10101000.00110000.00000000
with a subnet mask of
11111111.11111111.11110000.00000000.
• For summarization to work properly,
addresses must be carefully assigned in a
hierarchical fashion so that summarized
addresses will share the same high order
bits.
 Route flapping
• Route flapping occurs when a router
interface alternates rapidly between the up
and down states.
• This can be caused by a number of
factors, including a faulty interface or
poorly terminated media
• Summarization can effectively insulate
upstream routers from route flapping
problems
 Route flapping
• Consider RTC in the figure. If the RTC
interface connected to the 200.199.56.0
network goes down, RTC will remove that
route from its table
 Route flapping
• Consider RTC in the figure. If the RTC interface
connected to the 200.199.56.0 network goes
down, RTC will remove that route from its table.
• If the routers were not configured to summarize,
RTC would then send a triggered update to RTZ
about the removal of the specific network,
200.199.56.0.
• In turn, RTZ would update the next router
upstream, and so on.
 Route flapping
• Every time these routers are updated with new
information, their processors must go to work.
• Now, consider the impact on performance if the
RTC interface to network 200.199.56.0 comes
back up after only a few seconds.
• The routers update each other and recalculate.
• In addition, what happens when RTC link goes
back down seconds later? And then back up?
This is route flapping,
 Route flapping
• However, the summarization configuration
prevents the RTC route flapping from affecting
any other routers.
• RTC updates RTZ about a supernet,
200.199.56.0/21, that includes eight networks,
200.199.56.0 through 200.199.63.0.
• The loss of one network does not invalidate the
route to the supernet.
• RTZ, and all upstream routers, are unaware of
any downstream problem.
 Private IP addresses
• Because TCP/IP is the dominant routed
protocol. Therefore, many designers build their
networks around TCP/IP, even if they do not
require Internet connectivity.
• Internet hosts require globally unique IP
addresses.
• However, private hosts that are not connected to
the Internet can use any valid address, as long
as it is unique within the private network
 Private IP addresses
• Because many private networks exist alongside public
networks.
• RFC 1918 sets aside three blocks of IP addresses for
private use.
• Addresses in this range will not be routed on the Internet
backbone. Internet routers immediately discard private
addresses
 Private IP addresses
• If addressing any of the following, these
private addresses can be used instead of
globally unique addresses:
1. A nonpublic intranet
2. A test lab
3. A home network
• Global addresses must be obtained from
a provider or a registry at some expense
 Private IP addresses
• Earlier in this module, the advantages of
using VLSM to address the point-to-point
WAN links in an internetwork were seen.
• A less wasteful solution is to address the
WAN links using private network numbers.
• The WAN links are addressed using
subnets from the private address space,
10.0.0.0/8.
Private IP addresses
 Private IP addresses
• How can these routers use private addresses if LAN
users at site A, B, C, and D expect to access the
Internet?
• End users at these sites should have no problem
because they use globally unique addresses from the
207.21.24.0 network.
• The routers use their serial interfaces with private
addresses merely to forward traffic and exchange
routing information.
• Upstream providers and Internet routers see only the
source and destination IP addresses in the packet.
• Upstream providers do not care if the packet traveled
through links with private addresses at some point.
 Private IP addresses
• There is one trade-off when using private numbers on
WAN links.
• The serial interfaces cannot be the original source of
traffic bound for the Internet or the final destination of
traffic from the Internet.
• Therefore, this limitation typically becomes an issue only
when troubleshooting with Internet Control Message
Protocol (ICMP), using Simple Network Management
Protocol (SNMP), or connecting remotely with Telnet
over the Internet.
• In those cases, the router can be addressed only by its
globally unique LAN interfaces.
 Network Address Translation
(NAT)
• NAT is the process of swapping one address for
another in the IP packet header.
• In practice, NAT is used to allow hosts that are
privately addressed
• A NAT enabled device, such as a UNIX
computer or a Cisco router, operates at the
border of a stub domain.
• An example is an internetwork that has a single
connection to the outside world.
 Network Address Translation
(NAT)
• When a host inside the stub domain wants to
transmit to a host on the outside, it forwards the
packet to the NAT enabled device.
• The NAT process then looks inside the IP
header and, if appropriate, replaces the inside IP
address with a globally unique IP address.
