Download presentation
Presentation is loading. Please wait.
Published byLynne Patterson Modified over 9 years ago
1
TCP/IP Addressing Design
2
Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems and describe strategies for resolving them Describe different address management tools -Secondary addressing -DHCP/DNS -Address translation Describe methods for implementing TCP/IP security features
3
Hierarcical Addressing
4
Prefix Length Determined from Context Variable-length prefixes are not a new invention – Prefix field identifies a network number – Host field identifies a device number 32 bits Prefix length = 8Host Prefix length = 16Host Prefix length = 24Host Class A Class B Class C
5
Prefix Length for classful & classless Routing “Classful” routers accept only a few prefix lengths 10.0.0.0/8 172.10.0.0/16 192.10.10.0/24 Class A Class B Class C 192.10.168.0/21Class C “Classless” routers accept any prefix length Prefix length is carried with an IP address
6
Subnetting Extends Prefix to the Right 32 bits Prefix Prefix length Host 172.16.0.0 255. 254.0 Assigned network address Subnetmask 255.255.254.0 11111111. 11111110. 00000000 510 Hosts126 Subnets 172.16.2.0Need 510 Hosts Need 2 Hosts 172.16.4.0 172.16.6.0 Good address utilization Poor address utilization RIP and IGRP require the same subnet mask on all interfaces
7
Classful Routing Protocols Do Not Advertise Prefix Length Subnetsmust be contiguous when using classful routing protocols 192.168.1.0/16 131.108.1.0/24131.108.2.0/24 A advertises 131.108.0.0 B advertises 131.108.0.0 A C B Router C: Where is network 131.108.0.0?
8
Classless Routing Protocols Allow Flexible Addressing
9
VLSM Saves Subnets in the WAN 131.108.13.8/30 255.255.255.252 131.108.13.16/30 255.255.255.252 131.108.13.12/30 255.255.255.252 131.108.13.4/30 255.255.255.252 131.108.15.0/24 255.255.255.0
10
Route Summarization (Aggregation) Subnetting extends prefix to the right Prefix Prefix length Host Summarization collapses prefix to the left Prefix Prefix length Host
11
Classless Routing and Prefix Routing I will just tell you about a summary route to 192.108.168.0/21. CIDR used by BGP4 Prefix routing used by EIGRP and OSPF 192.108.168.0 192.108.169.0 192.108.170.0 192.108.171.0 192.108.172.0 192.108.173.0 192.108.174.0 192.108.175.0
12
A Classless Routing Protocol Looks for the Longest Match 202.222.5.33/32host 202.222.5.32/27subnet 202.222.5.0/24network 202.222.0.0/16block of networks 0.0.0.0/0default IP routers support host-specific routes, blocks of networks, default routes
13
Secondary Addressing Useful in switched networks – Router may relay packets, acting as a default gateway – Host may communicate directly, using ARP for learning 172.16.2.2172.16.1.2 172.16.1.1 172.16.2.1
14
Host Address Assignment Static Dynamic – BOOTP – DHCP 131.108.6.3 255.255.255.0 Address request Address response
15
Name-to-Address Translation Cisco DNS/DHCP Manager – Manages domain names – Synchronizes IP addresses – Supports secondary addressing 172.16.2.2172.16.1.2 172.16.1.1 172.16.2.1 Client_1Client_2 DNS/DHCP Server Client_1172.16.1.2 Client_2172.16.2.2 : : : : : : : Next avail.172.16.1.3 DNS Table DHCP Table
16
Private versus Registered Addresses Three address blocks reserved for private networks – 10.0.0.0 (1 Class A) – 172.16.0.0 to 172.31.0.0 (16 Class B) – 192.168.0.0 to 192.168.255.0 (256 Class C) Address translation must occur to reach the Internet Private network (for example, 10.0.0.0) Public network (for example, Internet) Address translation gateway
17
Network Address Translation Cisco router provides – Network address translation only Private network (for example, 10.0.0.0) Public network (for example, Internet)
18
Cisco Private Internet Exchange Private Internet Exchange platform provides – Address translation – Firewall service Private network (for example, 10.0.0.0) Public network (for example, Internet) PIX Private servers Public servers
19
IP Security Considerations Private Network Public Network Policy Establish a security policy Implement firewall features Control access –Local –Remote
20
Implementing IP Security Policy drives implementation choices Private network (for example, 10.0.0.0) Public network (for example, Internet) Firewall System Policy
21
Policy Considerations for Security Determine how much security you need Trade off ease of use and configuration with security demands Determine what data outsiders need to reach Quantify the cost of the proposed security system Implement a simple, robust design
22
Many Aspects of Security Authorization, authentication, data integrity, privacy issues Firewalls are just one piece of the puzzle Firewalls Access Management Host Security Encryption Policy
23
Firewall System with Isolated LANs prevent unauthorized and improper access from external networks Public servers on outside LAN I cannot access the private network. Untrusted User Public Firewall System Private servers Public servers Private
24
Additional Firewall Functionality Network address translation Application proxy Packet filter Audit trail Login protection InternetFirewall System 10.0.0.0 InterNIC registered address
25
Disable All Unnecessary Features Disable Telnet, TFTP, and proxy services Outside filter FTP, WWW, Internet No VTYs No TFTP No finger Physical console port Public server Firewall System
26
Be Specific About Access Allowed Allow specific services to specific hosts on DMZ LAN only HTTP to host B only FTP to host A only DNS to host C only
27
Block Traffic from Firewall Routers, Hosts I have cracked the firewall!Where can I get to from here? Do not trust Telnet from firewall systems I am getting aTelnet from the firewall! I guess that’s OK! Telnet Untrusted User
28
Avoid IP Spoofing Deny packets from outside your network that claim to have a source address inside your network Filter source 131.108.X.X 131.108.0.0 Untrusted User
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.