Networkers 2001, Australia March 28-30, Brisbane © 2001, Cisco Systems, Inc.

1

Introduction to IP Address Management Chris Tough

© 2001, Cisco Systems, Inc.

2

Agenda:

• Introduction • NAT/PAT • VLSM • Route Summarization • DNS • DHCP © 2001, Cisco Systems, Inc.

www.cisco.com

3

IP Address Management Issues

• Lack of available addresses • Effective use of address space • Managing allocated addresses

© 2001, Cisco Systems, Inc.

www.cisco.com

4

Private Network Numbers (RFC 1918) Internet • Unlimited addresses with private network numbers • Allows for flexible addressing schemes • Requires NAT/PAT to access Internet

Private Network 10.0.0.0/8

Private Network Numbers 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 © 2001, Cisco Systems, Inc.

www.cisco.com

(10/8 prefix) (172.16/12 prefix) (192.168/16 prefix) 5

Managing Names and Addresses

Edit by Hand

© 2001, Cisco Systems, Inc.

Spreadsheet

www.cisco.com

Custom Application

6

Migrating to Directories Etc.

Many Users

DNS DNS

2000

Firewall

Firewall Firewall

Directory Directory DHCP DHCP

Policy Policy

DNS

1990’s

DHCP PC Inventory

Multiple Sources of Data

Single Source of Data

1980’s

Dial-In

1970’s E-Mail

© 2001, Cisco Systems, Inc.

Few Users www.cisco.com

7

Agenda:

• Introduction • NAT/PAT • VLSM • Route Summarization • DNS • DHCP © 2001, Cisco Systems, Inc.

www.cisco.com

8

Private Network Numbers (RFC 1918) Internet • Unlimited addresses with private network numbers • Allows for flexible addressing schemes • Requires NAT/PAT to access Internet

Private Network 10.0.0.0/8

Private Network Numbers 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 © 2001, Cisco Systems, Inc.

www.cisco.com

(10/8 prefix) (172.16/12 prefix) (192.168/16 prefix) 9

NAT, PAT, and Dynamic NAT 10.0.0.7

Private Network 10.0.0.0/8 172.16.0.0/12

10.0.100.151 172.16.4.57

Translation

Internet

Internal Add. External Add. Translation 10.0.0.7 161.44.16.7 Static NAT

Note Permanent Mapping for Mail Server 10.0.100.151 161.44.16.105 Dynamic NAT VoIP Phone Calling on the Internet 172.16.4.57 161.44.17.5 PAT Web client browsing Internet

Mapping

How It Works

Permanent—1 to 1

Permanent Mappings between Internal Servers to external addresses

Dynamic NAT

Dynamic—1 to 1

Pool of External Addresses Dynamically Assigned to Internal Clients for Duration of Session

PAT

Dynamic—Many to 1

Multiple Internal Clients Share Single External Address

Static NAT

© 2001, Cisco Systems, Inc.

www.cisco.com

10

NAT in PIX, and Cisco IOS Packet with Embedded IP Address SA: 10.0.5.8 DA: 161.44.8.9

Translated Packet

NAT Mappings 10.0.5.8 -> 171.68.10.5

SA: 171.68.10.5 DA: 161.44.8.9

161.44.8.9

Pool of NAT Addresses 171.68.10.2-100

10.0.5.8 10.0.5.8

171.68.10.5

Easy

Telnet, FTP, HTTP, Simple C/S Apps

Yes

Cisco IOS Yes

Difficult

Multimedia, H.323, NetBIOS, DNS, Dual NAT, SQL*NET, Dynamic Port Negotiation

Yes

Most

Impossible

SNMP

-

-

Translation

© 2001, Cisco Systems, Inc.

Applications

www.cisco.com

PIX

11

Agenda:

• Introduction • NAT/PAT • VLSM • Route Summarization • DNS • DHCP © 2001, Cisco Systems, Inc.

www.cisco.com

12

Variable Length Subnet Masking (VLSM) 192.16.25.1 255.255.255.248 • Use more than one subnet mask within a class based address • Use part of the host address as subnet address • Even more efficient use of IP addressing • Implications for routing protocol • Greater capability to use route summarization © 2001, Cisco Systems, Inc.

www.cisco.com

13

VLSM Example 172.20.10.0/30 172.20.10.4/30 172.20.10.8/30 172.20.10.12/30

172.20.10.0/24

. . 172.20.10.248/30 172.20.10.252/30

© 2001, Cisco Systems, Inc.

www.cisco.com

14

Avoids Subnet Wastage

© 2001, Cisco Systems, Inc.

www.cisco.com

15

Example 5 HOSTS 192.168.20.224/28

2 HOSTS 2 HOSTS

192.168.20.240/30 50 HOSTS

192.168.20.244/30

192.168.20.128/26

15 HOSTS 192.168.20.192/27 © 2001, Cisco Systems, Inc.

www.cisco.com

16

Agenda:

• Introduction • NAT/PAT • VLSM • Route Summarization • DNS • DHCP © 2001, Cisco Systems, Inc.

www.cisco.com

17

What Is It? • Described in RFC 1518 • Route aggregation or supernetting • Many addresses represented as one • Reduces size of the routing table • Important in large internetworks • Helps to isolate topology changes

© 2001, Cisco Systems, Inc.

www.cisco.com

18

Summarizing Within an Octet

172.108.168.0 = 10101100 . 01101100 . 10101 000 . 00000000 172.108.169.0 =

172

.

108

. 10101 001 .

