- IP Address Planning
- Hierarchical Addressing Using Variable-Length SubnetMasks
- Route Summarization
- Classless Interdomain Routing
- Network Address Translation
- Understanding IP Version 6
- Configuration Exercise 1-1: Basic Connectivity
- Configuration Exercise 1-2: NAT Using Access Lists andRoute Maps
- Solution to Configuration Exercise 1-1: Basic Connectivity
- Solution to Configuration Exercise 1-2: NAT Using Access Lists and Route Maps
- Review Questions
Hierarchical Addressing Using Variable-Length Subnet Masks
VLSM is a crucial component of an effective IP addressing plan for a scalable network. This section introduces VLSM, provides examples, and discusses methods of determining the best subnet mask for a given address requirement.
Network Mask and Prefix Length
The concept and definition of a network mask and the prefix length field relate to hierarchically addressed network implementation. This section discusses the purpose of the network mask and the prefix length and describes their use within a network.
IP Addressing and Subnetting
This section is an overview of IP addressing and subnetting. Appendix A, "Job Aids and Supplements," includes a more detailed review of these topics.
A subnet mask is a 32-bit value that identifies which bits in an address represent network bits and which represent host bits. To create a subnet mask for an address, use a 1 for each bit of the address that you want to represent the network or subnet portion of the address, and use a 0 for each bit of the address that you want to represent the node portion of the address. Note that the 1s in the mask are contiguous. The default subnet masks for Classes A, B, and C addresses are as shown in Table 1-1.
Table 1-1 IP Address Default Subnet Masks
Default Mask in Binary
Default Mask in Decimal
When contiguous 1s are added to the default mask, making the all-1s field in the mask longer, the definition of the network part of an IP address is extended to include subnets. Adding bits to the network part of an address decreases the number of bits in the host part. Thus, creating additional networks (subnets) is done at the expense of the number of host devices that can occupy each network segment.
The number of bits added to a default routing mask creates a counting range for counting subnets. Each subnet is a unique binary pattern.
The number of subnetworks created is calculated by the formula 2n, where n is the number of bits by which the default mask was extended. Subnet 0 (where all the subnet bits are 0) must be explicitly allowed using the ip subnet-zero global configuration command in Cisco IOS releases before 12.0. In Cisco IOS Release 12.0 and later, subnet 0 is enabled by default.
This book describes the formula for obtaining the number of subnets differently than some previous Cisco courses and books. Previously, the same formula that was used to count hosts, 2n 2, was used to count subnets. Now 2n subnets and 2n 2 hosts are available. The 2n rule for subnets has been adopted because the all-1s subnet has always been a legal subnet according to the RFC, and subnet 0 can be enabled by a configuration command on Cisco routers (and, in fact, it's on by default in Cisco IOS Release 12.0 and later). Note, however, that not all vendor equipment supports the use of subnet 0.
The remaining bits in the routing mask form a counting range for hosts. Host addresses are selected from these remaining bits and must be numerically unique from all other hosts on the subnetwork.
The number of hosts available is calculated by the formula 2n 2, where n is the number of bits in the host portion. In the host counting range, the all-0s bit pattern is reserved as the subnet identifier (sometimes called the wire), and the all-1s bit pattern is reserved as a broadcast address, to reach all hosts on that subnet.
Both the IP address and the associated mask contain 32 bits. Routers are similar to computers in that both use the binary numbering scheme to represent addresses. Network administrators, however, typically do not use binary numbers on a daily basis and therefore have adopted other formats to represent 32-bit IP addresses. Some common formats include decimal (base 10) and hexadecimal (base 16) notations.
The generally accepted method of representing IP addresses and masks is to break the 32-bit field into four groups of 8 bits (octets) and to represent those 8-bit fields in a decimal format, separated by decimal points. This is known as 32-bit dotted-decimal notation.
Although dotted-decimal notation is commonly accepted, this notation means nothing to routing or computing devices, because devices internally use the 32-bit binary string. All routing decisions are based on the 32-bit binary string.
Subnet masks are used to identify the number of bits in an address that represent the network, subnet, and host portions of the address. Another way of indicating this information is to use a prefix. A prefix is a slash (/) followed by a numeric value that is the number of bits in the network and subnet portions of the addressin other words, the number of contiguous 1s that are in the subnet mask. For example, assume you are using a subnet mask of 255.255.255.0. The binary representation of this mask is 11111111.11111111.11111111.00000000, which is 24 1s followed by eight 0s. Thus, the prefix would be /24, for the 24 bits of network and subnet information, the number of 1s in the mask.
