Networking.docx

Transcript

Classless Inter-Domain Routing
The default subnet masks for each class of address are by no means the only subnet masks that can be used. In fact, if they were, it would severely limit the number of possible TCP/IP networks available. To resolve this and provide additional addressing flexibility, there is classless inter-domain routing (CIDR). This is just a fancy of way of saying, “You don’t have to use the default subnet masks.” From a practical standpoint, CIDR minimizes the concept of IP address classes and primarily focuses on the number of bits that are used as part of the network address.
Taking a look at the defaults can help illustrate how CIDR works. If you have a Class A default mask of 255.0.0.0, that is 11111111.00000000.00000000.00000000 in binary. A Class B default mask of 255.255.0.0 is 11111111.11111111.00000000.00000000 in binary. There’s no rule that says you have to use an entire octet of bits to represent the network382portion of the address. The only rule is that you have to add 1s in a subnet mask from left to right. What if you wanted to have a mask of 255.240.0.0 (11111111.11110000.00000000.00000000); can you do that? The answer is yes, and that is essentially what CIDR does. Table 7.3 shows you every available subnet mask and its equivalent slash notation.
Table 7.3 CIDR values

Subnet Mask
Notation

255.0.0.0
/8

255.128.0.0
/9

255.192.0.0
/10

255.224.0.0
/11

255.240.0.0
/12

255.248.0.0
/13

255.252.0.0
/14

255.254.0.0
/15

255.255.0.0
/16

255.255.128.0
/17

255.255.192.0
/18

255.255.224.0
/19

255.255.240.0
/20

255.255.248.0
/21

255.255.252.0
/22

255.255.254.0
/23

255.255.255.0
/24

255.255.255.128
/25

255.255.255.192
/26

255.255.255.224
/27

255.255.255.240
/28

255.255.255.248
/29

255.255.255.252
/30

383
Earlier, we said that CIDR minimizes the impact of classes, but there are still some restrictions. The /8 through /15 notations can be used only with Class A network addresses; /16 through /23 can be used with Class A and B network addresses; /24 through /30 can be used with Class A, B, and C network addresses. You can’t use anything more than /30, because you always need at least 2 bits for hosts.
Now that you know that you can do it, the question is, why would you do it? The answer is that it provides you with the flexibility to configure your network.
Here’s an example. Say that your default network address is 10.0.0.0/8. That means that you have 24 bits left for hosts on that one network, so you can have just over 16.7 million hosts. How realistic is it that one company will have that many hosts? It’s not realistic at all, and that doesn’t even bring up the issue that the network infrastructure wouldn’t be able to handle physically having that many hosts on one network. However, let’s say that you work for a large corporation with about 15 divisions and some of them have up to 3,000 hosts. That’s plausible. What you can do is to set up your network so that each division has its own smaller portion of the network (a subnet) big enough for its needs. To hold 3,000 hosts and have a bit of room for expansion, you need 12 bits (212 – 2 = 4,094), meaning that you have 20 bits left over for the network address. Thus, your new configuration could be 10.0.0.0/20.
DHCP and DNS
Two critical TCP/IP services you need to be aware of are Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). Both are services that need to be installed on a server, and both provide key functionality to network clients.
A DHCP server is configured to provide IP configuration information to clients automatically (dynamically), in what is called a lease. It’s called that because the information is not permanently granted to the client computer, and the client must periodically request a renewed lease or a new lease. The following configuration information is typically provided in a lease:

IP address
Subnet mask
Default gateway (the “door” to the outside world)
DNS server address

