Lec12-IPv4 Addressing.pptx

Full Transcript

1 LEC12: IPV4 ADDRESSING © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 IPv4 Address Structure: Network and Host Portions This chapter covers how to segment a network into subnets. An IPv4 address is a 32-bit hierarchical address that is made up of a network portion and a host portion. When determining the network portion versus the host portion, you must look at the 32-bit stream. The bits in the network portion of the address must be identical for all devices that reside in the same network. The bits in the host portion of the address must be unique to identify a specific host within a network. If two hosts have the same bit pattern in the specified network portion of the 32-bit stream, those two hosts reside in the same network. A subnet mask is used to determine the network and host portions. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 IPv4 Address Structure: The Subnet Mask Assigning an IPv4 address to a host requires: IPv4 address: This is the unique IPv4 address of the host. Subnet mask: This is used to identify the network/host portion of the IPv4 address To identify the network and host portions of an IPv4 address, the subnet mask is compared to the IPv4 address bit for bit, from left to right. The actual process used to identify the network and host portions is called ANDing. The IPv4 subnet mask is used to differentiate the network portion from the host portion of an IPv4 address. The network address represents all the devices on the same network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 IPv4 Address Structure: The Prefix Length A prefix length is a less cumbersome method used to identify a subnet mask address. The prefix length is the number of bits set to 1 in the subnet mask. It is written in “slash notation,” with a forward slash (/) followed by the number of bits set to 1. Therefore, count the number of bits in the subnet mask and prepend it with a slash. When representing an IPv4 address using a prefix length, the IPv4 address is written followed by the prefix length with no spaces. For example, 192.168.10.10 255.255.255.0 would be written as 192.168.10.10/24. Subnet Mask 32-bit Address Prefix Length 255.0.0.0 11111111.00000000.00000000.00000000 /8 255.255.0.0 11111111.11111111.00000000.00000000 /16 255.255.255.0 11111111.11111111.11111111.00000000 /24 255.255.255.128 11111111.11111111.11111111.10000000 /25 255.255.255.192 11111111.11111111.11111111.11000000 /26 255.255.255.224 11111111.11111111.11111111.11100000 /27 255.255.255.240 11111111.11111111.11111111.11110000 /28 255.255.255.248 11111111.11111111.11111111.11111000 /29 255.255.255.252 11111111.11111111.11111111.11111100 /30 A network address is also referred to as a prefix or network prefix. Therefore, the prefix length is the number of 1 bits in the subnet mask. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 IPv4 Address Structure: Determining the Network: Logical AND A logical AND Boolean operation is used in determining the network address. Logical AND is the comparison of two bits where only a 1 AND 1 produces a 1 and any other combination results in a 0. 1 AND 1 = 1, 0 AND 1 = 0, 1 AND 0 = 0, 0 AND 0 = 0 1 = True and 0 = False (When using an AND operation, both input values must be true (1) for the result to be true (1).) To identify the network address of an IPv4 host, the host IPv4 address is logically ANDed, bit by bit, with the subnet mask. Thus, ANDing between the address and the subnet mask yields the network address. In this example, the AND operation between the host address 192.168.10.10 and the subnet mask 255.255.255.0 (/24), results in the IPv4 network address 192.168.10.0/24. This is an important IPv4 operation, as it tells the host what network it belongs to. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 IPv4 Address Structure:Network, Host, and Broadcast Addresses Within each network are three types of IP addresses: Network address: which is an address that represents a specific network. A host determines its network address by performing an AND operation between its IPv4 address and its subnet mask. The network address has all 0 bits in the host portion, as determined by the subnet mask. In this example, the network address is 192.168.10.0/24. A network address cannot be assigned to a device. Host addresses: are addresses that can be assigned to devices such as host computers, laptops, smartphones, routers, and so on. The host portion of the address is the bits indicated by 0 bits in the subnet mask. A host address can have any combination of bits in the host portion except for all 0 bits (which would be a network address) or all 1 bits (which would be a broadcast address). All devices in the same network must have the same subnet mask and the same network bits. Only the host bits differ and must be unique. Broadcast address: is an address that is used to reach all devices on the IPv4 network. The network broadcast address has all 1 bits in the host portion, as determined by the subnet mask. In this example, the network address is 192.168.10.255/24. A