86

Week Eight

  • Upload
    ansel

  • View
    55

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

Week Eight. Attendance Announcements Review Week Seven Information Current Week Information Upcoming Assignments. Week Eight Topics. Shortage of IP addresses with IPv4 Private, public, and NAT addressing Static or Dynamic IP Address Assignment - PowerPoint PPT Presentation

Citation preview

Slide 1

Week EightAttendanceAnnouncementsReview Week Seven InformationCurrent Week InformationUpcoming AssignmentsWeek Eight TopicsShortage of IP addresses with IPv4 Private, public, and NAT addressingStatic or Dynamic IP Address AssignmentHierarchical Addressing, route summarization, CIDRStatic and dynamic Domain Name Server (DNS)IPv6 Standard

IPv4 Private AddressesThe IPv4 Standard created a problem that was temporarily solved by assigning private addresses within a local network and translating the private addresses to public addresses when Internet connectivity is required.IP Address Design StrategyAre there public, private, or both types of addressing required?How many end systems will need access to the public network? This includes email, file transfer, or web browsing.How many end systems require access to visible public network(s). This includes e-commerce, such as web servers, database servers, application servers, and public servers. These end systems require globally unambiguous IP addresses.Where will the boundaries be between private and public IP addresses and how will they be implemented?

Private AddressesRFC 1918 sets aside three blocks of private IP addresses:One (1) Class A addressSixteen (16) Class B addressesTwo hundred and fifty six (256) Class C addresses The RFC 1918 addresses are for private, internal network use only Packets containing private addresses are not routed over the Internet A router should never route RFC 1918 addresses, because ISPs typically configure the border routers to prevent privately addressed traffic from being forwarded

Private Addressing

172.16.0.0 172.31.255.255: 172.16.0.0/12

Where does the /12 come from?12 bits in common10101100 . 00010000 . 00000000 . 00000000 172.16.0.010101100 . 00011111 . 11111111 . 11111111 172.31.255.255-------------------------------------------------------------10101100 . 0001000 00000000 . 00000000 172.16.0.0/12Network Address Translation (NAT)NAT is defined by RFC 1631. It is the process of swapping one address for another in the IP packet header.NAT is a mechanism for conserving registered IP addresses in large networks and simplifying IP addressing management tasks.In practice, NAT is used to allow hosts that are privately addressed, using RFC 1918 addresses, to access the InternetNAT allows many hosts on an inside network to communicate on the Internet with one valid, assigned IP address

Network Address Translation (NAT)What is NAT Overload?NAT overloading (sometimes called Port Address Translation or PAT) maps multiple private IP addresses to a single public IP address or a few addresses. This is what most home routers do. With NAT overloading, multiple addresses can be mapped to one or to a few addresses because each private address is also tracked by a port number. When a client opens a TCP/IP session, the NAT router assigns a port number to its source address. NAT overload ensures that clients use a different TCP port number for each client session with a server on the Internet.Network Address Translation (NAT)Static NAT an inside address is always translated to the same outside address. Useful when hosts may be enterprise servers or networking devices

Dynamic NAT an inside address is translated to an address from a pool of addresses

PAT (One-to-Many NAT, Overloading) many inside addresses are translated to the same outside address. Different conversations are identified by port numbersNetwork Address Translation (NAT)NAT provides a level of security for your inside network from the outside world

NAT TerminologyInside local IP address: The IP address assigned to a host on the inside network. The address is typically an RFC 1918 address.Inside global IP address: A globally unique IP address (typically assigned by an ISP) that represents one or more inside local IP addresses to the outside world.Outside global IP address: The IP address assigned to a host on the outside network by its owner. The address is globally unique.NAT Terminology

Static IP Address AssignmentAn IP address is manually assigned to a device or hostThe network administrator configures the IP address, default gateway, and name servers manually by entering them into a special file or files on the end system with either a graphical or text interfaceStatic address assignment is an extra burden for the administratorespecially on large-scale networkswho must configure the address on every end system in the networkTypically, routers, switches, servers, and printers have IP addresses statically assigned

