Sunday, 31 March 2013

IP Subnetting


Method of Subnetting Benefits of Subnetting

Subnetting is the most tested topic of CCNA. In this article I would show you the method of subnetting.


Benefit of Subnetting


Reduced network traffic

One network will not access the data of other network without the use of router. Thus we can reduce the amount of data remain in one network. Less data less overhead, collision, or broadcast storm.

Optimized network performance

This is a result of reduced network traffic.

Simplified management

It's easier to identify and isolate network problems in a group of Smaller connected networks than within one gigantic network. Facilitated spanning of large geographical distances Because WAN links are significantly slower and more expensive than LAN links, a single large network that spans long distances can create problems in every area earlier listed. Connecting multiple smaller networks makes the system more efficient.

Powers of 2

Powers of 2 are important to understand and memorize for use with IP subnetting.
21229512
2242101024
2382112048
24162124096
25322138192
266421416384
2712821532768
2825621665536
Before we go further let's get familiar with subnetting components

Subnet mask

A subnet mask is a 32-bit value that allows the receiver of IP packets to distinguish the network ID portion of the IP address from the host ID portion of the IP address. Every IP address is composed of a network component and a host component. The subnet mask has a single purpose: to identify which part of an IP address is the network component and which part is the host component. Subnet mask value 0 represent host ID while subnet mask value 1 to 255 represents Network ID in ip address.

Classless Inter-Domain Routing (CIDR)

This slash notation is sometimes called CIDR (Classless Inter-Domain Routing) notation. It's basically the method that ISPs (Internet service providers) use to allocate a number of Addresses to a company, a home—a customer. The slash notation is simply the number of 1s in a row in the subnet mask. The real reason to use CIDR notation is simply that it is easier to say and especially to type.

Address Class and Default Mask

Subnetting happens when we extend the subnet mask past the default boundary for the address we are working with. So it's obvious that we first need to be sure of what the default mask is supposed to be for any given address. When faced with a subnetting question, the first thing to do is decide what class the address belongs to. And later decide what the default subnet mask is. One of the rules that Cisco devices follow is that a subnet mask must be a contiguous string of 1s followed by a contiguous string of 0s. There are no exceptions to this rule: A valid mask is always a string of 1s, followed by 0s to fill up the rest of the 32 bits. (There is no such rule in the real world, but we will stick to the Cisco rules here—it's a Cisco exam, after all.) Therefore, the only possible valid values in any given octet of a subnet mask are 0, 128, 192, 224, 240, 248, 252, 254, and 255. Any other value is invalid.

Block Size

The process of subnetting creates several smaller classless subnets out of one larger classful . The spacing between these subnets, or how many IP addresses apart they are, is called the Block Size.

Network ID and Broadcast ID

The first address in a network number is called the network address, or wire number. This address is used to uniquely identify one segment or broadcast domain from all the other segments in the network.
The Broadcast ID
The last address in the network number is called the directed broadcast address and is used to represent all hosts on this network segment. it is the common address of all hosts on that Network ID. This should not be confused with a full IP broadcast to the address of 255.255.255.255, which hits every IP host that can hear it; the Broadcast ID hits only hosts on a common subnet. A directed broadcast is similar to a local broadcast.
The main difference is that routers will not propagate local broadcasts between segments, but they will, by default, propagate directed broadcasts.

Host Addresses

Any address between the network address and the directed broadcast address is called a host address for the segment. You assign these middle addresses to host devices on the segment, such as PCs, servers, routers, and switches.

Method of Subnetting

There is several method of subnetting. Different author different approach to calculate the subnets. You should choose the method you can understand and perform subnetting easily. Whatever approach you choose need conversion of decimal to binary. Cram up this chart
2726252423222120
1286432168421
To convert a decimal number into binary, you must turn on the bits (make them a 1) that would add up to that number, as follows:
187 = 10111011 = 128+32+16+8+2+1
224 = 11100000 = 128+64+32
To convert a binary number into decimal, you must add the bits that have been turned on (the 1s), as follows:
10101010 = 128+32+8+2 = 170
11110000 = 128+64+32+16 = 240
The IP address 138.101.114.250 is represented in binary as
 10001010.01100101.01110010.11111010 
The subnet mask of 255.255.255.224 is represented in binary as
 11111111.11111111.11111111.11100000 