broadcast address cannot be assigned to a device. Network Portion Host Portion Subnet mask 255.255.255.0 or /24 255 255 255 11111111 11111111 11111111 0 00000000 Network address 192.168.10.0 or /24 192 168 10 11000000 10100000 00001010 0 00000000 All 0s First address 192.168.10.1 or /24 192 168 10 11000000 10100000 00001010 1 00000001 All 0s and a 1 Last address 192.168.10.254 or /24 192 168 10 11000000 10100000 00001010 254 11111110 All 1s and a 0 Broadcast address 192.168.10.255 or /24 192 168 10 255 All 1s 11000000 10100000 00001010 11111111 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Host Bits 6 IPv4 Unicast, Broadcast, and Multicast: Unicast Unicast transmission is sending a packet to one destination IP address in one-to-one communications. A unicast packet has a destination IP address that is a unicast address, which goes to a single recipient. A unicast packet has a destination IP address that is a unicast address, which goes to a single recipient. A source IP address can only be a unicast address because the packet can only originate from a single source— regardless of whether the destination IP address is a unicast, broadcast, or multicast address. For example, the PC at 172.16.4.1 sends a unicast packet to the printer at 172.16.4.253. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 IPv4 Unicast, Broadcast, and Multicast: Broadcast Broadcast transmission is sending a packet to all other destination IP addresses in one-to-all communications. A broadcast packet has a destination IP address with all 1s in the host portion, or 32 1 bits. Note: IPv4 uses broadcast packets. However, there are no broadcast packets with IPv6. For example, the PC at 172.16.4.1 sends a broadcast packet to all IPv4 hosts. A broadcast packet must be processed by all devices in the same broadcast domain. A broadcast domain identifies all hosts on the same network segment. A broadcast may be directed or limited. A directed broadcast is sent to all hosts on a specific network. For example, say that a host on the 172.16.4.0/24 network sends a packet to 172.16.4.255. A limited broadcast is sent to 255.255.255.255. By default, routers do not forward broadcasts In addition to the 255.255.255.255 broadcast address, there is a broadcast IPv4 address for each network. This address, called a directed broadcast, uses the highest address in the network, which is the address where all the host bits are 1s. For example, the directed broadcast address for 192.168.1.0/24 is 192.168.1.255. This address allows communication to all the hosts in that network. To send data to all the hosts in a network, a host can send a single packet that is addressed to the broadcast© 2016 address Cisco and/or itsof affiliates. the All rights network. reserved. Cisco Confidential 8 IPv4 Unicast, Broadcast, and Multicast: Multicast Multicast transmission is sending a packet to a multicast address group (allowing a host to send a single packet to a selected set of hosts that subscribe to a multicast group). A multicast packet is a packet with a destination IP address that is a multicast address. IPv4 has reserved the 224.0.0.0 to 239.255.255.255 addresses as a multicast range. Each multicast group is represented by a single IPv4 multicast destination address. When an IPv4 host subscribes to a multicast group, the host processes packets addressed to this multicast address and packets addressed to its uniquely allocated unicast address. For example, the PC at 172.16.4.1 sends a multicast packet to the multicast group address 224.10.10.5. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Types of IPv4 Addresses: Public and Private IPv4 Addresses As defined in in RFC 1918, public IPv4 addresses are globally routed between internet service provider (ISP) routers. Private addresses are common blocks of addresses used by most organizations to assign IPv4 addresses to internal hosts. The private IPv4 addresses in this Table were introduced to deal with the depletion of IPv4 address space. Private IPv4 addresses are not unique and can be used internally within any network. However, private addresses are not globally routable Network Address RFC 1918 Private Address Range and Prefix 10.0.0.0/8 10.0.0.0 - 10.255.255.255 172.16.0.0/12 172.16.0.0 - 172.31.255.255 192.168.0.0/16 192.168.0.0 - 192.168.255.255 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Types of IPv4 Addresses: Routing to the Internet Most internal networks, use private IPv4 addresses for addressing all internal devices (in intranets), including hosts and routers. However, private addresses are not globally routable. Network Address Translation (NAT) translates private IPv4 addresses to public IPv4 addresses. Customer networks 1, 2, and 3 are sending packets outside their internal networks. These packets have a source IPv4 address that is a private address and a destination IPv4 address that is public (globally routable). Packets with private addresses must be filtered (discarded) or have their addresses translated to public addresses before being forwarded to an ISP. NAT is typically enabled on the edge router (the router that connects the internal network to the ISP network connecting to the internet.) It translates the internal private address to a public global IP address. