TCP/IP NETWORK DESIGN

Transcription

1 CHAPTER 8 TCP/IP NETWORK DESIGN Concepts Reinforced Classful addressing Subnet masks Concepts Introduced Classless addressing Reserved subnets Extended Network Prefixes Route summarization Internet structure RIP, OSPF, and BGP4 Variable-length subnet masks Classless inter-domain routing Longest match lookups IPv6 Routing processes Routing evolution OBJECTIVES After completing this chapter, the reader should be able to: 1. Define proper classful subnet masks for a given IP address that will meet network design requirements. 2. Understand the advantages and proper use of variable length subnet masking. 3. Define proper variable length subnet masks for a given IP address that will meet network design requirements. 4. Understand the advantages and proper use of classless inter-domain routing addresses. 5. Understand the IPv6 protocols and the various methods of transitioning to IPv6. 6. Understand the structure of the Internet. 7. Understand the IP routing process and be able to differentiate between routing and layer three switching.

2 Network Design with Classful IP Addressing 295 INTRODUCTION Having thoroughly introduced TCP/IP from a conceptual standpoint in chapter 7, this chapter seeks to inform the reader on how network design is actually performed in a TCP/IP-based network. The key issues in this chapter are the importance of how to use IP addressing to properly define subnet masks and how the logical distribution of IP addresses must correlate to the physical topology of the network. Issues that are critical to network design in the real world such as the shrinking pool of IP addresses and the need to minimize the size of routing tables are analyzed, and potential solutions are provided. By the completion of this chapter, the reader should be comfortable designing IP-based networks in both a classful and classless addressing environment. NETWORK DESIGN WITH CLASSFUL IP ADDRESSING Address Classes Classful addresses are broken apart on octet boundaries. Therefore, there are three basic classes of addresses. As illustrated in Figure 8-1, these classes are known as class A, B, or C networks. To distinguish between classes, the first few bits of each segment address is used to denote the address class of the segment. The class ID plus network ID portions of the IP address are also known as the network prefix, the network number, or the major network. As illustrated in, Class A addresses have an 8- bit network prefix, sometimes referred to as /8 (slash eight); Class B addresses CLASS A Class ID Network ID Host ID different Network IDs 16,777,214 different Host IDs (1 bit) (7 bits) (24 bits) Address packet totals to 32 bits CLASS B Class ID Network ID Host ID ,382 different Network IDs 65,534 different Host IDs (2 bits) (14 bits) (16 bits) Address packet totals to 32 bits CLASS C Class ID Network ID Host ID ,097,150 different Network IDs 254 different Host IDs (3 bits) (21 bits) (8 bits) Address packet totals to 32 bits NOTE: The contents of each CLASS ID segment is constant for each CLASS. Figure 8-1 IPv4 Address Classes

3 296 Chapter Eight/TCP/IP Network Design have a 16 bit network prefix and are sometimes referred to as /16 addresses, and Class C addresses have a 24-bit network prefix and are sometimes referred to as /24s. As illustrated in Figure 8-1, Class A addresses can be identified if the first bit is a 0 in binary notation, or has a decimal value between 1 and 126. Class B addresses can be identified if the first two bits are 10 or if the first decimal octet is between 128 and 191. The first octet address of 127 is reserved for loopback tests on network interface cards and routers. Class C addresses can be identified if the first three bits in binary notation are 110 or if the first octet s decimal value is between 192 and 223, inclusive. In addition to these basic address classes, there are two additional classes, Class D and Class E that can be used for IPv4 addressing. Class D addresses are reserved for multicast systems such as routers while Class E addresses are reserved for future use. The assignment of address classes and network ID ranges to a particular organization wishing to connect to the Internet is the responsibility of the Internet Activities Board (IAB). The IAB assures that all organizations using the Internet for network communications have unique IP addresses for all of their workstations. If an organization has no intention of ever accessing the Internet, then there might not be a need to register with the IAB for an IP address class and range of valid network IDs. However, even in this case, all workstations on all communicating networks must have IP addresses unique within the internal network. Subnetting When the IP address classes were established in the early 1980s, computer networks were composed of a relatively small number of relatively expensive computers. However, as time went on and the personal computer exploded into local area networks, the strict boundaries of the classful addressing address classes became restrictive and forced an inefficient allocation of addresses. More specifically, a Class C address with its limit of 254 hosts (computers) per network is too small for most organizations, while a Class B address with its limit of 65,534 hosts per subnet is too large. Unfortunately, Class B addresses were given out to organizations that would never need the 65,534 addresses. A second issue came about as organizations networks grew and needed to be divided or segmented in order to improve traffic flow. Routers join two separate networks. Networks that are separated by routers must have different network IDs so that the router can distinguish between them. This would require all organizations that needed to install a router-based internetwork to go back to the IAB for more addresses, thereby accelerating the depletion of IP addresses. In order to address both of these concerns, RFC 950 was defined in It gave users a way to subnet, or provide a third layer of organization or hierarchy between the existing network ID and the existing host ID. Since the network IDs were assigned by IAB and could not be altered, the only choice was to borrow some of the host ID bits that were under the control of the organization to which the address had been assigned. These borrowed bits constitute the subnet portion of the address. A subnet mask identifies which particular bits are used for the subnet ID. Subnetting allowed organizations to use the one network ID assigned by the IAB and create multiple subnets within their private network. Although their internal routers needed to remain aware of all of the internal subnets in order to properly deliver data, the Internet routing tables did not need to be concerned about that since all of these subnets existed behind the original network ID assigned by the IAB. As a result, organizations could build router-based internetworks without asking for additional network IDs and the Internet routing tables did not need to be overloaded with all the information about routes to all of the internal subnets.

