Address Design Considerations
|
Once the design for network addressing is done, there is still a bit of work to do. Just as careful network addressing can make internetworks friendlier and more efficient, careful host addressing can also improve the operation of networks. Let’s begin with what might be considered the most important addresses on the network: the router and server addresses.
Router Addresses
There are several methods of determining router addresses. Perhaps the most basic method is to choose a particular address or range and use it consistently. On IP version 4 networks, x.x.x.1 or x.x.x.254 are commonly used as router addresses. For networks with multiple routers, a range of addresses can be reserved. Consistency in addressing facilitates the configuration of the default router or gateway on devices that do not learn them dynamically. Can you imagine trying to administer even 10 networks where the default router address is some seemingly random number between 1 and 254? How about 100? Standards really pay off here.
When addressing serial connections, standards can be introduced. This may seem unnecessary at first. After all, serial connections such as Frame Relay typically have only two addresses within the network space. However, standards such as specifying that the interface closest to the Internet, or closest to Area 0 or some other designation, always gets the lowest address can allow you to accurately predict the address on the other end of the circuit.
For example, suppose that you have to address the two serial interfaces connecting the Access layer and Distribution layer routers in Figure 7.24. Suppose that you have network 172.16.50.16/30 to address the serial link. The addresses that you have are as follows:
-
172.16.50.16—Network address
-
172.16.50.17—Host address
-
172.16.50.18—Host address
-
172.16.50.19—Broadcast address
Figure 7.24: Serial interface addressing example
Suppose also that you’ve specified that the lower address is always closer to the core. You would then use the 172.16.50.17 address on the Distribution layer router and use 172.16.50.18 on the Access layer router according to the standard. Now, consider an administrator who understands the standard and who is logged on to the Access layer router. When typing a show-running command, the administrator sees the 172.16.50.18 address on the serial interface. The administrator immediately knows the upstream address and can ping or telnet to it to troubleshoot routing or connectivity problems.
Server Addresses
Just as reserving a range of addresses for router addresses can facilitate network operation, so can reserving a range of addresses for server addresses. Consider reserving a block that can be summarized in a single statement with an access list mask, similar to what was done with route aggregation. For example, the following ranges can be summarized in a single line:
-
x.x.x.1 through x.x.x.3
-
x.x.x.1 through x.x.x.7
-
x.x.x.1 through x.x.x.15
This allows you to specify a policy for all of your servers in a single line in an access list rather than having to enter multiple lines to specify each server as a single host. For example, if you want to allow any TCP traffic to servers at addresses 172.16.50.2, 172.16.50.9, 172.16.50.77, and 172.16.50.166, use the following access list:
access-list 101 permit tcp any host 172.16.50.2 access-list 101 permit tcp any host 172.16.50.9 access-list 101 permit tcp any host 172.16.50.77 access-list 101 permit tcp any host 172.16.50.166
Notice that four lines are required. Also, any servers that are added in the future will require that you edit the access list. Now, if you have specified all servers to be the 172.16.50.1 through 172.16.50.7 range, you could have used the following line:
Access-list 102 permit tcp any 172.16.50.1 0.0.0.7
Any additional servers in the range are automatically allowed TCP access by this single line.
Cisco CNS Network Registrar
The Cisco CNS Network Registrar offers the ability to synchronize names with dynamically assigned IP addresses. Typically, dynamic DHCP is difficult because the same machine does not always get the same IP address. Since most names are statically mapped to an IP address, when a workstation’s IP address changed, its DNS name did as well.
However, with Cisco CNS Network Registrar, you can have the workstation receive a dynamic DHCP address, but the DNS server makes sure that the workstation name remains constant. This ensures that hosts on the Internet attempting to contact your workstation will be able to do it consistently, as long as they reference your workstation by name.
The Cisco CNS Network Registrar includes
-
Domain Name Server Manager tool
-
DHCP server
-
TFTP server
-
NTP server
-
Syslog server
IP Version 6 Addresses
With the growth of the Internet since the early 1990s, the IETF, IANA, IAB, and many networking vendors have realized the need for an expanded IP address space. RFC 2373 defines IP version 6 addressing architecture. IP version 6 addresses are 128 bits in length and are globally unique. Understanding the format of an IP version 6 address is key to addressing and designing for tomorrow’s networks. The following examples show IP version 6 addresses expressed in hexadecimal (preferred) and an example of address abbreviation when fields contain zeros. The first 80 bits define the network and subnet, and the final 48 bits represent the node on the network:
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:0:8:800:200C:417A
It’s not necessary to write the leading zeros in an individual field, but there must be at least one number in every field. It is common for addresses to contain long strings of zero bits. In order to make writing addresses that contain zero bits easier, a special syntax is available to compress the zeros.
The use of “::” indicates multiple groups of 16 bits of zeros. The “::” can only appear once in an address. The “::” can also be used to compress the leading and/or trailing zeros in an address.
For example, the following addresses
1080:0:0:0:8:800:200C:417A a unicast address FF01:0:0:0:0:0:0:101 a multicast address 0:0:0:0:0:0:0:1 the loopback address 0:0:0:0:0:0:0:0 the unspecified addresses
may be represented as
1080::8:800:200C:417A a unicast address FF01::101 a multicast address ::1 the loopback address :: the unspecified addresses
In IP version 6, the first few bits of the address determine the type of address, much like the classes of addresses available with IP version 4. The following shows the IP version 6 address assignments:
010-service provider allocated unicast addresses (4000::00 through 5FFF:FFFF:FFFF:FFFF:FFFF:FFFF :FFFF:FFFF) 100-geographically assigned unicast addresses (8000::0 through 9FFF: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) 1111 1110 10-link local addresses (FEC0::0 through FEBF: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) 1111 1110 11-site local addreses (FEC0::0 through FEFF: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) 1111 1111-multicast addresses (FF00::0 through all F’s)
There are no broadcast addresses defined; the all-hosts multicast is used instead. There are many other differences present in IP version 6— everything from packet formats to how a host determines its address. Several books cover IP version 6 in greater detail, and you should consult them to learn more.
