Unit 4 CompTIA+ Networking
4.1
IPv4 Datagram Header
Ethernet works at the Physical and Data Link layers of the OSI model (layers 1 and 2). Ethernet, and other layer 1/layer 2 products, have no concept of multiple networks or of logical subdivisions within a network. This function is implemented at the Network layer (layer 3). As a layer 3 protocol, the Internet Protocol (IP) provides logical network addressing and forwarding.
The Internet Protocol (IP) header contains fields to manage the logical addressing and forwarding function. In IPv4, the header contains two fields for the 32-bit source and destination addresses, plus a number of other fields to support forwarding functions.
The Version field indicates the version of Internet Protocol in use (4), while the Length fields indicate the size of the header and the total packet size (including the payload). The maximum theoretical size is 65,535 bytes, but actual packets would typically be much smaller to avoid fragmentation when transported as the payload of Ethernet frames, which usually have 1,500-byte MTUs.
The Protocol field describes what type of data is encapsulated in the payload so that the receiving host knows how to process it. For most packets, the IP protocol type value in the Protocol field will indicate a Transmission Control Protocol (TCP/6) segment or a User Datagram Protocol (UDP/17) datagram, which work at the Transport layer. The values assigned to protocol types, such as 6 for TCP and 17 for UDP, are managed by IANA.
Some Network layer protocols run directly on IP. These IP protocol types include the following:
Internet Control Message Protocol (ICMP/1) is used for status messaging and connectivity testing.
Internet Group Messaging Protocol (IGMP/2) is used with multicasting.
Generic Routing Encapsulation (GRE/47) is used to tunnel packets across an intermediate network. This is used (for example) in some virtual private network (VPN) implementations.
Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51) are used with the encrypted form of IP (IPSec).
Enhanced Interior Gateway Routing Protocol (EIGRP/88) and Open Shortest Path First (OSPF/89) are protocols used by routers to exchange information about paths to remote networks.
Layer 2 vs. Layer 3 Addressing and Forwarding
When designing or supporting an IP network, it is important to understand how the logical addressing scheme at the Network layer maps to forwarding at the Data Link layer. Forwarding at layer 3 is referred to as routing, while forwarding at layer 2 is described as switching.
The following figure illustrates how both switching and routing components might be used in a typical network. The whole network is connected to the wider Internet via the WAN interface on the router. The router's other interfaces are used to divide the network into three logical subnetworks. These subnets are mapped to layer 2 segments, each implemented using a switch.
Nodes within each subnet can address one another directly (they are in the same broadcast domain), but they can only communicate with nodes in other subnets via the router.
Within each subnet, nodes use Media Access Control (MAC) addresses to forward frames to one another, using a mechanism to translate between layer 3 IP addresses and layer 2 MAC addresses.
The Network layer can also accommodate forwarding between different types of layer 1/layer 2 networks. The private zone is implemented using Ethernet, but the link between the router's public interface and the ISP might use a different technology, such as digital subscriber line (DSL).
Address Resolution Protocol
When two hosts communicate over an Ethernet network using IP, an IP address identifies each Network layer host interface. However, transmission of data must take place at the Physical and Data Link levels using the local or hardware/MAC address of the interface. The TCP/IP suite includes the Address Resolution Protocol (ARP) to perform the task of resolving an IPv4 address to a hardware MAC address.
If the destination address is on a different subnet or on a remote network, then the local host must use its default gateway to forward the packet. Therefore, it must determine the MAC address of the default gateway using ARP.
The router also uses ARP messaging for its Ethernet interfaces. ARP messaging is only used with Ethernet, however. A router's public interface might use a different type of framing and local addressing.
Unicast and Broadcast Addressing
When an IP host wants to send a packet to a single recipient, it uses a unicast packet, addressed to the IP address of the destination host. If, however, the local host needs to communicate with multiple hosts, it can use a different scheme.
One means of addressing multiple hosts is to perform a broadcast. A broadcast can be performed by sending a packet to the network or subnet's broadcast address. The broadcast address is the last address in any IP network or subnet.
All hosts that share the same broadcast address receive the packet. They are said to be in the same layer 3 broadcast domain. Broadcast domain boundaries are established at the Network layer by routers. Routers do not forward broadcasts, except in some specially configured circumstances.
As with unicast traffic, IP packets must be delivered to hosts using layer 2 MAC addresses. At layer 2, broadcasts are delivered using the group MAC address (ff:ff:ff:ff:ff:ff). This means that there is also a broadcast domain scope at layer 2. With legacy devices such as hubs and bridges, every port on all physically connected nodes is part of the same layer 2 broadcast domain. This is also the case with a basic or unmanaged switch. By default, a switch floods broadcasts out of every port except the source port.
Multicast and Anycast Addressing
Multicast Addressing
IP multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content. Multicast packets are sent to a destination IP address from a special range configured for use with that multicast group. In IPv4, the range 224.0.0.0 through to 239.255.255.255 is reserved for multicast addressing.
The intent to receive multicasts from a particular host is signaled by joining a multicast group. The Internet Group Management Protocol (IGMP) is typically used to configure group memberships and IP addresses.
At layer 2, multicasts are delivered using a special MAC address, comprised of the prefix 01-005E, with the remainder expressing the multicast group IP address in hex notation. To deliver this frame only to members of the multicast group, the switch must be capable of IGMP snooping. If the switch is not multicast capable, it will treat the multicast MAC address like a broadcast and flood the multicast transmissions out of all ports.
Anycast Addressing
Anycast means that a group of hosts is configured with the same IP address. When a router forwards a packet to an anycast group, it uses a prioritization algorithm and metrics to select the host that is "closest" (that will receive the packet and be able to process it the most quickly). This allows the service behind the IP address to be provisioned more quickly and reliably. It allows for load balancing and failover between the server hosts sharing the IP address.