4 Network Design with Classful IP Addressing 297 Subnet Masks By applying a 32-bit subnet mask to a Class B IP address, a portion of the bits that make up the host ID can be reserved for denoting subnetworks, with the remaining bits being reserved for host IDs per subnetwork. If the first 8 bits of the host ID were reserved for subnetwork addresses and the final 8 bits of the host ID were reserved for hosts per subnetwork, this would allow the same Class B address to yield 254 subnetworks with 254 hosts each as opposed to one network with 65,534 hosts. Figure 8-2 provides examples of subnet masks. The overall effect of subnetworking is to create multiple network segments within the address space given by the IAB. As illustrated in Figure 8-2, to create a subnet mask, each bit position is reserved for either a network ID or a host ID. By default, in the case of a Class B address, the first 16 bits are reserved for network ID and the second 16 bits are reserved for host ID. Of the 16 bits originally reserved for host ID, we can reserve those bits that we wish to use for a subnet ID by placing a 1 in that bit position. If we wish to retain the use of a bit position for host ID, then we reserve that bit position with a 0. In the example illustrated in Figure 8-2, we borrowed 8 of the 16 bits set aside for host ID and reassigned their function as subnet ID by reserving those 8-bit positions with a 1 in the subnet mask. Converting the binary place holder values to decimal yielded the decimal subnet mask This subnet mask yields 8-bit positions for subnet IDs and 8-bit positions for host IDs. Two to the eighth power is 256. However, as will be explained further, the allzeroes and all-ones subnet and host IDs are reserved, thereby leaving 254 available subnets and 254 available host IDs as listed in Figure 8-2. Extended Network Prefix The extended network prefix is the classful network prefix (/16 in the case of a Class B address) plus the number of bits borrowed from the host ID. In the case of the example illustrated in Figure 8-2, the extended network prefix would be /24 (/16 network prefix + /8 subnet mask). As an example, if we were given the Class B address of /24 what would we know? Figure 8-3 illustrates the network prefix, extended network prefix, subnet mask in binary and decimal, network ID, subnet ID, and host ID. The TCP/IP Subnet Definition Chart Once the theory behind how subnet masks are defined is understood, it would be nice to be able to define appropriate subnet Binary Decimal Number of Number of Hosts Subnet Mask Subnet Mask Subnetworks per Subnetwork Default Class B ,534 Subnet Mask Alternative Subnet Mask Used to Subnet Class B Network Figure 8-2 IPv4 Subnetworking

5 298 Chapter Eight/TCP/IP Network Design Decimal Network Prefix Subnet ID Host ID IP Address Subnet Mask Extended Network Prefix =/24 Figure 8-3 Extended Network Prefix masks without having to perform binary arithmetic. Figure 8-4 provides a chart that can be quickly used to define the proper subnet mask dependent on the class of the original network ID, the number of required subnets, and the number of required hosts per subnet. Working with Subnet Masks Subnet Design In order to illustrate the use of the TCP/IP Subnet Definition Chart, let s take a practical example: The university where you work has six administrative offices, each on its own subnet and each requiring between 15 and 25 hosts. For your Class C address, you create the subnet mask How well does this solution address the problem? Explain. Referring to the TCP/IP Subnet Definition Chart, we can see that if 6 subnets are required, then the last octet in the subnet mask should be 224, not 240, which would yield 30 hosts per subnet. In the example, the defined subnet of 240 would yield 14 subnets but only 14 host per subnet, which would not meet the requirement. The correct answer, 224, has 3 ones in the subnet mask borrowed from the host ID. A Class C address is a /24 subnet mask by default. Adding Number of 1s in Last Subnet Address Number Number Number Number Octet of Mask Block of of Class C of Class B of Class A Subnet Mask Octet Size Subnets Hosts Hosts Hosts ,382 4,194, ,190 2,097, ,094 1,048, , , , , N/A , N/A ,534 Figure 8-4 Classful IP Subnet Definition Chart