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Types of IPv4 Addresses: Special Use IPv4 Addresses Certain addresses, such as the network address and broadcast address, cannot be assigned to hosts. In addition, special addresses can be assigned to hosts but with restrictions on how those hosts can interact within the network. Loopback addresses 127.0.0.0 /8 (127.0.0.1 to 127.255.255.254) Commonly identified as only 127.0.0.1 is a special address that a host uses to direct traffic to itself (Used on a host to test if TCP/IP is operational. Notice how the 127.0.0.1 loopback address replies to the ping command Link-Local addresses 169.254.0.0 /16 (169.254.0.1 to 169.254.255.254) Commonly known as the Automatic Private IP Addressing (APIPA) addresses or selfassigned addresses. Used by Windows DHCP(Dynamic Host Configuration Protocol) clients to self-configure when no DHCP servers are available. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Types of IPv4 Addresses: Legacy Classful Addressing RFC 790 (1981) allocated IPv4 addresses in classes (The RFC divided the unicast ranges into specific classes) as follows: Class A (0.0.0.0/8 to 127.0.0.0/8): Designed to support extremely large networks with more than 16 million host addresses. Class A used a fixed /8 prefix with the first octet to indicate the network address and the remaining three octets for host addresses (for more than 16 million host addresses per network). Class B (128.0.0.0/16 to 191.255.0.0/16): Designed to support the needs of moderate to large networks with up to approximately 65,000 host addresses. Class B used a fixed /16 prefix with the two high-order octets to indicate the network address and the remaining two octets for host addresses (for more than 65,000 host addresses per network). Class D (224.0.0.0 to 239.0.0.0) Class E (240.0.0.0 – 255.0.0.0) Class C (192.0.0.0/24 to 223.255.255.0/24): Designed to support small networks with a maximum of 254 hosts. Class C used a fixed /24 prefix with the first three octets to indicate the network and the remaining octet for the host addresses (for only 254 host addresses per network). Classful addressing wasted many IPv4 addresses. Classful address allocation was replaced with classless addressing which ignores the rules of classes (A, B, C). © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Network Segmentation: Broadcast Domains and Segmentation In an Ethernet LAN, devices use broadcasts and Address Resolution Protocol (ARP) to locate other devices. ARP sends Layer 2 broadcasts to a known IPv4 address on the local network to discover the associated MAC address. Devices on Ethernet LANs also locate other devices using services. A host typically acquires its IPv4 address configuration by using the Dynamic Host Configuration Protocol (DHCP), which sends broadcasts on the local network to locate a DHCP server. Switches propagate broadcasts out all interfaces except the interface on which it was received. The only device that stops broadcasts is a router. Routers do not propagate broadcasts. Each router interface connects to a broadcast domain and broadcasts are only propagated within that specific broadcast domain. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Network Segmentation: Problems with Large Broadcast Domains A problem with a large broadcast domain is that these hosts can generate excessive broadcasts and negatively affect the network (results in slow network operations and also in slow device operations because a device must accept and process each broadcast packet). The solution is to reduce the size of the network to create smaller broadcast domains in a process called subnetting. (These smaller network spaces are called subnets) Dividing the network address 172.16.0.0 /16 into two subnets of 200 users each: 172.16.0.0 /24 and 172.16.1.0 /24. Broadcasts are only propagated within the smaller broadcast domains. broadcast in LAN 1 would not propagate to LAN 2. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Network Segmentation:Reasons for Segmenting Networks Subnetting reduces overall network traffic and improves network performance. It can be used to implement security policies between subnets. Subnetting reduces the number of devices affected by abnormal broadcast traffic. Subnets are used for a variety of reasons including by: Location Group or Function Device Type © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Subnet an IPv4 Network: Subnet on an Octet Boundary IPv4 subnets are created by using one or more of the host bits as network bits. This process involves extending the subnet mask to borrow some of the bits from the host portion of the address to create additional network bits. The more host bits that are borrowed, the more subnets that can be defined. The more bits that are borrowed to increase the number of subnets, the lower the number of hosts per subnet. Networks are most easily subnetted at the octet boundary of /8, /16, and /24. Notice that using longer prefix lengths decreases the number of hosts per subnet. Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of hosts /8 255.0.0.0 nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh 11111111.00000000.00000000.00000000 16,777,214 /16 255.255.0.0 nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh 11111111.11111111.00000000.00000000 65,534 /24 255.255.255.0 nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh 11111111.11111111.11111111.00000000 254 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Subnet an IPv4 Network: Subnet on an Octet Boundary Consider the following example: Say that an enterprise has chosen the private address 10.0.0.0/8 as its internal network address. That network address can connect 16,777,214 hosts in one broadcast domain. Obviously, having more than 16 million hosts on a single subnet is not ideal. The enterprise could further subnet the 10.0.0.0/8 address at the octet boundary /16. This would enable the enterprise to define up to 256 subnets (that is, 10.0.0.0/16 to 10.255.0.0/16), and each subnet would be capable of connecting 65,534 hosts. Notice that the first two octets identify the network portion of the address, whereas the last two octets are for host IP addresses. Alternatively, the enterprise could choose to subnet the 10.0.0.0/8 network at the /24 octet boundary. This would enable the enterprise to define 65,536 subnets, each capable of connecting 254 hosts. The /24 boundary is very popular in subnetting because it accommodates a reasonable number of hosts and conveniently subnets at the octet boundary. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Subnet an IPv4 Network: Subnet on an Octet Boundary (Cont.) In the first table 10.0.0.0/8 is subnetted using /16 and in the second table, a /24 mask. Subnet Address (256 Possible Subnets) Host Range (65,534 possible hosts per subnet) Broadcast Subnet Address (65,536 Possible Subnets) Host Range (254 possible hosts per subnet) Broadcast 10.0.0.0/16 10.0.0.1 - 10.0.255.254 10.0.255.255 10.0.0.0/24 10.0.0.1 - 10.0.0.254 10.0.0.255 10.1.0.0/16 10.1.0.1 - 10.1.255.254 10.1.255.255 10.0.1.0/24 10.0.1.1 - 10.0.1.254 10.0.1.255 10.2.0.0/16 10.2.0.1 - 10.2.255.254 10.2.255.255 10.0.2.0/24 10.0.2.1 - 10.0.2.254 10.0.2.255 10.3.0.0/16 10.3.0.1 - 10.3.255.254 10.3.255.255 … … … 10.0.255.0/24 10.0.255.1 - 10.0.255.254 10.0.255.255 10.4.0.0/16 10.4.0.1 - 10.4.255.254 10.4.255.255 10.1.0.0/24 10.1.0.1 - 10.1.0.254 10.1.0.255 10.5.0.0/16 10.5.0.1 - 10.5.255.254 10.5.255.255 10.1.1.0/24 10.1.1.1 - 10.1.1.254 10.1.1.255 10.6.0.0/16 10.6.0.1 - 10.6.255.254 10.6.255.255 10.1.2.0/24 10.1.2.1 - 10.1.2.254 10.1.2.255 10.7.0.0/16 10.7.0.1 - 10.7.255.254 10.7.255.255 … … …......... 10.100.0.0/24 10.100.0.1 - 10.100.0.254 10.100.0.255 10.255.0.0/16 10.255.0.1 - 10.255.255.254 10.255.255.255......... 10.255.255.0/24 10.255.255.1 - 10.2255.255.254 10.255.255.255 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Subnet an IPv4 Network: Subnet within an Octet Boundary Subnets can borrow bits from any host bit position to create other masks. For instance, a /24 network address is commonly subnetted using longer prefixes by borrowing bits from the fourth octet. Refer to the table to see six ways to subnet a /24 network. For each bit borrowed from the fourth octet, the number of subnetworks available is doubled, and the number of host addresses per subnet is reduced. For example: Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of subnets # of hosts /25 255.255.255.128 nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh 11111111.11111111.11111111.10000000 2 126 /26 255.255.255.192 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh 11111111.11111111.11111111.11000000 4 62 /27 255.255.255.224 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh 11111111.11111111.11111111.11100000 8 30 /28 255.255.255.240 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh 11111111.11111111.11111111.11110000 16 14 /29 255.255.255.248 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh 11111111.11111111.11111111.11111000 32 6 /30 255.255.255.252 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh 11111111.11111111.11111111.11111100 64 /25 row: Borrowing 1 bit from the fourth octet creates 2 subnets supporting 126 hosts each. /26 row: Borrowing 2 bits creates 4 subnets supporting 62 hosts each. 2 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Subnet a Slash 16 and a Slash 8 Prefix: In a situation requiring a larger number of subnets, an IPv4 network is required that has more hosts bits available to borrow. For example, the network address 172.16.0.0 has a default mask of 255.255.0.0, or /16. This address has 16 bits in the network portion and 16 bits in the host portion. The 16 bits in the host portion are available to borrow for creating subnets. The table highlights all the possible scenarios for subnetting a /16 prefix. Create Subnets with a Slash 16 prefix Prefix Length Subnet Mask Network Address (n = network, h = host) # of subnets # of hosts /17 255.255.128.0 