• When an outside host sends a response, the
NAT does the following:
• Receives it
• Checks the current table of network address translations
• Replaces the destination address with the original inside
source
Network Address Translation
(NAT)
Network Address Translation
(NAT)
An ISP and NAT
 Port Address Translation
(PAT)
• The most powerful feature of NAT routers is their
capability to use port address translation (PAT)
• Which allows multiple inside addresses to map
to the same global address.
• This is sometimes called a many-to-one NAT.
• With PAT, or address overloading, hundreds of
privately addressed nodes can access the
Internet using only one global address.
• The NAT router keeps track of the different
conversations by mapping TCP and UDP port
numbers.
 IPv6
• IPv4 has not enough addresses to meet future
needs.
• At roughly four billion possibilities, the IPv4
address space is terrible.
• However, it will not sufficient in a future world of
mobile Internet enabled devices and IP
addressable household appliances.
• the ultimate solution to the address shortage is
the introduction of IPv6 and its 128-bit address
 IPv6
• Developed to create a supply of addresses that
would survive demand
• IPv6 is on course to eventually replace IPv4.
• The large address space of IPv6 will provide not
only far more addresses than IPv4, but
additional levels of hierarchy as well.
• Note: 128 bits allows for
340,282,366,920,938,463, 463,374,607,431,768,211,456
possibilities.
 IPv6
• It will not be easy for organizations deeply
invested in the IPv4 scheme to migrate to a
totally new architecture.
• As long as IPv4, with its recent extensions and
CIDR enabled hierarchy, remains viable,
administrators will shy away from adopting IPv6.
• A new IP protocol requires new software, new
hardware, and new methods of administration.
• It is likely that IPv4 and IPv6 will coexist, even
within an autonomous system, for years to come
 IPv6 address format
• Three general types of addresses exist:
– Unicast – An identifier for a single interface. A packet
sent to a unicast address is delivered to the interface
identified by that address.
– Anycast – An identifier for a set of interfaces that
typically belong to different nodes. A packet sent to an
anycast address is delivered to the nearest, or first,
interface in the anycast group.
– Multicast – An identifier for a set of interfaces that
typically belong to different nodes. A packet sent to a
multicast address is delivered to all interfaces in the
multicast group
IPv6 address format
 IPv6 address format
• To write 128-bit addresses so that they are
readable to human eyes, the IPv6 architects
discarded in hexadecimal format.
• Therefore, IPv6 is written as 32 hex digits, with
colons separating the values of the eight 16-bit
pieces of the address.
• IPv6 will use what is called an aggregatable
global unicast address.
• Like CIDR enhanced IPv4, aggregatable global
unicast addresses rely on hierarchy to keep
Internet routing tables manageable
 IPv6 address format
• IPv6 global unicast addresses feature three levels of
hierarchy:
– Public topology – The collection of providers that provide
Internet connectivity.
– Site topology – The level local to an organization that does not
provide connectivity to nodes outside itself.
– Interface identifier – The level specific to the individual
interface of a node.
 IPv6 address format
This three level hierarchy is reflected by the
structure of the aggregatable global unicast
address, which includes the following fields:
– Format Prefix (FP) field, 3 bits – The 3-bit FP is
used to identify the type of address, unicast,
multicast, and so on.
– Top-Level Aggregation Identifier (TLA ID) field, 13
bits – The TLA ID field is used to identify the authority
responsible for the address at the highest level of the
routing hierarchy. Internet routers will necessarily
maintain routes to all TLA IDs. With 13 bits set aside,
this field can represent up to 8,192 TLAs.
 IPv6 address format
• Reserved (Res) field, 8 bits – IPv6 architecture
defined the Res field so that the TLA or NLA IDs
could be expanded as future growth warrants.
Currently, this field must be set to zero.
• Next-Level Aggregation Identifier (NLA ID)
field, 24 bits – The NLA ID field is used to
identify ISPs. The field itself can be organized
hierarchically to reflect a hierarchy or multi-tiered
relationship among providers.
 IPv6 address format
• Site-Level Aggregation Identifier (SLA ID)
field, 16 bits – The SLA ID is used by an
individual organization to create its own local
addressing hierarchy and to identify subnets.
• Interface ID field, 64 bits – The Interface ID
field is used to identify individual interfaces on a
link. This field is analogous to the host portion of
an IPv4 address.