4.2
IPv4 Address Format
Networks in an internetwork must have a way of uniquely identifying each logical network and each individual host within those networks. At the Data Link layer, an interface is identified by using a MAC or hardware address. This type of address can be used only for local delivery of frames. At the Network layer, IP source and destination addresses are used to forward packets to the proper destination. An IP address provides two pieces of information:
The network number (Network ID)—This number is common to all hosts on the same IP network.
The host number (Host ID)—This number identifies a host within an IP network.
32-bit IPv4 Addressing
An IPv4 address is 32 bits long. In its raw form, it appears as follows:
11000110001100110110010000000001
The 32 bits are subdivided into four groups of 8 bits (1 byte) known as octets. The previous IP address could therefore be written as:
11000110 00110011 01100100 00000001
It is almost impossible for people to use binary formats as configuration values. To make an IP address easier to use, it is formatted using dotted decimal notation. This notation requires each octet to be converted to a decimal value. The decimal numbers are separated using a period. Converting the previous number to this notation gives:
198.51.100.1
The following examples demonstrate the process of converting between binary and decimal notation.
In base 2 (binary), digits can take one of two different values (0 and 1). The place values are powers of 2: 21=2, 22=4, 23=8, 24=16, 25=32, 26=64, and 27=128. You should memorize these values to be able to perform binary/decimal conversions using the columnar method. Consider the octet 11101101 represented in base 2. This image shows the place value of each digit in the octet in the first two rows, with the binary octet in the third row. Rows four and five show that where there is a 1 in the octet, the decimal place value is added to the sum.
If all the bits in an octet are set to 1, the number obtained is 255 (the maximum possible value). Similarly, if all the bits are set to 0, the number obtained is 0 (the minimum possible value). Therefore, theoretically an IPv4 address may be any value between 0.0.0.0 and 255.255.255.255. However, some addresses are not permitted or are reserved for special use.
Network Masks
An IP address represents both a network ID and a host ID. In IPv4, a 32-bit network mask (or netmask) is used to distinguish these two components within a single IPv4 address. The mask conceals the host ID portion of the IP address and thereby reveals the network ID portion.
The mask and the IPv4 address are the same number of bits. Wherever there is a binary 1 in the mask, the corresponding binary digit in the IPv4 address is part of the network ID. The 1s in the mask are always contiguous. For example, this mask is valid:
11111111 11111111 11111111 00000000
But the following string is not a valid mask:
11111111 00000000 11111111 00000000
The network ID portion of an IP address is revealed by ANDing the mask to the IPv4 address. When two 1s are ANDed together, the result is a 1. Any other combination produces a 0.
For example, to determine the network ID of the host IPv4 address 198.51.100.1 with a mask of 255.255.255.0, the dotted decimal notation of the IP address and mask must first be converted to binary notation. The next step is to AND the two binary numbers. The result can be converted back to dotted decimal notation to show the network ID (198.51.100.0). The only difference between the host IP address and the network ID lies in the last octet, which is not masked. Instead of the dotted decimal mask 255.255.255.0, this network can be identified using prefix or slash notation. The prefix is simply the number of bits set to 1 in the mask. The network can therefore be referred to as 198.51.100.0/24. A longer network portion, such as 255.255.255.0, allows for more network IDs within the overall internetwork but with fewer available host addresses per network. Each /24 network has only 254 possible host addresses. Conversely, the short netmask 255.0.0.0 allows for millions of hosts per network but only 126 possible network addresses.
Subnet Masks
The relative sizes of the network and host portions in an IPv4 address determine how many networks and hosts per network an addressing scheme can support. The conventional addressing technique has IPv4 addresses with two hierarchical levels, namely the network ID and host ID. This scheme of using whole octet boundaries for the netmask is inflexible, so a system of dividing networks into subnetworks or subnets was devised.
Subnet addressing has three hierarchical levels: a network ID, subnet ID, and host ID. To create logical subnets, bits from the host portion of the IP address must be allocated as a subnetwork address, rather than part of the host ID.
This means the subnet ID lies within an octet boundary. For example, a binary mask with 28 bits could use all the octets, with the network prefix boundary lying within the fourth octet.
The network ID and subnet ID use different masks. The mask for the whole network is still 255.255.255.0. Hosts within the network use the subnet mask 255.255.255.240.
It is important to understand that only one mask is ever applied to the IP address on each interface. The mask containing the subnet information is only used within the IP network. External IP networks continue to address the whole network by its network ID (198.51.100.0/255.255.255.0). Hosts within the network use the longer subnet mask to differentiate the subnets. These are 198.51.100.0/255.255.255.240, 198.51.100.16/255.255.255.240, 198.51.100.32/255.255.255.240, 198.51.100.48/255.255.255.240, and so on.
Because the 1s in a mask are always contiguous, each octet in decimal in an IPv4 mask will always be one of the following.
Octet Mask BIts | Binary Octet | Decimal Equivalent |
1 | 10000000 | 128 |
2 | 11000000 | 192 |
3 | 11100000 | 224 |
4 | 11110000 | 240 |
5 | 11111000 | 248 |
6 | 11111100 | 252 |
7 | 11111110 | 254 |
8 | 11111111 | 255 |
Try to memorize these values to make converting masks between binary and decimal formats easier. For example, if the mask has 14 bits, you can work out the octets as 8 bits plus 6 bits. Therefore, a /14 network has the following mask:
11111111 11111100 00000000 00000000 255 252 0 0
Host Range Addresses
The IP network 198.51.100.0/24 allows for 254 possible host IDs. The host ID portion is 8 bits long. The purpose of subnetting is to create layer 3 broadcast domain segments with fewer hosts. The trick with subnet design is to fit the scheme to the requirements for number of subnetworks and number of hosts per subnet. Each bit added to the mask approximately halves the number of available host addresses.
Default Gateway
When two end system hosts attempt to communicate via IPv4, the protocol compares the source and destination address in each packet against the netmask. If the masked portions of the source and destination IP addresses match, then the destination interface is assumed to be reachable via the local layer 2 network.