6 Network Design with Classful IP Addressing 299 the 3 ones yields a correct subnet mask of or a correct extended network prefix of /27 (24 + 3). In order to properly define a subnet mask for a given classful address, one must know the following information: What is the address class of the assigned network ID? This is important because knowing the address class tells you how many bits are available for borrowing from the host ID for the subnet ID. Class A: 24 bits, Class B: 16 bits, Class C: 8 bits. Obviously, you can t borrow all of the available bits for the subnet ID because there won t be anything left for the host ID. How many subnets are required both now and in the future? Future considerations are important. Although more flexible subnet definition alternatives will be examined later in the chapter, classful subnet definition needs to be done exactly the same across all subnets in a given network ID. How many host IDs per subnet are required now and in the future? Again, you must define your subnet mask based on worst anticipated scenario. That is to say, what is the largest number of hosts that you anticipate having to support on your largest subnet? Remember, you can t just choose an arbitrarily large number of host IDs since every bit that gets reserved for host IDs means one less bit available for subnet IDs. Let s try another example: Aretail chain of eighty stores expects to expand by twenty stores per year for the next eight years. Only one computer connected to a router at each site (total of two host IDs) will be needed to upload the daily sales figures to corporate headquarters. The IP address is What should the subnet mask be? Explain. The given IP address is This is a Class B or /16 address, which means we have 16 bits available with which to define the subnet mask. In order to determine the number of required subnets, we take the 80 current stores and add 160 more (20 per year 8 years) for a total anticipated number of stores or subnets of 240. We only need two host IDs per subnet. Using the TCP/IP Subnet Definition Chart, we see that in order to have 240 subnets, we will need 8 bits in the subnet mask. Adding the subnet mask to the default for a Class B address yields or an extended network prefix of /24 (/16 + 8). Defining Subnet Numbers Once the subnet mask for a given major network or network prefix has been defined, the next job is to define the individual subnet numbers that are associated with the assigned major network number. From the previous example, the assigned major network was We know we are going to use the next 8 bits, or the entire third octet, for the subnet ID. The subnet mask of tells us this is so. Notice how the third octet, which is normally reserved for host ID is a Class B address, is all ones (255) in the subnet mask indicating that it will be used for defining the subnet ID. Since 2 raised to the eighth power is 256, we should be able to define 256 different subnet IDs. In fact, we can. However, as we ll soon see, two of those subnet addresses are reserved, yielding 254 available

7 300 Chapter Eight/TCP/IP Network Design subnet Ids, as stated on the TCP/IP Subnet Definition Chart. Figure 8-5 shows how individual subnet IDs are defined. Reserved Subnet Numbers Two subnet numbers, the all-zeroes subnet and the allones subnet are typically reserved, especially in routers that support classful routing protocols. The all-zeroes subnet is labeled as Subnet 0 and the all-ones subnet is labeled as Subnet 255 in Figure 8-5. As can be seen in Figure 8-5, the full address of subnet 0 ( ) is identical to the Assigned network ID of In order to differentiate between the two, one would have to know the extended network prefix in each case. Since routers supporting classful routing protocols don t exchange extended network prefixes, there is no way for them to differentiate between the assigned major network ID, sometimes referred to as the default route, and subnet 0 of the major network, leading the subnet 0 address to be declared reserved. The allones subnet ID is reserved because it has a special meaning to classful routing protocol routers namely, broadcast to all subnets. Later in the chapter we will talk about other types of routing protocols that are able to share extended network prefixes thereby allowing routers to distinguish between the pairs discussed above and listed in Figure 8-6. Defining Host Addresses for a Given Subnet In the current example the network ID with extended network prefix is /24. That tells us that the last octet, or last 8 bits, has been reserved to define host IDs. Host IDs are defined within a given subnet. In Figure 8-7, we have chosen to define host IDs for subnet #1. As a result, we know that all host IDs will have the same first three octets in dotted decimal format, namely, The only part that will vary will be the fourth octet, which will contain unique host IDs. Since there are 8 bits in the fourth octet, we should be able to define 2 to the eighth power, or 256 different host IDs per subnet. However, as was the case with subnet IDs, we have two reserved host IDs, as well leaving us with 254 usable host IDs. Reserved Host Addresses As mentioned in chapter 7, there are reserved host IDs. Regardless of the length (number of bits) of the host ID, the all-ones host ID is reserved as the broadcast address for a given subnet and the all-zeroes host ID is Network Subnet Reserved for Decimal with Extended Prefix Number Host ID Network Prefix Assigned /16 Network ID Subnet /24 Subnet /24 Subnet /24 Subnet /24 Subnet /24 Subnet /24 Figure 8-5 Defining Subnet Numbers