Use of the Network Mask
If a PC has an IP address of 192.168.1.67 with a mask of 255.255.255.240 (or a prefix length of /28), it uses this mask to determine the valid host addresses for devices on its local connection. These devices have the first 28 bits in their IP address in common (the range of these local devices is 192.168.1.65 through 192.168.1.78). If communication with any of these devices is necessary, the PC uses Address Resolution Protocol (ARP) to find the device's corresponding media access control (MAC) address (assuming that it does not already have a destination MAC address for the IP address in its MAC table). If a PC needs to send information to an IP device that is not in the local range, the PC instead forwards the information to its default gateway. (The PC also uses ARP to discover the MAC address of the default gateway.)
A router behaves in a similar manner when it makes a routing decision. A packet arrives on the router and is passed to the routing table. The router compares the packet's destination IP address to the entries in the routing table. These entries have a prefix length associated with them. The router uses the prefix length as the minimum number of destination address bits that must match to use the corresponding outbound interface that is associated with a network entry in the routing table.
Network Mask Example
Consider a scenario in which an IP packet with a destination address of 192.168.1.67 is sent to a router. The router's IP routing table is shown in Example 1-1.
Example 1-1 IP Routing Table for Network Mask Example
In this scenario, the router determines where to send a packet that is destined for 192.168.1.67 by looking at the routing table. The routing table has four entries for network 192.168.1.0. The router compares the destination address to each of the four entries for this network.
The destination address of 192.168.1.67 has the first three octets in common with all four entries in the routing table, but it is not clear by looking at the decimal representation which of those entries is the best match to route this packet. A router handles all packets in binary, not dotted-decimal, notation.
Following is the binary representation of the last octet for destination address 192.168.1.67 and the binary representation of the last octet for the four entries in the IP routing table. Because the prefix length is 28 and all four entries match at least the first 24 bits of 192.168.1, the router must find the routing table entry that matches the first 4 bits (bits 25 to 28) of the number 67. It is not important if the last 4 bits match, so the target is 0100xxxx. The routing entry 64, which has a value of 0100 in the first 4 bits, is the only one that matches the requirement:
The router therefore uses the 192.168.1.64 entry in the routing table and forwards this packet to the next router (192.168.1.33) on the Ethernet 0 interface.
Implementing VLSM in a Scalable Network
Key Point: Classful Versus Classless Routing
A major network (also known as a classful network) is a Class A, B, or C network.
With classful routing, routing updates do not carry the subnet mask. Therefore, only one subnet mask must be in use within a major network. This is known as Fixed-Length Subnet Masking (FLSM). Examples of classful routing protocols are RIP version 1 (RIPv1) and IGRP.
With classless routing, routing updates do carry the subnet mask. Therefore, different masks may be used for different subnets within a major network. This is known as VLSM. Examples of classless routing protocols are RIP version 2 (RIPv2), OSPF, Intermediate System-to-Intermediate System (IS-IS), and Enhanced Interior Gateway Routing Protocol (EIGRP).
Classful and classless routing protocols are discussed further in Chapter 2.
VLSM allows more than one subnet mask within a major network and enables the subnetting of a previously subnetted network address.
The network shown in Figure 1-10 is used to illustrate how VLSM works.
Figure 1-10 Network for the VLSM Example
The following are some characteristics that permit VLSMs to conserve IP addresses:
Efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire Class A, B, or C network number.
Greater capability to use route summarizationVLSMs allow for more hierarchical levels within an addressing plan and thus allow better route summarization within routing tables. For example, in Figure 1-10, address 172.16.12.0/22 summarizes all the subnets that are further subnets of 172.16.12.0/22.
For example, suppose a network architect decides to use the 172.16.0.0/16 address space to design a corporate network. The architect determines that 64 blocks of addresses with up to 1022 hosts in each are required. Therefore, 10 host bits (210 2 = 1022) and 6 subnet bits (26 = 64) are required for each block. The mask is therefore 255.255.252.0; the prefix is /22.
The network architect assigns address block 172.16.12.0/22 to Division X, as shown in Figure 1-10. The prefix mask of /22 indicates that all addresses within that range have the first 22 bits in common (when reading from left to right). The prefix mask provides Division X with a range of addresses from 172.16.12.0 through 172.16.15.255. The details of the range of addresses available to Division X are shown in the center block of Figure 1-11. Within Division X, the networks are assigned addresses in this range, with varying subnet masks. Details of these address assignments are provided in the next section.