DHCP servers can provide a lot more than the items on this list, but these are the most common. When a DHCP-configured client boots up, it sends out a broadcast on the384network (called a DHCP DISCOVER) requesting a DHCP server. The DHCP server initially responds to the request and then fulfills the request by returning configuration information to the client.
The alternative to DHCP, of course, is for an administrator to enter the IP configuration information manually for each host (like we did in Figure 7.5). This is called static IP addressing, and it is administratively intensive as compared to DHCP’s dynamic addressing. Some hosts on the network need to have static IP addresses, such as routers, servers, printers, and perhaps some specific workstations. Computers need to access these devices consistently, and the best way to do that is to ensure that they’re where they are expected to be (from an address standpoint). If you use static IP addressing, be sure to exclude the static addresses from the range of addresses that the DHCP server can provide. Or, on the server, you can specify that certain hosts will always receive the same IP address, which is called a DHCP reservation. A reservation works by configuring the DHCP server to always assign the same address to a particular MAC address. From the DHCP client side, the process is the same as all other clients that obtain an address automatically, except that it will always receive the same address.
 To use DHCP, all you need to do from the client side is configure it to obtain IP addressing information automatically, like what was shown in Figure 7.3. It’s usually as simple as clicking a radio button. No additional configuration is required, because the client broadcasts request messages searching for the DHCP server.
DNS has one function on the network: to resolve hostnames to IP addresses. This sounds simple enough, but it has profound implications.
Think about using the Internet. You open your browser, and in the address bar, you type the name of your favorite website, something like www.google.com, and press Enter. The first question your computer asks is, “Who is that?” Your machine requires an IP address to connect to the website. The DNS server provides the answer, “That is 64.233.177.106.” Now that your computer knows the address of the website you want, it’s able to traverse the Internet to find it.
 Each DNS server has a database where it stores hostname-to-IP-address pairs. If the DNS server does not know the address of the host you are seeking, it has the ability to query other DNS servers to help answer the request.
Think about the implications of that for just a minute. We all probably use Google several times a day, but in all honesty how many of us know its IP address? It’s certainly not something we are likely to have memorized. Much less, how could you possibly memorize385the IP addresses of all the websites that you regularly visit? Because of DNS, it’s easy to find resources. Whether you want to find Coca-Cola, Toyota, Amazon, or thousands of other companies, it’s usually pretty easy to figure out how. Type in the name with a .com on the end of it, and you’re usually right. The only reason this is successful is because DNS is there to perform resolution of that name to the corresponding IP address.
DNS works the same way on an intranet (a local network not attached to the Internet) as it does on the Internet. The only difference is that instead of helping you find www.google .com, it may help you find Jenny’s print server or Joe’s file server. From a client-side perspective, all you need to do is configure the host with the address of a legitimate DNS server and you should be good to go.
Public vs. Private IP Addresses
All the addresses that are used on the Internet are called public addresses. They must be purchased, and only one computer can use any given public address at one time. The problem that presented itself was that the world was soon to run out of public IP addresses while the use of TCP/IP was growing. Additionally, the structure of IP addressing made it impossible to “create” or add any new addresses to the system.
To address this, a solution was devised to allow for the use of TCP/IP without requiring the assignment of a public address. The solution was to use private addresses. Private addresses are not routable on the Internet. They were intended for use on private networks only. That private addresses weren’t intended for use on the Internet freed us from the requirement that all addresses be globally unique. This essentially created an infinite number of IP addresses that companies could use within their own network walls.
While this solution helped alleviate the problem of running out of addresses, it created a new one. The private addresses that all of these computers have aren’t globally unique, but they need to be in order to access the Internet.
A service called Network Address Translation (NAT) was created to solve this problem. NAT runs on your router and handles the translation of private, nonroutable IP addresses into public IP addresses. There are three ranges reserved for private, nonroutable IP addresses, as shown in Table 7.4.
Table 7.4 Private IP address ranges

