Wednesday, 28 November 2007

Subnetting Made Easy - Critically Acclaimed!


We need to start with the fundamentals of IP addressing. An IP address is made up of 32 bits, split into 4 octets (oct = 8, yes?). Some bits are reserved for identifying the network and the other bits are left to identify the host.

There are 3 main classes of IP address that we are concerned with.

Class ARange 0 - 127 in the first octet (0 and 127 are reserved)
Class BRange 128 - 191 in the first octet
Class CRange 192 - 223 in the first octet


Below shows you how, for each class, the address is split in terms of network (N) and host (H) portions.



NNNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHHClass A Address
NNNNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHHClass B Address
NNNNNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHHClass C Address


At each dot I like to think that there is a boundary, therefore there are boundaries after bits 8, 16, 24, and 32. This is an important concept to remember.

We will now look at typical questions that you may see on subnetting. More often than not they ask what a host range is for a specific address or which subnet a certain address is located on. I shall run through examples of each, for each class of IP address.

What subnet does 192.168.12.78/29 belong to?

You may wonder where to begin. Well to start with let's find the next boundary of this address.

Our mask is a /29. The next boundary is 32. So 32 - 29 = 3. Now 23 = 8 which gives us our block size.

We have borrowed from the last octet as the 29th bit is in the last octet. We start from zero and count up in our block size. Therefore it follows that the subnets are:-

192.168.12.0
192.168.12.8
192.168.12.16
192.168.12.24
192.168.12.32
192.168.12.40
192.168.12.48
192.168.12.56
192.168.12.64
192.168.12.72
192.168.12.80
.............etc


Our address is 192.168.12.78 so it must sit on the 192.168.12.72 subnet.

What subnet does 172.16.116.4/19 sit on?

Our mask is /19 and our next boundary is 24. Therefore 24 - 19 = 5. The block size is 25 = 32.

We have borrowed into the third octet as bit 19 is in the third octet so we count up our block size in that octet. The subnets are:-

172.16.0.0
172.16.32.0
172.16.64.0
172.16.96.0
172.16.128.0
172.16.160.0
.............etc


Our address is 172.16.116.4 so it must sit on the 172.16.96.0 subnet. Easy eh?

What subnet does 10.34.67.234/12 sit on?

Our mask is 12. Our next boundary is 16. Therefore 16 - 12 = 4. 24 = 16 which gives us our block size.

We have borrowed from the second octet as bit 12 sits in the second octet so we count up the block size in that octet. The subnets are:-

10.0.0.0
10.16.0.0
10.32.0.0
10.48.0.0
.............etc


Our address is 10.34.67.234 which must sit on the 10.32.0.0 subnet.

Hopefully the penny is starting to drop and you are slapping the side of your head realising that you were a fool to think it was hard. We will now change the type of question so that we have to give a particular host range of a subnet.

What is the valid host range of of the 4th subnet of 192.168.10.0/28?

Easy as pie! The block size is 16 since 32 - 28 = 4 and 24 = 16. We need to count up in the block size in the last octet as bit 28 is in the last octet.

192.168.10.0
192.168.10.16
192.168.10.32
192.168.10.48
192.168.10.64
.................etc


Therefore the 4th subnet is 192.168.10.48 and the host range must be 192.168.10.49 to 192.168.10.62, remembering that the subnet and broadcast address cannot be used.

What is the valid host range of the 1st subnet of 172.16.0.0/17?

/17 tells us that the block size is 224-17 = 27 = 128. We are borrowing in the 3rd octet as bit 17 is in the 3rd octet. Our subnets are:-

172.16.0.0
172.16.128.0


The first subnet is 172.16.0.0 and the valid host range is 172.16.0.1 to 172.16.127.254. You must remember not to include the subnet address (172.16.0.0) and the broadcast address (172.16.127.255).

What is the valid host range of the 7th subnet of address 10.0.0.0/14?

The block size is 4, from 16 - 14 = 2 then 22 = 4. We are borrowing in the second octet so count in the block size from 0 seven times to get the seventh subnet.

The seventh subnet is 10.24.0.0. Our valid host range must be 10.24.0.1 to 10.27.255.254 again remebering not to include our subnet (10.24.0.0) and the broadcast address (10.27.255.255).

What if they give me the subnet mask in dotted decimal?

If you're lucky and they give you a mask in dotted decimal format then you should have an even easier time. All you need again is your block size.

Let's say they have given a mask of 255.255.255.248 and you wish to know the block size. Here's the technique:

1. Starting from the left of the mask find which is the first octet to NOT have 255 in it.

2. Subtract the number in that octet from 256 to get your block size (e.g. above it is 256 - 248 = block size of 8).

3. Count up from zero in your block size in the octet identified in step 1 as you have learned above (the example above would be in the last octet).


