Ping the external IP address of the local computer to ensure the host is on the network and using a valid IP address; that is, there are no address conflicts.. DHCP makes it pos-sible to
Trang 1Planning an IP Addressing Strategy
Before you can implement an IP network infrastructure, there are many details that you must con-sider Here, we will take a look at how to plan your network by identifying the appropriate
addressing requirements and limitations that will shape the network Understanding subnetting is a requirement to implement your addressing scheme.You will need to identify hardware requirements, decide what class of address you will need, and determine if access to the Internet is necessary for all
or just some of your hosts
Subnetting will allow you to create logical segments on your network that will overlay the physical topology By using a well-planned subnetting scheme, you can handle your current needs and plan for expansion for future needs.You can also make use of these segments to isolate and dis-tribute heavy traffic, without having a major impact on other segments of your network
Analyzing Addressing Requirements
Since the host IP address must be unique, the simple rule to calculate the number of hosts for our
network is one IP address per host, plus one IP address for each additional network adapter in a host
machine We have a concept of one network in the corporate sense, but when determining address requirements, there are a few more details we must consider
You can define IP addresses using one of the three classes available for standard IP communica-tions: classes A, B, and C Before we decide which class to use, we need to determine the type of net-work we are implementing and how many hosts there are per segment.This material provides only a brief review of the topic, and assumes you are familiar with IP addressing concepts and practices
Creating a Subnetting Scheme
As mentioned, host addresses can belong to one of three classes of IP address, and each has a range
of addresses.The range is defined by the value of the first octet.Table 21.2 shows the classes and their ranges, as well as the binary representations of the ranges Classes D and E are also classes of IP addresses, but Class D is restricted to multicasting and Class E addresses are reserved for future use 127.0.0.0 is reserved for connectivity testing 127.0.0.1 is a special address that represents the local
loopback adapter that resolves as localhost We can ping the local host to troubleshoot the protocol
stack We will discuss this in more detail in the “Troubleshooting IP Addressing” section later in this chapter Each class also has a default subnet mask
Table 21.2 IP Address Classes and Their Ranges
Range of Class Values Default Mask Networks Hosts Binary
A 0 to 126 255.0.0.0 126 16,777,214 00000001 to 01111110
B 128 to 191 255.255.0.0 16,384 65,534 10000000 to 10111111
C 192 to 223 255.255.255.0 2,097,152 254 11000000 to 11011111
D 224 to 239 Not applicable Not applicable
Trang 2As you know, the default mask for each class defines the number of networks and the number
of hosts for each network An IP address contains information about the network on which the host resides and the address of the host.The network ID is the reference to the logical subnet, and it refers to the octets that are predefined as the network ID and implemented with the default mask
The remaining octets are for the hosts
The first address in each network refers to “this network” (itself ), such as 24.0.0.0/8 or 204.79.26.0/24.The last address in each network or subnetwork is the broadcast address for that segment, such as 179.54.255.255 or 204.79.26.255 We can derive the formula for determining the number of hosts per network as 2n – 2, where n is the number of bits available for host IDs.
Class A addresses are used for networks that have a large number of hosts Based on the default mask, we have the first octet for networks and the last three for hosts So, we have 126 networks and
224 – 2 hosts, or 16,777,214 Likewise, with class B, the default mask is 255.255.0.0, so the first two
octets are for the network IDs, for a total of 16,384, and the last two are for the hosts So, class B networks have 216 – 2 hosts, or 65,534 Class C networks have more networks but are smaller, with
28 – 2 hosts, or 254.
We could implement our network now very simply Determine the number of hosts and the number of networks, and pick the class that fits If you do not wish to assign a public IP address to
all your machines, there is a solution.There are three banks of IP addresses that are called private IP address ranges.They are listed in Table 21.3.Typically, a network will need only one or two public
addresses for the Internet interfaces, and everything internal to the company can use the private IP addresses internally
Table 21.3 Private IP Addresses
Network ID Subnet Mask Range
10.0.0.0 255.0.0.0 10.0.0.1 to 10.255.255.254 172.16.0.0 255.240.0.0 172.16.0.1 to 172.31.255.254 192.168.0.0 255.255.0.0 192.168.0.1 to 192.168.255.254
Troubleshooting IP Addressing
The flexibility of TCP/IP also contributes to the complexity of troubleshooting addresses and con-nections.There are several tools that can help isolate and identify issues with addressing, but it is also imperative that you understand IP addressing rules and subnetting.The ipconfig, ping, and tracert commands are the most useful tools for identifying addressing problems with client configurations and connections to other hosts on the Internet
Client Configuration Issues
Some of the issues that occur with manual configuration of IP addresses include duplicate addresses, invalid subnet masks, invalid default gateways, and invalid or missing host name resolution settings
(such as DNS and WINS).To help identify the problem, start by typing ipconfig /all at a
com-mand prompt Verify the information that is output by the comcom-mand is correct, and then continue
by using ping to help isolate the problem.