Class
IP Address Range
Default Subnet Mask
Number of Hosts

A
10.0.0.0–10.255.255.255
255.0.0.0
16.7 million

B
172.16.0.0–172.31.255.255
255.240.0.0
1 million

C
192.168.0.0–192.168.255.255
255.255.0.0
65,536

386

Private IP Addresses and Subnet Masks
When you look at the default subnet masks for the private IP address ranges, you might think, “Wait a minute. Those masks aren’t the same as the default subnet masks for the address class,” and you are correct.
To understand how TCP/IP addresses work, it’s often helpful to start with the concept of address classes, because it helps you break the information into chunks, making it easier to understand. In the real world, though, most network administrators don’t think in terms of classes, and routers certainly don’t operate based on classes. Communication and routing on a network all happens in binary. Experienced network admins will think in terms like, “I am dealing with a 10.0.0.0/16 network.” They know the address and the length of the subnet mask.
Earlier in this chapter, you learned about the concept of CIDR, which basically ignores the artificial boundaries of address classes. It uses a concept called variable length subnet masking (VLSM), which might sound complicated, but it just means that the length of the subnet mask determines the structure of the network. (And by structure, we mean the network addresses and the number of networks and hosts that you can have on a network.)
How does this relate back to private IP address ranges? You’ll notice that the Class A address range is 10.0.0.0/8, which has a “default” mask for a Class A address. 172.16.0.0/12 is an address in the Class B range, but it does not use the “default” /16 mask. If it did use a /16 mask, then the administrator would have only the remaining 16 bits to use for additional subnets and hosts. As it is, the administrator has 20 bits to play with, which provides much greater flexibility in designing the network. The same concept applies to 192.168.0.0/16. The administrator has 16 free bits to create subnets and host ranges, whereas the “default” /24 mask would leave only 8 bits and not a lot of flexibility.
There are three things that you should take away from this sidebar:

Know the subnet masks in Table 7.4 and understand that they are different from the default masks for that class of address.
Know that you are not limited to using the default masks or class rules.
It’s all about the binary.

 The A+ exam may test you on the basics of IP addressing and subnetting, which we have covered in this book. If you pursue more advanced certifications, such as the CompTIA Network+ or the Cisco series of certifications, you will be expected to know IP addressing and subnetting in depth. If you are interested in learning more (after you pass the A+ exam, of course), check out CompTIA Network+ Study Guide, by Todd Lammle (Sybex, 2018).
387
These private addresses cannot be used on the Internet and cannot be routed externally. The fact that they are not routable on the Internet is actually an advantage because a network administrator can use them essentially to hide an entire network from the Internet.
This is how it works: The network administrator sets up a NAT-enabled router, which functions as the default gateway to the Internet. The external interface of the router has a public IP address assigned to it that has been provided by the ISP, such as 155.120.100.1. The internal interface of the router will have an administrator-assigned private IP address within one of these ranges, such as 192.168.1.1. All computers on the internal network will then also need to be on the 192.168.1.0 network. To the outside world, any request coming from the internal network will appear to come from 155.120.100.1. The NAT router translates all incoming packets and sends them to the appropriate client. This type of setup is very common today.
 By definition, NAT is actually a one-to-one private-to-public IP address translation protocol. There is a type of NAT called NAT Overload, also known as Port Address Translation (PAT), which allows for many private IP addresses to use one public IP address on the Internet.
You may look at your own computer, which has an address in a private range, and wonder, “If it’s not routable on the Internet, then how am I on the Internet?” Remember, the NAT router technically makes the Internet request on your computer’s behalf, and the NAT router is using a public IP address.
 Don’t make the mistake of thinking that your internal network can’t be hacked if it is using private addresses through NAT. It can. Hackers just have to use more tools and try a little harder to uncover your internal structure. Even if you’re using NAT, you still need protective features such as firewalls and anti-malware software.
Automatic Private IP Addressing
Automatic Private IP Addressing (APIPA) is a TCP/IP standard used to automatically configure IP-based hosts that are unable to reach a DHCP server. APIPA addresses are in the 169.254.0.0–169.254.255.255 range, with a subnet mask of 255.255.0.0. If you see a computer that has an IP address beginning with 169.254, you know that it has configured itself.
Typically, the only time that you will see this is when a computer is supposed to receive configuration information from a DHCP server but for some reason that server is unavailable. Even while configured with this address, the client will continue to broadcast for a DHCP server so that it can be given a real address once the server becomes available.
APIPA is also sometimes known as zero configuration networking or address autoconfiguration. Both of these terms are marketing efforts, created to remove the388perceived difficulty of configuring a TCP/IP network. While TCP/IP has generally been considered difficult to configure (compared to other protocols), APIPA can make it so that a TCP/IP network can run with no configuration at all! For example, say that you are setting up a small local area network that has no need to communicate with any networks outside of itself. To accomplish this, you can use APIPA to your advantage. Set the client computers to receive DHCP addresses automatically, but don’t set up a DHCP server. The clients will configure themselves and be able to communicate with each other using TCP/IP. The only downside is that this will create a little more broadcast traffic on your network. This solution is only really effective for a nonrouted network of fewer than 100 computers. Considering that most networks today need Internet access, it’s unlikely that you’ll run across a network configuration like this.