8 Network Design with Classful IP Addressing 301 Decimal with Extended Network Prefix Assigned Network ID /16 All Zeroes Subnet /24 Broadcast /16 All Ones Subnet /24 Figure 8-6 Reserved Subnet Numbers Extended Network Prefix Host ID Decimal Host /24 Host /24 Host /24 Host /24 Host /24 Host /24 Host /24 Figure 8-7 Defining Host IDs for a Given Subnet reserved as identifying the subnet number itself. As a result, the broadcast address for the number one subnet used in Figure 8-7 would be Determining if IP Addresses Are Part of the Same Subnet In the example we have been using, the entire third octet was used for the subnet ID, so the subnet number is immediately evident just by reading the dotted decimal address. For example, the subnet ID in the address /24 is 2 and the subnet ID in the address /24 is 1. What would happen if this were not the case? What if the entire third octet were not reserved for the subnet ID? How would we, or the routers for that matter, be able to determine what the real subnet address was when all we are given is the dotted decimal format? Given the network ID from the IAB, we need to define a subnet ID that will yield 30 subnets with up to six hosts per subnet. Noting that we are dealing with a Class C address and referring back to the Subnet Definition Chart (Figure 8-4), we should see that we need the last octet to be 248. Since this is a Class C or /24 address and we are reserving 5 or the remaining 8 bits for subnet ID, it should be evident that the extended network prefix will be /29 or the subnet mask in dotted decimal format would be equivalently expressed as Figure 8-8 shows how the subnets would be defined. Notice how in Figure 8-8 there are only 5 bits available for subnet IDs and 3 bits reserved for host IDs for each subnet. As we will see, since an entire octet has not been reserved for the subnet ID, it will not be as immediately evident as in previous

9 302 Chapter Eight/TCP/IP Network Design Decimal with Subnet Reserved for Extended Network Prefix Number Host ID Network Prefix Assigned /24 Network ID Subnet /29 Subnet /29 Subnet /29 Subnet /29 Subnet /29 Subnet /29 Figure 8-8 Subnet Definition with Less Than an Octet examples. Also notice in Figure 8-8 that with just 5 bits to work with, we are able define only 32 total subnets, two of which are reserved. Figure 8-9 defines Host IDs for Subnet 1 from Figure 8-8. Since there are only 3 bits reserved for host ID, we can only define eight different host IDs, two of which are reserved. Notice how the extended network prefix does not increase when we define host IDs for a given subnet the way it did when we defined additional subnet levels to existing subnets. In the case of subnet 1 (subnet address 8), if we were to choose one of the full host IDs as defined Figure 8-9, we don t immediately see the subnet address of 8 in the full dotted decimal address of the host IDs. Where is the subnet address of 8 hiding? Why is the subnet address of subnet 1 defined as 8? As illustrated in Figure 8-10, it is due to the decimal place values of the binary digits used to define the subnet number. Routers need to know the real subnet address of every piece of packetized data that they encounter in order to properly forward that data toward its ultimate destination. To do this, routers must be given the subnet mask or extended network Extended Network Prefix Host ID Decimal Host 1 Reserved /29 Host /29 Host /29 Host /29 Host /29 Host /29 Host /29 Host 8 Reserved /29 Figure 8-9 Defining Host IDs

10 Network Design with Classful IP Addressing 303 Decimal Value Power of Subnet Reserved For Host ID Binary Subnet = 8 Reserved For Host ID Decimal Subnet Reserved For Host ID Binary Subnet = 240 Reserved For Host ID Decimal Figure 8-10 Hidden Subnet IDs prefix of the address in question and then use a type of binary arithmetic known as a logical AND. If a one is present in a given place in both the IP address and the subnet mask, then a one is placed in the result, otherwise a zero is placed in the result. This operation is illustrated in Figure In this case, we will use the host ID defined in Figure 8-9 for Host ID 6 on Subnet 1, with the full dotted-decimal address of /29. As illustrated in Figure 8-11, although the last octet of the full address had a value of 13, by using binary arithmetic the router is able to determine the actual subnet ID of the address as long as it also knows the subnet mask or extended network prefix. If the subnet ID of the destination address on the data packet is the same as the subnet of the router interface, the router will do nothing. Since it is a local delivery, the router does not need to get involved. If after determining the real subnet ID of the destination address it turns out that the destination subnet is not the same as the local router interface s subnet, then the router needs to go to work consulting its IP Address /29 Subnet Mask Subnet Host ID Portion of Portion of First Octet Second Octet Third Octet Fourth Octet Fourth Octet Result Binary from logical AND Result Decimal Figure 8-11 Determining if IP Addresses Are Part of the Same Subnet