Trang 31 Ping the loopback address (127.0.0.1) to verify that the TCP/IP protocol stack is config-ured correctly on the local computer
2 Ping the external IP address of the local computer to ensure the host is on the network and using a valid IP address; that is, there are no address conflicts
3 Ping the IP address of the default gateway to verify that the default gateway is accessible and your local network configuration contains the correct subnet mask
4 Ping the IP address of a remote host to verify that you can transmit data over the default gateway
If you are not able to get traffic through to a site, but you are making it through the default
gateway, you should use tracert to identify the break in the route to the destination.
DHCP Issues
DHCP is an easy way to manage IP addressing schemes for larger networks DHCP makes it pos-sible to boot a machine and access the network without configuring any protocol information.This eliminates many of the manual configuration issues, such as using the wrong subnet mask, duplicate
IP addresses, and limited or no host name resolution Some of the items to consider when you implement and use DHCP are lease time, number of hosts in a scope, network traffic, scope options, and topology
When a machine acquires an IP address from a DHCP server, it acquires a lease.The request for
the lease is a message called a DHCPREQUEST, which is broadcast by the DHCP client looking
for DHCPOFFERs of a lease from a DHCP server.The lease duration for a DCHP address is
speci-fied in the scope set on the server and defaults to eight days At 50 percent of the lease duration, the DCHP client sends a directed request to the DHCP server that issued the lease and requests a renewal of the lease If no DHCPACK (acknowledgment) is received from the server, the DHCP client waits until 87.5 percent of the lease time, and then makes a final request to renew the IP address If no DHCPACK is received at this point, the client waits until the lease is expired and starts the process over If a DHCP client is unable to receive an IP address lease, it will use an alter-nate configuration, if one is specified If there is no alteralter-nate configuration, the client will use APIPA to start the TCP/IP services and assign itself an address from the APIPA pool
(169.254.0.0/16)
To determine the appropriate lease time for your network, you should consider the following:
■ Number of hosts If the number of hosts is close to the number of total IP addresses in your DHCP server’s scope, the lease should be shorter—about three days If there are a great deal more IP addresses than hosts, a longer lease can be assigned
■ Mobile users If you have a small number of mobile users and the client machines do not frequently move from one network to the other, a longer lease duration is recom-mended Conversely, if you have more mobile users, a shorter lease will be preferred, so that the IP addresses will be released sooner and returned to the available pool of addresses
Trang 4■ Unlimited It is possible to set the lease duration to unlimited, but it presents a challenge
if you wish to change the DHCP settings, since this setting requires the client to initiate the DHCPREQUEST
Because they are broadcast, the DHCPREQUEST messages do not cross router boundaries, unless the router is capable of forwarding DHCP broadcast messages, in compliance with RFC 2131.You can also configure a DHCP relay to forward the requests to a DHCP server
Using DHCP can reduce IP address conflicts by preventing the need for static IP address It also can eliminate invalid subnet masks, since they are also assigned by the DHCP server Another advan-tage is the scope properties By assigning scope properties, you can define default gateways, DNS servers, WINS servers, and the type of name resolution that is preferred By managing name resolu-tion settings, you can help eliminate broadcast traffic
Transitioning to IPv6
IPv6, defined in RFC 2460, is now production ready to use on most operating system platforms At this point, it is still early in the transition from IPv4.The change to IPv6 will take some time, but with each day, it becomes more necessary due to the growing shortage of IPv4 addresses Although the larger address space is the most immediate need, IPv6 offers other advantages over IPv4, including the following:
■ Better security (built in support for IPSec)
■ Support for both stateful and stateless address configuration
■ An efficient hierarchical routing infrastructure
■ A new header format that provides lower overhead
■ Neighbor Discovery (ND) for managing nodes on the same link, replacing ARP, ICMPv4 router discovery, and ICMPv4 redirect messages
■ Virtually unlimited extension headers (in comparison to IPv4’s limit of 40 bytes)
