đź’ľ SHAUN PORTER

1.4 IP Subnetting

Dec 03, 202412 min read

1.4 Given a scenario, configure a subnet and use appropriate IP addressing schemes.

  • Public vs. private

    • **RFC1918 **
      • Are private IP addresses are used for network communication on an internal network and are not routable on the public internet
      • The three defined address ranges in RFC 1918 are:
        • 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
        • 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
        • 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
      • IPV6 Private address: fc00::/7
    • Network address translation (NAT)
      1. Private Network: Devices within a local network are assigned private IP addresses, as defined in RFC 1918 (such as the ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16).
      2. NAT Router: A NAT-enabled router or gateway sits between the private network and the public internet. The router has at least one public IP address facing the internet and assigns private IP addresses to devices within the local network.
      3. Translation: When a device from the local network wants to communicate with the internet, the NAT router modifies the source IP address and port number in the outgoing packets, replacing the private IP address with its own public IP address. This process is known as “source NAT” or “SNAT.”
      4. Tracking: The NAT router keeps track of the translation in a translation table. When responses come back from the internet, it uses this table to determine which private IP address and port to forward the incoming packets to. This process is known as “destination NAT” or “DNAT.”
    • Port address translation (PAT)
      • is an extension of Network Address Translation (NAT)
      • By using different port numbers, PAT allows multiple devices within the private network to share the same public IP address simultaneously. When responses come back from the internet, the NAT router uses the translation table to correctly forward the incoming packets to the appropriate device based on the combination of the public IP address and port number.
        1. Private Network: Devices within a local network have private IP addresses.
        2. NAT Router: The NAT router has a single public IP address, and it performs the translation of private IP addresses to the public IP address along with port numbers.
        3. Port Mapping: When a device initiates a connection to the internet, the NAT router assigns a unique source port number to that connection. The combination of the private IP address, the original source port, and the public IP address forms a unique translation entry in the NAT translation table.
        4. Translation Table: The NAT router maintains a translation table that keeps track of the source IP address, source port, destination IP address, and destination port for each active connection.

  • **IPv4 vs. IPv6 **

    • We found out pretty quickly that there were not enough IPv4 addresses given the amount of people and devices that wanted access to the internet
    • The IPv6 addressing scheme was developed as a successor for the IPv4 addressing scheme
      • IPv4 addresses are made up of a 32-bit numerical number grouped in 4 octets
        • IPv4 Public address: 104.95.181.163
      • IPv6 addresses are made up of 128-bit hexadecimal configuration grouped in 8 octets
        • IPv6 Public address: 2a02:26f0:a1:685:0000:356e
        • 340 undecillion addresses
    • Automatic Private IP Addressing (APIPA)
      • A Dynamic Host Configuration Protocol server automatically assigns IP addresses to hosts on the internal network. If the DHCP server is not available to assign IP addresses, the host device can generate an IP address.
      • The APIPA IP address for IPv4 and IPv6 addresses are referred to as a Link-Local address and are automatically generated by the host.
        • IPv4 APIPA IP address: 169.x.x.x
        • IPV6 APIPA IP address: fe80::/10
    • Extended unique identifier (EUI-64)
      • A benefit that an IPv6 addressing scheme has over IPv4 is the ability for the host to generate a unique IPv6 IP address by implementing an Extended Unique Identifier.
      • The unique IP address is generated without the need for a DHCP server or through manual assignment.
      • These types of addresses are generated by the host using the MAC address of the Network Interface Card (NIC).
      • A MAC Address is a 48-bit hexadecimal number unique to the NIC. The host utilizes the MAC address by dividing it into two 24-bit parts and adding the 16-bit value of 0xFFFF in between to create the unique IPv6 IP address.
      • This is also known as Stateless Address Autoconfiguration (SLAAC).
      • example
        • MAC Address: 12:11:5f:AC:7B:77
        • Generated IPv6 IP Address: 12:11:5f:FF:FE:AC:7B:77
    • Multicast
      • Multicast addressing is used to send network traffic from a single device to several other network devices
    • Unicast
      • a unicast address is direct communication between two devices.
    • Anycast
      • An Anycast addressing scheme is configured by applying a single IP address to multiple devices.
      • Devices on the network that needs to access these endpoints will access the closest endpoint of the configured devices.
      • Anycast addresses must be assigned to routers and not host devices to facilitate the communication.
      • Anycast addresses are Unicast addresses that are assigned to the interface of the router.
    • Broadcast
      • Broadcast IP addresses are used to send network communication to all the devices connected to a specific subnet of the network.
      • Broadcasting network traffic to all devices on the network has a negative effect on the network performance and is not recommended.
      • An example is an IPv4 network with the following configuration:
        • 192.168.0.0/24
      • The broadcast address for the specific configuration will be:
        • 192.168.0.255
      • With the development of the IPv6 IP addressing scheme, Broadcast IP addresses were replaced with Anycast addressing solution.
    • Link local
      • used for local communication within a single network segment or “link.” In IPv4, link-local addresses fall in the 169.254.0.0/16 range, and in IPv6, they start with FE80::/10
        • Link-local addresses allow devices to communicate within a local network without needing a DHCP server or manual IP assignment. This automatic assignment happens when a device fails to obtain an IP from a DHCP server.
        • Link-local addresses are only meant for local communication within a subnet or network segment. Routers do not forward packets with link-local addresses, making them unsuitable for inter-subnet communication.
        • Link-local addresses are often used for device discovery and simple, local-only networking needs, like configuring printers, IoT devices, or network diagnostics when DHCP isn’t available.
    • Loopback
      • A Loopback IP address is used to test the functionality of the Network Interface Card (NIC).
      • The network traffic that is generated is sent back to the local host.
      • The following are different loopback addresses for IPv4 and IPv6 IP address ranges:
        • IPv4 Loopback address: 127.0.0.1
        • IPv6 Loopback address: ::1/128
    • Default gateway
      • A default gateway is used by internal network devices to communicate to externally located network devices or resources.
        • For example, when a user tries to connect to an external website, the request to access the website will be sent to the default gateway.
        • The response from the website will then be passed to the default gateway directing the traffic to the device that requested it.
      • Depending on the network configuration, a default gateway address can either be an IPv4 or an IPv6 IP address.

