Presentation on theme: "Chapter 7 1 Chap 7 – Implementing IP Addressing Services Learning Objectives Configure DHCP in an enterprise branch network Configure NAT on a Cisco router."— Presentation transcript:
Chapter 7 1 Chap 7 – Implementing IP Addressing Services Learning Objectives Configure DHCP in an enterprise branch network Configure NAT on a Cisco router Configure new generation RIP (RIPng) to use IPv6
Chapter 7 2 Dynamic Host Configuration Protocol (DHCP) Automatically assigns IP addresses Only DHCP server needs to be assigned an address Client computers are configured to accept address from server after boot-up
Chapter 7 3 Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) works in a client/server mode. DHCP enables DHCP clients on an IP network to obtain their configurations from a DHCP server. Less work is involved in managing an IP network when DHCP is used. The most significant configuration option the client receives from the server is its IP address. The DHCP protocol is described in RFC 2131
Chapter 7 4 Dynamic Host Configuration Protocol There are three mechanisms used to assign an IP address to the client: Automatic allocation – DHCP assigns a permanent IP address to a client. Manual allocation – The IP address for the client is assigned by the administrator. DHCP conveys the address to the client. Dynamic allocation – DHCP assigns, or leases, an IP address to the client for a limited period of time.
Chapter 7 5 Major DHCP features
Chapter 7 6 Dynamic Host Configuration Protocol (DHCP) 1. Discover (Broadcast) 2. Offer (Unicast – do you want 192.168.1.3?) 3. Request (Broadcast – yes please) 4. Acknowledge (Unicast – you have 192.168.1.3) PC 1 DHCP Server 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.6 DHCP Pool
Chapter 7 8 DHCP Message Format 16318024 OP Code Transaction Identifier Client Hardware Address (CHADDR) Client IP Address (CIADDR) Your Address (YIADDR) Server IP Address (SIADDR) Gateway IP Address (GIADDR) Flags Seconds HardwareHW Address Hops Server Name (SNAME) Boot Filename DHCP Options
Chapter 7 9 DHCP Discover Client broadcasts DHCP request on UDP port 67
Chapter 7 10 DHCP Offer Server responds to DHCP request on UDP port 68
Chapter 7 11 Configure DHCP Server – Exclude Addresses Define a range of addresses that DHCP is not to allocate. These are usually static addresses reserved for the router interface, switch management IP address, servers, and local network printers.
Chapter 7 12 Configure DHCP Server – DHCP Address Pool Configuring a DHCP server involves defining a pool of addresses to assign. The ip dhcp pool command creates a pool with the specified name and puts the router in DHCP configuration mode, which is identified by the Router(dhcp-config)# prompt.
Chapter 7 13 Configure DHCP Server – DHCP Tasks Configure the available addresses and specify the subnet network number and mask of the DHCP address pool. Use the network statement to define the range of available addresses. Define the default gateway or router for the clients to use with the default-router command.
Chapter 7 14 Configuring DHCP Server The DHCP service is enabled by default on versions of Cisco IOS that support it. To disable the service, use the no service dhcp command. Use the service dhcp global configuration command to re-enable the DHCP server process.
Chapter 7 15 Verifying and Troubleshooting DHCP To verify the operation of DHCP, use the show ip dhcp binding command. This command displays a list of all IP address to MAC address bindings that have been provided by the DHCP service.
Chapter 7 16 Verifying and Troubleshooting DHCP To verify that messages are being received or sent by the router, use the show ip dhcp server statistics command. This command displays count information regarding the number of DHCP messages that have been sent and received.
Chapter 7 17 Verifying and Troubleshooting DHCP View multiple DHCP pools using the show ip dhcp pool command.
Chapter 7 18 From the Client PC command line, enter to display the IP settings of the computer: Verifying and Troubleshooting DHCP
Chapter 7 19 Configuring DHCP Client 10.0.0.2 10.0.0.3 SOHO ISP Cisco routers in SOHO and branch sites may have to be configured to accept an interface IP address from the ISP’s DHCP server. Frequently, it is the Ethernet interface that is used to connect to a cable modem. Fa0/0Fa0/1 DHCP Server
Chapter 7 20 DHCP Relay DHCP clients use IP broadcasts to find the DHCP server on the segment - Routers do not forward these broadcasts. When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.