Practical approach of subnetting

When faced with a subnetting question, the first thing to do is decide what class the address belongs to. for examples:
192.168.1.1
The first octet is between 192 and 223 so it is a Class C address
Default mask for Class C: is 255.255.255.0
In exam default subnet mask is not subnetted. Now write down the given ip address as shown here. Write down the default side of IP as it is and reset of part where actual subnetting will perform in binary
192.168. 1 .00000001
255.255.255.00000000
(defaul maks)
Step 1:- calculate the CIDR value
CIDR are the on bit in subnet mask. As you can see in our example we have on bit only in default side.
255.255.255.00000000
So our CIDR value is 24 + 0 = 24
Step 2:- calculate the Subnet mask
To calculate the subnet mask use the binary to decimal chart given above. Add the decimal place value of on network bit.
              <==H bit
 255.255.255.00000000
 N bit==>
In our example we are using on default mask so our subnet mask will be 255.255.255.0
Step 3:- calculate the Total Host
To calculate the total host count the H bit and use this formula
Total host = 2H
             <==H bit
 255.255.255.00000000
 Total host = 28 = 256
Step 4:- calculate the Valid Host
Subtract 2 from Total host Every network or subnet has two reserved addresses that cannot be assigned to a host. These addresses are called the Network ID and the Broadcast ID, respectively. They are the first and last IPs in any network or subnet. We lose those two IP addresses from the group of values that could be assigned to hosts.
Total host - 2
256 -2 = 254
Step 5:- calculate the Network
To calculate the Network count the N bit and use this formula
Network = 2N
255.255.255.00000000
            N bit==>
Network = 20 = 1 
Step 6:- Find out the block Size 
Finding block size is very easy just subtract the subnet mask from 256
256 – Subnet mask
(only the last octal, don't include the default subnet mask)
256 - 0 = 256
Step 7:- Write down the subnet chart
Network 1
CIDR Value /24IPSunetmask
Net ID192.168.1.0255.255.255.0
First Valid Host192.168.1.1255.255.255.0
Last Valid Host192.168.1.254255.255.255.0
Broadcast ID192.168.1.255255.255.255.0


Subnetting of CIDR /25


Now do the subnetting of CIDR /25 using same method
Step 1:- calculate the CIDR value CIDR = sum of all on bit in subnet mask
255.255.255.10000000
So our CIDR value is 24 + 1 = 25
Step 2:- calculate the Subnet mask
Add the decimal place value of on network bit.
              <==H bit
 255.255.255.10000000
    N bit==>
In our example we have one on bit and as you can see in decimal chart the place value of 1000000 is 128 so our subnet mask will be 255.255.255.128
Step 3:- calculate the Total Host
Total host = 2H <==H bit 255.255.255.10000000 Total host = 27 = 128 
Step 4:- calculate the Valid Host
Subtract 2 from Total host
Total host - 2
128 -2 = 126
Step 5:- calculate the Network
To calculate the Network count the N bit and use this formula
Network = 21 255.255.255.10000000 N bit==> Network = 21 = 2 
Step 6:- Find out the block Size
256 – Subnet mask (only the last octal, don't include the default subnet mask) 256 - 128 = 128
With help of block size you can easy find out the network ID and broadcast ID of all possible networks as we have 8 bits in one octal those can give maximum of 28 = 256 decimal number
We start from 0 so it will end up on 255 (Do not get confuse because we are counting from 0 not from 1 so the last digit will be 255 not 256. It will 256 only when you count from 1 ). All subnetting will perform between these two numbers.
Create a table of x Columns where x is the number of your network
First ip of first network will always be 0 and last ip of last network will be 255 fill its in chart 
Now you have network ID of first network and broadcast ID of last network.
Now add block size in the first ip of first network to get the network ID of second network and so on till we get the network id of last network
 First network ID 0 Second Network ID 0 +128 = 128
Fill this in Chart.
As you can see from 128 next network is started so the last IP of first network will be 127 fill it in chart. With this method you can fill the last ip of all networks.
Now you have first ip ( network ID ) of all networks and the last ip (Broadcast ID) of all networks. At this point you can easily fill the valid ip in each network. As valid hosts are all ip address those fall between network ip and host ip.
Step 7:- Write down the subnet chart
CIDR /25Network 1Network 2
Net ID192.168.1.0192.168.1.128
First Valid Host192.168.1.1192.168.1.129
Last Valid Host192.168.1.126192.168.1.254
Broadcast ID192.168.1.127192.168.1.255

Binary ANDing

Binary ANDing is the process of performing multiplication to two binary numbers. In the decimal numbering system, ANDing is addition: 2 and 3 equals 5. In decimal, there are an countless number of answers when ANDing two numbers together. However, in the binary numbering system, the AND function give up only two possible outcomes, based on four different combinations. These answers, can be displayed as a truth table:
 0 and 0 = 0 1 and 0 = 0 0 and 1 = 0 1 and 1 = 1
You use ANDing most often when comparing an IP address to its subnet mask. The end result of ANDing these two numbers together is to give up the network number of that address.

