IPv4 Address Design


This section discusses IP addressing design. First, we examine how to determine how many IP addresses are needed in a network. We next discuss the use of private addresses. If private addresses are used in a network that also requires Internet connectivity, Network Address Translation (NAT) is also needed, so the various features of NAT are described. This is followed by a discussion of how routers use IP subnet masks. We next show you how to determine the subnet mask to use within a network. Assigning IP addresses in a hierarchical way allows them to be summarized, which has many benefits. These benefits are examined, and route summarization calculations are illustrated. The use of variable-length subnet masks (VLSMs) can help you to use your available IP address space more efficientlyan explanation of VLSMs concludes this section.

Note

Appendix B, "Network Fundamentals," includes an introduction to IP addresses.


Determining How Many IP Addresses Are Required

To determine how many IP addresses are required in your network, you should consider[3] the many different locations in your network that need addresses, including headquarters, branch and regional offices, telecommuters, and so forth. The number of devices in each location must be counted, including the network devices such as routers, switches, and firewalls; workstations; IP phones; network management stations; servers; and so forth. For each of these devices, determine how many interfaces need to be addressed and whether private or public addresses will be used.

A reserve for future growth should be added to the total number of addresses required. A 10 to 20 percent reserve is typically sufficient, but the reserve should be based on your knowledge of the organization. If you do not reserve enough space for future growth, you might have to reconfigure some of your routers (for example, to add new subnets or networks into route summarization calculations); in the worst case, you might have to re-address your entire network.

Using Private and Public Addresses and NAT

Recall that Requests For Comments (RFC) 1918, "Address Allocation for Private Internets," defines the private IPv4 addresses as follows:

  • 10.0.0.0 to 10.255.255.255

  • 172.16.0.0 to 172.31.255.255

  • 192.168.0.0 to 192.168.255.255

Note

RFC 3330, "Special-Use IPv4 Addresses," describes IPv4 address blocks that have been assigned by the Internet Assigned Numbers Authority (IANA) for specialized purposes, and includes reference to the private addresses defined in RFC 1918.


The remaining Class A, B, and C addresses are public addresses. Private addresses are for use only within a company's network; public addresses must be used when communicating on the public Internet. Internal private addresses must be translated to public addresses when data is sent out to the Internet, and these public addresses must be translated back to the private addresses when packets come in from the Internet.

Because only a finite number of public addresses are available, they are becoming scarce. Using private addresses internally on your network means that you will require fewer public addresses. However, public addresses are required for the Internet connections and for servers that must be accessible from the Internetfor example, File Transfer Protocol (FTP) servers that contain publicly accessible data, and web servers. Other devices internal to the network can use private addressesthey can connect to the Internet through a NAT device.

RFC 1631, "The IP Network Address Translator," defines NAT. NAT can be provided by a variety of devices, including routers and firewalls.

Key Point

To configure NAT, you first define inside and outside interfaces on the NAT device. The inside interface connects to the internal network, while the outside interface connects to the Internet. You also define the addresses that are to be translated on each side.


For example, in the network in Figure 3-1, a person at PC 172.16.1.1 wants to access data on the FTP server at 192.168.7.2. A NAT device (in this case, a router) translates addresses on the inside network 172.16.0.0 to addresses on the outside network 10.1.0.0.

Figure 3-1. NAT Translates Between Inside and Outside Addresses


Note

Recall that the IP addresses shown in the examples in this book are private addresses. In practice, public addresses would be used on the Internet.


A NAT device has a NAT table, created either dynamically or with static entries configured by the network administrator. In Figure 3-1, the simple NAT table in the NAT router includes the following:

  • Inside local IP address The address used by a host on the inside network

  • Inside global IP address The address that represents an inside host on the outside network

When a packet is sent from 172.16.1.1 to 192.168.7.2 (at 1 in Figure 3-1), it goes to the NAT router, which translates the source address (SA) 172.16.1.1 to 10.1.1.1 (at 2 in the figure). The packet then goes through the Internet and arrives at its destination, the FTP server. The server replies to 10.1.1.1 (at 3 in the figure). When the NAT router receives this packet, the router looks in its NAT table and translates the destination address (DA) from 10.1.1.1 to 172.16.1.1 (at 4 in the figure). The packet is then sent to its destination, the PC.

More complex translations might be necessary, for example, if some addresses in the inside network overlap addresses in the outside network. In this case, the NAT table would be expanded to include the following:

  • Outside global IP address The address that represents an outside host on the outside network

  • Outside local IP address The address that represents an outside host on the inside network

The example in Figure 3-1 shows a one-to-one translation from inside to outside addresses. NAT can also support address overloading, in which many inside addresses are translated into one outside address. In this case, the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers distinguish between the connections; the TCP and UDP port numbers are added to the NAT translation table.