In the figure, the first 28 bits of the source and destination address are the same. Therefore, IP concludes the destination IPv4 address is on the same IP network or subnet and tries to deliver the packet locally.
If the masked portion does not match, as in the following figure, IP assumes the packet must be routed to another IP network or subnet.
When the destination IPv4 address is on a different IP network or subnet, the host forwards the packet to its default gateway, rather than trying to deliver it locally. The default gateway is a router configured with a path to remote networks.
The router determines what to do with the packet by performing the same comparison between the source and destination address and netmask. The router then uses its routing table to determine which interface it should use to forward the packet. If no suitable path is available, the router drops the packet and informs the host that it could not be delivered.
If the message is destined for yet another network, the process is repeated to take it to the next stage, and so on.
Paths to other IP networks can be manually configured in the routing table or learned by a dynamic routing protocol. Dynamic routing protocols allow routers to share information about known networks and possible paths to them. This information allows them to choose the best routes to any given destination and select alternate routes if one of these is unavailable.
Broadcast Addresses
A broadcast can be performed by sending a packet to the network or subnet's broadcast address. The broadcast address is the last address in any IP network, or put another way, the address in any IP network where all the host bits are set to 1.
For example, if the subnet mask is 255.255.255.240, the last four digits of the last octet in the IP address is the host ID portion. If these digits are set to all 1s, that is the last possible address before the next subnet ID, and therefore the network broadcast address.
IP Interface Configuration in Windows
Each host adapter must be allocated an appropriate IP address and subnet mask, plus the IP address of the default gateway (router) for its network. Typically, a host is also configured with the addresses of domain name system (DNS) servers that can resolve IP address to names, making identification of hosts and services simpler.
These IP configuration values can be assigned statically or dynamically. Configuring large numbers of hosts with a valid static address is a complex management task. Most hosts are configured to obtain an address automatically, using a service called the Dynamic Host Configuration Protocol (DHCP).
Under Windows, each Ethernet adapter is assigned a name. In early Windows versions, the first adapter was named "Local Area Connection," but recent versions just use the label "Ethernet." Additional adapters are identified as "Ethernet2," "Ethernet3," and so on. A new name can be applied if necessary. The IP configuration for each adapter interface is often set using the GUI Properties dialog accessed via the Network Connections applet or Windows Settings app. However, you can also configure interfaces using netsh commands.
netsh interface ip set address "Ethernet" dhcp
netsh interface ip set address "Ethernet" static 198.51.100.17 255.255.255.240 198.51.100.30
The second example configures a host with the IP address 198.51.100.17/28 and identifies the default gateway as 198.51.100.30 (the last host address in the subnet). In Windows, all changes to the network interface configuration are persistent, meaning that they continue to apply when the system is rebooted.
You can also use netsh to report the IP configuration (netsh interface ip show config, for example).
netsh is implemented in the legacy command prompt interface. Script-based configuration is now more likely to use PowerShell cmdlets. The Get-NetAdapter and Get-NetIPAddress cmdlets can be used to query the existing configuration. A new configuration can be applied using New-NetIPAddress, or an existing one can be modified using Set-NetIPAddress.
IP Interface Configuration in Linux
In Linux, Ethernet interfaces are classically identified as eth0, eth1, eth2, and so on, although some network packages now use different schemes, such as en prefixes. In Linux, you need to distinguish between the running configuration and the persistent configuration. The persistent configuration is the one applied after a reboot or after a network adapter is reinitialized.
The method of applying an IP configuration to an adapter interface is specific to each distribution. Historically, the persistent configuration was applied by editing the /etc/network/interfaces file and bringing interfaces up or down with the ifup and ifdown scripts. Many distributions now use the NetworkManager package, which can be operated using a GUI or the nmcli tools. Alternatively, a network configuration might be managed using the systemd-networkd configuration manager. Additionally, recent distributions of Ubuntu use netplan to abstract some of this underlying complexity to configuration files written in YAML Ain't Markup Language (YAML). The YAML configuration files are rendered by either systemd-networkd or NetworkManager.
4.3
Classful Addressing
So far, we have considered IP network and subnet IDs that are defined by network masks. This is referred to as classless addressing. A classful addressing scheme was employed in the 1980s, before the use of netmasks to identify the network ID portion of an address was developed. Classful addressing allocates a network ID based on the first octet of the IP address.
Class A network addresses support large numbers of hosts—over 16 million. However, there are only 126 Class A network addresses. There are 16,000 Class B networks, each containing up to about 65,000 hosts. Finally, Class C networks support only 254 hosts each, but there are over two million of them.
When considering classful addressing, you need to be able to identify the address class from the first octet of the IP address. This table shows how to identify an address class from the first octet of the IP address in decimal.
First Octet | Class |
1–126 | Class A |
128–191 | Class B |
192–223 | Class C |
IP ranges 0.0.0.0/8 and 127.0.0.0/8 are also part of Class A but are reserved for special uses. 0.0.0.0/8 means "this" network, and 127.0.0.0/8 is used for loopback addressing.
While routers have performed classless addressing for years, the class terminology is still used in some contexts. Even under classless addressing, the old classes are often used as names for the netmasks that align to whole octet boundaries:
Class A: 255.0.0.0 (/8)
Class B: 255.255.0.0 (/16)
Class C: 255.255.255.0 (/24)
Classful addressing is also important because it established some IP address ranges that cannot be used for ordinary host addressing or for addressing over the Internet.
Public vs Private Addressing
A public IP address is one that can establish a connection with other public IP networks and hosts over the Internet. The allocation of public IP addresses is governed by IANA and administered by regional registries and ISPs. Hosts communicating with one another over a LAN could use a public addressing scheme but will more typically use private addressing.
Private IP addresses can be drawn from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet:
10.0.0.0 to 10.255.255.255 (Class A private address range).
172.16.0.0 to 172.31.255.255 (Class B private address range).
192.168.0.0 to 192.168.255.255 (Class C private address range).
