Introduction
DHCP
Introducing DHCP
DHCP assigns IP addresses and other important network configuration information dynamically.
DHCP Operation
Manual Allocation: The administrator assigns a preallocated IP address to the client and DHCP only communicates the IP address to the device. Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device. Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.
Both DHCP and BOOTP are client/server based and use UDP ports 67 and 68. Those ports are still known as BOOTP ports.
DHCP Discover
DHCP Offer
10
Example
11
Verifying DHCP
PC1: ipconfig /all
12
Verifying DHCP
PC2: ipconfig /all
13
Verifying DHCP
14
15
16
DHCP Relay
Host Problem
17
DHCP Relay
Host Renew
18
DHCP Relay
Broadcast
Unicast
DHCP Relay
Notice that the RTA interface e3, which connects to the server farm, is not configured with helper addresses. However, the output shows that for this interface, directed broadcast forwarding is disabled. This means that the router will not convert the logical broadcast 172.24.1.255 into a physical broadcast with a Layer 2 address of FF-FF-FF-FF-FFFF. To allow all the nodes in the server farm to receive the broadcasts at Layer 2, e3 will need to be configured to forward directed broadcasts with the following command: RTA(config)#interface e3 RTA(config-if)#ip directed-broadcast
H c vi n m ng Bach Khoa - Website: www.bkacad.com 20
DHCP Relay
L3 Broadcast
L2 Broadcast
The Cisco IOS provides the global configuration command ip forwardprotocol to allow an administrator to forward any UDP port in addition to the default eight.
22
23
24
25
26
27
28
What is NAT ?
29
NAT Terminology
Inside local address - Usually not an IP address assigned by a RIR or service provider and is most likely an RFC 1918 private address. Inside global address - Valid public address that the inside host is given when it exits the NAT router. When traffic from PC1 is destined for the web server at 209.165.201.1, router R2 must translate the address. In this case, IP address 209.165.200.226 is used as the inside global address for PC1. Outside global address - Reachable IP address assigned to a host on the Internet. For example, the web server is reachable at IP address 209.165.201.1. Outside local address - The local IP address assigned to a host on the outside network. In most situations, this address will be identical to the outside global address of that outside device.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 30
31
32
33
NAT Example
Inside local address The IP address assigned to a host on the inside network. This address is likely to be an RFC 1918 private address. Inside global address A legitimate (Internet routable or public) IP address assigned the service provider that represents one or more inside local IP addresses to the outside world. Outside local address The IP address of an outside host as it is known to the hosts on the inside network. Outside global address The IP address assigned to a host on the outside network. The owner of the host assigns this address.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 34
NAT Example
1 2
DA 128.23.2.2
DA 128.23.2.2
35
NAT overload
36
37
38
39
Example
40
41
42
Example
43
44
45
46
47
Port Forwarding
Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside through a NAT-enabled router.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 48
Port Forwarding
http://portforward.com
49
50
51
Step 1. Based on the configuration, clearly define what NAT is supposed to achieve. This may reveal a problem with the configuration. Step 2. Verify that correct translations exist in the translation table using the show ip nat translations command. Step 3. Use the clear and debug commands to verify that NAT is operating as expected. Check to see if dynamic entries are recreated after they are cleared. Step 4. Review in detail what is happening to the packet, and verify that routers have the correct routing information to move the packet.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 52
IPv6
53
54
55
Address space
56
IPv6 Features
57
IPv6 Features
58
Flow Label: 20-bit field that allows a particular flow of traffic to be labeled. It can be used for multilayer switching techniques and faster packet-switching performance. Extension Headers: Follows the previous eight fields. The number of extension headers is not fixed, so the total length of the extension header chain is variable.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 59
Extension header
Extension Header
Extension Header
60
Extension header
61
(Resource Reservation Protocol [RSVP] and Multicast Listener Discovery version 1 [MLDv1]) and the jumbogram, this header (value = 0) is processed by all hops in the path of a packet. Destination options header (when the routing header is used) Routing header: Used for source routing and mobile IPv6 (value = 43). Fragment header: Used when a source must fragment a packet that is larger than the MTU for the path between itself and a destination device. Authentication Header and Encapsulating Security Payload header: Used within IPsec to provide authentication, integrity, and confidentiality of a packet. The Authentication Header (value = 51) The ESP header (value = 50) Upper-layer header: Typical headers used inside a packet to transport the data. The two main transport protocols are TCP (value = 6) and UDP (value = 17).
H c vi n m ng Bach Khoa - Website: www.bkacad.com 62
Leading zeros in a field are optional, so 09C0 = 9C0 and 0000 = 0. Successive fields of zeros can be represented as :: only once in an address. An unspecified address is written as :: because it contains only zeros.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 63
1.
2. 3.