Dynamic IP Address Assignment IP addresses are automatically assigned to the devicesDynamic address assignment relieves the administrator of manually assigning an address to every network deviceInstead, the administrator must set up a server to assign the addresses. On that server, the administrator defines the address pools and additional parameters that should be sent to the host (default gateway, name servers, time servers, and so forth)On the host, the administrator enables the host to acquire the address dynamically; this is often the default. When IP address reconfiguration is needed, the administrator reconfigures the server, which then performs the host-renumbering taskDHCP is the protocol usedDynamic Host Configuration Protocol (DHCP)Is a protocol for assigning dynamic IP addresses to devices on a network . With dynamic addressing, a device can have a different IP address every time it connects to the network.In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) A DHCP Server can provide the following to a client:IP addressGateway addressSubnet maskDNS server addressRouterDomain NameDomain Name Server(s)Windows Server(s)

IP Address Assignments in an Enterprise Network

Classless Interdomain Routing (CIDR)What is CIDR?CIDR is a new addressing scheme for the Internet which allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme. Why Do We Need CIDR?With a new network being connected to the Internet every 30 minutes the Internet was faced with two critical problems: Running out of IP addressesRunning out of capacity in the global routing tables20Classless Interdomain Routing (CIDR)Running Out of IP Addresses There is a maximum number of networks and hosts that can be assigned unique addresses using the Internet's 32-bit long addresses. Traditionally, the Internet assigned "classes" of addresses: Class A, Class B and Class C were the most common. Each address had two parts: one part to identify a unique network and the second part to identify a unique host in that network. Another way the old Class A, B, and C addresses were identified was by looking at the first 8 bits of the address and converting it to its decimal equivalent. Classless Interdomain Routing (CIDR)CIDR is pronounced ciderWith CIDR, addresses use bit identifiers, or bit masks, instead of an address class to determine the network portion of an address CIDR uses the /N notation instead of subnet masksCIDR allows for the more efficient allocation of IP addresses

Classless Interdomain Routing (CIDR)172.16.0.0 255.255.0.0= 172.16.0.0 /16

198.30.1.0 255.255.255.0= 198.30.1.0 /24

Note that 192.168.24.0 /22 is not a Class C network, it has a subnet mask of 255.255.252.0

Classless Interdomain Routing (CIDR)CIDR Block Prefix Equivalent Class C of Host Addresses /24 1 Class C 256 hosts/23 2 Class C 512 hosts /22 4 Class C 1,024 hosts /21 8 Class C 2,048 hosts /20 16 Class C 4,096 hosts/19 32 Class C 8,192 hosts/18 64 Class C 16,384 hosts/17 128 Class C 32,768 hosts/16 256 Class C 65,536 hosts

CIDR and Route AggregationCIDR allows routers to summarize, or aggregate, routing informationOne address with a mask can represent multiple networksThis reduces the size of routing tablesSupernetting is another term for route aggregation

CIDR and Route AggregationGiven four Class C Networks (/24):

192.168.16.0 11000000 1010100000010000 00000000192.168.17.0 11000000 1010100000010001 00000000192.168.18.0 11000000 1010100000010010 00000000192.168.19.0 11000000 1010100000010011 00000000

Identify which bits all these networks have in common. 192.168.16.0 /22 can represent all these networks. The router will look at the first 22 bits of the address to make a routing decision. Note that 192.168.16.0 /22 is not a Class C network, it has a subnet mask of 255.255.252.0

Route Summarization

Importance of Hierarchical Addressing Without summarization, every small change in the network will be propagated (spread) throughout the entire network

Importance of Hierarchical Addressing With summarization, small changes in the network arent propagated (spread) throughout the entire network

Benefits of Summarization

Subnet MasksA major network is a Class A, B, or C networkFixed-Length Subnet Masking (FLSM) is when all subnet masks in a major network must be the sameVariable-Length Subnet Masking (VLSM) is when subnet masks within a major network can be different. Some routing protocols require FLSM; others allow VLSM

FLSM

VLSMVLSM makes it possible to subnet with different subnet masks and therefore results in more efficient address space allocation. VLSM also provides a greater capability to perform route summarization, because it allows more hierarchical levels within an addressing plan.VLSM requires prefix length information to be explicitly sent with each address advertised in a routing update