Example Question

What is the network number of the IP address 192.168.100.115 if it has a subnet mask of 255.255.255.240?
Answer
Step 1 Convert both the IP address and the subnet mask to binary:
192.168.100.115 = 11000000.10101000.01100100.01110011
255.255.255.240 = 11111111.11111111.11111111.11110000
Step 2 Perform the AND operation to each pair of bits—1 bit from the address ANDed to the corresponding bit in the subnet mask. Refer to the truth table for the possible outcomes:
192.168.100.115 = 11000000.10101000.01100100.01110011
255.255.255.240 = 11111111.11111111.11111111.11110000
  ANDed result = 11000000.10101000.01100100.01110000
Step 3 Convert the answer back into decimal:
11000000.10101000.01100100.01110000 = 192.168.100.112
The IP address 192.168.100.115 belongs to the 192.168.100.112 network when a mask of 255.255.255.240 is used.

My easy method

Conversion of decimal to binary and vice versa to get network ID is too time consuming process in exam. So I found this easy method.
Step 1:- Decide from which class this IP belongs and what's its default subnet mask
As given IP have 192 in its first octal so it's a class C IP. And default subnet mask of class C is 255.255.255.0
Step2:- Find out the block size. ( As we describe above)
 256 -240 = 16
Step3:- Write down all possible network using block size till we do not get our host partition in middle of two network
 0,16,32,48,64,80,96,112,128,
As our host number is 115 which fall in the network of 112 so our network ID is
 192.168.1.112
And our host's broad cast ID is 192.168.1.127 as from 128 onward next network will start. Easy as I promise

VLSM


VLSM Step by Step
Neither RIPv1 nor IGRP routing protocols have a field for subnet information, so the subnet information gets dropped. What this means is that if a router running RIP has a subnet mask of a certain value, it assumes that all interfaces within the classful address space have the same subnet mask. This is called classful routing, and RIP and IGRP are both considered classful routing protocols.
Classless routing protocols, however, do support the advertisement of subnet information. Therefore, you can use VLSM with routing protocols such as RIPv2, EIGRP, and OSPF. The benefit of this type of network is that you save a bunch of IP address space with it.
VLSM enables you to have more than one mask for a given class of address, albeit a class A, B, or C network number.
VLSM, originally defined in RFC 1812, allows you to apply different subnet masks to the same class address space Classful protocols, such as RIPv1 and IGRP, do not support VLSM. To deploy VLSM requires a routing protocol that is classless—BGP, EIGRP, IS-IS, OSPF, or RIPv2, for instance.
VLSM provides Two major advantages:
  • more efficient use of addressing
  • Ability to perform route summarization

when you perform classful subnetting, all subnets have the same number of hosts because they all use the same subnet mask. This leads to inefficiencies. For example, if you borrow 4 bits on a Class C network, you end up with 14 valid subnets of 14 valid hosts. A serial link to another router only needs 2 hosts, but with classical subnetting, you end up wasting 12 of those hosts. Even with the ability to use NAT and private addresses, where you should never run out of addresses in a network design, you still want to ensure that the IP plan that you create is as efficient as possible.
An efficient addressing scheme using VLSM.
  • Find the largest segment in the area—the segment with the largest number of devices connected to it.
  • Find the appropriate subnet mask for the largest network segment.
  • Write down your subnet numbers to fit your subnet mask.
  • For your smaller segments, take one of these newly created subnets and apply a different, more appropriate, subnet mask to it.
  • Write down your newly subnetted subnets.

For even smaller segments, go back to step 4.
Route summarization is the ability to take a bunch of contiguous network numbers in your routing table and advertise these contiguous routes as a single summarized route.
Route summarization, or supernetting, is needed to reduce the number of routes that a router advertises to its neighbor. Remember that for every route you advertise, the size of your update grows. It has been said that if there were no route summarization, the Internet backbone would have warped from the total size of its own routing tables back in 1997.
Routing updates, whether done with a distance vector or link-state protocol, grow with the number of routes you need to advertise. In simple terms, a router that needs to advertise ten routes needs ten specific lines in its update packet. The more routes you have to advertise, the bigger the packet. The bigger the packet, the more bandwidth the update takes, reducing the bandwidth available to transfer data. But with route summarization, you can advertise many routes with only one line in an update packet. This reduces the size of the update, allowing you more bandwidth for data transfer.
Summarization allows you to create a more efficient routing environment by providing the following advantages:
  • It reduces the size of routing tables, requiring less memory and processing.
  • It reduces the size of updates, requiring less bandwidth.
  • It contains network problems