11 304 Chapter Eight/TCP/IP Network Design routing tables and determining the address of the next hop router that will help this data packet on its way to its ultimate destination. Limitations of Classful Addressing and Fixed-Length Subnet Masks Before moving on to classless addressing and variable-length subnet masks, it is important to understand the problems that these techniques are attempting to fix: Wasted addresses because only one subnet mask can be used for a network prefix A shrinking pool of available IPv4 addresses Routing protocols such as RIP which are unable to transmit subnet masks or extended network prefix information along with network IDs and IP addresses force all routers, servers, and workstations within a given network to all have the same subnet mask. Recalling that a subnet mask is the logical portion that relates to a physical network topology, it should be evident that a fixed subnet mask implies a fixed subnet size for all subnets of a given network ID. Naturally, subnets must be sized to accommodate the largest required subnet within a given network ID. As a result, all subnets, regardless of their requirements, are sized to this largest required size, resulting in wasted host addresses that cannot be recovered or used by other subnets. Internet traffic is doubling every three to six months. Class A addresses are exhausted. Class B addresses are either exhausted, or nearly so. All that remains is Class C addresses. However, as was seen in the IP Subnet Definition Chart, Class C addresses, with only an 8-bit host ID, don t leave much room for subnet definition. CLASSLESS ADDRESSING AND VARIABLE-LENGTH SUBNET MASKS Clearly, something needed to be done. Two different techniques, described below, seek to mitigate the shortcomings of Classful IP addressing. Variable-Length Subnet Masks Variable-length subnet masks, defined in 1987 as RFP1009, specified how a single network ID could have different subnet masks among its subnets. Used correctly, VLSM could minimize the wasted IP addresses forced by a single subnet mask per network ID as defined by the original RFC 950 Subnetting technique. Benefits The major benefit of VLSM is that subnets can be defined to different sizes as needed under a single Network ID, thereby minimizing, if not eliminating, wasted addresses. As a result, an organization s assigned IP address space is more efficiently used. Second, when correctly defined to match the physical topology of the network, variable-length subnet masks can used to permit router aggregation that minimizes the number of distinct routes that need to be advertised and processed by network backbone or Internet routers. Route aggregation will be explained shortly.

12 Classless Addressing and Variable-Length Subnet Masks 305 Implementation Requirements In order for VLSM to be successfully implemented, the routers on the network where VLSM is implemented must be able to share subnet masks and/or extended network prefixes along with each router advertisement. Routing protocols such as OSPF and IS-IS are able to do this, whereas RIP and IGRP are not. Without the subnet mask or extended network prefix for each route being shared, the receiving router would have to assume that the received route was using the same subnet mask as the receiving router itself. An improvement to the original RIP (RIPv1), known as RIPv2 (RFC 1388), added support for VLSM. Second, all routers supporting VLSM must support a longest match routing algorithm. This is particularly important in VLSM networks because subnets can be embedded within subnets. As will be seen in the following sections, the deeper a particular subnet is embedded within the network topology, the greater its extended network prefix, and the more specific its route advertisement. Finally, the implemented network topology must match the distribution of addresses and definition of subnets. That is to say, the network designers must decide in advance how many levels of subnets are required, and how many hosts per subnet must be supported at each level. As will be seen in the following sections on network design with variable-length subnet masks, at each level of subnetting, all addresses can be summarized or aggregated into a single address block. This reduces the amount of routing information that needs to be shared among the routers on a given network. Recursive Division of a Network Prefix with VLSM As previously described, VLSM allows an organization s assigned address space to be recursively divided into as many levels and sizes of subnets as required. In order to better understand this process, we will first show how the address space is divided and then show how the routes from that recursively divided address space can be aggregated to effectively reduce the amount of transmitted routing information. In addition to reducing the amount of transmitted and stored routing information, an added benefit is that the associated network topology and structure of one subnet is unknown to other subnets. Figure 8-12 illustrates how a single network prefix can be recursively divided thanks to VLSM. Notice in Figure 8-12 how subnet sizes can be flexibly defined even on a given subnet level. On the sub-subnet level in Figure 8-12, the subnet is divided into 254 sub-subnets while the subnet is divided into only 6 sub-subnets. Also, notice that subnet IDs can become hidden when subnet addresses do not fall evenly on octet boundaries. Route Aggregation with VLSM While the benefits of flexible subnet size definition is illustrated in Figure 8-12, the route aggregation benefits of VLSM are illustrated in Figure Often, the terms summarization and aggregation are used interchangeably to describe the process of reducing the number of routing advertisements between subnets by only advertising the common portion of subnet IDs. Alternatively stated, summarization and aggregation mean that subnet information is not shared between two networks when a router connects those networks. In some cases, however, a distinction is made between the two terms. In such cases, the term summarization is reserved to describe those circumstances in which subnet addresses have been rolled up all the way to the major network prefix as assigned by the Internet authorities. In Figure 8-13, this would be the /8 major network prefix. On the other hand, the term aggregation is used to more gen-

