Chapter 07 IP addressing services

Chapter 07 IP addressing services

Chapter 7: IP Addressing Services

CCNA Exploration 4.0

Objectives

DHCP

(physical and logical) are not likely to change.

• Network devices that are added, moved or changed

(physical and logical) need new addresses Manual

configuration is unwieldy  dynamic configuration

• DHCP assigns IP addresses and other important network

configuration information dynamically

• DHCP is an extremely useful and timesaving tool for network administrators

• Cisco router can be configured to provide DHCP services,

called Easy IP

DHCP Operation

• DHCP automatically dynamically assigns, or leases, an IP

address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address

• DHCP works in a client/server mode

BOOTP and DHCP

• The Bootstrap Protocol (BOOTP), defined in RFC 951, is the predecessor of DHCP and shares some operational

characteristics

• Both DHCP and BOOTP are client/server based and use

UDP ports 67 and 68

DHCP Message Format

DHCP Discovery and Offer Methods

DHCP Discovery and Offer Methods

Configuring a DHCP Server

• Step 3 Configure the specifics of the pool.

Verifying DHCP

Verifying DHCP

Verifying DHCP

Configuring a DHCP Client

Configuring a DHCP Client

DHCP Relay

DHCP Relay

Helper address configuration that relays broadcasts to all servers on the

Directed Broadcast

• Notice that the RTA interface e3, which connects to the server farm, is not

configured with helper addresses

• However, the output shows that for this interface, directed broadcast

RTA(config)#interface e3

RTA(config-if)#ip directed-broadcast

Helper address configuration that relays broadcasts to all servers on the

• By default, the ip helper-address command forwards the

following eight UDP services:

– Port 37: Time

– Port 49: TACACS

– Port 53: DNS

– Port 67: DHCP/BOOTP client

– Port 68: DHCP/BOOTP server

– Port 69: TFTP

– Port 137: NetBIOS name service

– Port 138: NetBIOS datagram service

• To specify additional ports, use the ip forward-protocol

command to specify exactly which types of broadcast

packets to forward

DHCP Relay

Configuring a DHCP Server Using SDM

Configuring a DHCP Server Using SDM

Pool

Configuring a DHCP Server Using SDM

Troubleshooting DHCP

• The show ip dhcp conflict command displays all address

conflicts recorded by the DHCP server

Troubleshooting DHCP

• Step 1 Verify that the ip helper-address command is

configured on the correct interface

• Step 2 Verify that the global configuration command no

service dhcp has not been configured

Troubleshooting DHCP

– debug ip packet detail 100

– debug ip dhcp server packet

– debug ip dhcp server events

Activity 7.1.8.4

Scaling Networks with NAT

Private and Public Addressing

What is NAT?

What is NAT?

• Inside local address - Usually not an IP address assigned by a RIR or

service provider and is most likely an RFC 1918 private address

• Inside global address - Valid public address that the inside host is

given when it exits the NAT router

• Outside global address - Reachable IP address assigned to a host on

the Internet

• Outside local address - The local IP address assigned to a host on the

outside network In most situations, this address will be identical to the

outside global address of that outside device

How Does NAT Work?

How Does NAT Work?

• There are two types of NAT translation: dynamic and static.

• Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis When a host with a private IP address requests access to the Internet, dynamic NAT chooses an IP address from the pool that is not already

in use by another host

• Static NAT uses a one-to-one mapping of local and global

addresses, and these mappings remain constant Static NAT

is particularly useful for web servers or hosts that must have

a consistent address that is accessible from the Internet

These internal hosts may be enterprise servers or

networking devices

• Both static and dynamic NAT require that enough public

addresses are available to satisfy the total number of

simultaneous user sessions

NAT Overload or PAT

Differences Between NAT and NAT Overload

• NAT generally only translates IP addresses on a 1:1

correspondence between publicly exposed IP addresses and privately held IP addresses NAT overload modifies both the private IP address and port number of the sender NAT

overload chooses the port numbers seen by hosts on the

public network

• NAT routes incoming packets to their inside destination by

referring to the incoming source IP address given by the host

on the public network With NAT overload, there is generally only one or a very few publicly exposed IP addresses

Incoming packets from the public network are routed to their destinations on the private network by referring to a table in the NAT overload device that tracks public and private port pairs This is called connection tracking

