NET 226 - Designing Internetwork Solutions

Chapter 6, Designing Models for Addressing and Numbering

Objectives:

This lesson begins with assigning addresses and names to hosts, and continues with protocol choices on your network. Objectives important to this lesson:

1. Guidelines for Network Layer Addresses
2. Structured model and room for growth
3. Central Address Administration
4. Dynamic Addressing
5. Private Addressing
6. Hierarchical Routing
7. Classful Routing and Classless Interdomain Routing (CIDR)
8. A Model for Naming
   
   

Chapter 6

Guidelines for Network Layer Addresses

The text offers a list of guidelines for making address assignments in your network on page 168. The author expands on many of them in the pages that follow, but not in the order of her advice, so let's do what we can with it.

• Create a structured model (scheme) for address assignment before you assign any addresses.
• Leave room for growth in each subunit of the network to avoid renumbering several areas.
• Use a hierarchy of assignment: one network at the top, spreading to subnets as you go down.
• Assign addresses based on physical location not on groups. Groups and individuals move from one location to another regularly.
• Use DHCP wherever possible.
• Use private addresses and Network Address Translation when accessing the Internet. This will aid security in your network.

Structured Model and Room for Growth

Assign an address to the enterprise network first, then subnet that address as need for each location, then subnet each of those subnets as needed for the divisions in the location. Plan each subnet to be larger than your immediate needs. Keep in mind that you will lose some addresses with each subnet you create, so don't make more than you need. Lose addresses? Remember that when you subdivide a subnet mask, you are creating a series of addresses which are assigned to the new subnets themselves and to their broadcast addresses, and which you cannot use as addresses for hosts. This means that you can run out of usable addresses or allocate addresses that will never be used if you start numbering without a plan. This is one reason that address schemes often use a ten-dot address as the starting address for the enterprise. It gives us the greatest flexibility for creating subnets and for those subnets to have large or small numbers of hosts.

Central Address Administration

The author lists some questions that should be helpful in planning your network addresses, but some of them will have standard answers:

• Are public, private, or both address types required? The answer will always be both, if the network has to connect to the Internet for incoming or outgoing requests.
• How many systems will need access to the private network only? (Very few.)
• How many will need to be visible to the public network? (The ones you place on the DMZ, the publicly accessible portion of your network.)
• How will translation between public and private addresses occur? This can vary. Often, it is done by a border gateway router, or a router run by your ISP.

The author lists several agencies, Regional Internet Registries (RIRs), that should be consulted when requesting public (registered) IP addresses). These are the regional authorities responsible for administering addresses in various parts of the world. They all operate under the authority of IANA.

• ARIN - North America and part of the Caribbean
• RIPE - Europe, Middle East, and Central Asia
• APNIC - Most of Asia and the Pacific Rim
• LACNIC - Latin America and the rest of the Caribbean
• AfriNIC - Africa

The assignment of public addresses by these entities goes back many years to a time when Internet use was not so common. Most assignable IPv4 addresses have been assigned, but there is space for enterprises requesting IPv6 addresses. The text calls the addresses assigned by these agencies provider-independent address space. This means if I request and receive such IP addresses, they are independent of the IP addresses used by my ISP or my Domain Provider.

Most enterprises do not need to use such addresses. For outgoing traffic, they rely on addresses already assigned to their ISPs and on Network Address Translation to bridge the gap between the ISP's addresses and their own network addresses. This is what makes it possible to connect from a network with private addresses to a web server on the Internet.

A different trick is used to put up a web site when you don't have a server with a public address. This is what makes my web site work. You are actually connecting to it by way of an address stored in a DNS server, like any other website. That address belongs to my domain registry provider, who is Yahoo. This is called using provider-assigned address space. Yahoo is not my ISP, but they handle my domain registration and host my website. Sometimes you use the same entity for both services, but it is not a rule.

The author considers whether to allow branches of the network to administer their own address schemes. She makes it clear that this must be a cooperative effort, to avoid duplicate addresses. It should only be pursued if there are experienced staff at the branch locations, and if they are in agreement about standards for the environment.