VLSM

Classful and Classless Routing ProtocolsClassful routing protocols DO NOT send subnet mask information in their routing updatesWhen a router receives a routing update, it simply assumes the default subnet mask (Class A, B, or C)VLSM cannot be used in networks that use Classful routing protocolsClassless routing protocols send the subnet mask (prefix length) in their updatesVLSM can be used with Classless routing protocols

Classful and Classless Routing ProtocolsClassful protocols use address classes (A,B,C) to determine networks because subnet masks are not sent in routing updates.

Domain Name Server (DNS)

Name Resolution with DNS

DNS ComponentsResolver The DNS client that sends queries to a Name ServerName Servers The DNS component that responds to queries and has the name to IP address mappingsDomain Name Space The hierarchical system of names used on the InternetThere is static and dynamic (DNS) name resolution.Domain Name SpaceRoot Level Domain(.)Top Level Domain and Countries(Australia com edu gov net org )Second Level Domain( microsoft franklin cisco )(Seattle student)IPv6 StandardLarger address space: IPv6 addresses are 128 bits , compared to IPv4s 32 bits. This larger addressing space allows more support for addressing hierarchy levels, a much greater number of addressable nodes, and simpler auto configuration of addresses.3.4 X 10 **38 addresses (2**128)5 X 10 **28 addresses for each of the 6.8 billion people alive in 2010 ( 2**95)Globally unique IP addresses: Every node can have a unique global IPv6 address, which eliminates the need for NAT.

IPv6 StandardDefinition: Multi-homing is a technique to increase the reliability of the Internet connection for an IP network. With IPv6, a host can have multiple IP addresses over one physical upstream link. For example, a host can connect to several ISPs.IPv6 StandardSite multi-homing: IPv6 allows hosts to have multiple IPv6 addresses and allows networks to have multiple IPv6 prefixes. Consequently, sites can have connections to multiple ISPs without breaking the global routing table.Single Link, Multiple IP address (Spaces): The host has multiple IP addresses (e.g. 2002:db7::3 and 2002:db7::4 in IPv6), but only one physical upstream link. When the single link fails, connectivity is down for all addresses.

IPv6 StandardSite multi-homing:Multiple Interfaces, Single IP address per interface: The host has multiple interfaces and each interface has one, or more, IP addresses. If one of the links fails, then its IP addresss becomes unreachable, but the other IP addresses willl still work.Multiple Links, Single IP address (Space): This is what is meant in general when speaking about multi-homing. With the use of a routing protocol, in most cases BGP, the end-site announces this address space to its upstream links. When one of the links fails, the protocol notices this on both sides and traffic is suspended over the failed link.

IPv6 StandardSite multi-homing:Multiple Links, Multiple IP address (Space):This approach uses a specialized Link Load Balancer (or WAN Load Balancer) appliance between the firewall and thelink routers. It allows use of all links at the same time to increase the total available bandwidth and detects link saturation and failures in real time to redirect traffic.Algorithms allow traffic management.IPv6 StandardHeader format efficiency: A simplified header with a fixed header size makes processing more efficient.Improved privacy and security: IPsec is the IETF standard for IP network security, available for both IPv4 and IPv6. Although the functions are essentially identical in both environments, IPsec is mandatory in IPv6. IPv6 also has optional security headers.

IPv6 StandardDefinition: IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. Earlier security approaches have inserted security at the Application layer of the communications model. IPsec is said to be especially useful for implementing virtual private networks and for remote user access through dial-up connection to private end sites.

IPv6 StandardDefinition: A flow is a sequence of packets sent from a particular unicast, anycast, or multicast destination that the source desires to label as a flow. A flow could consist of all packets in a specific transport connection.The 20-bit Flow Label field in the IPv6 header is used by source to label packets of a flow. A Flow Label of zero is used to indicate packets not part of a flow.Flow labeling capability: A new capability enables the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as non default quality of service (QoS) or real-time service.