Any organization can use private addresses on its networks without applying to a registry or ISP, and multiple organizations can use these ranges simultaneously. Internet access can be facilitated for hosts using a private addressing scheme in two ways:
Through a router configured with a single valid public IP address or a block of valid public IP addresses; the router translates between the private and public addresses using a process called Network Address Translation (NAT).
Through a proxy server that fulfills requests for Internet resources on behalf of clients. The proxy server itself must be configured with a public IP address on the external-facing interface.
Other Reserved Addressing Range
There are two additional classes of IP address (D and E) that use the values above 223.255.255.255:
Class D addresses (224.0.0.0 through 239.255.255.255) are used for multicasting.
Class E addresses (240.0.0.0 through 255.255.255.255) are reserved for experimental use and testing.
Loopback Addresses
While nominally part of Class A, the range 127.0.0.0 to 127.255.255.255 (or 127.0.0.0/8) is reserved. This range is used to configure a loopback address, which is a special address typically used to check that TCP/IP is correctly installed on the local host. The loopback interface does not require a physical interface to function. A packet sent to a loopback interface is not processed by a network adapter but is otherwise processed as normal by the host's TCP/IP stack. Every IP host is automatically configured with a default loopback address, typically 127.0.0.1. On some hosts, such as routers, more than one loopback address might be configured. Loopback interfaces can also be configured with an address from any suitable IP range, as long as it is unique on the network. A host will process a packet addressed to a loopback address regardless of the physical interface on which it is received.
Most hosts are also configured with a Domain Name System (DNS) host name. The loopback address is associated with the name localhost. The name localhost can be substituted for the numeric loopback address.
Other
A few other IPv4 address ranges are reserved for special use and are not publicly routable:
0.0.0.0/8—Used when a specific address is unknown. This is typically used as a source address by a client seeking a DHCP lease.
255.255.255.255—Used to broadcast to the local network when the local network address is not known.
100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15—Set aside for a variety of special purposes.
192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24—Set aside for use in documentation and examples.
IPv4 Address Scheme Design
The number of IP networks and subnetworks required must be considered.
The number of hosts per subnet that must be supported must be considered.
The network ID must be from a valid public or a private range (not from the loopback, link local reserved range, multicast range, or reserved/experimental range, for instance).
The network and/or host IDs cannot be all 1s in binary—this is reserved for broadcasts.
The network and/or host ID cannot be all 0s in binary; 0 means "this network."
Each host ID must be unique on the IP network or subnet.
The network ID must be unique on the Internet (if you are using a public addressing scheme) or on your internal system of internetworks (if you are using a private addressing scheme).
When you are performing subnet calculations, try to think in terms of the number of mask bits. It helps to remember that each power of 2 is double the previous one:
22 | 23 | 24 | 25 | 26 | 27 | 28 |
4 | 8 | 16 | 32 | 64 | 128 | 256 |
Also memorize the decimal values for the number of bits set to 1 in an octet within a mask:
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
128 | 192 | 224 | 240 | 248 | 252 | 254 | 255 |
In the following example, the network designer is subnetting the network address 172.30.0.0/16. The process of designing the scheme is as follows:
Work out how many subnets are required (remembering to allow for future growth), then round this number up to the nearest power of 2.
For example, if you need 12 subnets, the next nearest power of 2 is 16. The exponent is the number of bits you will need to add to your default mask. For example, 16 is 24 (2 to the power of 4), so you will need to add 4 bits to the network prefix. In dotted decimal format, the subnet mask becomes 255.255.240.0.
Work out how many hosts each subnet must support and whether there is enough space left in the scheme to accommodate them.
For example, the network address is in the /16 range, and you are using 4 bits for subnetting, so you have 32–20 = 12 bits for hosts in each subnet. The number of hosts per subnet can be expressed using the formula 2n–2, where n is the number of bits you have allocated for the host ID. 12 bits is enough for 4,094 hosts in each subnet.
You subtract 2 because each subnet's network address and broadcast address cannot be assigned to hosts.
Wherever a 1 appears in the binary mask, the corresponding digit in the IP address is part of the network or subnet address. When you are planning what your mask will be, remember this rule. Allocate more bits in the mask if you need more subnets. Allocate fewer bits in the mask if you need more hosts per subnet.
Just for comparison, if you have a /24 (or Class C) network address and try to allocate 16 subnets, there will be enough space left for only 14 hosts per subnet (24–2).
Work out the subnets. The easiest way to find the next subnet ID is to deduct the least significant octet in the mask (240 in this example) from 256. This gives the next subnet ID, which, in full, is
172.30.16.0/20.The subsequent subnet IDs are all the lowest subnet ID higher than the one before—32, 48, 64, and so on.
Work out the host ranges for each subnet. Take the subnet address and add a binary 1 to it for the first host. For the last host, take the next subnet ID and deduct two binary digits from it. For the
172.30.16.0/20subnet, this is172.30.16.1and172.30.31.254, respectively. Repeat for all subnets.
Classless Inter-Domain Subnetting
Classless addressing was designed to solve two major problems of the classful addressing scheme as more and more networks joined the Internet through the early 1990s. The first was that network addresses, specifically, Class B addresses, were becoming very scarce and the second was near exponential growth in Internet routing tables. As well as support subnet addressing, classless addressing can be used to summarize network prefixes and reduce the complexity of Internet routing tables.
Classless Inter-Domain Routing (CIDR) uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within that network. CIDR is also sometimes described as supernetting.
For example, rather than allocate a Class B (or /16) network address to a company, several contiguous Class C (or /24) addresses could be assigned. Four /24 network addresses gives 1,016 hosts. However, this would mean complicated routing with many entries in the routing tables to represent four IP networks at the same location. Using CIDR collapses these routing entries into one single entry. If the network addresses assigned to a company were 198.51.100.0 through to 198.51.103.0 and you wanted to view this as one network, you need to allocate two bits from the network address to summarize the four networks. This makes the supernet prefix /22 or the subnet mask 255.255.252.0.
