Archive for November, 2011

Sub(net) Operations! (Part I)

Posted in Cisco Certification with tags , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , on November 22, 2011 by jjrinehart

Sub(marine) Net(ting)

I have always had a fascination about submarines.  I read about them in school, created many crude designs for personally sized ones, and dreamed about actually building one.  Fortunately, I lacked the tools and resources to do that, which is one of many reasons I am still alive to write this right now.  I also watched an inordinately large number of movies on the subject, one of which was Down Periscope starring Kesley Grammer, who took on nuclear subs in an antiquated diesel one and actually won.

One reason for the military’s use of submarines is their ability to evade a certain amount of detection, which was capitalized in the movie The Hunt for Red October, which the U.S. Navy had a hard time tracking.  The typical defense of surface ships against these vessels were depth charges (explosive barrels dumped in or around the subs to sink them) as well as anti-submarine nets (pictured in the photo above).  This brings us to another CCNA level topics, namely, submarine netting, or rather, subnetting.  Corny? Yes, but I suspect now that you are unlikely to ever forget it.

Subnetting is the process of taking an address space and carving it up into smaller parts, a lot like what happens when you take a cake or pie and split it into smaller servings.  Here is the rationale:  inefficient usage of IP addresses wastes both space and addresses. Going back to the pie analogy, there are very few people who will simply sit down and consume the entire dessert in one sitting, partly for health reasons and partly to lengthen the ability to enjoy it.  Subnetting works the same way, in which you divide up an address space (Class A, B or C) into smaller parts for better use.  Here is one example, using Class C addresses in the range of 192.168.0.0/16:

Without Subnetting:

1.  Management VLAN: 192.168.1.0/24.  Only 4 addresses needed, wasting 250 (.0 not usable/255 is broadcast)

2. Production VLAN: 192.168.11.0/24. Only 14 address addresses needed, wasting 240  (.0 not usable/255 is broadcast)

3. WAN Link: 192.168.111.0/24.  Only 2 address addresses needed, wasting 252  (.0 not usable/255 is broadcast)

Total Addresses Used:  20    Total Addresses Wasted: 742

Using Subnetting:

1.  Management VLAN: 192.168.1.0/28. 14 usable addresses consumed (.1 – .6, .0 is subnet, .15 is broadcast)

2. Production VLAN: 192.168.1.16/29. Only 6 address addresses consumed (.16 not usable, .23 is broadcast)

3. WAN Link: 192.168.1.24/30.  Only 2 address addresses consumed (.24 not usable, .27 is broadcast)

Total Addresses Used:  20    Total Addresses Spared: 742 (234 for remainder of 192.168.1.0, 255 for 192.168.11.0, 255 for 192.168.111.0)

The example used here went from three Class C networks with wasted addresses, to the fractional use of one network with more efficient use of address space.  This gives you an idea of how beneficial subnetting is.  Next time we will dig into how it works.

– Joe

Addressing a Secret Agent! (no, not really)

Posted in Cisco Certification with tags , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , on November 3, 2011 by jjrinehart

Agent 004 1/2

For me, there will always be only ONE James Bond, namely Sean Connery.  While that certainly dates me a little bit (I am in my 40’s, you can stop laughing now), I just never cared for the subsequent incarnations of the role by the later actors, and I certain envy Connery’s continued appeal and longevity.  In any case, James Bond represents the consummate “black ops” agent, although the older term most of us grew up with was spy or secret agent.

That thought makes a great entry point into a particularly helpful area of network knowledge, namely, private addressing.  As we discussed earlier, IP addressing assumes the ability to globally route packets based on the source and destination addresses contained in the IPV4 header.  As with many human inventions, however, there were unexpected flaws in the Internet, and it became the victim of its own success.  Because of the vast popularity of the commercial Internet, IP address space was rapidly getting utilized, creating a threat called address exhaustion (think of it as a widespread shortage).  One of the mechanisms created to address this problem was the creation of private addressing, defined in RFC
1918 and 4193.  Private addressing operates under the legitimate assumption that every device does not need or require a globally routable address and even encouraged the use of groups of addresses that are not allowed on the Internet (we will discuss Network Address Translation in the next article).  Three ranges, each in a separate address class, were designated for private addressing, as follows:

Class Networks Range # of Addresses
CIDR Notation Network/Mask Notation
A 10.0.0.0/8 10.0.0.0  255.0.0.0 10.0.0.0 – 10.255.255.255 16,777,216
B 172.16.0.0/12 172.16.0.0  255.240.0.0 172.16.0.0 –
172.31.255.255
1,048,576
C 192.68.0.0/16 192.168.0.0
255.255.0.0
192.168.0.0 –
192.168.255.255
65,536

In my personal experiences as a network professional, I can tell you that the range I have seen on most enterprise networks is from the 10.0.0.0/8 range.  That makes sense, because the address space is incredibly vast and unlikely to be exhausted in just about any environment!  I have also
seen some usage in the 192.168.0.0/16 range, particularly in consumer devices.  Cisco/Linksys devices use this range by default, and even some of the business-grade units, such as the ASA 5505, utilize this set of addresses.  The advantages are that they are well-suited for smaller environments and fairly straightforward overall.  The 172.16.0.0/12 range is one that I have seen on a few, very limited and rare
occasions.  Honestly, I am curious about the reasons for this.

In our next discussion, we will consider the fraternal twin of private addressing, namely, Network Address Translation.

–  Joe