IP Version 6 Migration
IP version 6 supports encapsulation into the IP version 4 address space when support for both is needed during migration.
There are three major transition strategies available, which can also be used in combination:
Dual-stack (IPv4 and IPv6 coexist in the router and network) The requirements for the dual-stack migration strategy are that both IPv4 and IPv6 stacks be enabled on the router and client, and at least two computers and their user applications can talk to both protocol versions. Some of the operating systems that currently support the dual-stack method are FreeBSD, Linux, Sun Solaris, and Windows 2000/XP. Routers and clients running dual-stack can fall back to IPv4 to communicate with only IPv4 routers and clients. To determine which IP protocol they can use, clients can query the DNS server. If DNS returns an IPv6 address for the destination, then the client can use IPv6 to communicate. Interestingly enough, the DNS server does not have to support dual-stack but only IPv6 host record types.
Automatic tunneling (encapsulation of IPv6 packets into IPv4 packets) The automatic tunneling migration approach relies on the IPv4 addresses. When an IPv6 datagram reaches the boundary of the IPv4 network, the router encapsulates it in an IPv4 datagram. As an IPv4 datagram, the new message must have an IPv4 destination address. To derive that address, the router extracts the IPv4 address embedded in the IPv6 packet’s destination. The whole process requires no special configuration on any system.
Header translation (allows IPv6-only devices to talk to IPv4 devices) With the header translation method, IPv6 messages travel nearly all the way to the destination, but since the destination does not understand IPv6, it cannot complete the journey. To deliver the client a message, a configured router accepts the IPv6 datagram and converts it to an IPv4 format. When the client responds to the message or datagram, the configured router performs the reverse translation back to IPv6.
Table 7.7 lists the typical IPv4-to-IPv6 migration steps.
| Step | Migration Method |
|---|---|
| 1. | Upgrade DNS servers to handle IPv6 addresses. |
| 2. | Introduce dual-stack systems that support both IPv4 and IPv6. |
| 3. | Add IPv6 addresses to the DNS server. |
| 4. | Rely on tunneling to connect IPv6 networks separated by IPv4 networks. |
| 5. | Remove support for IPv4 from the clients. |
| 6. | Rely on header translation to reach the remaining IPv4-only clients |
 |
Connecting your test network to the 6bone network offered by many ISPs requires a 6to4 tunnel to support existing IP version 4 networks. Each Cisco router in your test network needs to support dual-stack protocol, which is included with IOS release 12.2. Once you have configured the border router connected to the ISP, you then need to request IP version 6 addresses. For more information, see the following URL: http://www.cisco.com/en/US/ tech/tk648/tk364/technologies_design_guide09186a00800d6a19.shtml.
To obtain and test IP version 6 on a private network without connecting to the 6bone network, identify two Windows 2000 or greater or Linux Red Hat 7.2 or greater workstations, a hub or a switch, and a Cisco router running IOS 12.2 or greater. Connect the workstations to the hubs or switches and connect the hubs or switches to the LAN ports of the Cisco router.
Windows 2000 workstations can be configured to use IP version 6 by downloading the stack software from http://research.microsoft.com/msripv6. You can enable IP version 6 in Windows XP by typing ipv6 install at the command line. For Red Hat 7.2, add following line in the file /etc/sysconfig/network: NETWORKING_IPV6="yes". For more information on IP version 6 with Linux, visit http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6- HOWTO-1.html.
For the Cisco router configuration, in global configuration mode, type ipv6 unicast-routing. Then configure the network number and IP address on each interface by entering ipv6 address ipv6-prefix/prefix-length and ipv6 address ipv6-address/prefix-length | local-length. For more information on configuring IP version 6 on Cisco routers, visit http:// www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/
122t/122t2/ipv6/ftipv6c.htm.
Don’t forget to manually assign IP version 6 addresses to your workstations.
|
IPX Considerations
You may recall that IPX addressing uses an 80-bit address that consists of a 32-bit network address and a 48-bit host address. The host address is taken from the MAC address of the device, thus removing the need for an ARP-equivalent function in IPX. Also, most host addressing is dynamic, meaning that you will never need to configure IPX addresses on workstations. However, you will need to have the correct IPX network address to configure the router. This can be obtained either from the local administrator or by typing config at the console of the NetWare server.
In many situations, the IPX addressing is already set on individual LANs. Your function is one of gathering existing IPX address information (along with frame type) and ensuring that unique IPX network addresses have been used across the internetwork. It is not uncommon to have many networks configured with common IPX addresses, such as the following:
-
00000001, etc.
-
BA5EBA11
-
11111111, etc.
Since host addressing is dynamic, conflicts are easily resolved by reconfiguring NetWare servers with the new addresses. Workstations automatically reconfigure their addresses to conform to the new network address.
If you are able to specify the IPX addressing scheme, and the network includes IP addresses, one trick is to convert the IP network address to hexadecimal and use that for the IPX network address. For example, IP network 172.16.10.0 can be represented as IPX network AC100A00. This is obtained by converting 172 to hexadecimal (AC), then 16 to hexadecimal (10), and so on. This technique allows you to create a single addressing scheme that can be used across both protocols and ensures against duplicate IPX network addresses.
|
EAN: 2147483647
Pages: 201