■ Quality of service (QoS) related header fields The utilities and concepts associated with IPv6 are similar to IPv4, but not identical In the fol-lowing sections, we’ll take a look at how to install IPv6 and start to familiarize ourselves with the new utilities used to manage it
IPv6 on Windows Server 2003 provides a new header format that is streamlined to minimize overhead and provide more efficient processing while crossing intermediate routers All the option fields and any other fields in the header that are not required for routing are placed after the IPv6 header.The IPv6 header also added more QoS support by adding Flow Label fields that provide special handling for a series of packets that travel between a source and destination
ND is a set of process and messages that are used in an IPv6 environment to identify relation-ships between neighboring nodes.This allows hosts to discover routers on the same segment, addresses, and address prefixes With ND, hosts can also resolve neighboring nodes and determine when the MAC address of a neighbor changes (similar to ARP in IPv4) ND also provides the
pro-cess for address autoconfiguration, also referred to as stateless address configuration In the absence of a
Trang 5stateful address configuration server, such as a DHCP version 6 (DHCPv6) protocol server, ND pro-vides a complex process that allows each interface to use router advertisement messages to define an IPv6 address, and then subsequently ensure the uniqueness of the selected address Currently, the standards for DHCPv6 and IPv6 stateful addressing are still under development, so neither feature is supported on Windows XP/2003 products at this time
The new routing structure provides a hierarchical addressing and routing structure that includes
a global addressing scheme Global addresses are the equivalent of public IPv4 addresses and are accessible over the Internet.The global addressing scheme defines new ways to summarize global addresses to facilitate smaller routing tables on the Internet backbone, and thus improve the effi-ciency and performance on the Internet
IPv6 Utilities
The traditional IPv4 utilities are still very useful for IPv4, but new utilities and features have been added to accommodate IPv6 functionality.To gain access to the new tools or functionality, you need
to install the TCP/IP version 6 protocol
Install TCP/IP Version 6
1 Open Network Connections and double-click the Local Area Network icon.You will see the Local Area Connection Status dialog box.
2 Click Properties.
3 In the Local Area Network Connection Properties dialog box, click Install.
4 In the Select Network Component Type dialog box, select Protocol and click Add.
5 In the Select Network Protocol dialog box, select Microsoft TCP/IP version 6 and click OK.
6 You should return to the Local Area Connection Properties dialog box and see that
Microsoft TCP/IP version 6 is installed
7 Click Close.
8 Test the TCP/IP version 6 installation by opening Internet Explorer and navigating to www.ipv6.org.You should see a line under the line “Welcome to the IPv6 Information
Page!” that states, “You are using IPv6 from <your IPv6 address>,” as shown in Figure 21.1.
If you are behind a firewall or using 6to4 tunneling, you may not see the message that indicates you have an IPv6 address If you are able to access the site described in step 9, then you are successfully using IPv6
Trang 69 You can also navigate to an IPv6-only site from Microsoft Research on the Internet by
going to http://ipv6.research.microsoft.com.
Another way to test whether your IPv6 installation was successful is to run the ipconfig
com-mand If IPv6 is installed, your IP address will be shown in IPv6 format, as shown in Figure 21.2
Now that TCP/IP version 6 is installed, additional utilities are available with the IPv6 function-ality Other than the utilities to manage, monitor, and troubleshoot IPv6, only Telnet, FTP, and Internet Explorer actually use the IPv6 protocol stack
Netsh Commands
Netsh is an interactive command-line utility that allows you to manage local or remote network configurations of active machines Netsh also supports scripting, so you can create batch
configura-Figure 21.1 Test the IPv6 Configuration
Figure 21.2 Ipconfig Results after Installing IPv6
Trang 7tions that run against the local machine or a specified host on the network.You can also use the Netsh utility to generate a configuration script to use as a backup configuration or as an aid to con-figure new machines in an identical fashion
Netsh works with the existing components installed with the operating system by using helper dynamic link libraries (DLLs) Each helper DLL contains the information necessary to execute the commands for the component to which it applies.The set of commands and features supported by
the DLLs is called a context, and each context is unique to the networking component.
