Mr. Mark Welton





IPv4 address are 32-bit numbers represented in dotted decimal notation of 8 bit segments
00001010.00001000.01100100.00011000
10.8.100.24
So why 8 bit segments?




We started with a classful system (Class
A,B,C,etc)
Each class is created by 8-bits of the binary IP
8-bit processing systems where easier and cheaper to build (RFC 791 published in 1981)
11000000 10101000 00000000 00000000



We are accustomed to the decimal system a base 10 system
The number 124
10
◦ 1x10 2 +2x10 1 +4x10 0 is 100+20+4 or
◦ 1x100+2x10+4x1





The binary number system is a base 2 system
01111100 x2 0
2 is
0x2 7 +1x2 6 +1x2 5 +1x2 4 +1x2 3 +1x2 2 +0x2 1 +0
0x128+1x64+1x32+1x16+1x8+1x4+0x2+
0x1
64+32+16+8+4 or 124
10



So each octet (8-bit binary number) goes from
◦ 00000000
2
– 111111111
2
So what is the value of 111111111
2




128+64+32+16+8+4+2+1 = 255
10
So what is the hexadecimal value?
8+4+2+1 = 15 or F
16
2 7 2 6 2 5 2 4 2 3 2 2 2 1
2 1 128 64 32 16 8 4 11111111
2 0






IP address allocation is rarely done properly
First mistake I see is people not understand what I just covered
Second mistake I see is not understanding public vs private vs reserved IP addresses
Third mistake I see is not understanding how to take a large prefix and break it down to usable network prefixes that allow for growth
Fourth mistake I see is people not understanding why we do it






We divide the IP space to create segments that makes sense to us
Segmentation = routing
Each IP address allocation is a L2 network which needs a router to move to the next network
The better we do this the easier routing and
ACLs are to do
The easier the network is to troubleshoot






RFC 1918 “Address Allocation for Private
Internets”
10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255
(192.168/16)
These are the IP address spaces that can be used internally in an enterprise






“link local” block
◦ 169.254.0.0 – 169.254.255.255 (169.254.0.0/16)
◦ To be used when a device can not get an IP address through DHCP reserves lowest Class B
◦ 128.0.0.0 -128.0.255.255 (128.0.0.0/16)
◦ Not able to be used under old class system but can be assigned to someone now
Also defines loop back space (RFC 1700)
◦ 127.0.0.0 – 127.255.255.255 (127.0.0.0/8)
◦ Used for a machine to communicate internally
Also defines multicast address space (RFC 5771)
◦ 224.0.0.0 – 239.255.255.255 (224.0.0.0/4)
So you should never use these IP address spaces!


Misuse of Public IP address space can cause network routing problems for you network





Prefix 10.0.0.0/8 has what subnet mask?
The 8 says the first 8 bits must be ones
So the first octet would be 255 and all others would be zero
255.0.0.0
2 1 128 64 32 16 8 4 11111111




What about 172.16.0.0/16?
192.168.0.0/24?
172.16.0.0/12?




Redefined how a traditionally Classful IP network could be used and subnetted (in equal size block)
With VLSM, subnets can be any size if they follow the binary rules
VLSM allows networks to be subdivided

192.168.1.192
11000000
192.168.1.200
11000000
10101000
10101000
/29 255.255.255.248
11111111 11111111
/28 255.255.255.240
11111111 11111111
00000001
00000001
11111111
11111111
11000000
11001000
11111000
11110000


We use it all the time but do you really know what it is?




CIDR is sort of the inverse of VLSM
Where VLSM prescibes rules for subdividing networks, CIDR prescribes rules for referencing groups of networks with a single route statement
Why would we want to do this?

Smaller routing tables are more logical, easier to understand, easier to troubleshoot, and require less CPU and memory for the routers.






IP address allocation is rarely done properly
First mistake I see is people not understand what
I just covered Check
Second mistake I see is not understanding public vs private vs reserved IP addresses Check
Third mistake I see is not understanding how to take a large prefix and break it down to usable network prefixes that allow for growth Not Yet
Fourth mistake I see is people not understanding why we do it



Allocate a block of IP addresses that can be referenced with a single access-list (filter) entry
Always allocate more IP addresses than requested



Need 30 IP addresses for a server farm of database servers
Should we use a /27 255.255.255.224?



Need 30 IP addresses for a server farm of database servers
Should we use a /27 255.255.255.224?




Allowing for 30 percent growth is a good rule of thumb
Round up to the next binary boundary
64 IP addresses or a /26 255.255.255.192







Now let say the server farm subnet was already allocated using 10.100.100.0/24
There are currently 10 servers in place
.1 for the router and 2-11 for the servers
You need to issue 30 more IP addresses on this subnet
Now what???
Just give them 12-42 right???




Allocating groups of devices into subnettable ranges
◦ allows you to remove them from the network and place them elsewhere without significant changes to the IP network design
You could allocate the range of 32-63
◦ Access-list 101 permit ip any 10.100.100.32 255.255.255.224 eq web
So we are good right???





You should think ahead and allocate 64 IP addresses on a bit boundary
So you should allocate 64-127
◦
Right???
Access-list 101 permit ip any 10.100.100.64
255.255.255.192 eq web
Meets both rules so we are good???






IP address allocation is rarely done properly
First mistake I see is people not understand what
I just covered Check
Second mistake I see is not understanding public vs private vs reserved IP addresses Check
Third mistake I see is not understanding how to take a large prefix and break it down to usable network prefixes that allow for growth Not Yet
Fourth mistake I see is people not understanding why we do it Know why you are allocating the IP and allow for growth


There are three methods you can use to allocate IP addresses and IP subnets



Sequential– assign the first numerical subnet and then the next and so on, most commonly used. It is easy to understand
Divide by half - every time a network is allocated, the smallest available chunk is divided by half for use while preserving a large portion of IP address space for additional growth
Reverse binary – subnets are allocated by counting in binary with the most and least significant bits reversed. Is the most logical method, but is hard to understand







Some of us have been doing this for so long we remember the rule of all-zeros and allones as it relates to subnets
RFC 1878 states, “This practice
(of excluding all-zeros and all-ones subnets) is obsolete. Modern software will be able to utilize all definable networks.”
Sometimes you maybe in an environment where legacy equipment can not do this
Or the staff still think they have to follow the rule



For the Cisco people in the class. You will need to know Cisco’s way to pass the CCNA
 or know how to get the answer to the question based on how Cisco or vendor X tests
Everyone knows (or should now) that two IP addresses are used in every subnet (one for the gateway and one for broadcast)

Unless you have done enough networking to know you can use a /31 for to routers in a point-to-point connection. DO NOT ASKING IF YOU ARE NOT GOING TO
TAKE CCDP!!!





A /24 subnet has 256 host IP addresses –
254 IP are usable by host devices
Everything is based on the subnet masks which is based on binary
Everything will be powers of 2 and will either produce 256 or be divisible by 256
The maximum value of an octet is 255 (but remember we count from 0 so 256 number)



Subnet masks are, by their nature, inclusive
There are only nine values that are possible for any octet in a subnet mask


What the author is trying to say is a /24 or
255.255.255.0 would have 256 host with
16,777,216 possible subets (256*256*256*1)


I find an expanded for of the horizontal format very useful
Increment
Number of hosts
CIDR mask
Usable
Hosts
128 64 32
/25 /26 /27
128 192 224
126 62 30
16
/28
240
14
8
/29
248
6
4 2 1
/30 /31 /32
252 254 255
2 -