Another example is a mask of 255.255.192.0 - you would simply count up in 256 - 192 = 64 in the third octet.

One more example is 255.224.0.0 - block size is 256 - 224 = 32 in the second octet.

What other questions may they ask?

You may find they ask for how many bits you need to borrow for a certain amount of subnets, the subnet mask needed for a certain number of hosts, or the number of hosts per subnet. THESE ARE ALL EASY TO CALCULATE! All you need to remember is that you borrow bits for subnets and reserve bits for hosts.

There are two simple formulas:

Number of subnets = 2n where n is the number of bits borrowed

Number of hosts = 2(32 - n) - 2 where n is the number of bits in your subnet mask


Let's think of some questions. How many bits do you need to borrow to accommodate 6 subnets? No matter what address you are given the maths is still the same. The formula is 6 = 2n so you must find n which in this case is 3 as n = 2 gives only 4 subnets and n = 3 gives 8 subnets. Simply add n to your mask for your new subnet mask. For example, if you had a /24 address and you wanted 8 subnets then your mask will be 24 + 3 = /27.


What subnet mask should you use if you wanted 60 hosts per subnet? The formula is 60 = 2(32 - n) - 2 so you must find n which is 26. This is easy to find as you know that 26 - 2 = 62 so simply subtract 6 from 32 to get the 26. Therefore your mask is /26.

Lastly the number of hosts per subnet. How many hosts per subnet in the address 172.16.0.0/23? You have a /23 address therefore you formula is x = 2(32 - 23) - 2 = 29 - 2 = 510.

Another typical question they may ask will be giving you an IP address and mask and asking how many subnets and hosts there are from that address, for example:

Question: How many subnets and hosts per subnet can you get from the network 172.30.0.0/28?

From this you only need two pieces of information:

1. The default subnet mask of the address class.
2. The subnet mask in the question

Using the example above we know that:

1. The default subnet mask is /16 as the address given is a class B address
2. The subnet mask in the question is /28

The number of subnets = 2 ^ (subnet_mask_in_question - default_subnet_mask)
The number of hosts = (2 ^ (32 - subnet_mask_in_question)) - 2

For our example question the number of subnets = 2 ^ (28 - 16) = 2 ^ 12 = 4096 subnets.
The number of hosts = (2 ^ (32 - 28)) - 2 = (2 ^ 4) - 2 = 14 hosts per subnet

Let's use another address: 192.168.1.0/29

We know that:

1. The default subnet mask is /24 as the address given is a class C address
2. The subnet mask in the question is /29

The number of subnets = 2 ^ (29 - 24) = 2 ^ 5 = 32 subnets.
The number of hosts = (2 ^ (32 - 29)) - 2 = (2 ^ 3) - 2 = 6 hosts per subnet

Finally, let's use another address: 10.1.1.0/24

We know that:

1. The default subnet mask is /8 as the address given is a class A address
2. The subnet mask in the question is /24

The number of subnets = 2 ^ (24 - 8) = 2 ^ 16 = 65536 subnets.
The number of hosts = (2 ^ (32 - 24)) - 2 = (2 ^ 8) - 2 = 254 hosts per subnet

Easy isn't it?

What now?

Now it's time to go and pick up those books again and go straight to the practice questions, completely by-passing any of their techniques. Use my method and you will be laughing!

If you are unsure that you have the correct answers why not download a subnet calculator to double-check your answers? There is a great one by 3Com and can be downloaded from here.

Happy subnetting!

Tuesday, 27 November 2007

OSPF and NBMA Networks

Confused about which NBMA network type requires a DR/BDR or neighbours to be statically defined? Worry no longer..............................

If the keyword nonbroadcast is within the network type (i.e. ip ospf network non-broadcast, or ip ospf network point-to-multipoint non-broadcast) then neighbours must be defined.

If the keyword point is within the network type (i.e. ip ospf network point-to-point, ip ospf network point-to-multipoint, ip ospf network point-to-multipoint non-broadcast) then a DR/BDR is NOT elected.

You may see a question which has an output showing the network type as point-to-multipoint. It will then ask you to choose a couple of correct answers. From above we know the answer to be that DR/BDR are not elected and neighbours do not need to be statically defined.

HTH!

Friday, 23 November 2007

Route Summarization

Some people get really confused when it comes to route summarization, probably more so with the different names given to it:

Route Summarization
Supernetting
Aggregate Address
Summary Address

Actually, I get more confused typing out this thing as being English I want to replace the z in "summarization" with an s, but as it's Cisco I best keep the z in, lol. I also get this with "neighbor" versus "neighbour".

Anyway, I digress. The above terms all mean the same thing.

What is summarization?

The process of taking a range of IP addresses and advertising them in one address block. The most well-known summarization/supernet is the RFC1918 Class B Range. More commonly we know the range to be 172.16.0.0 - 172.31.255.255, however the supernet is 172.16.0.0/12. You see what has happened there? We've taken a range of addresses and squashed it into one advertisement.