Chapter 7 21 DHCP Relay By default, the ip helper-address command forwards the following eight UDP services: Time TACACS DNS BOOTP/DHCP Server BOOTP/DHCP Client TFTP NetBIOS Name Service NetBIOS datagram Service
Chapter 7 22 Configuring IP helper addresses To configure RTA e0, the interface that receives the Host A broadcasts, to relay DHCP broadcasts as a unicast to the DHCP server, use the following commands: RTA(config)#interface e0 RTA(config-if)#ip helper-address 172.24.1.9
Chapter 7 23 Trouble Shooting DHCP Resolving IP Address Conflicts Verify Physical Connectivity Test Network Connectivity by Configuring Client workstation with a Static IP Address Verify Switch Port Configuration (STP Portfast and other Commands) Distinguishing whether DHCP Clients Obtain IP address on the Same Subnet or VLAN as DHCP Server
Chapter 7 24 Private & Public IP Addresses Public Internet addresses are regulated by five Regional Internet Registries (RIRs): ARIN RIPE APNIC LACNIC AfriNIC All public Internet addresses must be registered with a Regional Internet Regiestry (RIR). Organisations can lease public addresses from an ISP. Only the registered holder of a public Internet address can assign that address to a network device.
Chapter 7 25 Private IP Addresses Class A Class B Class C 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255
Chapter 7 26 Network Address Translation 192.168.1.100 192.168.1.101 192.168.1.1 22.214.171.124 DestinationSource Segment 192.168.1.101 126.96.36.199 Destination Source Segment 188.8.131.52 184.108.40.206 Router Router is configured to ‘hide’ private IP addresses by substituting them for the public IP address assigned to its Internet interface, and carrying out the reverse process for received packets. Packet
Chapter 7 27 Introducing NAT and PAT NAT, as defined by RFC 1631, is the process of swapping one address for another in the IP packet header. In practice, NAT is used to allow hosts that are privately addressed to access the Internet. NAT translations can occur dynamically or statically. The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same outside address.
Chapter 7 28 NAT Terms Cisco defines the following NAT terms: Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Centre (InterNIC) or service provider. This address is likely to be an RFC 1918 private address. Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world. Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
Chapter 7 29 NAT Example The translation from Private source IP address to Public source IP address. 220.127.116.11 10.0.0.3 DASA 18.104.22.168 22.214.171.124 DASA RTA Outside GlobalInside LocalInside GlobalOutside Global
Chapter 7 30 Translation back, from Public destination IP address to Private destination IP address. NAT Example 10.0.0.3 126.96.36.199 DASA 188.8.131.52 184.108.40.206 DASA RTA Inside LocalOutside Global Inside Global
Chapter 7 31 Static NAT is designed to allow one-to-one mapping of local and global addresses. This is particularly useful for hosts which must have a consistent address that is accessible from the Internet. These internal hosts may be enterprise servers or networking devices. Dynamic NAT is designed to map a private IP address to a public address. Any IP address from a pool of public IP addresses is assigned to a network host. NAT Features
Chapter 7 32 NAT Overload NAT Overload allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic). Modifies the TCP/UDP source port to track inside Host addresses if both hosts select the same source port.
Chapter 7 33 NAT Benefits Conserves the legally registered addressing scheme Increases the flexibility of connections to the public network Provides consistency for internal network addressing schemes. Provides network security
Chapter 7 34 Performance is degraded End-to-end functionality is degraded End-to-end IP traceability is lost Tunneling is more complicated Initiating TCP connections can be disrupted Architectures need to be rebuilt to accommodate changes NAT Drawbacks
Chapter 7 35 Configuring Static NAT R2 Inside Network Internet Server 192.168.10.254 S0/0/0 10.1.1.2 S0/1/0 220.127.116.11
Chapter 7 39 Port Forwarding Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router. The problem is that NAT does not allow requests initiated from the outside. This situation can be resolved with manual intervention. Port forwarding allows the identification of specific ports that can be forwarded to inside hosts. 192.168.10.10 192.168.11.11 S0/0/0 10.1.1.2 S0/1/0 18.104.22.168 Internet WWW Server Re-direct traffic for port 80 to 192.168.10.10
Chapter 7 40 Verifying & Troubleshooting NAT Configuration By default, NAT translation entries time out after 24 hours. It is sometimes useful to clear the dynamic entries sooner than the default timer. This is especially true when testing the NAT configuration.
Chapter 7 45 IPv4 / IPv6 Comparison There are so many IPv6 addresses available that many trillions of addresses could be assigned to every human being on the planet. There are approximately 665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth!