Benefits and Drawbacks of Using NAT

Configuring Static NAT

Configuring Static NAT: Example

Configuring Dynamic NAT

Configuring Dynamic NAT: Example

Configuring NAT Overload

• Configuring NAT Overload for a Single Public IP Address

Configuring NAT Overload: Example

Configuring NAT Overload

• Configuring NAT Overload for a Pool of Public IP Addresses

Configuring NAT Overload: Example

Port Forwarding

• Port forwarding (sometimes referred to as tunneling) is the

act of forwarding a network port from one network node to

another This technique can allow an external user to reach

a port on a private IP address (inside a LAN) from the

outside through a NAT-enabled router

Port Forwarding: Example

Verifying NAT and NAT Overload

Verifying NAT and NAT Overload

Troubleshooting NAT and NAT Overload

Configuration

• Steps to verify that NAT is operating as expected:

• Step 1 Based on the configuration, clearly define what NAT

is supposed to achieve This may reveal a problem with the configuration

• Step 2 Verify that correct translations exist in the translation

table using the show ip nat translations command

• Step 3 Use the clear and debug commands to verify that

NAT is operating as expected Check to see if dynamic

entries are recreated after they are cleared

• Step 4 Review in detail what is happening to the packet,

and verify that routers have the correct routing information to move the packet

Troubleshooting NAT and NAT Overload

Configuration

Activity 7.2.8.3

IPv6

Reasons for Using IPv6

• Assigned IPv4 Address Blocks

Reasons for Using IPv6

• Assigned IPv4 Address Blocks

Reasons for Using IPv6

• Assigned IPv4 Address Blocks

Reasons for Using IPv6

• Shrinking IPv4 Address Space

IP Address Allocation History

In 1981, IPv4 Protocol was published In 1985, about 1/16

of the total IPv4 address space was in use By mid-2001,

about 2/3 of the total IPv4 address space was in use

Why Do We Need a Larger Address Space?

• Population growth

– Approximately 973 million users in November 2005

– Emerging population and geopolitical and address space

• Mobile users

– PDA, pen-tablet, notepad, and so on

– Approximately 20 million in 2004

• Transportation

– 1 billion automobiles forecast for 2008

– Internet access in planes – Example: Lufthansa

• Consumer electronics

– The newest home appliances allow remote monitoring

using IP technology

Reasons for Using IPv6

• Movement to change from IPv4 to IPv6 has already begun, particularly in Europe, Japan, and the Asia-Pacific region

IPv4 and IPv6 Header Comparison

IPv6 Address Representation

• x:x:x:x:x:x:x:x, where x is a 16-bit hexadecimal field

• Case-insensitive for hexadecimal A, B, C, D, E, and F

• Leading zeros in a field are optional

• Successive fields of zeros can be represented as :: only once per address

• Examples:

• 2031:0000:130F:0000:0000:09C0:876A:130B

– Can be represented as 2031:0:130f::9c0:876a:130b

– Cannot be represented as 2031::130f::9c0:876a:130b

• FF01:0:0:0:0:0:0:1 FF01::1

• 0:0:0:0:0:0:0:1 ::1

• 0:0:0:0:0:0:0:0 ::

IPv6 Addressing

• IPv6 Global Unicast Address

– Enables aggregation upward eventually to the ISP

– Consists of a 48-bit global routing prefix and a 16-bit

subnet ID

– Assigned by the IANA uses the range of addresses that

start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of

assigned addresses

– The IANA is allocating the IPv6 address space in the

ranges of 2001::/16 to the five RIR registries (ARIN,

RIPE, APNIC, LACNIC, and AfriNIC)

IPv6 Addressing

– The IETF reserves a portion of the IPv6 address space

for various uses, both present and future Reserved

addresses represent 1/256th of the total IPv6 address

space Some of the other types of IPv6 addresses come from this block

• Private Addresses

– Local only to a particular link or site, and never routed

outside of a particular company network

– Have a first octet value of "FE" in hexadecimal notation,

with the next hexadecimal digit being a value from 8 to F

IPv6 Addressing: Private Addresses

Two types:

• Site-local addresses:

– Similar to the RFC 1918 in IPv4.

