7.1 Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised as: Class A Networks: 8 bit network-number and 24 bit host number, (/8, slash eight or eights), 126 networks can be defined (0.0.0.0 is reserved for the use as default route, 127.0.0.0 is loopback address). Each with 224-2 (16,777,214) hosts maximum. Why minus two? Class A consists of half of IPv4 unicast addresses. Class B Networks: (/16 prefixes) 214 (16,384) networks can be defined, each with 65,534 (216-2) hosts maximum. Class B is 25% of total IPv4 unicast addresses. CSE5803 Advanced Internet Protocols and Applications (7) 1 Class C Networks: (/24 prefixes) 221 (2,097,152) networks can be defined, each with 254 (28-2) hosts maximum. Class C is 12.5% (1/8th) of total IPv4 unicast addresses. Other Classes: D (1110) is used to support IP multicasting. E (1111) is reserved for experimental use. • Problems: Lack of support for medium sized organisations. /16 is too large while /24 is too small. The allocation of a /16 to several hundred or thousand hosts is a big waste and leads to quick depletion of /16 address space. • Fixed size of subnet mask as discussed in Chapters 2 and 6 is also a waste of number resource since all subnet must be of the same size, which is that of the largest subnet. This chapter discusses more addressing issues including subneting, superneting and private connectivity. CSE5803 Advanced Internet Protocols and Applications (7) 2 7.2 Variable Length Subnet Masks (VLSM) • The concept of subnet and subnet masks was discussed in Chapter 2. • RIP-1 supports fixed length subnet mask, which means all the subnets are of the same size. • VLSM (RFC1878) combines the network prefix and a variable number of subnet number bits to form a slash n, /n, type of subnet, where n does not have to be a fixed number for an organisation. It is the extended network prefix. • VLSM does not have to allocate subnet bits according to the largest physical network, as before. Example: 130.194.0.0/22 network =10000010.11000010.00000000.00000000 Extended network prefix CSE5803 Advanced Internet Protocols and Applications (7) 3 Also, 130.194.0.0/26 network =10000010.11000010.00000000.00000000 Extended network prefix 7.3 VLSM and Route Aggregation • VLSM allows the recursive division of an address space so it can be reassembled and aggregated to reduce the amount of routing information at the top level. CSE5803 Advanced Internet Protocols and Applications (7) 4 • The practice of subnet, sub-subnet, etc. reduces the sizes of routing tables. CSE5803 Advanced Internet Protocols and Applications (7) 5 7.4 VLSM – Design and Deployment Considerations • The number of subnets required currently and in the future. • The number of hosts in the largest subnet currently and in the future • The routing protocol used should carry extended-network-prefix information with each route advertisement. RIP-1 does not. The IGP need to be RIP-2 or OSPF. • Addresses must be assigned with topological significance in order to reduce the size of routing table. • Routers need to run the “longest” match algorithm, discussed next section. CSE5803 Advanced Internet Protocols and Applications (7) 6 7.5 VLSM and “Longest Match” Forwarding • Under VLSM environment, there may be more than one route that seem to match the IP’s network address. The rule is to send the datagram to a route with the “longest match”. • This means if an IP address can completely match the network addresses of more routes than one, the longest matching network address is selected for packet forwarding. Example: • Route 1 is selected based on “longest match”. It should be noted that all 11.1.2.x hosts should be attached to this subnet in order to be reachable. CSE5803 Advanced Internet Protocols and Applications (7) 7 7.6 Introduction to Classless IP Addressing – CIDR • CIDR stands for Classless Inter-Domain Routing (RFC1519). • CIDR was developed in 1992/3 to solve the following problems: – The near-term exhaustion of the Class B network address space – The rapid growth in the size of the global Internet’s routing tables – The eventual exhaustion of the 32-bit IPv4 address space. 7.7 Basic CIDR Concepts • Eliminates the traditional Classes A, B, C, and replace the network address with a generalised concept of “network-prefix”. • Inter-Domain Routers use this arbitrary size network-prefix, to determine the dividing point of network and host addresses, not just the first 3 bits. CSE5803 Advanced Internet Protocols and Applications (7) 8 • Similar to VLSM subnet mask in autonomous systems. Each route is advertised with a bit mask (net mask? vs subnet mask). • CIDR and VLSM are essentially the same thing. One allows the recursive address assignment within an organisation and is invisible to the global Internet. While the other permits the recursive allocation of an address block by an Internet Registry to an ISP, or a private organisation. • CIDR provides