Chapter 7 46 IPv6 Representation Mobility and security: Mobile IP RFC-compliant IPsec mandatory (or native) for IPv6 Simple header: Routing efficiency Performance and forwarding rate scalability No broadcasts No checksums Extension headers Flow labels Transition richness: Dual-stack 6to4 and manual tunnels Translation Enhanced IP addressing: Global reachability and flexibility Aggregation Multihoming Autoconfiguration Plug-and-play End-to-end without NAT Renumbering
Chapter 7 47 Next Header Version 163124804 IPv6 Packet Header Flow LabelTraffic Class Payload Length Hop Limit Source IP Address Destination IP Address
Chapter 7 48 IPv6 Addressing Leading zeros in a field are optional. For example, the field 09C0 equals 9C0, and the field 0000 equals 0. Therefore: 2031:0000:130F:0000:0000:09C0:876A:130B can be written as 2031:0:130F:0000:0000:9C0:876A:130B. Successive fields of zeros can be represented as two colons "::". However, this shorthand method can only be used once in an address. Therefore: 2031:0:130F:0000:0000:9C0:876A:130B can be written as 2031:0:130F::9C0:876A:130B. An unspecified address is written as "::" because it contains only zeros. 2031:0000:130F:0000:0000:09C0:876A:130B. An IPv6 address can be shortened by applying the following guidelines:
Chapter 7 50 Global Routing Prefix IPv6 Address Structure Interface IDSubnet ID 128 Bits Network PortionHost Portion 48 Bits16 Bits64 Bits Interface ID – identifies a host interface address Subnet ID – 65,536 possible subnets Global Routing Prefix – issued by IANA or RIR to ISPs at /32 or /35 in length, ISPs then issue to customers with /48 mask
Chapter 7 52 Global Routing Prefix Assigning IPv6 Addresses Interface IDSubnet ID 64 Bits IPv6 addresses use interface identifiers to identify interfaces on a link. Interface identifiers are required to be unique on a specific link. Interface identifiers are always 64 bits and can be dynamically derived from a Layer 2 address (MAC). IPv6 address ID can be assigned statically or dynamically: 1.Static assignment using a manual interface ID 2.Static assignment using an EUI-64 interface ID 3.Stateless auto-configuration 4.DHCP for IPv6 (DHCPv6)
Chapter 7 53 Manual Interface ID Assignment Statically assign an IPv6 address to a device by manually assigning both the prefix (network) and interface ID (host) portion of the IPv6 address: RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64
Chapter 7 54 Manual Interface ID Assignment Each layer-2 MAC address consists of a 12-digit hexadecimal number, split into 2-digit pairs by colons: 07:57:AC:1F:B2:76 EUI-64 stretches IEEE 802 MAC addresses from 48 to 64 bits by inserting 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier: 07:57:AC:FF:FE:1F:B2:76 Assign an EUI-64 address to the interface of a Cisco router: RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64
Chapter 7 55 IPv6 Transition Strategies Different transition mechanisms are available: 1.Dual stack 2.Manual tunnel 3.6to4 tunnel 4.ISATAP tunnel 5.Teredo tunnel Different compatibility mechanisms: Proxying and translation (NAT-PT) "Dual stack where you can, tunnel where you must."
Chapter 7 56 Cisco Dual IOS Stack Ethernet IPv4IPv6 Transport Application IPv4 IPv6 Fa0/1 IPv4 Internet IPv6 Internet Cisco IOS Release 12.2(2)T and later are IPv6-ready. As soon as IPv4 and IPv6 is configured on the interface, it becomes dual-stacked and forwards IPv4 and IPv6 traffic on that interface.
Chapter 7 57 IPv6 Tunnelling Tunneling is an integration method in which an IPv6 packet is encapsulated within another protocol, such as IPv4. Requires dual-stack routers
Chapter 7 58 IPv6 Routing Considerations IPv6 address size - Address size affects the information-processing functions of a router. Systems using a 64-bit CPU, bus, or memory structure can pass both the IPv4 source and destination address in a single processing cycle. For IPv6, the source and destination addresses require two cycles each-four cycles to process source and destination address information – reduction in performance. Multiple IPv6 node addresses - Because IPv6 nodes can use several IPv6 unicast addresses, memory consumption of the Neighbor Discovery cache may be affected. IPv6 routing protocols - IPv6 routing protocols are similar to their IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing updates have to carry more information. Routing table Size -Increased IPv6 address space leads to larger networks and a much larger Internet. This implies larger routing tables and higher memory requirements to support them.
Chapter 7 59 Routing Information Protocol Next Generation (RIPng) RFC 2080 defines RIPng as a simple routing protocol based on RIP. RIPng is no more or less powerful than RIP, however, it provides a simple way to bring up an IPv6 network without having to build a new routing protocol. RIPng includes the following features: 1. Based on IPv4 RIP version 2 (RIPv2) and is similar to RIPv2 2. Uses IPv6 for transport 3. Includes the IPv6 prefix and next-hop IPv6 address 4. Uses the multicast group FF02::9 as the destination address for RIP updates (this is similar to the broadcast function performed by RIP in IPv4) 5. Sends updates on UDP port 521 6. Is supported by Cisco IOS Release 12.2(2)T and later
Chapter 7 60 Configure IPv6 Address MAC Address 0260:3e47.1530
Chapter 7 63 Chap 7 – Implementing IP Addressing Services Learning Objectives Configure DHCP in an enterprise branch network Configure NAT on a Cisco router Configure new generation RIP (RIPng) to use IPv6