13 306 Chapter Eight/TCP/IP Network Design MAJOR NETWORK PREFIX Class A Address /8 SUBNETS / / / / /16 SUB-SUBNETS / / / / /24 Note how subnets on the same level can be sized differently / / / / / /19 SUB2-SUBNETS / / / / / / / / / / / /22 Notice how a transition from one level of subnets to the next does not necessarily imply usage of the next octet in the address Figure 8-12 Recursive Division of a Network Prefix with VLSM erally describe any circumstance when only only the common portion of those addresses in a routing advertisement can represent a subnet s entire address space. In Figure 8-13, Router 6 s advertisement to Router 4 of the /19 route to represent six separate networks is an example of aggregation since /19 is not the major network prefix. Notice in Figure 8-13, how each physical network that houses multiple subnet IDs can have its routing information summarized to a single route advertisement to the next higher layer of subnet. Finally, the entire internetwork can be advertised to the Internet routing tables by the single assigned network ID: Such route aggregation and the efficiencies gained therein, are only possible if subnet masks are assigned in a planned manner so that subnet address assignment mirrors the actual topology of the network, as illustrated in Figure If assigned addresses are not organized to mirror the physical topology of the network, then address aggregation is not possible and the benefit of reduction of routing table size will not be realized.

14 Classless Addressing and Variable-Length Subnet Masks /8 Router / / / / / / / /24 Router / / / / / / / /19 Router 3 Router / /19 Router 5 Router / / / / / / / / / / / /22 Figure 8-13 Route Aggregation with VLSM Subnet Design Using VLSM Subnet design with variable-length subnet masks is similar to subnet design with fixed-length subnet masks, but the decisions made regarding subnets for the entire network in the fixed-length subnet mask scenario are made independently at each level in the variable-length subnet mask scenario. To elaborate, at each level (subnets, sub-subnets, sub2-subnets, etc.), basically two questions must be answered: 1. How many subnets are required at this level, both now and in the future? 2. What is the largest number of host required per subnet on this level, both now and in the future? The answers to these questions will determine how many subnets with how much host ID capacity need to be defined at each level. Defining Sub-Subnet Numbers with VLSM Figure 8-14 provides an example of how subnet numbers are defined in VLSM. In this example, it was determined that six sub-subnets were needed beneath the /16 subnet. Since two subnets are reserved, we need to really be able to define eight sub-subnets. Two to the third

15 308 Chapter Eight/TCP/IP Network Design Decimal with Sub-Subnet Reserved for Extended Network Prefix Number Host ID Network Prefix Assigned /16 Network ID Sub-Subnet /19 0 Reserved Sub-Subnet /19 Sub-Subnet /19 Sub-Subnet /19 Sub-Subnet /19 Sub-Subnet /19 Sub-Subnet /19 Sub-Subnet /19 7 Reserved Figure 8-14 Defining Sub-Subnetwork Numbers with VLSM power is eight, so it will take 3 additional bits or /19 (/16+3 = /19) extended network prefix to provide the required six sub-subnets. Defining Sub2-Subnet Numbers with VLSM If it was then decided that the /19 sub-subnet needed to be recursively divided into six sub2-subnets, so 3 additional bits of variable length subnet mask would be required. This is illustrated in Figure Defining Host Addresses for a Given Subnet With VLSM, defining host addresses involves the same process for subnet, sub-subnets, or sub2-subnets. Figure 8-16 illustrates the host definition process for sub2-subnet /22 defined in Figure The extended network prefix of /22 tells us that 1022 host IDs can be defined on this sub2-subnet. (32 bit address 22 reserved bits = 10 bits available for host ID; two to the tenth power = 1,024 2 reserved host IDs = 1,022 available host IDs). If 1,022 host IDs are way more than we could ever reasonably use, we would probably want to consider defining another subnet level so as not to strand or waste precious IP addresses. Notice how the extended network prefix does not increase when we define host IDs for a given subnet the way it did when we defined additional subnet levels to existing subnets. Notice how the third octet has changed from 184 to 187 on the last few host IDs. Does this mean that the subnet ID changed somehow? The answer is no. If you look in the extended network prefix column, you will see that the subnet ID has not changed. The reason the third octet changed is because the extended network prefix was 22, leaving 2 bits of the third octet left over for use by the host ID. Since the host IDs start using the rightmost bits first, it was only when we got to the last few host IDs that we were forced to use the leftmost bits, which happened to belong in the third octet. As a result, the third octet may have become 187, but the sub2-subnet ID is still 184.