Reduced number of routing table entriesIn a hierarchical addressing plan, route summarization allows a single IP address to represent a collection of IP addresses. When VLSM is used in a hierarchical network, it allows summarized routes, which keeps routing table entries (on the routers that receive the summarized routes) manageable and provides the following benefits:
Reduction in the number of CPU cycles to sort through the routing table entries to find a match and for routing table recalculation
Reduction in router memory requirements
Reduced bandwidth required to send the fewer, smaller routing updates
Faster convergence after a change in the network
Increased network stability
Because of the reduced router requirements, it also might be possible to use some less-powerful (and therefore less-expensive) routers in the network.
The address 172.16.12.0/22 represents all the addresses that have the same first 22 bits as 172.16.12.0. Figure 1-11 displays the binary representation of networks 172.16.11.0 through 172.16.16.0. Notice that 172.16.12.0 through 188.8.131.52 all have the first 22 bits in common, whereas 172.16.11.0 and 172.16.16.0 do not have the same first 22 bits. Therefore, the address 172.16.12.0/22 represents the range of addresses 172.16.12.0 through 172.16.15.255.
VLSM Calculation Example
You can best understand the design and implementation of a scalable IP address plan if you study a detailed example of how a VLSM network is laid out.
Figure 1-12 shows a detailed view of the same Division X shown in Figure 1-10.
Figure 1-12 Detailed IP Addressing of Division X in Figure 1-10
In Division X, the following exist:
One VLAN on each of the two Ethernet ports of Router D, each with 200 users.
Three remote sites, at Routers A, B, and C, each with a 24-port Cisco 2924 10/100 switch. Corporate management guarantees that the number of users at each remote site does not exceed 20.
Three serial links to the remote sites. The serial links are point-to-point Frame Relay and require an address on each side.
VLSM allows you to further subnet the 172.16.12.0/22 address space, using variable masks, to accommodate the network requirements. For example, because point-to-point serial lines require only two host addresses, you can use a subnetted address that has only two host addresses and therefore does not waste scarce subnet numbers.
To start the VLSM process, determine the number of subnets necessary for the networks to which you need to assign IP addresses, and determine the number of hosts necessary per subnetwork. You can determine the number of hosts by checking corporate policy to see if a limit is set per segment or VLAN, checking the physical number of ports on a switch, and checking the current size of the network or networks at other sites that fulfill the same role.
The decimal-to-binary conversion chart in Appendix A might be helpful when you are calculating VLSMs.
Because IP addresses are binary, they are used in blocks of powers of 2. A block of addresses contains 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, and so on addresses. Two addresses are lost each time you create a subnet: one for the network (wire) address and the other for the broadcast address.
The lowest address of the range, where the host bits are all 0s, is known as the network number or the wire address. The top of the address range, where the host bits are all 1s, is the broadcast address. The number of addresses in a block that can be assigned to devices is 2n 2, where n is the number of host bits. For example, with 3 host bits, 23 2 = 8 2 = 6 addresses can be assigned.
To determine the size of the block of addresses needed for a subnet, follow these steps:
Calculate the maximum number of hosts on that subnet.
Add 2 to that number for the broadcast and subnet numbers.
Round up to the next higher power of 2.
In this example, the VLANs each have 200 users; therefore, the number of addresses required is 200 + 2 = 202. Rounding up to the next power of 2 gives you 256. Thus, 8 (28 = 256) host bits are required for the VLANs; therefore, the prefix is /24 (32 bits 8 bits for the host = 24 bits). The network administrator subnets the 172.16.12.0/22 into four /24 subnets on router D. 172.16.12.0/24 is assigned to VLAN 1, and 172.16.13.0/24 is assigned to VLAN 2. This leaves two /24 subnets, 172.16.14.0/24 and 172.16.15.0/24, to use for the switches at the three remote sites and the three serial point-to-point links.
The number of addresses required for the LANs at each remote site is 20 + 2 = 22. Rounding this up to the next power of 2 gives you 32. Thus, 5 host bits (25 = 32) are required to address the remote users at each site. Therefore, the prefix to use is /27 (32 bits 5 bits for the host = 27).