– The scope is an entire site or organization However, the

use of site-local addresses is problematic and is being

deprecated as of 2003 by RFC 3879

– In hexadecimal, site-local addresses begin with "FEC",

"FED", "FEE", or "FEF"

• Link-local addresses

– Have a smaller scope than site-local addresses; they

refer only to a particular physical link (physical network)

– Link-local addresses begin with "FE8", "FE9", "FEA", or

"FEB"

IPv6 Addressing

• Loopback Address:

– Address for testing; datagrams sent to this address "loop

back" to the sending device

– Is 0:0:0:0:0:0:0:1  ::1

• Unspecified Address:

– The all-zeroes address is named the "unspecified"

address

– It is typically used in the source field of a datagram that is

sent by a device that seeks to have its IP address

configured

– Is 0:0:0:0:0:0:0:0  ::

IPv6 Address Management

• IPv6 addresses use interface identifiers to identify interfaces

on a link Think of them as the host portion of an IPv6

address

• Interface identifiers are required to be unique on a specific

link

• Interface identifiers are always 64 bits and can be

dynamically derived from a Layer 2 address (MAC)

• You can assign an IPv6 address ID statically or dynamically:

– Static assignment using a manual interface ID

– Static assignment using an EUI-64 interface ID

– Stateless autoconfiguration

IPv6 Address Management

• Manual Interface ID Assignment

– Use the ipv6 address ipv6-address/prefix-length

command in interface configuration mode

RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64

• EUI-64 Interface ID Assignment

– Use the ipv6 address ipv6-prefix/prefix-length eui-64

command

RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64

IPv6 Address Management

• Stateless Autoconfiguration

– Autoconfiguration automatically configures the IPv6 address In IPv6, it is assumed that non-PC devices, as well as computer terminals, will be connected to the network The

autoconfiguration mechanism was introduced to enable

plug-and-play networking of these devices to help reduce

administration overhead

• DHCPv6 (Stateful)

– DHCPv6 enables DHCP servers to pass configuration

parameters, such as IPv6 network addresses, to IPv6 nodes It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility This protocol

is a stateful counterpart to IPv6 stateless address

autoconfiguration (RFC 2462), and can be used separately or concurrently with IPv6 stateless address autoconfiguration to obtain configuration parameters.

IPv6 Transition Strategies

Cisco IOS Dual Stack

• An integration method that allows a node to have

connectivity to an IPv4 and IPv6 network simultaneously

• Each node has two protocol stacks with the configuration on the same interface or on multiple interfaces

Cisco IOS Dual Stack

• A dual-stack node chooses which stack to use based on the destination address of the packet

• New and modified applications take advantage of both IP

layers

• A new application programming interface (API) has been

defined to support IPv4 and IPv6 addresses and DNS

requests

• Cisco IOS Release 12.2(2)T and later (with the appropriate feature set) are IPv6-ready

IPv6 Tunneling

• Tunneling is an integration method in which an IPv6 packet

is encapsulated within another protocol, such as IPv4 This method of encapsulation is IPv4:

– Includes a 20-byte IPv4 header with no options and an

IPv6 header and payload

– Requires dual-stack routers

Manually Configured IPv6 Tunnel

• Configured tunnels require:

– Dual-stack endpoints

– IPv4 and IPv6 addresses configured at each end

Routing Considerations with IPv6

• IPv6 uses longest prefix match routing

• An ISP aggregates all of the prefixes of its customers into a single prefix and announces the single prefix to the IPv6

Internet

• Conceptually, a router has three functional areas:

– The control plane: handles the interaction of the router

with the other network elements, providing the information needed to make decisions and control the overall router operation

– The data plane: handles packet forwarding from one

physical or logical interface to another

– Enhanced services: include advanced features applied

when forwarding data

Routing Considerations with IPv6

Routing Considerations with IPv6

• RIPNg Routing Protocol

Configuring IPv6 Addresses

• Enabling IPv6 on Cisco Routers: 2 steps

– Activate IPv6 traffic-forwarding on the router

– Configure each interface that requires IPv6

• By default, IPv6 traffic-forwarding is disabled on a Cisco

IPv6 Address Configuration Example

Cisco IOS IPv6 Name Resolution

• Define a static name for an IPv6 address using the ipv6

host name [port] ipv6-address1

[ipv6-address2 ipv6-address4] command.

• Specify the DNS server used by the router with the ip

name-server address command The address can be an IPv4 or

IPv6 address You can specify up to six DNS servers with

this command

Configure RIPng with IPv6

• Before configuring the router to run IPv6 RIP, globally enable

IPv6 using the ipv6 unicast-routing global configuration

command, and enable IPv6 on any interfaces on which IPv6 RIP is to be enabled

Configure RIPng with IPv6: Example

Verifying RIPng for IPv6

Troubleshooting RIPng for IPv6

• Activity 7.3.9.2

Summary