Network 4 - IP addressing/subnetting

IP Address

e.g., 192.168.1.165 – Every device needs a unique IP address

Subnet mask

 e.g., 255.255.255.0 – Used by the local device to determine what subnet it’s on – The subnet mask isn’t (usually) transmitted across the network – You’ll ask for the subnet mask all the time

Default gateway

e.g., 192.168.1.1 – The router that allows you to communicate outside of your local subnet – The default gateway must be an IP address

Loopback address

– An address to yourself

– Ranges from 127.0.0.1 through 127.255.255.254

– An easy way to self-reference (ping 127.0.0.1)

Reserved Addresses

– Set aside for future use or testing

– 240.0.0.1 through 254.255.255.254

– All “Class E” addresses

Virtual IP addresses (VIP)

– Not associated with a physical network adapter

– Virtual machine, internal router address

Automatic Private IP Addressing (APIPA)

• Used if no DHCP

-A link-local address

– Can only communicate to other local devices – No forwarding by routers

• IETF has reserved 169.254.0.1 through 169.254.255.254

– First and last 256 addresses are reserved – Functional block of

– 169.254.1.0 through 169.254.254.255

• Automatically assigned – Uses ARP to confirm the address isn’t currently in use

Classfull subnetting

Classful subnetting is the original way IP networks were divided before CIDR (Classless Inter-Domain Routing) was introduced.

It divides the entire IPv4 address space into fixed-size “classes” — A, B, C, D, and E — based on the first few bits of the IP address.

Each class has a default subnet mask and a set number of hosts per network.

If leading bits of IP are 0xxxxxxx and (0-127), then what class?

A

If leading bits of IP are 10xxxxxx and (128-191) then what class?

B

If leading bits of IP are 110xxxxx and (192-223) then what class?

C

Network Adress/subnet ID

– The first address in the subnet

• find it by setting all host bits to 0

Broadcast address

– The last address in the subnet

• find it by setting all host bits to 1

CIDR-block notation

its the “/25, /21….”

DCI - Data center interconnect

• Connect multiple data centers together (across geographic distances)

• connect & segment different customer networks

• Distribute applications everywhere

VXLAN - Virtual Extensible LAN

is a tunneling protocol that allows you to extend Layer 2 (L2) networks over a Layer 3 (L3) network..

VXLAN lets you create virtual Layer 2 networks across IP networks, even if the devices are far apart.

It’s often used in large data centers and cloud deployments where traditional VLANs (limited to 4096 IDs) aren’t enough.

Policy Based Authentication

• Adaptive identity – Consider the source and the requested resources – Multiple risk indicators - relationship to the organization, physical location, type of connection, IP address, etc. – Make the authentication stronger, if needed

• Policy-driven access control – Combine the adaptive identity with a predefined set of rules – Evaluates each access decision based on policy and other information – Grant, deny, or revoke

SASE - Secure Acess Service Edge

“next generation” VPN.

 It’s a networking and security architecture that combines wide-area networking (WAN) and network security services into a single cloud-delivered service.

IaC - Infrastructure as code

is the practice of managing and provisioning IT infrastructure using code instead of manual processes. An important concept for cloud computing

NAT64

NAT64 (Network Address Translation 64) is a translation mechanism that allows IPv6-only clients to communicate with IPv4-only servers.

EIGRP

It helps routers automatically learn the best path to send data through a network — without needing static routes.

-cleanly manange topology changes (no loops)

• minimize bandwidth use

• But is is CISCO based so if you use it without cisco then you dont get full functionality

OSPF

• Used within a single autonomous system (where you have complete control

• Available on many different router manufacturers

• Link-state protocol: routing is based on the connectivity between routers. Each link between routers has a cost. Low cost and fastest path wins

BGP

FHRP - First hop redundancy protocol

• All computers only have one default gateway they can list and this is a problem because what if the default gateway fails?

• To provide redudancy we can create a virtual IP (VIP) for the default gateway

  • Basically if you have two routers, they each have their own ip. You create a VIP that points to the first router’s IP. If first router fails, then the VIP will point to the second router

Subinterfaces

• a device has a phsycial interface (ex ethernet interface) BUT we can turn that one physical interface into many (virtual) subinterfaces

• Some examples of this would be creating VLANS in a trunk

NAT

is a process that a router (or firewall) uses to modify IP addresses as packets pass between private and public networks.Usually one-to-one number of devices supported.

One private IP ↔ One public IP

NAT overload/PAT

is a type of Network Address Translation (NAT) that lets many private devices share a single public IP address by using different port numbers. usually many-to-one (multiple devices share one public IP)

Many private IPs ↔ One public IP (distinguished by port numbers)

NAT vs PAT Example

magine a company with one phone number (public IP):

• NAT is like transferring one employee’s line directly to one external number.

• PAT is like using extension numbers so multiple employees can share the same main phone line — each identified by their extension (port).