Networking.docx

Full Transcript

Working with IPv6 Addresses
In IPv4, the subnet mask determines the length of the network portion of the address. The network address was often written in an abbreviated form, such as 169.254.0.0/16. The /16 indicates that the first 16 bits are for the network portion and that corresponds to a subnet mask of 255.255.0.0. While IPv6 doesn’t use a subnet mask, the same convention for stating the network length holds true. An IPv6 network address could be written as 2001:db8:3c4d::/48. The number after the slash indicates how many bits are in the routing prefix.
Because the addresses are quite long, there are a few ways that you can write them in shorthand; in the world of IPv6, it’s all about eliminating extra zeroes. For example, take the address 2001:0db8:3c4d:0012:0000:0000:1234:56ab. The first common way to shorten it is to remove all of the leading zeroes. Thus it could also be written as 2001:db8:3c4d:12:0:0:1234:56ab. The second accepted shortcut is to replace consecutive groups of zeroes with a double colon. So now the example address becomes 2001:db8:3c4d:12::1234:56ab. It’s still long, but not quite as long as the original address.
 The double-colon shortcut can be used only once in an address. For example, in the 2001:db8:3c4d:12::1234:56ab address, you can count the number of fields (six) and know that the double colon represents two fields of all zeroes. If, for example, you tried to write an address like 2001::1ab4::5468, you would have a big problem. You would know that there are five fields of zeroes, but you would have no way to identify where exactly the 1ab4 portion of the address falls in relation to the all-zero fields.
A fairly common occurrence today is a mixed IPv4-IPv6 network. As mentioned earlier, IPv6 is backward compatible. In the address space, this is accomplished by setting the first 80 bits to 0, the next 16 bits all to 1, and the final 32 bits to the IPv4 address. In IPv6 format, the IPv4 address looks something like ::ffff:c0a8:173. You will often see the same address written as ::ffff:192.168.1.115 to enable easy identification of the IPv4 address.
There are a few more addresses you need to be familiar with. In IPv4, the autoconfiguration (APIPA) address range was 169.254.0.0/16. IPv6 accomplishes the391same task with the link local address fe80::/10. Every IPv6-enabled interface is required to have a link local address, and they are nonroutable. The IPv4 loopback address of 127.0.0.1 has been replaced with ::1/128 (typically written as just ::1). Global addresses (for Internet use) are 2000::/3, and multicast addresses are FF00::/8. Figure 7.7 shows the output of an ipconfig command, and you can see the IPv4 address configuration as well as the IPv6 link local address. Table 7.5 summarizes the IPv6 address ranges you should be familiar with.
Figure 7.7 ipconfig output with IPv4 and IPv6 addresses
Table 7.5 IPv6 address ranges

Address
Use

0:0:0:0:0:0:0:0
Equals ::, and is equivalent to 0.0.0.0 in IPv4. It usually means that the host is not configured.

0:0:0:0:0:0:0:1
Also written as ::1. Equivalent to the loopback address of 127.0.0.1 in IPv4.

2000::/3
Global unicast address range for use on the Internet.

FC00::/7
Unique local unicast address range.

FE80::/10
Link local unicast range.

FF00::/8
Multicast range.