How Routers Use Subnet Masks

When you configure the IP address of a router's interface, you include the address and the subnet mask. The router uses this information not only to address the interface but also to determine the address of the subnet to which the interface is connected. The router then puts this subnet address in its routing table, as a connected network on that interface.

Key Point

To determine the network or subnet address to which a router is connected, the router performs a logical AND of the interface address and the subnet mask. Logically "ANDing" a binary 1 with any number yields that number; logically "ANDing" a binary 0 with any number yields 0.

Because subnet mask bits set to binary 0 indicate that the corresponding bits in the IP address are host bits, the result of this AND operation is that the host portion of the address is removed (zeroed out), and the subnet address (also called the subnet number) remains.


Table 3-1 illustrates an example of logically ANDing an IP address and subnet mask. The router puts the remaining subnet address in its routing table as the subnet to which the interface is connected.

Table 3-1. Example Calculation of Subnet Address
 

Network

Subnet

Subnet

Host

Interface IP Address 10.5.23.19

00001010

00000101

00010111

00010011

Subnet Mask 255.255.255.0

11111111

11111111

11111111

00000000

Subnet Address 10.5.23.0

00001010

00000101

00010111

00000000


When a packet arrives at the router, the router analyzes the destination address of the packet to determine which network or subnet it is on. The router looks up this network or subnet in its routing table to determine the interface through which it can best be reached; the packet is then sent out of the appropriate router interface. [If the router does not have a route to the destination subnet, the packet is rejected and an Internet Control Message Protocol (ICMP) error message is sent to the source of the packet.]

Determining the Subnet Mask to Use

When addressing your network, you must determine the subnet mask to use. Because the subnet mask represents the number of bits of network, subnet, and host available for addressing, the subnet mask selected depends on the number of subnets required and the number of host addresses required on each of these subnets.

For example, consider the network shown in Figure 3-2. A total of 12 subnets exist in this network; each has a maximum of 10 device addresses. Some of the addresses are for router interfaces and some are for hosts (not shown in the figure); each device on each subnet needs to have its own IP address. You decide to use the private Class C network 192.168.3.0 to address this network.

Figure 3-2. The Number of Subnets and Hosts Required Determines the Subnet Mask to Use


In a Class C address, only the last octet contains host bits, and therefore this is the only octet from which bits can be borrowed for subnets.

Key Point

Because IP addresses are binary, they are used in blocks of powers of 2 (2, 4, 8, and so on).

To determine the size of the block needed for the subnets, round the number of subnets required up to the next higher power of 2 (if it is not already a power of 2).

To determine the size of the block needed for the hosts, add 2one for the subnet address (also referred to as the wire address) and one for the broadcast addressto the maximum number of hosts required per subnet, and round this number up to the next higher power of 2 (again, if it is not already a power of 2).


In the example in Figure 3-2, 12 subnets are needed; rounding up to the next power of 2 gives 16. Because 24 = 16, 4 bits are needed for the subnets. A maximum of 10 device addresses per subnet are needed; adding 2 and rounding up to the next power of 2 gives 16. Because 24 = 16, 4 bits are needed for the hosts. The subnet mask to use is therefore 255.255.255.240.

To determine the available subnet addresses, first write the network address in binary. Then, keeping the network bits as they are, use all combinations of the subnet bits. Remember that all the host bits are 0 in the subnet address, so leave the host bits set to 0. Finally, convert the binary number back to decimal. Figure 3-3 illustrates this process. (Note that any octets not changed in this process are left as decimal numbers, to save converting them twice.)

Figure 3-3. Calculating Subnet Addresses


Thus, the first subnet address that can be used with a mask of 255.255.255.240 is 192.168.3.0; this can also be written as 192.168.3.0/28. The second subnet is 192.168.3.16/28, and so on.

To determine the device addresses on each subnet, first write the subnet address in binary. Next, keeping the network and subnet bits as they are, use all the combinations of the host bits. Remember that the address in which all host bits are 0 is the subnet address, and the address in which all host bits are 1 is the broadcast address. Finally, convert the binary number back to decimal. Figure 3-4 illustrates this process for the third subnet, 192.168.3.32/28. (Again, note that any octets not changed in this process are left as decimal numbers, to save converting them twice.)

Figure 3-4. Calculating Device Addresses


Thus, the first device address on this subnet is 192.168.3.33/28, the second device address is 192.168.3.34/28, and so on. The last host address is 192.168.3.46/28. The broadcast address is 192.168.3.47/28. For example, the network marked as "3" in Figure 3-2 could be assigned the 192.168.3.32/28 subnet. The interfaces of the three routers on that subnet could be assigned addresses 192.168.3.33/28, 192.168.3.34/28, and 192.168.3.35/28.