16 Classless Addressing and Variable-Length Subnet Masks 309 Decimal with Sub-Subnet Reserved for Extended Network Prefix Number Host ID Network Prefix Assigned /19 Network ID Sub-Subnet /22 0 Reserved Sub-Subnet /22 Sub-Subnet /22 Sub-Subnet /22 Sub-Subnet /22 Sub-Subnet /22 Sub-Subnet /22 Sub-Subnet /22 7 Reserved Figure 8-15 Defining Sub2-Subnet Numbers with VLSM Determining if VLSM IP Addresses Are Part of the Same Subnet Routers use the same algorithm to determine if IP addresses are part of the same subnet, whether or not VLSM is used. A router must somehow know the extended network prefix or subnet mask, as well as the IP address. In the case of fixed-length subnet masks, the router could use its own interface s subnet mask (since all subnet masks on a given network had to be the same), or it could assume the default subnet mask based on classful address class. In the case of variable-length subnet masks, no such assumptions can be made. Extended network prefixes must accompany every advertised route that is shared between routers. Only certain router-to router-protocols are able to support VLSM s requirement for sharing extended network prefixes. OSPF and IS-IS are link Extended Network Prefix Host ID Decimal Host 0 Reserved /22 Host /22 Host /22 Host /22 Host /22 Host 1023 Reserved /22 Figure 8-16 Defining Host IDs

17 310 Chapter Eight/TCP/IP Network Design state protocols that are able to support VLSM. RIPv2 is a distance vector protocol that is able to support VLSM. Neither RIPv1 not IGRP are able to support VLSM. How routers use the extended network prefix or subnet mask to determine if IP addresses are part of the same subnet was illustrated in Figure Classless Inter-Domain Routing As previously mentioned, the near exhaustion of Class B addresses and rapid depletion of the limited capacity Class C addresses, combined with the explosive growth of the Internet and an associated explosive growth in demand for Internet IP addresses, forced the IETF (Internet Engineering Task Force) to take decisive action. Classless Inter Domain Routing (CIDR) was announced in September 1993 and is documented in RFCs 1517, 1518, 1519, and CIDR is also sometimes referred to as supernetting. Benefits CIDR (often pronounced as cider ) eliminates the traditional concept of Class A, B, and C addresses entirely. The first 3 bits of the IP address, which have traditionally been used to determine address class, are meaningless. Likewise first octet address ranges no longer indicate a particular address class. Thus, CIDR allows a more efficient allocation of the remaining Internet IP addresses. CIDR also supports route aggregation, which allows routing information for multiple network addresses to be represented by a single routing table entry. This can significantly reduce the number of routes that must be processed by Internet routers, thereby making the Internet perform more efficiently. Implementation Requirements CIDR addresses are issued in blocks known as CIDR blocks. Recall that the first octet is meaningless in determining how many subnets or host IDs can be defined for a given CIDR block. The only factor that determines the capacity of a CIDR block is the network prefix assigned by the Internet authorities when the CIDR block is issued. Just as was the case with classful addressing, the network prefix issued by the Internet authorities indicates the number of bits used for the major network ID. These bits are reserved and cannot be used by the end users for subnet IDs or host IDs. Think of the network prefix number as the hands off area. For example, if a CIDR block were issued with a network prefix of /18, that would imply that the first 18 bits from left to right were reserved for the network ID. This would leave 14 bits (32 18) for subnet IDs and host IDs. Since 2 raised to the fourteenth power is 16,384, that is how many host IDs or individual addresses can be defined for a CIDR block with a network prefix of /18. An important point to remember is that it doesn t matter what the assigned major network ID is: All /18 CIDR blocks are equal in terms of capacity, regardless of network ID. This is where is becomes important to forget the traditional view of classful addressing. As an example, the following three CIDR addresses are equivalent, even though they would not be equal from a classful addressing standpoint: / / /18

18 Classless Addressing and Variable-Length Subnet Masks 311 Figure 8-17 summarizes the key information about the capacity of CIDR blocks with various prefix lengths. Remember that the assigned prefix indicates the number of leftmost reserved bits. Much like subnettting, all bits reserved by the Internet authorities for the network ID prior to assignment to end users are designated with a 1 in the reserved bit positions. These reserved ones can then be converted to dotteddecimal format. Unlike subnetting where end users assign reserved bits to create a subnet mask because these ones are assigned to reserved bits in a mask before assignment to end users, this could be called a supernet mask. Another important implementation issue with CIDR is that the TCP/IP configuration programs on all servers and workstations must be CIDR compliant. That is to say, they must be able to accept classless subnet masks, or masks that would be illegal from a classful addressing standpoint. Many of the TCP/IP configuration programs associated with network operating systems have error-checking routines that assume that only classful addressing is supported and will not allow subnet masks that appear to violate classful addressing rules but are perfectly correct for CIDR. Address Allocation Using CIDR The impact of address allocation using CIDR is most clearly seen when Internet Service Providers must provide a block of addresses to an organization that wishes to connect to the Internet through its ISP. For example, let s start by assuming that an ISP has been issued the CIDR block of /17 by CIDR Number Number of Equivalent Prefix Supernet of Host Bits Available Number of Length Mask Addresses for Subnetting Classful Networks / Bs or 2048 Cs / Bs or 1024 Cs / Bs or 512 Cs / B or 256 Cs / Cs / Cs / Cs / Cs / Cs / Cs / Cs / C / /2 C / /4 C / /8 C Figure 8-17 CIDR Block Capacity Chart