Unicast address Link local (FE80::/10): Scope is configured to single link. The address is unique only on this link, and it is not routable off the link. (similar to 169.254.x.x private address) Site local (FEC0::/10): similar to private address. Global: Globally unique, so it can be routed globally with no modification. A global address has an unlimited scope on the worldwide Internet. Packets with global source and destination addresses are routed to their target destination by the routers on the Internet. Multicast address (FF00::/8): IPv6 does not have broadcast addresses. The range of multicast addresses in IPv6 is larger than in IPv4. For the foreseeable future, allocation of multicast groups is not being limited. Anycast address: An anycast address identifies a list of devices or nodes; therefore, an anycast address identifies multiple interfaces. A packet sent to an anycast address is delivered to the closest interface, as defined by the routing protocols in use.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 64
Special Address
65
Global Unicast Addresses are defined by a global routing prefix, a subnet ID, and an interface ID. The current global unicast address assignment by the Internet Assigned Numbers Authority (IANA) uses the range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of assigned block addresses. The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the five RIR registries (ARIN, RIPE, APNIC, LACNIC, and AfriNIC). Addresses with a prefix of 2000::/3 (001) through E000::/3 (111), with the exception of the FF00::/8 (1111 1111) multicast addresses, are required to have 64-bit interface identifiers in the Extended Universal Identifier (EUI)-64 format. When a unicast address is assigned to more than one interface, thus turning it into an anycast address, the nodes to which the address is assigned must be explicitly configured to use and recognize the anycast address.
66
67
Stateless Autoconfiguration
1. Phase 1: MAC 00-0C-29-C2-52-FF -> 02-0C-29-FF-FE-C2-52-FF 2. Phase 2: well-known link-local prefix fe80::/64 is added -> 3. 4.
fe80::20c:29ff:fec2:52ff Phase 3: Verify the addresss uniqueness on the link, called duplicate address detection (DAD). Send ICMPv6. Phase 4: Assigned
H c vi n m ng Bach Khoa - Website: www.bkacad.com 68
69
The 2 most common techniques to transition from IPv4 to IPv6 are as follows: 1. Dual stack 2. IPv6-over-IPv4 (6to4) tunnels For communication between IPv4 and IPv6 networks, IPv4 addresses can be encapsulated in IPv6 addresses.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 70
Dual stacking is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time. Using IPv6 on a Cisco IOS router requires that you use the global configuration command ipv6 unicast-routing. This command enables the forwarding of IPv6 datagrams.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 71
IPv6 Tunneling
Tunneling is an integration method where an IPv6 packet is encapsulated within another protocol, such as IPv4. This method enables the connection of IPv6 islands without needing to convert the intermediary networks to IPv6. When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4 header, and the packet includes a 20-byte IPv4 header with no options and an IPv6 header and payload. It also requires dual-stack routers. Tunneling presents these issues: The MTU is decreased by 20 octets (if the IPv4 header does not contain any optional field). Difficult to troubleshoot.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 72
IPv6 Tunneling
73
prefix match routing. IPv6 uses modified versions of most of the common routing protocols to handle longer IPv6 addresses and different header structures.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 74
1. 2. 3.
The control plane handles the interaction of the router with the other network elements, providing the information needed to make decisions and control the overall router operation. This plane runs processes such as routing protocols and network management. These functions are generally complex. The data plane handles packet forwarding from one physical or logical interface to another. It involves different switching mechanisms such as process switching and Cisco Express Forwarding (CEF) on Cisco IOS software routers. Enhanced services include advanced features applied when forwarding data, such as packet filtering, quality of service (QoS), encryption, translation, and accounting.
75
Based on IPv4 RIP version 2 (RIPv2) and similar to RIPv2 , distance vector, split horizon, max hop 15, poison reverse Uses IPv6 for transport IPv6 prefix, next-hop IPv6 address Uses the multicast group FF02::9, the all-RIP-routers multicast group, as the destination address for RIP updates Updates sent on UDP port 521 Is supported by Cisco IOS Release 12.2(2)T and later
H c vi n m ng Bach Khoa - Website: www.bkacad.com 76
78
79
To enable RIPng routing on the router, use the ipv6 router rip name global configuration command. The name parameter identifies the RIP process. This process name is used later when configuring RIPng on participating interfaces. For RIPng, instead of using the network command to identify which interfaces should run RIPng, you use the command ipv6 rip name enable in interface configuration mode to enable RIPng on an interface. The name parameter must match the name parameter in the ipv6 router rip command.
80
81
Troubleshooting
82
Troubleshooting
83
2004::1/64 S1/0
2004::2/64 S1/1
R2
2005::2/64 L0
ipv6 unicast-routing ipv6 router rip bkacad ipv6 route ::/0 lo0 interface lo0 ipv6 address 2005::2/64 ipv6 rip bkacad enable interface s1/1 ipv6 address 2004::2/64 ipv6 rip bkacad enable ipv6 router rip bkacad redistribute static
2fff::2/64
ipv6 unicast-routing ipv6 router rip bkacad interface lo0 ipv6 address 2003::1/64 ipv6 rip bkacad enable interface f0/0 ipv6 address 2fff::1/64 ipv6 rip bkacad enable interface s1/0 ipv6 address 2004::1/64 ipv6 rip bkacad enable
ipv6 install netsh interface ipv6 add address "Local Area Connection" 2fff::2
84
Labs
85
Summary
86
87