The ANDing process is still used to determine whether to route. If the ANDed result reveals the same network ID as the destination address, then it is the same network. In this next example, the first IP addresses belong to the supernet, but the second is on a different company's network.
Routers external to the network just use this /22 prefix, so the complexity of the LAN subnets is hidden and doesn't need to clog up their routing tables. The LAN's internal routers use the /24 prefix or even multiple prefixes to create subnets of different sizes.
Variable Length Subnet Masks
The IPv4 address space is close to being exhausted, making it difficult for ISPs to allocate public addresses to the companies that want them. To mitigate this, more efficient methods of allocating IP addresses must be used. Supernetting simplifies the information Internet routers need to locate IP networks. A complementary classless addressing technique, called variable length subnet masking (VLSM), allows a network designer to allocate ranges of IP addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet more closely. Without VLSM, you have to allocate subnetted ranges of addresses that are the same size and use the same subnet mask throughout the network. This typically means that some subnets have many wasted IP addresses or additional routing interfaces must be installed to connect several smaller subnets together within a single building or department.
VLSM allows different length netmasks to be used within the same IP network, allowing more flexibility in the design process.
For this example, consider a company with three sites, each with differing network sizes and IP address requirements. There are also subnets representing point-to-point WAN links between the routers.
VLSM design usually proceeds by identifying the subnets with the most hosts and organizing the scheme in descending order. As with any subnet calculations, it helps to remember that each power of 2 is double the previous one:
22 | 23 | 24 | 25 | 26 | 27 | 28 |
4 | 8 | 16 | 32 | 64 | 128 | 256 |
In the example, the largest requirement is for 80 hosts. 26 has a maximum of 64 values, which is not enough, so the nearest match in the table is 27. This tells us that we need 7 bits for host addressing. This actually allows for 126 host addresses once the network and broadcast addresses have been accounted for (27–2). Using 7 bits makes the prefix /25 (32 minus 7).
The next requirement is technically met by a 5-bit host address space, but as this allows for exactly 30 addresses, there would be no room for growth. Using 6 bits might be safer, but for this scenario, we will choose the closest match and adopt the /27 prefix.
The next three requirements are for 8, 12, and 12 hosts. These all require 4 bits, which gives 14 usable addresses.
The routers use point-to-point links, so no more than two addresses will ever be required. This can be met by selecting a /30 prefix.
4.4
ipconfig
On a Windows host, the ipconfig command is widely used for basic configuration reporting and support tasks. ipconfig can be used as follows:
ipconfigwithout any switches will display the IP address, subnet mask, and default gateway (router) for all network interfaces to which TCP/IP is bound.ipconfig /alldisplays complete TCP/IP configuration parameters for each interface, including whether the Dynamic Host Configuration Protocol (DHCP) is enabled for the interface and the interface's hardware (MAC) address.ipconfig /renew interfaceforces a DHCP client to renew the lease it has for an IP address.ipconfig /release interfacereleases the IP address obtained from a DHCP server so that the interface(s) will no longer have an IP address.ipconfig /displaydnsdisplays the Domain Name System (DNS) resolver cache.ipconfig /flushdnsclears the DNS resolver cache.ipconfig /registerdnsregisters the host with a DNS server (if it supports dynamic updates).
ipconfig and ip
On a Linux host, when it comes to managing the running configuration, you need to distinguish between legacy and current command packages. ifconfig is part of the legacy net-tools package. Use of these commands is deprecated on most modern Linux distributions. ifconfig can still safely be used to report the network interface configuration, however.
net-tools has been replaced by the iproute2 package. These tools can interface properly with modern network configuration manager packages. As part of the iproute2 package, the ip command has options for managing routes as well as the local interface configuration. The basic reporting functionality of ifconfig (show the current address configuration) is performed by running ip addr; to report a single interface only, use ip addr show dev eth0. The ip link command shows the status of interfaces, while the ip -s link reports interface statistics.
.
The ip link set eth0 up|down command is used to enable or disable an interface, while ip addr add|delete can be used to modify the IP address configuration. These changes are not persistent and apply only to the running configuration, unless run as part of a startup script.
arp
The Address Resolution Protocol (ARP) is used by hosts to determine which MAC address is associated with an IP address on the local network. ARP queries are sent as broadcasts. ARP broadcasts can generate considerable traffic on a network, which can reduce performance. To optimize this process, the results of an ARP broadcast are cached in an ARP table. If the entry is used within the timeout period, the entry is held in the cache for a few minutes before it is deleted.
The arp command can be used to perform functions related to the ARP table cache. You would use this to diagnose a suspected problem with local addressing and packet delivery.
arp -a(orarp -g) shows the ARP cache contents. You can use this withIPAddressto view the ARP cache for the specified interface only. The ARP cache will not necessarily contain the MAC addresses of every host on the local segment. There will be no cache entry if there has not been a recent exchange of frames.arp -s IPAddress MACAddressadds an entry to the ARP cache. Under Windows,MACAddressneeds to be entered with hyphens between each hex byte.arp -d *deletes all entries in the ARP cache; it can also be used with IPAddress to delete a single entry.
ping
The Internet Control Message Protocol (ICMP) is used to report errors and send messages about the delivery of a packet. ICMP messages are generated under error conditions in most types of unicast traffic but not for broadcast or multicast packets.
ICMP can also be used to test and troubleshoot connectivity issues on IP networks. The ping command sends a configurable number and size of ICMP request packets to a destination host. ping is implemented on both Windows and Linux hosts. ping can be used to perform a basic connectivity test that is not dependent on the target host running any higher-level applications or services.
Basic ping Usage
A basic connectivity test is performed by running ping IPAddress, where IPAddress is an IPv4 or IPv6 address.
If the probe is successful (as in the first attempts shown in the screen capture), the output shows the message "Reply from IPAddress" and the time it takes for the server's response to arrive. The millisecond measures of round-trip time (RTT) can be used to diagnose latency problems on a link.