route aggregation like VLSM. This has very positive effects on global routing schemes and tables. CIDR reduced the global internet routing table by more than half. Details will be discussed later in Section 7.9. CSE5803 Advanced Internet Protocols and Applications (7) 9 7.8 Block Address Allocation and Superneting • The following table shows commonly deployed CIDR address blocks. • It can be seen that from /13 to /23, the allocation blocks are supernets of traditional class B or C. CSE5803 Advanced Internet Protocols and Applications (7) 10 7.9 CIDR and Internet Routing • The reduction of routing table through aggregation. The following diagram is from “Internet Routing Architectures” by Bassam Halabi. CSE5803 Advanced Internet Protocols and Applications (7) 11 • Classless routing, single homing through an ISP. If changes ISP, either the IP address changes or injects a more-specific route into the internet. IP change CSE5803 Advanced Internet Protocols and Applications (7) 12 Injection of extra route • Multi-homing to the internet can be complex, this may result in routing “black-hole” if the aggregation is not carried out carefully. As illustrated in the example next page, adapted from “Internet Routing Architectures” by Bassam Halabi. • The connection to the Internet can also be achieved via private/public IP address translation using Network Address Translation (NAT) protocol discussed later in Section 7.10. CSE5803 Advanced Internet Protocols and Applications (7) 13 • We have something wrong in Fig 1, if 198.24.17.1 is the destination. The packet is routed to ISP2 following the longest match algorithm. Fig.1 Wrong Aggregation Fig.2 Correct Route Advertisement CSE5803 Advanced Internet Protocols and Applications (7) 14 IP address for 198.24.17.1 is: 198.00011000.00010001.00000001. Longest match will be performed on network address of routes. • With the wrong aggregation, three routes to choose from: Route 198.32.0.0/13 has a network address of 198.00100000.0.0 (no match from the 11th bit, which means no match at all) Route 198.24.0.0/13 has a network address of 198.00011000.0.0 (13 bit match, but not longest) Route 198.24.0.0/18 has a network address of 198.00011000.00000000.0 (18 bit match), selected but wrong. • With the correct aggregation, four routes to choose from: Route 198.32.0.0/13 has no match again. Route 198.24.56.0/21 has a net. address of 198.00011000.00111000.0(no match from 19th bit, which means no match at all). Route 198.24.0.0/20 has a net. address of 198.00011000.00000000.0(no match from the 20th bit, which means no match at all). Route 198.24.0.0/13 has 13 bit match and the only match, correctly selected for packet forwarding. CSE5803 Advanced Internet Protocols and Applications (7) 15 7.10 Private Addressing and Network Address Translation (NAT: RFC1613) • IANA has reserved the following IP address for private connectivity only (RFC1918). Organisations do not need to get permission to use these IP addresses, and they do not appear at global Internet. 10.x.x.x (a single class A) 172.16.0.0 to 172.31.255.255 (16 contiguous class B) 192.168.0.0 to 192.168.255.255 (256 contiguous class C) • These host addresses cannot communicate directly to the global internet and should not be leaked outside the organisation. • If privately connected hosts wish to communicate with the global internet, the IP address has to be reassigned or a NAT server is used. • Static re-assignment of IP numbers can be complex. The introduction of Dynamic Host Configuration Protocol (DHCP) makes the task a lot easier. CSE5803 Advanced Internet Protocols and Applications (7) 16 • NAT enables private network to connect the Internet without renumbering. It uses a NAT router which is placed at the border of a domain to convert a private IP to an appropriate Internet IP. 10.1.1.1 130.192.x.y A 10.1.1.1 NAT router 10.2.2.2 130.192.x.w B 10.2.2.2 • NAT can have a pool of global IP (<< private IP addresses), and can map many private IP addresses into one global address. This is referred to as NAT overloading. CSE5803 Advanced Internet Protocols and Applications (7) 17 • NAT overloading is achieved by using TCP/UDP ports, known as Port Address Translation (PAT). • The NAT router must maintain a lookup table like the one below (source: http://computer.howstuffworks.com) Source Computer Source Computer's IP Address Source Computer's Port NAT Router's IP Address NAT Router's Assigned Port Number A 192.168.32.10 400 215.37.32.203 1 B 192.168.32.13 50 215.37.32.203 2 C 192.168.32.15 3750 215.37.32.203 3 D 192.168.32.18 206 215.37.32.203 4 • Each table entry can timeout itself and get deleted if not refreshed in a fixed period of time. • NAT automatically creates a firewall and hosts behind a NAT router cannot normally be accessed from outside unless an inbound mapping such as Port Forwarding is available. CSE5803 Advanced Internet Protocols and Applications (7) 18