You cannot use the 172.16.12.0/24 or 172.16.13.0/24 networks, because they are assigned to VLANs 1 and 2 on router D. The process to further subnet 172.16.14.0/24 into /27 subnets is shown in Figure 1-13. The first three subnets calculated in Figure 1-13 are used on the LANs in Figure 1-12.
Figure 1-13 Calculating Subnet Addresses for the LANs in Figure 1-12
Serial Line Addresses
After you establish the addresses for the LANs at the remote sites, you must address the serial links between the remote sites and router D. Because the serial links require two addresses, the number of addresses required is 2 + 2 = 4 (the two additional addresses are for the network number and the broadcast address).
In this case, there is no need to round up, because 4 is a power of 2. Therefore, 2 host bits will allow for two hosts per subnet. A network mask of /30 (32 bits 2 host bits = 30 bits) is used. This prefix allows for only two hostsjust enough hosts for a point-to-point connection between a pair of routers.
To calculate the subnet addresses for the WAN links, further subnet one of the unused /27 subnets. In this example, 172.16.14.224/27 is further subnetted with a prefix of /30. The three additional subnet bits result in 23 = 8 subnets for the WAN links.
Key Point: Further Subnet Only Unused Subnets
It is important to remember that only unused subnets should be further subnetted. In other words, if you use any addresses from a subnet, that subnet should not be further subnetted. In Figure 1-12, three subnet numbers are used on the LANs. Another, as-yet unused subnet, 172.16.14.224/27, is further subnetted for use on the WANs.
The WAN addresses derived from 172.16.14.224/27 are as follows. The shaded bits are the 3 additional subnet bits:
172.16.14.11100000 = 172.16.14.224/30
172.16.14.11100100 = 172.16.14.228/30
172.16.14.11101000 = 172.16.14.232/30
172.16.14.11101100 = 172.16.14.236/30
172.16.14.11110000 = 172.16.14.240/30
172.16.14.11110100 = 172.16.14.244/30
172.16.14.11111000 = 172.16.14.248/30
172.16.14.11111100 = 172.16.14.252/30
The first three of these subnets are used on the WANs shown in Figure 1-12.
The address information for the router A to router D link is as follows:
Router A serial interface172.16.14.225
Router D serial interface172.16.14.226
The address information for the router B to router D link is as follows:
Router B serial interface172.16.14.229
Router D serial interface172.16.14.230
The address information for the router C to router D link is as follows:
Router C serial interface172.16.14.233
Router D serial interface172.16.14.234
Note that to provide the most flexibility for future growth, the 172.16.14.224/27 subnet was selected for the WANs instead of using the next available subnet, 172.16.14.96/27. For example, if the company purchases more switches, the next IP segment could be assigned the 172.16.14.96/27 subnet, and the new remote site would be connected to router D with the 172.16.14.236/30 serial subnet.
The 172.16.15.0/24 block could have been used for these /30 subnets, but only three subnets are currently needed, so a lot of the address space would be unused. The 172.16.15.0/24 block is now available to use on another LAN in the future.
Summary of Addresses Used in the VLSM Example
Figure 1-14 summarizes the addresses, in binary, used in this example.
Figure 1-14 Binary Representation of the Addresses Used in Figure 1-12
Another VLSM Example
This section illustrates another example of calculating VLSM addresses. In this example, you have a subnet address 172.16.32.0/20, and you need to assign addresses to a network that has ten hosts. With this subnet address, however, you have 212 2 = 4094 host addresses, so you would be wasting more than 4000 IP addresses. With VLSM, you can further subnet the address 172.16.32.0/20 to give you more subnetwork addresses and fewer hosts per network, which would work better in this network topology. For example, if you subnet 172.16.32.0/20 to 172.16.32.0/26, you gain 64 (26) subnets, each of which can support 62 (26 2) hosts.
To further subnet 172.16.32.0/20 to 172.16.32.0/26, do the following, as illustrated in Figure 1-15:
Write 172.16.32.0 in binary.
Draw a vertical line between the 20th and 21st bits, as shown in Figure 1-15.
Draw a vertical line between the 26th and 27th bits, as shown in Figure 1-15.
Calculate the 64 subnet addresses using the bits between the two vertical lines, from lowest to highest. Figure 1-15 shows the first five subnets available.
Figure 1-15 Further Subnetting a Subnetted Address
VLSM calculators are available on the web. The following URL contains the one offered by Cisco: http://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl. (Note that you need to have an account on Cisco's website to use this calculator.)