Dynamic Addressing

Dynamic addressing is usually done with DHCP, and is usually the default for network devices. Dynamic addressing can mean that a given device may have a different address each time it boots up, if it is not started or used regularly. In practice, it will probably get the same address each time it receives one. The author suggests that some devices on a network should have static addresses, which must be excluded from the ranges of addresses that your DHCP servers assign. These devices should include:

• servers
• routers
• switches
• printers
• network management systems
  

Note the list of considerations on page 171 that may help you decide whether you should be using static or dynamic addressing for a given device. On the next page there is a discussion about precursors to DHCP, and using DHCP in its three modes: permanent assignment of an address by the DHCP server (automatic allocation), temporary assignment of an address by the DHCP server (dynamic allocation), and delivery of an address chosen by an administrator, but given to the device by the DHCP server (manual allocation).

I mentioned how DHCP works in last week's class. Dynamic Host Configuration Protocol uses two ports, but does not establish a connection on either of them.

• The workstation sends the Discovery transmission as a broadcast on port 67.
• The server sends its Offer message on port 68.
• The workstation sends the Request transmission as a broadcast on port 67.
• The server sends its Acknowledgment message on port 68.
  

UDP is used for all four transmissions.

Since broadcasts are typically contained by the boundaries of a subnet, there would have to be one DHCP server for every subnet, but this is not necessary. Routers can be configured to act as DHCP relay agents. This causes them to send DHCP messages across network links as needed. Note the explanation box on page 174 that tells us that the routers only need to be told to forward the UDP traffic on port 67.

Private Addressing

A bit late in the game, the text introduces that idea of private IP addresses on page 175. On page 176, we see the ranges of the private addresses in Classes A, B, and C.

One way to recognize the class of a given address is to know the range of possible addresses in each class. The five classes of addresses are defined as limited to specific ranges of values of the first byte. The numeric ranges are hard to remember until you see a chart that explains what the ranges have to do with the binary version of the first octet.

Remember the basics of binary notation: a byte has eight bits. Each bit is a digit in a binary number. Since we can only use 1s and 0s in binary notation, we either have (1) or don't have (0) the number of units represented by a position in the binary number.

Values of Positions in a Byte

Bit position:	7	6	5	4	3	2	1	0
Value of Position (if a 1 is in it):	128	64	32	16	8	4	2	1

Reading from left to right, if the first bit (position 7, above) of the first octet (another word for a byte) is a zero, that octet must represent a number less than 128. This defines a class A address: the first octet must be 127 or less. Consider it this way:

• Class A - first bit is a 0, range for the byte is 0 to 127
• Class B - first bit is a 1, second is a 0, range for the byte is 128 to 191
• Class C - first two bits are 1s, third is a 0, range for the byte is 192 to 223
• Class D - first three bits are 1s, fourth is a 0, range for the byte is 224 to 239
• Class E - first four bits are 1s, fifth is a 0, range for the byte is 240 to 255

Private addresses are not routable on the Internet. They are perfectly routable on your own private network. They can connect to the Internet when you use Network Address Translation, which can be done on your own NAT server if you have been assigned a public address range, or it can be done by your ISP as discussed above.

Hierarchical Routing

The author spends half a page on the benefits of hierarchical routing, then begins to explain it on page 179. Her explanation includes a good argument that it simplifies finding a route to a specific network. We should consider that a network can act like her example of a ten digit phone number, in which the packets are passed up to a router that can handle the first three digits, then to a router that can handle the next three digits, then finally to a switch that can handle the last four digits. IP addresses in the real world are not assigned that way, but in our own private number scheme, they can function just like that.

Classful Routing and Classless Interdomain Routing (CIDR)

The text reminds us that IPv4 addresses are composed of two parts, a part that identifies a network and a part that identifies a host. The text refers to the network portion of the address as a prefix. The length of the prefix for any network is usually defined by a subnet mask that corresponds to Class A, B, or C addresses.

When we actually create subnets from a classful network address, we have to modify the subnet mask. By borrowing (stealing) one bit, two subnets are theoretically possible. However, as a general rule, subnet addresses using all 1s or all 0s are not used, so borrowing one bit will usually not yield any usable subnet addresses. This is why the traditional formula for number of usable subnets is:
2^N - 2 = number of subnets (where N is the number of bits borrowed).