What are the benefits of summarization?

Quite clearly, if we have just one address instead of lots of individual addresses then the routing table is going to be smaller. This in turn means that memory requirements are reduced.

The less obvious benefit is that summarization means you're tracking whether or not you're connected to some subnets of a summary, not the up/down state of every link. Thus when the link goes up or down, you don't have a flurry of traffic announcing the state change.*

How to summarize/supernet?

This is what you really want to know isn't it? Well it's dead simple.

The first method shows you the long way.

1. Starting from the left of the IP address, identify the first octet that has a change of address in it. For example, the Class B RFC1918 range, the IP address first changes in the second octet (i.e. 172.16.x.x - 172.31.x.x).

2. Write out the binary equivalent of the address up to and including the changing octet. So for example the range above is:

10101100.00010000 = 172.16
10101100.00010001 = 172.17
10101100.00010010 = 172.18
10101100.00010011 = 172.19
10101100.00010100 = 172.20
10101100.00010101 = 172.21
10101100.00010110 = 172.22
10101100.00010111 = 172.23
10101100.00011000 = 172.24
10101100.00011001 = 172.25
10101100.00011010 = 172.26
10101100.00011011 = 172.27
10101100.00011100 = 172.28
10101100.00011101 = 172.29
10101100.00011110 = 172.30
10101100.00011111 = 172.31

3. From this list, count from the left how many bits are the same in each address. If we look at it we see that the first 12 bits for each address is the same so that gives us our mask in slash notation. We therefore start at our first address 172.16.0.0 and append our mask so the summary address is 172.16.0.0/12.

Well that was quite simple. But can we be quicker? Yes we can is the good news, after all, you don't want to eat up time in the exam by writing out addresses in binary. So here goes:

1. How many subnets are in the range? The RFC1918 Class B range is 16 subnets.

2. What power of 2 equals our range? 16 subnets = 24 so the answer is four.

3. Subtract the figure from step 2 from the default mask of our address range. In this example our default mask is 16 so the mask after subtracting 4 is /12.

4. Add this mask to the first address in the range - 172.16.0.0/12 in this example

Quick, eh? This is how it works in my head, "mmmm, 16 addresses, 2 to the 4 is 16, mask is 16, minus 4 is 12, so summary address must be first address with /12 mask."

One last example:

Summarise the following:

192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24

There are 4 subnets. 2 to the power of 2 gives us 4 so default mask of 24, minus 2, gives us /22. Address is therefore 192.168.0.0/22.

More difficult supernetting question

There are, however, a few pitfalls with supernetting/summarization. Sometimes you may not be able to get all of the addresses into a supernet without wasting addresses. Experience with supernetting questions will help you to identify this. An example below shows you how this could happen:

You need to summarize the following range:

10.16.31.0/24
10.16.32.0/24
10.16.33.0/24
10.16.34.0/24
10.16.35.0/24
10.16.36.0/24
10.16.37.0/24
10.16.38.0/24
10.16.39.0/24
10.16.40.0/24

What summary address should you use? Well there's 10 subnets. 2 to the power of 3 only gives us 8 subnets which is too small so we need to look at 2 to the power of 4 which is 16. The problem is that if we count in 16s our addresses straddle two subnets: 10.16.16.0 to 10.16.31.255 and 10.16.32.0 to 10.16.47.255. We have the same problem if we use the power of 5 giving us a range of 32 addresses (10.16.31.0 is in a different subnet than the other addresses in the range). We therefore have to go out to 2 to the power of 6 = 64 in order to get all of our addresses in the range (i.e. 10.16.0.0 to 10.16.63.255). What a waste of address space!!

The best answer is the following:

Break the space down into three ranges. We can summarize 10.16.32.0 to 10.16.39.255 with 3 bits (i.e. there are 8 subnets and 2 to the power of 3 is 8). We simply leave the other two address as they are. We have therefore avoided any wasted address space.

If you are unsure that you have the correct answers why not download a subnet calculator to double-check your answers? There is a great one by 3Com and can be downloaded from here.

I hope this has helped you with route summarization.

Chris


*http://www.netcraftsmen.net/welcher/papers/ospf2.htm

Wednesday, 21 November 2007

CCNA - Connecting devices


Don't worry about remembering which type of cable should be used when connecting alike or different devices. Use the simple diagram to the left and you won't go wrong!

NAT in a Nutshell

Network Address Translation (NAT) and Port Address Translation (PAT)

NAT operates on a Cisco router, usually connecting two networks together, and translates the private (inside local) addresses in the internal network to public addresses (inside global) before packets are forwarded to another network.

As part of this functionality, you can configure NAT to advertise only one address for the entire network to the outside world. This effectively hides the internal network from the world, thus providing additional security.