  • IPv4 subnetting

    • **Classless
      • variable-length subnet mask (VLSM)
      • Using VLSM allows IP address ranges to be split into smaller subnets, minimizing unused IPs
      • Routers handle VLSM by supporting classless routing protocols, like OSPF or RIP v2, which allow for routes with various subnet masks, ensuring each subnet is properly routed based on its specific mask length.
    • Classful
      • Classful IPv4 IP Addressing Schema
      • The IPv4 addressing schema consists of different classes which can be used in different types of networks depending on the size of the network. Each class is further divided into a Public and a Private IP range. Below different classes will be identified.
        • Class A IPv4 Range
          • The Class A IPv4 classful IP range has got the most available hosts, and the IP ranges consist of the following:
            • IP Range:     1.0.0.0 - 127.255.255.255
            • Subnet Mask:  255.0.0.0
          • A Class A IP range has got 2,147,483,648 available hosts on the network. Every class of the IPv4 range is broken down into public and private ranges, where private ranges are used on the internal network and public ranges for external use.
          • The private range for a Class A IP range are the following:
            • IP Range:    10.0.0.0 - 10.255.255.255
            • Subnet Mask:  255.0.0.0
            • Available hosts:  16,777,216
          • An important fact for the Class A range is to remember that the following range has been allocated for the Loopback address:
            • IP Range:     127.0.0 - 127.255.255.255
          • The Loopback range is used to test if the Network Interface card is functioning, and in a real-world scenario, only the following will be used to test using the ping command even though the whole range is available:
            • 127.0.0.1
        • Class B IPv4 Range
          • A Class B IPv4 classful IP range is normally used in a medium-sized network where there are not as many IP addresses needed as compared to Class A. It consists of the following range:
            • IP Range: 128.0.0.0 - 191.255.255.255
            • Subnet Mask: 255.255.0.0
          • A Class B IP range has 1,073,741,824 available hosts in whole and, similar to the Class A Range, has a specific allocated range for private networks. It consists of the following range:
            • IP Range: 172.16.0.0 - 172.31.255.255
            • Subnet Mask: 255.255.0.0
            • Available hosts: 65536
          • A block of IP addresses from Class B is reserved for the Automatic Private IP Addressing (APIPA).
            • These IP addresses will be allocated if a DHCP server is not available.
            • The following is the APIPA range:
              • IP Range: 169.254.0.0 - 169.254.255.255
        • Class C IPv4 Range
          • Smaller business and home users will normally be allocated a Class C IP address range, as this range has fewer available hosts IP addresses than the other classes. It consists of the following range:
            • IP Range: 192.0.0.0 - 223.255.255.255
            • Subnet Mask: 255.255.255.0
          • The specific private range allocated to Class C is the following:
            • IP Range: 192.168.0.0 - 192.168.255.255
            • Subnet Mask: 255.255.255.0
            • Available hosts: 256
        • Class D IPv4 Range
          • The classful Class D IPv4 range is used as a multicast IP addressing solution.
          • This IPv4 IP range cannot be assigned to a network device or a host on the network. Multi-casting was developed to send network communication from one device to many devices on the network. It consists of the following range:
            • IP Range: 224.0.0.0 - 239.255.255.255
        • Class E IPv4 Range
          • The Class E IPv4 IP range is not used in a production environment, whether it being private or public IP addressing. This class is reserved for future use and consists of the following range:
            • IP Range: 240.0.0.0 - 255.255.255.255
    • Classless Inter-Domain Routing (CIDR) notation
      • a method used to allocate and specify IP addresses for routing in the Internet. CIDR allows for more flexible allocation of IP addresses than the older system of class-based addressing (Class A, B, and C networks) by allowing the creation of variable-sized address blocks.