4.5
IPv4 vs IPv6
In IPv4, the addressing scheme is based on a 32-bit binary number. 32 bits can express 232 unique addresses (in excess of four billion). However, the way in which addresses have been allocated has been inefficient, leading to waste of available addresses. Inefficiencies in the addressing scheme and unceasing demand for more addresses mean that the available IPv4 public address supply is exhausted.
IP version 6 (IPv6) is designed to mitigate address exhaustion. Its 128-bit addressing scheme has space for 340 undecillion unique addresses. Even though only a small part of the scheme can currently be allocated to hosts, there is still enough address space within that allocation for every person on the planet to own approximately 4,000 addresses. As well as coping with the growth in ordinary company networks and Internet access subscribers, IPv6 is designed to meet the demands of billions of personal and embedded devices with Internet connectivity.
An IPv6 packet consists of two or three elements: the main header, which is a fixed length (unlike in IPv4), one or more optional extension headers, and the payload. As with an IPv4 header, there are fields for the source and destination addresses and the version (0110 or 0x06 for IPv6). Some of the other header fields are as follows:
Field Explanation | |
Traffic Class | Describes the packet’s priority. |
Flow Label | Used for quality of service (QoS) management, such as for real-time streams. This is set to 0 for packets not part of any delivery sequence or structure. |
Payload Length | Indicates the length of the packet payload, up to a maximum of 64 KB; if the payload is bigger than that, this field is 0, and a special Jumbo Payload (4 GB) option is established. |
Next Header | Used to describe what the next extension header (if any) is, or where the actual payload begins. |
Hop Limit | Replaces the TTL field in IPv4 but performs the same function. |
Extension headers replace the Options field in IPv4. There are several predefined extension headers to cover functions such as fragmentation and reassembly, security (IPSec), source routing, and so on.
IPv6 Address Format
An IPv6 address contains eight 16-bit numbers, with each double-byte expressed as 4 hex digits. For example, consider the following binary address:
0010 0000 0000 0001 : 0000 1101 1011 1000 : 0000 0000 0000 0000 : 0000 0000 0000 0000 : 0000 1010 1011 1100 : 0000 0000 0000 0000 : 1101 1110 1111 0000 : 0001 0010 0011 0100
This binary value can be represented in hex notation as:
2001:0db8:0000:0000:0abc:0000:def0:1234
Using canonical notation, the hex notation can be compressed further. Where a double byte contains leading 0s, they can be ignored. In addition, one contiguous series of 0s can be replaced by a double colon place marker. Thus, the prior address would become:
2001:db8:0:def0:1234
You can only use double colon compression once in a given address. For example, 2001:db8::def0:1234 is not valid as it is unclear which of the following two addresses is represented:
2001:db8:0000:0abc:0000:0000:def0:1234
2001:db8:0000:0000:0abc:0000:def0:1234
Where IPv6 addresses are used as part of a URL (web address), because both formats use colon delimiters to mean different things, the IPv6 address must be contained within brackets. For example: https://[2001:db8:0:def0:1234]/index.htm.
IPv6 Network Prefixes
An IPv6 address is divided into two parts: the first 64 bits are used as a network ID, while the second 64 bits designate a specific interface. Unlike in IPv4, the interface address (or host ID portion) is always the same 64-bit length.
In IPv6, the interface identifier is always the last 64 bits. The first 64 bits are used for network addressing.
Network addresses are written using classless notation, where /nn is the length of the network prefix in bits. Within the 64-bit network ID, as with IPv4 netmasks, the length of any given network prefix is used to determine whether two addresses belong to the same IP network. For example, if the prefix is /48, then if the first 48 bits of an IPv6 address were the same as another address, the two would belong to the same IP network. This means that a given organization's network can be represented by a global routing prefix 48 bits long, and they then have 16 bits left in the network ID to subnet their network. For example,
2001:db8:3c4d::/48
would represent a network address, while:
2001:db8:3c4d:0001::/64
would represent a subnet within that network address.
Like IPv4, IPv6 can use unicast, multicast, and anycast addressing. Unlike IPv4, there is no broadcast addressing.
IPv6 Anycast Addressing
As with IPv4, an IPv6 unicast address identifies a single network interface. IPv6 unicast addressing is scoped; a scope is a region of the network. Global scopes provide the equivalent of public addressing schemes in IPv4, while link local schemes provide private addressing.
IPv6 Global Addressing
Globally scoped unicast addresses are routable over the Internet and are the equivalent of public IPv4 addresses. The parts of a global address are as follows:
The first 3 bits (
001) indicate that the address is within the global scope. Most of the IPv6 address space is unused. The scope for globally unique unicast addressing occupies just 1/8th of the total address space. In hex, globally scoped unicast addresses will start with a 2 (0010in binary) or 3 (0011).The next 45 bits are allocated in a hierarchical manner to regional registries and from them to ISPs and end users.
The next 16 bits identify site-specific subnet addresses.
The final 64 bits are the interface ID.
Interface ID/EUI-64
The 64-bit interface ID can be determined by using two techniques.
One is by using the interface's MAC address. This is known as a MAC-derived address or interface identifier. As a MAC address is 48 bits, a translation mechanism allows driver software to create a 64-bit interface ID from these 48 bits. Formally, this is called an Extended Unique Identifier-64 (EUI-64).
Two changes occur to derive the EUI-64 interface ID from an interface’s MAC address. First, the digits fffe are added in the middle of the MAC address. Second, the first 8 bits, or 2 hex digits, are converted to binary, and the 7th bit (or U/L bit) is flipped (from 0 to 1 or 1 to 0). For example, the MAC address 00608c123abc would become the EUI-64 address 02608cfffe123abc, which (when expressed in double bytes) becomes 0260:8cff:fe12:3abc, or (without the leading 0) 260:8cff:fe12:3abc.
In the second technique, referred to as privacy extensions, the client device uses a pseudorandom number for the interface ID. This is known as a temporary interface ID or token. There is some concern that using interface identifiers would allow a host to be identified and closely monitored when connecting to the Internet, and using a token mitigates this to some degree.