IPv6 StandardIncreased mobility and multicast capabilities: Mobile IPv6 allows an IPv6 node to change its location on an IPv6 network and still maintain its existing connections. With Mobile IPv6, the mobile node is always reachable through one permanent address. A connection is established with a specific permanent address assigned to the mobile node, and the node remains connected no matter how many times it changes locations and addresses. Improved global reach ability and flexibility.Better aggregation of IP prefixes announced in routing tables.

IPv6 StandardAuto-configuration that can include Data Link layer addresses in the address space.More plug-and-play options for more devices.Public-to-private, end-to-end readdressing without address translation. This makes peer-to-peer (P2P) networking more functional and easier to deploy.Simplified mechanisms for address renumbering and modification.

IPv6 StandardBetter routing efficiency for performance and forwarding-rate scalabilityNo broadcasts and thus no potential threat of broadcast stormsNo requirement for processing checksumsSimplified and more efficient extension header mechanisms

IPv6 StandardMovement to change from IPv4 to IPv6 has already begun, particularly in Europe, Japan, and the Asia-Pacific region. These areas are exhausting their allotted IPv4 addresses, which makes IPv6 all the more attractive and necessary. In 2002, the European Community IPv6 Task Force forged a strategic alliance to foster IPv6 adoption worldwide. The North American IPv6 Task Force has set out to engage the North American markets to adopt IPv6. The first significant North American advances are coming from the U.S. Department of Defense (DoD).

IPv6 Standard

IPv6 StandardUsing the "::" notation greatly reduces the size of most addresses. An address parser identifies the number of missing zeros by separating any two parts of an address and entering 0s until the 128 bits are completeIPv6 Standard

IPv6 Standard

IPv6 Larger Address Space BenefitsGlobal reach ability and flexibilityAggregationMulti-homingAuto configurationPlug-and-playEnd to end without NATRenumbering

IPv6 StandardSimpler headerRouting efficiencyPerformance and forwarding rate scalabilityNo broadcastsNo checksumsExtension headersFlow labels

IPv6 StandardMobility and securityMobile IP RFC-compliantIPSec mandatory(or native) for IPv6

Transition richnessDual stack6to4 tunnelsTranslation

IPv6 Larger Address Space

IPv6 Larger Address space

Aggregation of prefixes announced in the global routing table

Efficient and scalable routing

Improved bandwidth and functionality for user trafficIPv6 Simpler and Efficient Header

A simpler and more efficient header means:64-bit aligned fields and fewer fieldsHardware-based, efficient processingImproved routing efficiency and performancefaster forwarding rate with better scalabilityIPv6 Representationx:x:x:x:x:x:x:x,where x is a 16-bit hexadecimal fieldLeading zeros in a field are optional:2031:0:130F:0:0:9C0:876A:130BSuccessive fields of 0 can be represented as ::, but only once per address.Examples:2031:0000:130F:0000:0000:09C0:876A:130B2031:0:130f::9c0:876a:130bFF01:0:0:0:0:0:0:1 >>> FF01::10:0:0:0:0:0:0:1 >>> ::10:0:0:0:0:0:0:0 >>> ::IPv6 Addressing ModelAddresses are assigned to interfacesChange from IPv4 mode:Interface expected to have multiple addressesAddresses have scopeLink LocalUnique LocalGlobalAddresses have lifetimeValid and preferred lifetime

IPv6 Address TypesUnicastAddress is for a single interface.IPv6 has several types (for example, global and IPv4 mapped).MulticastOne-to-manyEnables more efficient use of the networkUses a larger address rangeAnycastOne-to-nearest(allocated from unicast address space).Multiple devices share the same address.All anycast nodes should provide uniform service.Source devices send packets to anycast address.Routers decide on closest device to reach that destination.Suitable for load balancing and content delivery services.

IPv6 Global Unicast AddressesThe global unicast and the anycast share the same address format.Uses a global routing prefixa structure that enables aggregation upward, eventually to the ISP.A single interface may be assigned multiple addresses of any type (unicast, anycast, multicast).Every IPv6-enabled interface must contain at least one loopback (::1/128)and one link-local address.Optionally, every interface can have multiple unique local and global addresses.Anycast address is a global unicast address assigned to a set of interfaces (typically on different nodes).IPv6 anycast is used for a network multihomed to several ISPs that have multiple connections to each other.