  • IPv6 concepts

    • Tunneling
      • To enable the communication between IPv4 and IPv6 devices, one of the solutions is the use of a tunnelling protocol. A tunnelling protocol works on the principle of encapsulating the IPv6 network traffic with an IPv4 packet and vice versa, thus ensuring different devices can communicate with each other.
      • Different types of tunnelling IPv6 traffic exist. These include the following:
        • Manual IPv6 tunnelling
        • Automatic IPv4 compatible tunnel configuration
        • Generic Routing Encapsulation
        • 6to4 Tunnelling configuration
        • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Configuration
    • Dual stack
      • With the implementation of IPv6, it became a necessity that IPv4 and IPv6 devices will be able to communicate. With this evolution, an evolution in the development of operating systems occurred. Starting from Windows 7 Service Pack 2, the dual-stack network configuration was available, which ensured that the different devices would be able to communicate with each other. All the later versions of Windows were enabled to facilitate this communication.
    • Shorthand notation
      • The full IPv6 address is typically written as eight groups of four hexadecimal digits separated by colons
      • IPv6 shorthand notation allows you to simplify this by removing leading zeros within each group and by representing consecutive groups of zeros with a double colon (::), but only once within an address. For example:
        • full IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
        • shortened IPv6 address: 2001:db8:85a3::8a2e:370:7334
      • Leading Zeros: Remove leading zeros within each group. For example, “00db” becomes “db.”
      • Consecutive Zeros: Collapse consecutive groups of zeros into a double colon (::), but only once in an address. This can be done when there are consecutive groups of zeros between non-zero groups. In the example above, “0000:0000” is replaced by ”::.”
      • eg
        • 2600:DDDD:1111:0001:0000:0000:0000:0001
        • remove leading 0’s
          • 2600:DDDD:1111:1:0:0:0:1
        • Abbreviate 2+ groups of zeros with double colons
          • 2600:DDDD:1111:1::1
    • Router advertisement
      • Router Advertisements are crucial for the automatic configuration of IPv6 addresses and network parameters, enabling efficient self-configuration of devices on the network.
    • Stateless address autoconfiguration (SLAAC)
      • IPv6 feature allowing devices to configure their own addresses without DHCP

  • Virtual IP (VIP) or Virtual IP Address (VIPA)

    • A Virtual IP address (VIP) is not assigned to specific physical network adapters.
    • VIP can be assigned to multiple servers or domain names.
      • For example, if a company hosts a website, a VIP can be assigned to the cluster of web servers.
      • Instead of being dependent on physical adapters, the network traffic is distributed through the VIP to an available physical network adapter.
      • This increases the availability and redundancy of the network.
      • By assigning a virtual IP address to a host, it no longer needs to depend on specific individual network interfaces. Incoming packets target the host’s VIPA, but all are routed through to actual, specific network interfaces.
      • VIPA helps to provide load balancing for incoming traffic, where switches or routers behind the scenes can distribute them evenly among a pool of available network interfaces.
    • A primary advantage of VIPA is to eliminate host dependencies on specific, individual network interfaces.

  • Subinterfaces

    • Routers can be configured with subinterfaces.
    • A subinterface is a virtual interface that is created on the physical interface of the router.
    • Several subinterfaces can be created on the physical interface of the router.
    • The subinterface uses the physical interface to send and receive network traffic.

Links to Videos and Additional reading

Professor Messer - 1.4 IP Subnetting

Graph View

Backlinks