Hierarchical IP Address Design and Summarization

A hierarchical IP address design means that addresses are assigned in a hierarchical manner, rather than randomly. The telephone network provides a good analogy. This network is divided into countries, which in turn are divided into areas and local exchanges. Phone numbers are assigned based on location. For example, in North America, 10-digit phone numbers represent a 3-digit area code, a 3-digit central office code, and a 4-digit line number. So if you are in Europe and you want to call someone in Canada, you dial his country code followed by his area code, central office, and line number. The telephone network switches in Europe recognize the country code and send the call to Canada; they don't have to worry about the details of the phone number. The switches in Canada send the call to the appropriate area code, to the central office, and finally to the correct line.

This hierarchical structure allows the telephone switches to keep less detailed information about the network. For example, a central office (CO) switch only needs to know how to get to the numbers served by its equipment, and how to get to other COs and other area codes, but it doesn't need to know how to get to the specific numbers in other COs. For example, 416 is the area code for downtown Toronto. Switches outside of Toronto only need to know how to get to 416; they don't need to know how to get to each number in Toronto. Area code 416 can be considered to be a summary of Toronto.

An IP network can use a similar hierarchical structure to get comparable benefits. When routers only have summary routes instead of unnecessary details, their routing tables are smaller. Not only does this save memory in the routers, but it also means that routing updates are smaller and therefore use less bandwidth on the network. Hierarchical addressing can also result in a more efficient allocation of addresses. With some routing protocols (known as classful routing protocols), addresses can be wasted if they are assigned randomly (as explained further in the "Classifying Routing Protocols" section, later in this chapter.)

To illustrate, consider the network shown in Figure 3-5. Subnet addresses were assigned sequentially as the subnets were created, regardless of architecture, resulting in a random pattern. Consequently, when Router A sends its routing table to the other routers, it has no choice but to send all its routes.

Figure 3-5. Router A Cannot Summarize Its Routes Because of Random Address Assignment


Contrast this to the network in Figure 3-6, in which subnets were assigned in a hierarchical manner. Notice, for example, that all the subnets under Router A start with 10.1, while all under Router B start with 10.2. Therefore, the routers can summarize the subnets. When they communicate to other routers, they don't send all the detailed routes; they just send the summary route. Not only does this save bandwidth on the network (because smaller updates are sent), but it also means that the routing tables in the core are smaller, which eases processing requirements. It also means that small local problems don't need to be communicated network-wide. For example, if network 10.1.1.0 under Router A goes down, the summary route 10.1.0.0/16 does not change, so the routers in the core and other areas are not told about it. They do not need to process the route change, and the update does not use bandwidth on the network. (If traffic is routed to a device on that network that is down, Router A will respond with an error message, so the network can continue to function normally.)

Figure 3-6. Router A Can Summarize Its Routes, Resulting in Smaller Routing Tables


The summary routes shown in Figure 3-6 are obviousall the subnets under Router A start with 10.1 and thus the summary route is 10.1.0.0/16. It isn't always this easy.

For example, consider a network in which Router A has the following subnet routes in its routing table: 192.168.3.64/28, 192.168.3.80/28, 192.168.3.96/28, and 192.168.3.112/28. Router B in the same network has the following subnet routes in its routing table: 192.168.3.0/28, 192.168.3.16/28, 192.168.3.32/28, and 192.168.3.48/28. What is the summary route for Router A's subnets? While you might be tempted to use 192.168.3.0/24 because they all have the first three octets in common, this won't work. If both Routers A and B reported the same 192.168.3.0/24 summary route, traffic would not necessarily go to the correct router, resulting in a nonfunctioning network. Instead, you have to determine the summary routes on nonoctet boundaries. Figure 3-7 illustrates how this is done.

Figure 3-7. Route Summarization on a Nonoctet Boundary


To calculate the summary route, first write the subnet addresses in binary. Then, determine which network and subnet bits the addresses have in commonit can be helpful to draw a line at the end of the common bits. (Notice that the network portions of the addresses are all common, because they are all subnets of the same network.) In this case, the addresses have the first two subnet bits in common. The addresses should also encompass all combinations of the remaining subnet bits so that the summary route covers only these subnets; in this example, the addresses do cover all combinations of the remaining two subnet bits. Thus, if an address matches the network bits and the first two subnet bits of these addresses, it is on one of these four subnets. The summary route is written as the first address in the list with a prefix equal to the total number of common bits. In this example, the summary is 192.168.3.64/26. Similarly, the summary route for Router B is 192.168.3.0/26.