IPv6Global Unicast Addresses

Global unicast and anycast addresses are defined by a global routing prefix, a subnet ID, and an interface ID.IPv6 Interface IDCisco uses the extended universal identifier (EUI)-64 format to do stateless autoconfiguration.This format expands the 48-bit MAC address to 64 bits by inserting FFFE into the middle 16 bits.To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (U/L bit) is set to 1 for global scope (0 for local scope).

IPv6 Standard

Cisco uses the extended universal identifier (EUI)-64 format to do stateless autoconfiguration.

This format expands the 48-bit MAC address to 64 bits by inserting FFFE into the middle 16 bitsIPv6 Unicast AddressingIPv6 addressing rules are covered by multiple RFCs.Architecture defined by RFC 4291.Unicast: One to oneGlobalLink local (FE80::/10)A single interface may be assigned multiple IPv6 addresses of any type: unicast, anycast, or multicast.

IPv6 Multicasting

Multicast is frequently used in IPv6 and replaces broadcastIPv6 Standard

An IPv6 anycast address is a global unicast address that is assigned to more than one interface. IPv6 Static AssignmentSimilar to IPv4Administrator assigns address to each deviceStatic assignment using a manual interface ID Static assignment using an EUI-64 interface IDIPv6 Dynamic Address AssignmentLink-local address: The host configures its own link-local address autonomously, using the link-local prefix FE80::0/10 and a 64-bit identifier for the interface, in an EUI-64 format.Stateless auto configuration: A router on the link advertiseseither periodically or at the hosts requestnetwork information, such as the 64-bit prefix of the local network and its willingness to function as a default router for the link.

IPv6 Standard

Mandatory address for communication between two IPv6 devices (similar to ARP but at Layer 3)

Automatically assigned by router as soon as IPv6 is enabled

Also used for next-hop calculation in routing protocols

Only link specific scopeRemaining 54 bits could be zero or any manual configured valueRemaining 54 bitsIPv6 Stateless AutoconfigurationA router sends network information to all the nodes on the local link. A host can auto configure itself by appending its IPv6 interface identifier (64-bit format) to the local link prefix (64 bits). The result is a full 128-bit address that is usable and guaranteed to be globally unique.

IPv6 Standard Stateless AutoconfigurationStage 1: The PC sends a router solicitation to request a prefix for stateless auto configuration

Stage 2: The router replies with a router advertisement.

IPv6 StandardStateful using DHCP for IPv6 (DHCPv6)DHCPv6 is an updated version of DHCP for IPv4. DHCPv6 gives the network administrator more control than stateless autoconfiguration and can be used to distribute other information, including the address of the DNS server.DHCPv6 can also be used for automatic domain name registration of hosts using a dynamic DNS server. DHCPv6 uses multicast addresses

IPv6 Global Unicast AddressingIPv6 has an address format that enables aggregation upward eventually to the ISP. Global unicast addresses typically consists of a 48-bit global routing prefix and a 16-bit subnet ID. Individual organizations can use a 16-bit subnet field to create their own local addressing hierarchy. This field allows an organization to use up to 65,535 individual subnetsIPv6 Global Unicast Addressing

IPv6 Transition StrategiesThe transition from IPv4 does not require upgrades on all nodes at the same time. Many transition mechanisms enable smooth integration of IPv4 and IPv6. Other mechanisms that allow IPv4 nodes to communicate with IPv6 nodes are available. Different situations demand different strategies. The figure illustrates the richness of available transition strategies.Recall the advice: "Dual stack where you can, tunnel where you must." These two methods are the most common techniques to transition from IPv4 to IPv6.IPv6 Transition StrategiesDual stacking is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time. Router and switches are configured to support both protocols, with IPv6 being the preferred protocol.IPv6 Transition StrategiesTunnelingThe second major transition technique is tunneling. There are several tunneling techniques available, including:Manual IPv6-over-IPv4 tunneling -An IPv6 packet is encapsulated within the IPv4 protocol. This method requires dual-stack routers.Dynamic 6to4 tunneling -Automatically establishes the connection of IPv6 islands through an IPv4 network, typically the Internet. It dynamically applies a valid, unique IPv6 prefix to each IPv6 island, which enables the fast deployment of IPv6 in a corporate network without address retrieval from the ISPs or registriesIPv6 Standard