The IPv6 interface has its own context with commands to manage and display information per-taining to the routes, interfaces, addresses, and caches specific to IPv6.There are currently no graph-ical user interface (GUI) applications to configure IPv6, so Netsh is necessary for configuring IPv6 and its associated components.The component called 6to4 has a subcontext within the IPv6 con-text, for configuring and managing 6to4 routers and hosts For more information about Netsh, see the Windows Help and Support Center topic titled “Netsh Overview.”
To put the netsh command into IPv6 context, type netsh at the command prompt, then at the netsh> prompt, type interface ipv6 Then you can use the IPv6 context commands, which
include the following:
■ 6to4 Changes to 6to4 context
■ Add Adds a configuration entry
■ Delete Deletes a configuration entry
■ Dump Shows a configuration script
■ Install Installs IPv6
■ Isatap Changes to isatap subcontext within IPv6 context
■ Renew Restarts IPv6 interfaces
■ Reset Resets IPv6 configuration
■ Set Sets configuration information
■ Show Displays information
■ Uninstall Uninstalls IPv6
Ipsec6.exe
Ipsec6.exe is used to configure and implement IPSec security policies (SPs) and security associations (SAs) for IPv6 Using this utility, you can save and load security policies and security associations to
a file that can be edited in a text editor.This can be a real timesaver when you implement IPSec for
IPv6 on multiple machines.The command to save a configuration is ipsec6 s
the extension automatically.The extension spd is added to security policy files, and the extension sad is added to security association files If you are executing this command for the first time, and there are no current policies and no current security associations, the files created can act as tem-plates to help you get started
Trang 8Other ipsec6 commands are available to works with security policies and security associations:
■ To load the configuration from these files, type ipsec6 l FilenameWithNoExtension The
security policies will be loaded from Filename.spd and the security associations from Filename.sad.
■ To delete security policies and security associations, type ipsec6 d [{sp | sa}] [Index]
from a command line Use the sp parameter with the Index of the policy you wish to
delete, or the sa parameter to delete all of the security associations.
■ To determine what the current security policies are, type ipsec6 sp [Interface] from the command line, where Interface is optional and applies to the security policies for the
speci-fied network interface
■ To view the current security associations, type ipsec6 sa from the command line Note
that the output from the commands to view the security policies and security associations
is not formatted well for a command line, so you might prefer to save the configuration and view the files in Notepad
IPv6 PING and Tracert Parameters
Use the following steps to use IPv6 PING to verify connectivity:
1 From a command prompt, type netsh interface ipv6 show interface.
2 Find the Idx value for Local Area Connection.
3 Type netsh interface ipv6 show interface Idx, where Idx is the number from the
pre-vious step.The Local Area Connection index number is usually 4.
4 Right-click in the command window and select Mark.Then highlight the address Once
it is highlighted, right-click in the command prompt window When you release the
mouse button, the address will be copied to the Clipboard.Take note of your Zone ID for Link, which should match the Idx number in step 3.
5 Exit the netsh command At a regular command prompt, type ping, and then right-click
in the command prompt window and select Paste.
6 Without adding any spaces, add %<ZoneID>, where ZoneID is the number noted in step
4, so the command looks like this:
Ping fe80::204:5aff:fe08:fb4b%4
7 Press Enter.You should see four successful replies.
8 Continue by pinging another address on the same local network
9 To test external hosts, ping the global address of another node
10 To test name resolution with DNS or a hosts file, ping a node with ping -6 Name, where Name is the site name.The -6 parameter tells PING to use IPv6 only.
Trang 9You can use Tracert to trace the path taken by IPv6 data packets from this host to the
destina-tion host From a command prompt, type tracert IPv6Address%ZoneID, where IPv6 is a valid IPv6 address and ZoneID is the destination address Alternatively, type tracert –d -6 Hostname, where
Hostname is the name of the remote machine.