IPv6 Link-Local Addressing
Link local addresses span a single subnet (they are not forwarded by routers). Nodes on the same link are referred to as neighbors. The link local range is fe80::/10. Link local addresses start with a leading fe80, with the next 54 bits set to 0, and the last 64 bits are the interface ID.
The equivalent in IPv4 is Automatic Private IP Addressing (APIPA) and its 169.254.0.0 addresses. However, unlike IPv4, an IPv6 host is always configured with link local addresses (one for each link), even if it also has a globally unique address.
A link local address is also appended with a zone index (or scope id) of the form %1 (Windows) or %eth0 (Linux). This is used to define the source of the address and make it unique to a particular link. For example, a given host may have links to a loopback address, Ethernet, and a VPN. Each of these links may use the same link local address, so each is assigned a zone ID to make it unique. Zone indices are generated by the host system, so where two hosts communicate, they may be referring to the link using different zone IDs.
While it is relatively uncommon for an interface to have more than one IPv4 address, in IPv6 it is typical for an interface to have multiple addresses.
IPv6 Multicast and Anycast Addressing
A multicast address is used to send a packet from a single source to multiple network interfaces. All IPv6 routers must support multicast. The parts of a multicast address are subdivided as follows:
The first 8 bits indicate that the address is within the multicast scope (1111 1111 or ff).
The next 4 bits are used to flag types of multicast if necessary; otherwise, they are set to 0.
The next 4 bits determine the scope; for example, 1 is node-local (to all interfaces on the same node), and 2 is link local.
The final 112 bits define multicast groups within that scope.
The Multicast Listener Discovery (MLD) protocol allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.
Broadcast addresses are not implemented in IPv6. Instead, hosts use an appropriate multicast address for a given situation. The well-known multicast addresses are ones reserved for these types of broadcast functionality. They allow an interface to transmit to all interfaces or routers on the same node or local link.
In IPv4, IP address resolution to a specific hardware interface is performed using ARP. ARP uses inefficient broadcasts and requires every node to process its messages, whether they are relevant to the node or not. IPv6 replaces ARP with the Neighbor Discovery (ND) Protocol.
Each unicast address for an interface is configured with a corresponding solicited-node multicast address. It has the prefix ff02::1:ff plus the last 24 bits of the unicast address. The solicited-node address is used by ND to perform address resolution. It greatly reduces the number of hosts that are likely to receive ND messages (down to one in most cases) and is therefore much more efficient than the old ARP broadcast mechanism.
IPv6 can also use anycast addressing, though as with IPv4, this is implemented by a routing protocol rather than having a special range of addresses. Anycast interfaces are those configured with the same IPv6 global unicast address.
IPv6 and IPv4 Transition Mechanisms
internetworks. This compatibility requirement can be implemented using dual stack hosts, using a tunneling mechanism, or by using a type of address translation.
Dual Stack
Dual stack hosts and routers can run both IPv4 and IPv6 simultaneously and communicate with devices configured with either type of address. Most modern desktop and server operating systems implement dual stack IP. Most modern dual stack systems will try to initiate communications using IPv6 by default.
Most services are addressed using names rather than IP addresses. This means that the preference for IPv6 over IPv4 or the availability of either addressing method depends on the Domain Name System (DNS) records for the network.
Dual stack IP in Windows. (Screenshot used with permission from Microsoft.)
Tunneling
As an alternative to dual stack, tunneling can be used to deliver IPv6 packets across an IPv4 network. Tunneling means that IPv6 packets are inserted into IPv4 packets and routed over the IPv4 network to their destination. Routing decisions are based on the IPv4 address until the packets approach their destinations, at which point the IPv6 packets are stripped from their IPv4 carrier packets and forwarded according to IPv6 routing rules. This carries a high protocol overhead and is not nearly as efficient as operating dual stack hosts.
In 6to4 automatic tunneling, no host configuration is necessary to enable the tunnel. 6to4 addresses use the prefix 2002::/16. 6to4 has been widely replaced by an enhanced protocol called IPv6 Rapid Deployment (6RD). With 6RD, the 2002::/16 prefix is replaced by an ISP-managed prefix, and there are various other performance improvements.
Microsoft provides support for tunneling by Windows hosts using its Teredo protocol. Teredo tunnels IPv6 packets as IPv4-based UDP messages over port 3544. Teredo requires compatible clients and servers. The open source Miredo package implements the Teredo for UNIX/Linux operating systems.
Another option for tunneling is Generic Routing Encapsulation (GRE). GRE allows a wide variety of Network layer protocols to be encapsulated inside virtual point-to-point links. This protocol has the advantage that because it was originally designed for IPv4, it is considered a mature mechanism and can carry both v4 and v6 packets over an IPv4 network.
NAT64
A third approach to transitioning from IPv4 to IPv6 is to use Network Address Translation (NAT). This is a well-known process for rewriting network addresses as they pass routing boundaries. With NAT64, an IPv6 host addresses an IPv4 host using the prefix 64:ff9b::/96 plus the 32-bit IPv4 destination address. When the packet reaches the gateway router, it strips the prefix and forwards the packet using IPv4 headers. Replies from the IPv4 host are directed to the IPv6 host by tracking connections using Transport layer port numbers.
Common IPv6 Addressing
Use the following table to help you recognize some of the commonly used classes of IPv6 address by prefix notation or leading hex digits.
Type | Prefix | Leading Hex Characters |
Global unicast | 2000::/3 | 2 3 |
Link local unicast | fe80::/10 | fe80 |
Multicast | ff00::/8 | ff |
Multicast (link local) | ff02::/16 | ff02::1 (all nodes) ff02::2 (all routers) ff02::1:2 (DHCP) |
Solicited-node | ff02::1:ff00:0/104 | ff02::1:ff |
Unspecified | ::/128 | 0::0 |
Loopback | ::1/128 | ::1 |
Documentation/Examples | 2001:db8::/32 | 2001:db8 |
Globally unique unicast addresses are also widely referred to as /48s.