IPv6 Dual Stacking

Upcoming DeadlinesOn November 3 the class will meet in room 217 to complete Lab Assignment 4-1-2 which is due November 10,2010. Assignement8-2, Concept Questions 6 is due November 3, 2010.Assignment1-4-2 Network Design ProjectPhase 2: WAN Network Design is due November 3, 2010.Assignement10-1 Concept Questions 7 is due November 17, 2010.


Week Eight Designing For Community

Week Eight Designing For Community

Education
WBB week Eight

WBB week Eight

Documents
IT Service Delivery And Support Week Eight

IT Service Delivery And Support Week Eight

Documents
Week Eight - Introduction to Hardware

Week Eight - Introduction to Hardware

Education
Week eight sped 23000 ebd

Week eight sped 23000 ebd

Health & Medicine
Week Eight: Lesson One

Week Eight: Lesson One

Education
Team TEACH Week Eight in Redlands Snapshots

Team TEACH Week Eight in Redlands Snapshots

Art & Photos
Eight Days a Week - WordPress.com

Eight Days a Week - WordPress.com

Documents
WEEK Eight thMonday 18 -22 - Corville NS

WEEK Eight thMonday 18 -22 - Corville NS

Documents
Week Eight Lecture

Week Eight Lecture

Entertainment & Humor
PIA 2501 Development Policy and Management Week Eight

PIA 2501 Development Policy and Management Week Eight

Documents
Week Eight Agenda

Week Eight Agenda

Documents
AKADEMOS WEEK-END BEST OF EIGHT QUIZ

AKADEMOS WEEK-END BEST OF EIGHT QUIZ

Education
Animal ID Week Eight

Animal ID Week Eight

Education
Paul Hornung Award Week eight

Paul Hornung Award Week eight

Documents
TDB Week Eight lecture (preparing version)

TDB Week Eight lecture (preparing version)

Documents
Week Eight Attendance Announcements Review Week Seven Information Current Week Information Upcoming Assignments

Week Eight Attendance Announcements Review Week Seven Information Current Week Information Upcoming Assignments

Documents
All classes meet once a week during the eight-week … Fall catalog.pdfAll classes meet once a week during the eight-week term, unless otherwise noted 103 Singing For Fun Thursdays,

All classes meet once a week during the eight-week … Fall catalog.pdfAll classes meet once a week during the eight-week term, unless otherwise noted 103 Singing For Fun Thursdays,

Documents
Team leadership in christian ministry week eight

Team leadership in christian ministry week eight

Education
Week Thirty Eight

Week Thirty Eight

Documents
Week eight

Week eight

Technology
Examining Treatment Acceptability of an Eight-Week

Examining Treatment Acceptability of an Eight-Week

Documents
Week Eight Agenda

Week Eight Agenda

Documents
CS-450: Data Networks Week Eight

CS-450: Data Networks Week Eight

Documents
TERM TWO WEEK EIGHT

TERM TWO WEEK EIGHT

Documents
Week Eight –Building Challenge · Week Eight –Building Challenge During the final week of LEGO Club, the students had the chance to decide which challenge they would complete

Week Eight –Building Challenge · Week Eight –Building Challenge During the final week of LEGO Club, the students had the chance to decide which challenge they would complete

Documents
HPP301 Week Eight Slides

HPP301 Week Eight Slides

Documents
Valeria shanks week eight storyboard update

Valeria shanks week eight storyboard update

Education
CHARLEMAGNE AND THE EARLY MIDDLE AGES Week Eight

CHARLEMAGNE AND THE EARLY MIDDLE AGES Week Eight

Documents
Eight Days a Week

Eight Days a Week

Documents