nnnnnnnn.nnnnnnnn.nhhhhhhh.hhhhhhhh 11111111.11111111.10000000.00000000 2 32766 /18 255.255.192.0 nnnnnnnn.nnnnnnnn.nnhhhhhh.hhhhhhhh 11111111.11111111.11000000.00000000 4 16382 /19 255.255.224.0 nnnnnnnn.nnnnnnnn.nnnhhhhh.hhhhhhhh 11111111.11111111.11100000.00000000 8 8190 /20 255.255.240.0 nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh 11111111.11111111.11110000.00000000 16 4094 /21 255.255.248.0 nnnnnnnn.nnnnnnnn.nnnnnhhh.hhhhhhhh 11111111.11111111.11111000.00000000 32 2046 /22 255.255.252.0 nnnnnnnn.nnnnnnnn.nnnnnnhh.hhhhhhhh 11111111.11111111.11111100.00000000 64 1022 /23 255.255.254.0 nnnnnnnn.nnnnnnnn.nnnnnnnh.hhhhhhhh 11111111.11111111.11111110.00000000 128 510 /24 255.255.255.0 nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh 11111111.11111111.11111111.00000000 256 254 /25 255.255.255.128 nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh 11111111.11111111.11111111.10000000 512 126 /26 255.255.255.192 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh 11111111.11111111.11111111.11000000 1024 62 /27 255.255.255.224 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh 11111111.11111111.11111111.11100000 2048 30 /28 255.255.255.240 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh 11111111.11111111.11111111.11110000 4096 14 /29 255.255.255.248 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh 11111111.11111111.11111111.11111000 8192 6 /30 255.255.255.252 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh © 2016 Cisco and/or its affiliates. All rights reserved. 16384 Cisco Confidential 2 11111111.11111111.11111111.11111100 21 Subnet a Slash 16 and a Slash 8 Prefix: Create 100 Subnets with a Slash 16 prefix Consider a large enterprise that requires at least 100 subnets and has chosen the private address 172.16.0.0/16 as its internal network address. When borrowing bits from a /16 address, start borrowing bits in the third octet, going from left to right. Borrow a single bit at a time until the number of bits necessary to create 100 subnets is reached. The figure displays the number of subnets that can be created when borrowing bits from the third octet and the fourth octet. Notice there are now up to 14 host bits that can be borrowed (i.e., last two bits cannot be borrowed). To satisfy the requirement of 100 subnets for the enterprise, 7 bits (i.e., 27 = 128 subnets) would need to be borrowed (for a total of 128 subnets). the subnet mask must change to reflect the borrowed bits. In this example, when 7 bits are borrowed, the mask is extended 7 bits into the third octet. In decimal, the mask is represented as 255.255.254.0, or a /23 prefix, because the third octet is 11111110 in binary, and the fourth octet is 00000000 in binary. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Subnet a Slash 16 and a Slash 8 Prefix: Create 100 Subnets with a Slash 16 prefix This figure shows the resulting subnets, from 172.16.0.0/23 up to 172.16.254.0/23. After borrowing 7 bits for the subnet, there is 1 host bit remaining in the third octet, and there are 8 host bits remaining in the fourth octet, for a total of 9 bits not borrowed, resulting in 29=512 total host addresses. The first address is reserved for the network address, and the last address is reserved for the broadcast address, so subtracting for these two addresses(29 - 2) leaves 510 available host addresses for each /23 subnet. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Subnet a Slash 16 and a Slash 8 Prefix: Create 1000 Subnets with a Slash 8 prefix Consider a small ISP that requires 1000 subnets for its clients using network address 10.0.0.0/8 which means there are 8 bits in the network portion and 24 host bits available to borrow toward subnetting. Therefore, the small ISP will subnet the 10.0.0.0/8 network The figure displays the number of subnets that can be created when borrowing bits from the second and third. Notice there are now up to 22 host bits that can be borrowed (i.e., last two bits cannot be borrowed). To satisfy the requirement of 1000 subnets for the enterprise, 10 bits (i.e., 210=1024 subnets) would need to be borrowed (for a total of 1024 subnets) showing the network address and the resulting subnet mask, which converts to 255.255.192.0, or 10.0.0.0/18. Borrowing 10 bits to create the subnets leaves 14 host bits for each subnet. Subtracting 2 hosts per subnet (1 for the network address and 1 for the broadcast address) 16,382 hosts per subnet. This means that each of the 1000 subnets can support up to 16,382 hosts. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Subnet to Meet Requirements: Subnet Private versus Public IPv4 Address Space Enterprise networks will have an: Intranet: the internal part of a company’s network, accessible only within the organization. Devices in the intranet use private IPv4 addresses. This means the organization can use any of the private IPv4 network addresses for intranet, including the 10.0.0.0/8 prefix, with 24 host bits and more than 16 million hosts. This also includes subnetting on an octet boundary using a subnet mask of /16 or /24 or any other number of prefix lengths, such as /12, /18, /20(here, subnetting is easier and more flexible). DMZ: This is part of the company’s network containing resources available to the internet, such as a web server. Devices in the DMZ use public IPv4 addresses. This means an organization must maximize its own limited number of public IPv4 addresses; the network administrator must therefore subnet the network’s public address space into subnets with different subnet masks in order to minimize the number of unused host addresses per subnet. This is known as variable-length subnet masking (VLSM). In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks, usually, the public internet. DMZs are also known as perimeter networks or screened subnetworks. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Subnet to Meet Requirements: Minimize Unused Host IPv4 Addresses and Maximize Subnets To minimize the number of unused host IPv4 addresses and maximize the number of available subnetsThere are two considerations when planning subnets: The number of host addresses required for each network The number of individual subnets needed Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of subnets # of hosts /25 255.255.255.128 nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh 11111111.11111111.11111111.10000000 2 126 /26 255.255.255.192 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh 11111111.11111111.11111111.11000000 4 62 /27 255.255.255.224 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh 11111111.11111111.11111111.11100000 8 30 /28 255.255.255.240 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh 11111111.11111111.11111111.11110000 16 14 /29 255.255.255.248 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh 11111111.11111111.11111111.11111000 32 6 /30 255.255.255.252 nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh 11111111.11111111.11111111.11111100 64 2 The number of host addresses required in the largest subnet determines how many bits must be left in the host portion, so the usable number of addresses can be calculated as 2n – 2 Network administrators must devise a network addressing scheme that accommodates the maximum number of hosts for each network and the number of subnets. The addressing scheme should allow for growth in both the number of host addresses per subnet and the total number of subnets © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Subnet to Meet Requirements: Example: Efficient IPv4 Subnetting In this example, corporate headquarters has been allocated a public network address of 172.16.0.0/22 (10 host bits) by its ISP providing 1,022 host addresses. There are five sites and therefore five internet connections which means the organization requires 10 subnets with the largest subnet requires 40 addresses. The 172.16.0.0/22 network address has 10 host bits. Because the largest subnet requires 40 hosts, the administrator needs a minimum of 6 host bits to provide addressing for 40 hosts. (This is determined by using the formula 26 – 2 = 62 hosts.) In this case, the first 4 host bits can be used to allocate subnets. This means 2 bits from the third octet and 2 bits from the fourth octet will be borrowed. When 4 bits are borrowed from the 172.16.0.0/22 network, the new prefix length is /26, with a subnet mask of 255.255.255.192. It allocated 10 subnets with a /26 (i.e., 255.255.255.192) subnet mask. The subnets can be assigned to each location and router-to-ISP connections © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Structured Design:IPv4 Network Address Planning IP network planning is crucial to develop a scalable solution to an enterprise network. To develop an IPv4 network wide addressing scheme, you need to know how many subnets are needed, how many hosts a particular subnet requires, what devices are part of the subnet, which parts of your network use private addresses, and which use public, and many other determining factors. Examine the needs of an organization’s network usage and how the subnets will be structured. Perform a network requirement study by looking at the entire network to determining how each area will be segmented. Determine how many subnets are needed and how many hosts per subnet. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Structured Design: Device Address Assignment Within a network, there are different types of devices that require addresses: End user clients – Most use DHCP to reduce errors and burden on network support staff. IPv6 clients can obtain address information using DHCPv6 or SLAAC. Servers and peripherals – These should have a predictable static IP address. Servers that are accessible from the internet – Servers must have a public IPv4 address, most often accessed using NAT. Intermediary devices – Devices are assigned addresses for network management, monitoring, and security. Gateway – Routers and firewall devices are gateway for the hosts in that network. When developing an IP addressing scheme, it is generally recommended that you have a set pattern of how addresses are allocated to each type of device. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29