Assume we borrow two bits in each of the three classes above. Borrowed bits are shown in red in the resulting subnet mask numbers below:

Subnet Masks if Borrowing 2 Bits

	Decimal Mask	Binary Mask
Class A	255.192.0.0	11111111.11000000.00000000.00000000
Class B	255.255.192.0	11111111.11111111.11000000.00000000
Class C	255.255.255.192	11111111.11111111.11111111.11000000

Note that the subnet masks above do not match the standard masks from the previous table. The standard masks are classful masks, because they match the intended use of class address schemes. The masks above are classless, because they do not match any network class. Classless Inter-Domain Routing (CIDR) is a router standard that allows the use of classless subnet masks. In the CIDR standard, IP addresses are followed by a slash and the decimal number of bits used in the network portion of the subnet mask.

An example of CIDR notation might be 10.12.78.0/24. This example shows a network address, 10.12.78.0. It is followed by a forward slash, and the number 24. The number 24 means that the subnet mask for addresses on this network uses 24 bits as network identifiers. This is the same thing as saying that the subnet mask for this network uses 3 bytes as network identifiers, which is the same thing as saying the subnet mask is 255.255.255.0. In the table below, the same network is described three ways. Each is telling us the same thing: IP addresses on this network hold network information in the first three bytes, and host information in the fourth.

3 descriptions of the same network	Example
subnet mask	255.255.255.0
number of bytes that hold network bits	3
CIDR notation	/24

When addresses are sent on networks that allow CIDR notation, they can include this helpful notation that is the equivalent of sending the subnet mask along with the address. This is particularly helpful in networks that use subnetting. In such cases, the number following the forward slash probably will not be a multiple of 8.

The text lists several routing protocols that support CIDR on page 181:

• Routing Information Protocol 2 (RIP2)
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• Open Shortest Path First (OSPF)
• Border Gateway Routing Protocol (BGP)
• Intermediate System to Intermediate System (IS-IS)

We are told that we should be able make use of route summarization (aggregation) to keep the size of routing tables smaller. This is important because routers advertise their tables to each other and because they search their tables for routes. A smaller table means less traffic in advertisements, and faster searches when those tables are used. 

The concept of summarization is shown nicely on page 182. A branch office contains networks 172.16.0.0, 172.17.0.0, 172.18.0.0, and 172.19.0.0. The route to all of these can be summarized as 172.16.0.0/14. Why? Look at the chart on page 182 that shows the second octet of their addresses in binary. Their addresses vary only in their 15th and 16th bits. It is tempting to say that we could summarize these routes as /12, but that would also include 172.20.0.0 through 172.31.0.0 which may be in reserve for this office, or may be in use at another office.

The text does not explain something about this example. You can summarize this route as 172.16.0.0/14 because it meets the author's tests. Let's state them in another way:

• All listed addresses share the same first x bits.
• The addresses summarized exhaust the permutations of bits that can be made in the remainder of the the byte holding subnet addresses: 8 - x
  

This is why the author's second example does not work. The problem proposes that we summarize 192.168.32.0, 192.168.33.0, 192.168.34.0, 192.168.35.0, and 192.168.36.0 as 192.168.32/something. We would be fine for some of the addresses, but the last one kills our plans. Look at the binary version of the third byte in each case:

If we only cared about summarizing 32 through 35, we could say the leftmost six bits are identical in each case. That would lead us to say the summary route is 192.168.32.0/22. However, 192.168.36.0 breaks into the next bit. It now takes three bits to describe our subnets instead of two. So, what's wrong with saying we should summarize as 192.168.32.0/21? A lot. That summary would also include 192.168.37.0 through 192.168.39.0. Your summary must always include the numbers that would result in filling the subnet portion of the address with 1s, and all the addresses less than that, back to your summary address. If you are not including those subnets, your summary is invalid.

A Model for Naming

Let's move on to the naming section of the chapter on page 189. The text advises us that naming standards vary from one environment to another (e.g. WINS, Active Directory, Internet Domains). We are offered advice in the form of general suggestions that make sense:

• avoid spaces and special characters because some application can't use those characters
• use prefixes and abbreviations that can be found in references, such as airport codes for geographic locations
• use part of the name to indicate the type or function of a device
• plan for as many different kinds of devices as you can imagine, to avoid having no standard for a device type when it is suddenly needed
  

Week 6 Assignment: Chapter 6 From Chapter 6: Review Questions 1 - 4 on page 196 Read Chapter 7