0

172.108.170.0 =

172

.

108

. 10101 010 .

0

172.108.171.0 =

172

.

108

. 10101 011 .

0

172.108.172.0 =

172

.

108

. 10101 100 .

0

Number of common bits = 21

Non-common bits = 11

Summary = 172.108.168.0/21

© 2001, Cisco Systems, Inc.

www.cisco.com

19

Summarizing in a VLSM Network Internet Summary Route 172.16.0.0/16

172.16.128.0/20

© 2001, Cisco Systems, Inc.

172.16.129.0/20

www.cisco.com

172.16.64.0/26

20

Agenda:

• Introduction • NAT/PAT • VLSM • Route Summarization • DNS • DHCP © 2001, Cisco Systems, Inc.

www.cisco.com

21

How DNS Works DNS Namespace cisco.com zone (root) COM

• Hierarchical name space • Each node in tree represents domain/subdomain • Some subdomains are defined as zones • Each zone has a “primary” name server responsible for all lower nodes • Resource records (RR) are defined for each node

© 2001, Cisco Systems, Inc.

www.cisco.com

CISCO

WWW

TIMSPC

RTP

timspc.cisco.com

22

How DNS Works DNS Queries • Clients query local DNS server for IP addresses

Root Name Server

• Local server starts with the root name server and recursively queries DNS servers until it finds a server that has the answer • Local servers send answers back to the clients and cache the answers

Local DNS Server

Q. What Is the IP Address for www.cisco.com? © 2001, Cisco Systems, Inc.

www.cisco.com

.COM Name Server CISCO.COM Name Server

www.cisco.com A. 161.44.10.9

DNS Client Outside of Cisco Network 23

WINS • Windows Internet Names Service (WINS) NetBIOS Names Service (NBNS) Windows NT file and print services Flat name space

• Coexists with DNS • Scaling problems in large networks • Win2000 uses DNS instead of WINS! © 2001, Cisco Systems, Inc.

www.cisco.com

24

Windows 2000 and Active Directory • Here Now! • DNS requirements Dynamic DNS updates (RFC 2136) SRV records

• Active directory is dependent on DNS • WINS is phased out © 2001, Cisco Systems, Inc.

www.cisco.com

25

Agenda:

• Introduction • NAT/PAT • VLSM • Route Summarization • DNS • DHCP © 2001, Cisco Systems, Inc.

www.cisco.com

26

How DHCP Works Obtaining a Lease • Dynamically assigns configuration information • Creates IP address pools to conserve addresses and support mobile users

DHCP Server

Send My Configuration Information

• Clients broadcasts DHCP Discover packet on local subnet • Multiple servers can respond • Client chooses first or best response © 2001, Cisco Systems, Inc.

DHCP Client Here is your configuration: IP Address: 192.204.18.7 Subnet Mask: 255.255.255.0 Default Routers: 192.204.18.1, 192.204.18.3 DNS Servers: 192.204.18.8, 192.204.18.9 WINS Server: 192.204.18.9 Lease Time: 5 days

www.cisco.com

27

How DHCP Works DHCP Discover Process Server 1

• DHCP client broadcasts DHCP DISCOVER packet on local subnet

Client

VER O C DIS st) a adc o r (B

O

• DHCP servers send OFFER packet with lease information • DHCP client selects lease and broadcasts DHCP REQUEST packet

FFE (Un R ica st)

EST U Q RE ast) adc (Bro

• Selected DHCP server sends DHCP ACK packet © 2001, Cisco Systems, Inc.

www.cisco.com

Server 2 DISC OVE (Bro R ad cas t)

ER OFF

) cast (Uni

REQ UES (Bro T a dca st)

ACK t) cas i n (U

28

How DHCP Works DHCP Packet OP Code

Hardware Type

Hardware Length

HOPS

Transaction ID (XID) Seconds

Flags

Client IP Address (CIADDR) Your IP Address (YIADDR) Server IP Address (SIADDR) Gateway IP Address (GIADDR) Client Hardware Address (CHADDR)—16 bytes Server Name (SNAME)—64 bytes Filename—128 bytes DHCP Options © 2001, Cisco Systems, Inc.

www.cisco.com

29

How DHCP Works DHCP Options Common DHCP Options

• Server passes configuration options to client

Option Option

• Over 100 options defined • Most DHCP clients support approximately 10 options • Custom and vendor options available

© 2001, Cisco Systems, Inc.

Lease Lease Time Time Subnet Subnet Mask Mask Default Default Routers Routers DNS DNS Servers Servers Domain Domain Name Name Host Host Name Name WINS WINS Servers Servers NetBIOS NetBIOS Node Node Type Type Client Client Identifier Identifier

www.cisco.com

Code Code 51 51 11 33 66 15 15 12 12 44 44 46 46 61 61

30

Cisco IOS DHCP Server • Available in Cisco IOS 12.0(1)T or greater • DHCP/Bootp server Intelligent DHCP relay Secondary addresses PING before lease and custom options

• Caveats DHCP lease information stored on remote system using TFTP, FTP or RCP No dynamic DNS or DHCP Failover © 2001, Cisco Systems, Inc.

www.cisco.com

31

Cisco IOS DHCP Server Configuration ! Start DHCP Server service dhcp ! ! Store DHCP Lease database on tftp server ip dhcp database tftp://tftp.cisco.com/dhcp.db ! ! ! Create DHCP address pool for the 10.0.0.0/28 network ip dhcp pool subnet-10 lease 3 0 0