Example of VLSM

Above image shows several branch offices using subnetted Class C (/26) addresses that provide each branch with 62 possible host IPs. The branches are connected to the central office via point-to-point WAN links. The ideal mask to use for such a link is /30 because it provides only 2 hosts, one for each end of the link. The problem arises when the routing protocols are configured: Prior to VLSM, the /30 networks could not be used because the /26 networks existed in the same system and the classful routing protocols could only advertise one mask per class of address. All networks, including the little /30 links, had to use the same mask of /26. This wastes 60 IP addresses on each WAN link.
With the implementation of VLSM-capable routing protocols, we can deploy a /30 mask on the point-to-point links, and the routing protocols can advertise them as /30s along with the /26s in the branches because the subnet mask for each network is included in the routing updates.
VLSM has allowed us to make the point-to-point link networks the ideal size (two hosts on each) using /30 masks. This has allowed us to use a single subnetted Class C network for all the addressing requirements in this scenario—and as you'll see, it makes a perfect opportunity to summarize these routes. This is what is meant by "more efficient addressing"— in other words, making networks the right size without depleting the limited address space or limiting future growth.
lassless Interdomain Routing (CIDR), specified in RFC 2050, is an extension to VLSM and route summarization. 
With VLSM, you can summarize subnets back to the Class A, B, or C network boundary. For example, if you have a Class C network 192.168.1.0/24 and subnet it with a 26-bit mask, you have created four subnets. Using VLSM and summarization, you can summarize these four subnets back to 192.168.1.0/24.
CIDR takes this one step further and allows you to summarize a block of contiguous class A, B, and C network numbers. This practice is commonly referred to as supernetting. Today’s classless protocols support supernetting. However, it is most commonly configured by ISPs on the Internet using BGP.
Discontiguous subnets are not supported by classful protocols but are supported by classless protocols. Classful protocols do not include the subnet mask when advertising network and subnet numbers. When implementing route summarization, another thing you’ll need to consider is that routing decisions, by a router, must be made on the entire destination IP address in the IP packet header. The router always uses the longest matching prefix in the routing table.
CIDR allows you to summarize class networks together; VLSM allows you to summarize subnets only back to the class network boundaryEach segment has a single network number and mask. VLSM allows a class address, not a network segment, to have more than one subnet mask.


Access List

In this article we will configure standard access list. In this article we will use a RIP running topology. Whichwe have created in RIP routing practical




Because a standard access list filters only traffic based on source traffic, all you need is the IP address of the host or subnet you want to permit or deny. ACLs are created in global configuration mode and then applied on an interface. 
The syntax for creating a standard ACL is 

access-list {1-99 | 1300-1999} {permit | deny} source-address [wildcard mask] 

Three basic steps to configure Standard Access List 

  • Use the access-list global configuration command to create an entry in a standard ACL. 
  • Use the interface configuration command to select an interface to which to apply the ACL. 
  • Use the ip access-group interface configuration command to activate the existing ACL on an interface. 

With Access Lists you will have a variety of uses for the wild card masks, but typically For CCNA exam prospective you should be able to do following: 

  • Match a specific host
  • Match an entire subnet
  • Match an IP range
  • Match Everyone and anyone
Decide where to apply ACL and in which directions.
Our host must be able to communicate with other host except 40.0.0.0 so we will place this access list on FastEthernet 0/1 of R2 (2811) connected to the network of 40.0.0.0. Direction will be outside as packet will be filter while its leaving the interface. If you place this list on R1(1841) then host 10.0.0.3 will not be able to communicate with any other hosts including 40.0.0.0.
To configure R2 double click on it and select CLI (Choose only one method result will be same)
R2>enable
R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#access-list 1 deny host 10.0.0.3
R2(config)#access-list 1 permit any
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip access-group 1 out

OR

R2>enable
R2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#access-list 1 deny 10.0.0.3 0.0.0.0
R2(config)#access-list 1 permit any
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip access-group 1 out
To test first do ping from 10.0.0.3 to 40.0.0.3 it should be request time out as this packet will filter by ACL. Then ping 30.0.0.3 it should be successfully replay.
PC>ping 40.0.0.3

Pinging 40.0.0.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 40.0.0.3:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>ping 30.0.0.3

Pinging 30.0.0.3 with 32 bytes of data:

Request timed out.
Reply from 30.0.0.3: bytes=32 time=140ms TTL=126
Reply from 30.0.0.3: bytes=32 time=156ms TTL=126
Reply from 30.0.0.3: bytes=32 time=112ms TTL=126

Ping statistics for 30.0.0.3:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 112ms, Maximum = 156ms, Average = 136ms
As we applied access list only on specific host so other computer from the network of 10.0.0.0 must be able to connect with the network of 40.0.0.0. To test do ping from 10.0.0.2 to 40.0.0.3
PC>ipconfig

IP Address......................: 10.0.0.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 10.0.0.1

PC>ping 40.0.0.3

Pinging 40.0.0.3 with 32 bytes of data:

Request timed out.
Reply from 40.0.0.3: bytes=32 time=141ms TTL=126
Reply from 40.0.0.3: bytes=32 time=140ms TTL=126
Reply from 40.0.0.3: bytes=32 time=125ms TTL=126

Ping statistics for 40.0.0.3:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 125ms, Maximum = 141ms, Average = 135ms