Key Point

Another way to think of the summary route 192.168.3.64/26 is that Router A is saying "I have all routes that match the first 26 bits of the address 192.168.3.64."


Variable-Length Subnet Masks

Consider the network in the upper portion of Figure 3-8. All the subnets are configured with a /24 mask, meaning that up to 28 - 2 = 254 hosts can be addressed. This can be useful on the LAN links. However, only two addresses will ever be required on each of the point-to-point serial WAN connections between the two routers, one for each of the routers. Therefore, the other 252 addresses available on each of these WAN subnets are wasted.

Figure 3-8. Using the Same Mask on LAN and WAN Links Can Waste Addresses; Using Different Masks Can Be a More Efficient Use of the Available Addresses


Key Point

A major network is a Class A, B, or C network.

A fixed-length subnet mask (FLSM) is when all subnet masks in a major network must be the same size.

A VLSM is when subnet masks within a major network can be different sizes.


The routing protocol in use in the network influences whether VLSMs can be usedwe discuss why in the "Classifying Routing Protocols" section, later in this chapter. If a routing protocol supports VLSMs, IP addresses can be allocated more efficiently. For example, in the network shown in the lower portion of Figure 3-8, the LAN subnets use a /24 mask, while the WAN subnets use a more appropriate /30 mask. With a /30 mask, only 2 host bits exist, and therefore 22 - 2 = 2 host addresses are available. This is the exact number of addresses required, one for each of the routers.

Using VLSMs also means that the addressing plan can have more levels of hierarchy, resulting in routes that can be summarized easily. This in turn results in smaller routing tables and more efficient updates.

To see how VLSM addresses are calculated, consider the network in the upper portion of Figure 3-9, with one LAN requiring 150 addresses, two LANs requiring 100 addresses each, and two point-to-point WANs. You have been given the 10.5.16.0/20 address space to use in this network, and you have been asked to conserve as many addresses as possible (which also makes this exercise as challenging as possible).

Figure 3-9. The Number of Addresses Required Determines the Subnet to Use


For the left LAN, 150 addresses are needed; rounding up to the next power of 2 gives 256. Because 28 = 256, 8 host bits are needed. For the other two LANs, 100 addresses are needed; rounding up to the next power of 2 gives 128. Because 27 = 128, 7 host bits are needed for each LAN. The WANs require 2 host bits each.

Because at most 8 host bits are needed, the 10.5.16.0/20 address can be further subnetted into sixteen /24 subnets (leaving 8 host bits): 10.5.16.0/24, 10.5.17.0/24, and so on, up to 10.5.31.0/24, as shown at the top of Figure 3-10. Subnet 10.5.16.0/24 can be used to address the left LAN.

Figure 3-10. Calculating the VLSM Subnetting for the Network in Figure 3-9


One of the unused /24 subnets, 10.5.17.0/24, can be further subnetted by 1 bit, resulting in 21 = 2 subnets, each with 7 host bits, as shown in the middle of Figure 3-10. The 10.5.17.0/25 and 10.5.17.128/25 subnets can be used to address the LANs on the right.

Another of the unused /24 subnets, 10.5.18.0/24, can be further subnetted by 6 bits, resulting in 26 = 64 subnets, each with 2 host bits, as shown at the bottom of Figure 3-10. Two of these subnets can be used to address the WANs. The resulting addresses are shown in the lower portion of Figure 3-9.

Key Point

Remember that only unused subnets should be further subnetted. In other words, if you use any addresses from a subnet, that subnet should not be further subnetted. In the example in the lower portion of Figure 3-9, one subnet, 10.5.16.0/24, is used on the left LAN. One of the unused subnets, 10.5.17.0/24, is further subnetted for use on the other two LANs. Another, as yet unused, subnet, 10.5.18.0/24, is further subnetted for use on the WANs.


Note

Because only two devices exist on point-to-point links, a specification has been developed (as documented in RFC 3021, "Using 31-Bit Prefixes on IPv4 Point-to-Point Links") to allow the use of only 1 host bit on such links, resulting in a /31 mask. The two addresses createdwith the host bit equal to 0 and with the host bit equal to 1are to be interpreted as the addresses of the interfaces on either end of the link rather than as the subnet address and the directed broadcast address. Support for /31 masks is provided on some Cisco devices running IOS Release 12.2 and later; details regarding the support for this (and other features) on specific platforms and IOS releases are identified at the Cisco feature navigator site (http://www.cisco.com/go/fn).





Campus Network Design Fundamentals
Campus Network Design Fundamentals
ISBN: 1587052229
EAN: 2147483647
Year: 2005
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net