392
Understanding Virtual Networks
As you learned earlier in this chapter, the subnet mask on an IPv4 network determines the network address. Said differently, it’s the mechanism by which networks are defined. Computers configured to be on different networks talk to each other through a router, which sends packets from one network to another. Therefore, the router is the physical device that divides logical networks from each other. In addition to physical and logical networks, one additional term you need to be familiar with is the virtual network. There are two types of virtual networks we’ll cover here: virtual local area networks and virtual private networks.
Virtual Local Area Networks
One of the limitations of typical routed network configurations is that computers on the same side of the router can’t easily be broken into multiple networks and still communicate with each other. This is because if a sending computer knows that the destination IP address is on another network, it sends its data directly to the router—its default gateway. Other computers on the physical segment will ignore the message because it’s not addressed to them. The router then takes a look at the real destination address and sends it out one of its ports, other than the one it came in on, to reach the destination network.
The virtual local area network (VLAN) is designed to help segment physical networks into multiple logical (virtual) networks. You may recall from Chapter 6 that VLANs are created by using a managed switch. The switch uses Spanning Tree Protocol (STP) to manage configurations and to ensure that there are no infinite network loops. (That’s when data gets sent out and bounces between two or more switches, never getting to a destination. Loops are bad.) A VLAN can provide the following benefits:
Broadcast traffic is reduced. Physical network segments can be logically subdivided, reducing broadcast traffic and speeding network performance.
Security is increased. Computers on the same physical network can be isolated from each other to provide an additional layer of security. For example, imagine that the Research and Development team is working on several secret projects. R&D computers can be placed on one virtual segment, and the rest of the company on others. Traffic to and from other R&D computers won’t be intermingled with other office traffic.
Computers in multiple locations can belong to the same VLAN. This is one major thing that routers can’t do with subnetting. With multiple switches configured appropriately, computers at different physical locations can be configured to be on the same VLAN.
Reconfiguring networks is easier. With VLANs, if someone moves physical desk locations, their VLAN membership can carry with them, so there is less network393reconfiguration needed. Similarly, if someone doesn’t move desk locations but changes jobs, they can be assigned to a new VLAN without needing to physically reconfigure the network.
Figure 7.8 shows two potential VLAN configurations. In the first one, computers on one switch are assigned to different VLANs. In the second, the concept is extended to include multiple switches.
Figure 7.8 Two VLAN configurations
One of the questions often asked is, “What’s the difference between a VLAN and a subnet?” First, let’s look at the key similarity—both are capable of breaking up broadcast domains on a network, which helps reduce network traffic. Also, if you are using both, the recommended configuration is that subnets and VLANs have a 1:1 relationship, one subnet394per VLAN. You can configure multiple subnets to be on one VLAN—it’s called a super scope—but it gets trickier to manage.
Beyond separating broadcast domains, VLANs and subnets are almost entirely different. Recall that VLANs are implemented on switches, and routers are needed to subnet. Consequently, VLANs work at Layer 2 of the OSI model and deal with physical MAC addresses. Routers work at Layer 3, and work with logical IP addresses.
Virtual Private Networks
As networks grow beyond simple physical limitations (such as an office or a building) to include clients from all over the world, the need to secure data across public connections becomes paramount. One of the best methods of addressing this is to tunnel the data. Tunneling sends private data across a public network by placing (encapsulating) that data into other packets. Most tunnels are a virtual private network (VPN). A sample VPN is shown in Figure 7.9.
Figure 7.9 A VPN
A VPN is a secure (private) network connection that occurs through a public network. The private network provides security over an otherwise unsecure environment. VPNs can be used to connect LANs together across the Internet or other public networks, or they can be used to connect individual users to a corporate network. This is a great option for users who work from home or travel for work. With a VPN, the remote end appears to be connected to the network as if it were connected locally. From the server side, a VPN requires dedicated hardware or a software package running on a server or router. Clients use specialized VPN client software to connect, most often over a broadband Internet link. Windows 10 comes with its own VPN client software (shown in Figure 7.10) accessible through Start ➢ Settings ➢ Network & Internet ➢ VPN, as do some other operating systems, and many third-party options are also available.
Figure 7.10 Windows 10 VPN client
395
Summary
In this chapter, you learned about the protocol suite used on the Internet, TCP/IP. It’s by far the most common protocol in worldwide use today. We started with TCP/IP structure. It’s a modular suite that follows the DoD model, with different protocols performing unique tasks at each layer. We looked at individual protocols and their functions at the Process/Application, Host-to-Host, and Internet layers. We also discussed ports and well-known port numbers for common protocols.
Next you learned about IP addressing. We started with a brief tutorial on converting binary numbers to decimal to make them easier to read. Then we looked at the different address classes, CIDR, DHCP and DNS, public vs. private IP addresses, APIPA, and NAT. Each of these services and concepts plays a unique role in managing TCP/IP on your network.
Next, you learned about the next generation of TCP/IP, IPv6. We talked about the seemingly infinite number of addresses as well as the fact that addresses are written in hexadecimal, which might take some getting used to—even for experienced technicians. Finally, we looked at working with IPv6 addresses, including shorthand notation and special addresses to be aware of.
We finished the chapter by looking at two types of virtual networks: VLANs and VPNs.
396
Exam Essentials
Understand how IPv4 addressing works. IP addresses are 32-bit addresses written as four octets in dotted-decimal notation, such as 192.168.5.18. To communicate on an IP network, a host also needs a subnet mask, which may look something like 255.255.255.0. If the host needs to communicate outside the local network, it also needs a default gateway, which is normally the internal address of the router.
Addresses can be static (manual) or dynamic (from a DHCP server). If a DHCP server is not available, a network client may use an APIPA address starting with 169.254.
Understand how IPv6 addressing works. IPv6 addresses are 128-bit addresses written as eight fields of four hexadecimal characters, such as 2001:0db8:3c4d:0012: 0000:0000:1234:56ab. Using shorthand conventions, this address can also be written as 2001:db8:3c4d:12::1234:56ab.
Addresses can be static or dynamic. APIPA does not exist in IPv6 but has been replaced by a link local address.
Understand the differences between TCP and UDP. TCP is a connection-based protocol that attempts to guarantee delivery. UDP is connectionless, which makes it a bit faster, but it doesn’t guarantee packet delivery.
Know what DHCP does. A DHCP server provides IP addresses and configuration information to network hosts. Clients that need to have the same address at all times can be configured using a reservation, which grants an address based on a MAC address.
Know what DNS does. A DNS server resolves hostnames to IP addresses.
Know common TCP/IP ports. Some common protocol and port pairings that you should know are FTP (20 and 21), SSH (22), Telnet (23), SMTP (25), DNS (53), HTTP (80), POP3 (110), IMAP (143), HTTPS (443), DRP (3389), NetBIOS/NetBT (137–139), SMB/CIFS (445), SLP (427), AFP (548), DHCP (67/68), LDAP (389), and SNMP (161 and 162).
Be able to identify IP address classes. Know how to identify Class A, B, and C IP addresses. Class A addresses will have a first octet in the 1 to 126 range. B is from 128 to 191, and C is from 192 to 223.
Know the private IP addresses ranges. Private IP addresses will be in one of three ranges: 10.0.0.0/8, 172.16.0.0/16, or 192.168.0.0/16.
Know about the APIPA range. IP addresses in the 169.254.0.0/16 range are APIPA addresses.
Know the difference between unicast, anycast, and multicast in IPv6. Unicast addresses are for a single node on the network. Anycast can represent a small group of systems. An anycast message will be delivered to the closest node. Multicast messages are delivered to all computers within a group.
397
Recognize the special classes of IPv6 addresses. The loopback address is ::1. Global unicast addresses are in the 2000::/3 range. Unique local unicast addresses are in the FC00::/7 range, link local addresses are FE80::/10, and FF00::/8 addresses are multicast.
Know what NAT does. Network Address Translation (NAT) translates private, nonroutable IP addresses into public IP addresses. It allows computers on a private network to access the Internet.
Understand the differences between a VLAN and a VPN. A virtual local area network (VLAN) is a logical network configured through a managed switch. A virtual private network (VPN) is a secure point-to-point connection over a public network.