The 0000::/8 block (that is, IPv6 addresses where the first bits are 0000 0000) is reserved for special functions. Within this block, there are two special addresses defined:
Unspecified address (0:0:0:0:0:0:0:0)—A host that has not obtained a valid address. This is often expressed as ::.
Loopback address (0:0:0:0:0:0:0:1)—Used for testing (for the host to send a packet to itself). This is often expressed as ::1.
4.6
IP Configuration Issues
Troubleshooting IP configuration issues takes place at the Network layer. If you can rule out a problem at the Physical and Data Link layers, the next thing to check is basic addressing and protocol configuration.
If a host cannot perform neighbor discovery to contact any other nodes on the local network, first use ipconfig (Windows) or ip or ifconfig (Linux) to verify the host configuration.
Incorrect IP Address
Each end system host must have the same netmask as its neighbors and an IP address that produces a valid, unique host address within that subnet. A neighbor in this sense is another host in the same layer 2 broadcast domain. For example, if the subnet is 192.168.1.0/24, consider the following host address configurations:
Host A: IP: 192.168.1.10, Mask: 255.255.255.0
Host B: IP: 192.168.1.11, Mask: 255.255.255.0
Host C: IP: 192.168.0.21, Mask: 255.255.255.0
Host A and Host B have valid configurations, but Host C has an address in a different subnet (192.168.0.0 compared to 192.168.1.0). Hosts A and B will try to use the default gateway to forward packets to Host C. Host C is unlikely to be able to communicate on the network at all.
When you encounter non-default masks, it can be slightly more difficult to identify valid host ranges. For example, if the subnet address is 198.51.100.16/28, consider the following host address configurations:
Host A: IP: 198.51.100.10, Mask: 255.255.255.240
Host B: IP: 198.51.100.11, Mask: 255.255.255.240
Host C: IP: 198.51.100.21, Mask: 255.255.255.240
The network prefix boundary lies within the last octet, so you cannot rely on the first three octets alone. However, if you convert the addresses to binary, you will find that Host C is in a different subnet.
Also, remember that neither the network address nor the broadcast address can be used as a host address.
Incorrect Subnet Mask
Another issue that might arise if a subnet mask is incorrect is that the host can receive communications but misroutes its replies, thinking that the hosts communicating with it are on a different subnet. The replies may still get through, although they may go via the default gateway (router), rather than directly.
Host A: IP: 192.168.1.10, Mask: 255.255.255.0
Host B: IP: 192.168.1.11, Mask: 255.255.255.0
Host C: IP: 192.168.1.21, Mask: 255.255.255.240
Because it is using a longer prefix than it should, Host C will think it needs to route to a different subnet to communicate with Hosts A and B. This will cause packets to go via the router, placing unnecessary load on it.
The other scenario for an incorrect mask is where the mask is shorter than it should be:
Host A: IP: 192.168.1.10, Mask: 255.255.255.0
Host B: IP: 192.168.1.11, Mask: 255.255.255.0
Host C: IP: 192.168.1.21, Mask: 255.255.0.0
Host D: IP: 192.168.0.10, Mask: 255.255.255.0
In this case, the problem will not be obvious if Hosts A, B, and C are attached to the same switch, as they will be able to use ARP messaging and receive replies. However, Host C will not be able to contact Host D, as it thinks that Host D is on the same local network, whereas in fact it needs to route messages for 192.168.0.0/24 via the default gateway.
Duplicate IP and MAC Address Issues
Two systems could end up with the same IP address because of a configuration error; perhaps both addresses were statically assigned, or one was assigned an address that was part of a DHCP scope. If Windows detects a duplicate IP address, it will display a warning and disable the IP. Linux does not typically disable an interface with a duplicate IP address, but it may log a warning. If there are two systems with duplicate IPs, a sort of race condition will determine which receives traffic. Obviously, this is not a good way for the network to be configured, and you should identify and fix the machines. To do this, obtain the MAC addresses of both interfaces using ping and then arp -a to examine the ARP cache table. On Linux, you can use the arping tool (arping -D) to report duplicate replies. Once identified, configure each host to use a unique address.
A duplicate MAC address will cause a problem similar to a duplicate IP address. Both hosts will contend to respond to ARP queries, and communications could be split between them or reach only one of the hosts. Duplicate MAC addresses are unlikely to arise unless the network uses locally administered addressing.
Issues with MAC addressing can be a sign that someone is attempting to perform a spoofing attack. Spoofing attacks are discussed later in the course.
To diagnose MAC address issues, use the arp utility to verify the MAC addresses recorded for each host and ipconfig or ip neigh to check the MAC address assigned to the interface. Also check the MAC address and ARP tables on any switches and routers involved in the communications path. You can use a protocol analyzer to examine ARP traffic and identify which IP hosts are attempting to claim the same MAC address.
IP Forwarding Issues
Ping the loopback address (
ping 127.0.0.1) to verify TCP/IP is installed and loaded correctly. If this fails, reinstall the network protocol stack.Ping the IP address of the local host to verify it was added correctly and to verify that the network adapter is functioning properly. If you cannot ping the host's own address, there might have been a configuration error, or the network adapter or adapter driver could be faulty.
Ping the IP address of the default gateway to verify it is up and running and that you can communicate with another host on the local network.
Ping the IP address of other hosts on the same subnet to test for local configuration or link problems.
If a local host cannot be pinged and the error is destination unreachable, then verify the IP configuration does not contain an incorrect IP address or netmask. If these are correct but pings still time out, suspect either a security issue (such as a switch port security issue) or a problem at the Data Link or Physical layer.
Ping the IP address of a remote host to verify you can communicate through the router. If a remote IP address cannot be contacted, check the default gateway parameter on the local host to rule out an incorrect default gateway issue. If the gateway is configured correctly and you can ping the router, you need to start investigating the routing infrastructure.