In NAT terminology, the inside network is the set of networks that are subject to translation. The outside network refers to all other addresses. Usually these are valid addresses located on the Internet.

Cisco defines the following NAT terms:

  • Inside local address: The IP address assigned to a host on the inside network. The address is likely not an IP address assigned by the NIC or service provider.
  • Inside global address: A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
  • Outside local address: The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.
  • Outside global address: The IP address assigned to a host on the outside network by the host owner. The address is allocated from a globally routable address or network space.

NAT has many different forms and can work in the following ways:

  • Static NAT: Maps an unregistered IP address to a registered IP address on a one-to-one basis. Static NAT is particularly useful when a device needs to be accessible from outside the network.
  • Dynamic NAT: Maps an unregistered IP address to a registered IP address from a group of registered IP addresses.
  • Overloading: is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many-to-one) by using different ports, known also as PAT.
    PAT uses unique source port numbers on the inside global IP address to distinguish between translations. Because the port number is encoded in 16 bits, the total number of internal addresses that can be translated using NAT to one external address could theoretically be as many as 65,536 per IP address.

Configuring Static Translation

The ip nat inside source static command establishes static translation between an inside local address and an inside global address.

Router(config)#ip nat inside source static local-ip global-ip

To remove static translation use no ip nat inside source static

The ip nat inside command marks the interface as connected to the inside.

Router(config-if)#ip nat inside

The ip nat outside command marks the interface as connected to the outside.

Router(config-if)#ip nat outside

The complete process is below (variables in italics):

Router(config)#
ip nat inside source static local-ip global-ip
Router(config)#
interface type number
Router(config-if)#ip_address subnetmask
Router(config-if)#
ip nat inside
Router(config-if)#
interface type number
Router(config-if)#ip_address subnetmask
Router(config-if)#
ip nat outside

Configuring Dynamic Translation

The ip nat pool command defines a pool of global addresses to be allocated as needed.

Router(config)#ip nat pool name start-ip end-ip {netmask netmask prefix-length prefix-length}

To remove dynamic translation use the no ip nat pool command.

The access-list access-list-number command defines a standard IP access list permitting those inside local addresses that are to be translated.

Router(config)#access-list access-list number permit source [source-wildcard]

The ip nat inside source command establishes dynamic source translation, specifying the access list defined in the prior step.

The complete process is shown below:

Router(config)#ip nat pool name start-ip end-ip {netmask netmask prefix-length prefix length}
Router(config)#access-list access-list-number permit source [source-wildcard]
Router(config)#ip nat inside source list access-list-number pool pool-name
Router(config)#interface type number
Router(config-if)#ip nat inside
Router(config-if)#interface type number
Router(config-if)#ip nat outside

Configuring Overloading (PAT)

The access-list access-list-number command defines a standard IP access list permitting those inside local addresses that are to be translated.

Router(config)#access-list access-list-number permit source source-wildcard

Enter the global no access-list access-list-number command to remove the access list.

The ip nat inside source list command establishes dynamic source translation, specifying the access list defined in the prior step.

Router(config)#ip nat inside source list access-list-number interface interface_type/number overload

It is the “overload” keyword that enables PAT.

The complete process is shown below:

Router(config)#access-list access-list-number permit source [source-wildcard]
Router(config)#ip nat inside source list access-list-number interface interface_type/number overload
Router(config)#interface type number
Router(config-if)#ip nat inside
Router(config-if)#interface type number
Router(config-if)#ip nat outside

Example:

Router(config)#access-list 1 permit 192.168.3.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255
Router(config)#ip inside nat source list 1 interface Serial0 overload
Router(config)#interface Ethernet0
Router(config-if)#ip address 192.168.3.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config)#interface Ethernet1
Router(config-if)#ip address 192.168.4.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config)#interface Serial0
Router(config-if)#ip address 172.17.38.1 255.255.255.0
Router(config-if)#ip nat outside

Clearing the NAT translation table

After you have configured NAT, verify that it is operating as expected. You can do this by using the clear and show commands.

Router#clear ip nat translation *
This clears all dynamic address translation entries from the NAT translation table, the * is a wildcard meaning "all".

Router#clear ip nat translation inside global-ip local-ip [outside local-ip global-ip]
This clears a simple dynamic translation entry containing an inside translation, or both inside and outside translation.

Router#clear ip nat translation outside local-ip global-ip
This clears a simple dynamic translation entry containing an outside translation.

Router#clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port, global-ip global-port]
This clears an extended dynamic translation entry.

Displaying NAT information

You can display translation information by performing one of the following tasks in EXEC mode.

Router#show ip nat translations – displays active translations

Router#show ip nat statistics – displays translation statistics.

Troubleshooting the NAT and PAT Configuration

Use Router#debug ip nat