6to4 Tunneling
6to4 tunneling is used to encapsulate IPv6 data packets in IPv4 headers before they are transmitted
to the destination host 6to4 tunneling uses a 6to4 host and 6to4 routers to deliver the IPv6 data It
is an Internet standard, defined in RFC 3056, and is used for interoperability between IPv4 and IPv6 networks 6to4 hosts and routers are defined as follows:
■ 6to4 host Any IPv6 host that is configured with at least one 6to4 address 6to4 can be
configured with the netsh interface ipv6 6to4 commands As you might have noticed when you ran the show interface command, by default, your IPv6-enabled host will have
a 6to4 pseudo-interface, as well as an automatic tunneling pseudo-interface
■ 6to4 router Uses IPv4 and IPv6 to forward 6to4 traffic to the destination 6to4 hosts It
is also possible to implement a 6to4 relay router to forward 6to4 router traffic on the IPv6 Internet
With 6to4 tunneling, it is not necessary for IPv6 hosts to get an IPv6 global address prefix from their ISPs.The host can create a 6to4 address automatically
IPv6 Helper Service
The IPv6 Helper service is responsible for automatically configuring itself with the appropriate 6to4
addresses, but it uses a specific 6to4 router on the Internet.You can test functionality with the ping -6command
The 6bone
The 6bone is a dedicated IPv6 network that exists on the Internet It began as a virtual network using IPv6 over IPv4 encapsulation It contains links to many sites and includes a great deal of IPv6 data, testing plans, news, current events, and implementation instructions It will be a valuable resource for managing IPv6 on your network For more information about the 6bone, see
www.6bone.net For instructions on how to connect to the 6bone, see
www.opus1.com/ipv6/whatisthe6bone.html
Teredo (IPv6 with NAT)
Teredo is the name for IPv4 network address translator (NAT) traversal for IPv6 It provides an IPv6/IPv4 translation over NAT and address assignment.Teredo also provides the mechanism for host-to-host automatic tunneling for unicast IPv6 connectivity when IPv6/IPv4 hosts are located behind one or more NAT servers
Currently, to provide IPv6 connectivity over the Internet, you must have a 6to4 router with a public IPv4 address, which is not always feasible.Teredo provides a mechanism for IPv6 traffic to
Trang 10traverse NATs and access the Internet using IPv6 Basically, IPv6 packets are sent as IPv4-based UDP messages, and this allows the IPv6 packets to pass through the IPv4 NAT server For more information about Teredo, see the Teredo Overview document located at www.microsoft.com/win-dowsxp/pro/techinfo/administration/p2p/overview.asp
Planning the Network Topology
The next phase in planning your TCP/IP infrastructure is planning the IP routing solution to manage the traffic on your network.This will depend on the physical location of your equipment and users, as well as on how you want to distribute the addresses When your implement your strategy, you will also need to determine how the hosts on your network will resolve host names and implement the necessary services to provide that functionality.You will need to identify where the services such as DHCP, WINS, DNS, and so on must exist in your network to function properly and reduce the network bandwidth utilization
Analyzing Hardware Requirements
Before you implement your network topology, you should identify the hardware needs For each physical location, you will need to provide some sort of routing.You might need to implement a WAN solution using a T1 line, which also requires special hardware.You will need DHCP servers at each location or a DHCP relay agent.You will need to provide some form of name resolution, most likely DNS and possibly WINS Depending on the traffic and if you have a large number of users, you may decide to install switches to help manage network traffic
For a DHCP server, the two major factors that affect performance are the amount of physical random access memory (RAM) and the speed of the disk input/output (I/O).You should always provide the largest amount of RAM possible and the fastest disk I/O for the best performance on a DHCP server.The same rules apply for WINS and DNS servers, although DNS is more dependent
on network bandwidth In any case, frequent zone updates require more RAM for better perfor-mance
If you are using Active Directory (AD) DNS, there are other considerations related to AD, such
as these:
■ Increased network utilization due to dynamic DNS updates related to DCHP integration and WINS reverse lookups
■ Increased RAM requirements due the increased data volume
Planning the Placement of Physical Resources
The quantity of data and the type of network traffic affect the location of IP resource servers in your enterprise If the WAN link is slow, you might want to place DNS caching servers at each location to reduce WAN traffic related to DNS resolution.You might also consider providing a DNS server at each location to provide redundancy In addition, by creating an AD integrated pri-mary zone, you will allow clients to update their resource records locally Defining which DNS servers can act as forwarders and perform iterative queries will help manage the Internet traffic