Help! I Can’t Get to the Internet!
This is something that you will probably hear a lot: A user on your network calls and complains that they can’t get their email or get to the Internet. Everything was fine yesterday, but since this morning they have had no connectivity. Of course, they haven’t done anything to or changed their computer at all! No one else on the network appears to be affected.
If the computer is otherwise running normally, the first step should always be to run an ipconfig command to look at the IP address configured on the system. More often than not, the user will report back that their IP address is “169 dot 254 dot something dot something.” The last two somethings don’t really matter—it’s the first two numbers that should have your attention. APIPA.
Knowing that the computer is a DHCP client, you know that it’s not connecting to the DHCP server for some reason. After getting to the workstation, check the easy stuff first. Are the cables plugged in (if it’s wired)? Are there lights on the NIC? Even if they appear to be plugged in, unplug and reconnect them. If that doesn’t work, try a different cable. Those simple steps will solve the vast majority of these types of problems. If not, then it’s on to more advanced troubleshooting steps! (More TCP/IP troubleshooting is covered in Chapter 14.)
IPv6
The present incarnation of TCP/IP that is used on the Internet was originally developed in 1973. Considering how fast technology evolves, it’s pretty amazing to think that the protocol still enjoys immense popularity over 40 years later. This version is known as IPv4.
389
There are a few problems with IPv4, though. One is that we’re quickly running out of available network addresses, and the other is that TCP/IP can be somewhat tricky to configure.
If you’ve dealt with configuring custom subnet masks, you may nod your head at the configuration part, but you might be wondering how we can run out of addresses. After all, IPv4 has 32 bits of addressing space, which allows for nearly 4.3 billion addresses! With the way it’s structured, only about 250 million of those addresses are actually usable, and all of those are pretty much spoken for.
A new version of TCP/IP has been developed, called IPv6. Instead of a 32-bit address, it provides for 128-bit addresses. That provides for 3.4 × 1038 addresses, which theoretically should be more than enough that they will never run out globally. (Famous last words, right?)
IPv6 also has many standard features that are optional (but useful) in IPv4. While the addresses may be more difficult to remember, the automatic configuration and enhanced flexibility make the new version sparkle compared to the old one. Best of all, it’s backward compatible with and can run on the computer at the same time as IPv4, so networks can migrate to IPv6 without a complete restructure.
Understanding IPv6 Addressing
Understanding the IPv6 addressing scheme is probably the most challenging part of the protocol enhancement. The first thing you’ll notice is that, of course, the address space is longer. The second is that IPv6 uses hexadecimal notation instead of the familiar dotted decimal of IPv4. Its 128-bit address structure looks something like what is shown in Figure 7.6.
Figure 7.6 IPv6 address
The new address is composed of eight 16-bit fields, each represented by four hexadecimal digits and separated by colons. The letters in an IPv6 address are not case sensitive. IPv6 uses three types of addresses: unicast, anycast, and multicast. A unicast address identifies a single node on the network. An anycast address refers to one that has been assigned to multiple nodes. A packet addressed to an anycast address will be delivered to the closest node. Sometimes you will hear this referred to as one-to-nearest addressing. Finally, a multicast address is one used by multiple hosts, and is used to communicate to groups of computers. IPv6 does not employ broadcast addresses. Multicasts handle that functionality. Each network interface can be assigned one or more addresses.
Just by looking at unicast and anycast addresses, it’s impossible to tell the difference between them. Their structure is the same; it’s their functionality that’s different. The first390four fields, or 64 bits, refer to the network and subnetwork. The last four fields are the interface ID, which is analogous to the host portion of the IPv4 address. Typically, the first 56 bits within the address are the routing (or global) prefix, and the next 8 bits refer to the subnet ID. It’s also possible to have shorter routing prefixes though, such as 48 bits, meaning that the subnet ID will be longer.
The Interface ID portion of the address can be created in one of four ways. It can be created automatically using the interface’s MAC address, procured from a DHCPv6 server, assigned randomly, or configured manually.
Multicast addresses can take different forms. All multicast addresses use the first 8 bits as the prefix.