19 312 Chapter Eight/TCP/IP Network Design the Internet authorities. Referring to the CIDR Block Capacity Chart (Figure 8-17), it should be evident that this block equals 32,768 IP addresses, or the equivalent of 128 separate C addresses. Remember that this is classless addressing and the value in the first octet of the CIDR block address has no significance. Obviously, the ISP wants to allocate these addresses in as efficient a manner as possible. Suppose an organization needed 1,000 IP addresses from the ISP for Internet connection. If this were strictly a classful environment, the ISP would have two choices: Give up a Class B address. This would effectively waste 64,534 addresses, since a Class B address offers 65,534 and the organization only wanted 1,000. Assign four separate Class C addresses that support up to 254 addresses each. The disadvantage of this approach is that it will take four additional advertised routes on all Internet routers to reach this organization. Although four additional routes may not sound like much, if multiple C class addresses was the only way to meet any organization s Internet connectivity needs, the impact on Internet routing tables would be significant indeed. However, thanks to CIDR, the ISP has the flexibility to more closely match the exact needs of the organization in terms of the number of required IP addresses, while adding only a single entry to the Internet routing tables. Referring back to the CIDR Block Capacity Chart, it should be evident that a /22 CIDR block with 1,024 IP addresses would fit the needs of the organization in question quite well. Figure 8-18 illustrates the relationship between the ISP s CIDR block, the client organization s CIDR block, and the equivalent Class C Addresses. Reducing Route Advertisements with CIDR Just as CIDR allowed addresses to be more effectively allotted to meet a given organization s needs, CIDR allows route aggregation to effectively reduce the number of route advertisements from a given network. Using the example illustrated in Figure 8-18 the client organization could summarize all of the subnet information from its four assigned networks into a single route advertisement: /22. Likewise the ISP in the example could summarize all of its routes for all of its client organizations into a single route advertisement: /17. Available Dotted Decimal for Subnets with Extended Binary and Hosts Network Prefix ISP CIDR Block /17 Client Organization s /22 CIDR Block Class C Address /24 Class C Address /24 Class C Address /24 Class C Address /24 Figure 8-18 Address Allocation with CIDR

20 IP Version CIDR vs. VLSM: Similarities and Differences CIDR and VLSM are actually quite similar in that they both allow a given high-level network ID to be divided and subsequently subdivided repeatedly into smaller and smaller pieces. This division into subnets, sub-subnets, sub-sub-subnets, and so on is done in such a way that the addresses that are contained within any lower level subnet can be rolled up, or aggregated into a single address at the next higher level of addressing. This type of address segmentation is sometimes referred to as recursive division or recursion. In terms of implementation, both VLSM and CIDR require that the extended network prefix information is transmitted with every route advertisement. All routers supporting VLSM or CIDR must use a longest match algorithm for determining which route should be chosen from among possible routes in a routing table. In order for router aggregation to effectively limit the number of route advertisements, addresses must be assigned in a manner that mirrors the physical topology of the network. The key difference between CIDR and VLSM is a matter of when the recursion is performed. In the case of VLSM, the division of the addresses and definition of multiple levels of subnets of various sizes is done after the addresses were assigned to the end user. All of the addresses of the nested subnets are aggregated and the Internet has no knowledge of internal network structure of the VLSM environment. In the case of CIDR, the recursion is know as supernetting, and is performed by Internet authorities and higher level ISPs and is done before the end user receives assigned addresses. IP VERSION 6 IPv4 has been the backbone of the Internet for twenty years. Although it has worked well, the evolution of the Internet from a fairly small network of universities and government installations into the commercial Internet of today have exposed some key limitations in IPv4 that have been addressed by the IETF in a new version of the Internet Protocol, IPv6. For those wondering, IPv5 was the version number given to a project to create a completely different, connection-oriented version of IP that has gone on to become the Internet Stream protocol (ST and ST2). Limitations of IPv4 While IPv4 is the most commonly used network layer protocol, there are some key limitations that affect its usage. Recall that connection to the Internet requires use of an IP address that is absolutely unique. Although the current version of IP could theoretically support 4.3 billion host addresses, far fewer addresses than that are actually available. The recent boom in the use of the Internet by commercial entities has put a serious strain on the availability of IP addresses. As the number of hosts on the Internet grows, the 32-bit address space provided by IPv4 is rapidly running out. Although it provides almost 4.3 billion addresses, the hierarchical nature of IP addressing greatly limits the efficiency with which IP addresses can be used. This is largely due to the IP address classes introduced earlier. Class C addresses, with only 256 hosts IDs are too limiting for many corporations, while Class B addresses with 65,534 host IDs, provide far more host IDs than necessary, leading to wasted and subsequently unavailable addresses in most cases. Although this appears to be a waste of address spaces, the routing benefits of such a hierarchical addressing approach greatly outweigh the