1.4 Given a scenario, configure a subnet and use appropriate IP addressing schemes

1.4 Given a scenario, configure a subnet and use appropriate IP addressing schemes

• Private vs. Public
  • RFC1918
  • Network Address Translation (NAT)
  • Port Address Translation (PAT)
• IPv4 vs IPv6
  • Automatic Private IP Addressing (APIPA)
  • Extended Unique Identifier (EUI-64)
  • Multicast
  • Unicast
  • Anycast
  • Broadcast
  • Link Local
  • Loopback
  • Default Gateway
• IPv4 Subnetting
  • Classless (Variable Length Subnet Mask)
  • Classful
    • A
    • B
    • C
    • D
    • E
  • Classless Inter-Domain Routing (CIDR) Notation
• IPv6 Concepts
  • Tunneling
  • Dual Stack
  • Shorthand Notation
  • Router Advertisement
  • Stateless Address Autoconfiguration (SLAAC)
• Virtual IP (VIP)
• Subinterfaces

I briefly mentioned IP addresses at the beginning of this book.  Remember that each network device has a MAC address (assigned from the factory) and an IP address (assigned by the network)?  We are going to learn where IP addresses come from and who regulates them.

An IP address has four sections, known as octets.  For example, 192.168.0.4 is an IP address.

Each octet is a three-digit number separated by a period.  The maximum value of an octet is 255 and the minimum value is 0.  So, the range of IP addresses is from 0.0.0.0 to 255.255.255.255.  How many IP addresses are there?  4,294,967,296.  Are there enough IP addresses to go around if you consider that each person probably has a work computer, a home computer, a cell phone, and that there are many other servers and internet of things devices running in the background?  Of course not.

A public IP address is one that is accessible from anywhere on the internet, and a private IP address is one that is only accessible from inside a local network.  The devices on your local network (i.e. inside your home or office) probably have private IP addresses. 

The router in your home or office probably has a public IP address assigned to the port that connects it with the outside world.  The router probably also has a private IP address assigned to the port that connects it to the rest of your internal network.

Who decides what IP address you get?  Your internet connection is assigned an IP address by your internet service provider.  Your internet service provider is assigned a block of IP addresses by a larger organization (such as a larger ISP if they buy their internet from somebody else).  At the top of the food chain is ARIN (American Registry for Internet Numbers).

ARIN assigns blocks of IP addresses to each ISP and to larger organizations.  IPv4 addresses are scarce because there are more devices than IP addresses, and because in the early days of the internet, organizations were assigned large blocks of addresses.  Nobody thought that the internet would grow to be as big as it is, so ARIN went crazy and gave everybody tons of IP addresses.

The US Department of Defense owns about 5% of the IPv4 addresses (addresses that start in 6, 7, 11, 21, 22, 26, 28, 29, 30, 33, 55, 214, and 215).

A few blocks of IP addresses have been reserved for private IP addresses and some blocks have been reserved for special functions as we will find out later.

The following IP address ranges are reserved for private use per RFC1918.

• 10.0.0.0 to 10.255.255.255
• 172.16.0.0 to 172.16.255.255
• 192.168.0.0 to 192.168.0.255
  
  

If you have an office or internal network, you can set up an internal addressing scheme by choosing one of the above three ranges.  In my example office below, I chose the range 192.168.0.0 to 192.168.0.255.  What range will you choose?

• 10.0.0.0 to 10.255.255.255 is the largest network, with a range of 16,581,375 possible addresses.  This type of network is known as a class A network.
  
  
• 172.16.0.0 to 172.16.255.255 is the second largest network, with a range of 65,025 possible addresses.  This type of network is known as a class B network.
  
  
• 192.168.0.0 to 192.168.0.255, is the smallest network, with a range of 256 addresses.  This type of network is known as a class C network.

If we have a small network, we should choose a small range.  Smaller network equipment (such as in a home or small business) might not be able to handle a larger range of IP addresses.  As we will see later, we can subdivide a larger range into several smaller range, and assign each one to a different function.

Let’s look at our example office.  In our example, the ISP assigned us one public address: 44.3.2.1.  Most of the IP address space is public.  In theory, any device with a public IP can reach any other device with a public IP (unless a firewall blocks it).  Thus, other devices on the internet can communicate with our network by contacting 44.3.2.1.

In my example office, there are three computers, with IP addresses of 192.168.0.2, 192.168.0.3, and 192.168.0.4.  They connect to the switch.  Notice that the router (which sits on the edge of the network) has a private IP address of 192.168.0.1 and a public IP address of 44.3.2.1.  This allows the router to pass traffic between the private network and the public network.  Devices within the private network can reach the router (and therefore the outside world) by contacting 192.168.0.1.

If our business was so large as to require multiple locations, we could choose the range 10.0.0.0 to 10.255.255.255 and then subdivide it further so that each location receives a block from our range.  For example, one location receives the range 10.0.0.0 to 10.0.255.255, and the second location receives the range 10.1.0.0 to 10.1.255.255, etc..  It might look like the drawing below

This would require us to implement a Wide Area Network or point-to-point VPN.  The WAN allows us to configure the routers so that all the computers in all our offices think that they are on the same physical network.

Each local area network can use the same range of private IP addresses as any other network because a device on one LAN won’t talk directly with a device on another LAN.  Instead, the pass their messages to their routers, which then deliver the traffic.  As long as each router has a unique public IP address, we won’t encounter any issues.

So far, when we’ve been talking about IP addresses, we’ve actually been referring to IPv4 (version 4) IP addresses.  But the world has been running out of IPv4 addresses, and so a new standard was created.  This standard is known as IPv6.

In the IPv6 world, fc00::/7 is the only private range of IP addresses.  It is better written as fc00:0000:0000:0000:0000:0000:0000:0000 to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff. 

How did I get from fc00::/7 to all of that gibberish?  We’ll find out later.  But the point is, the range is massive.  There is no need for each private network to have the same address as any other private network. 

If we mash two private IPv4 networks together, we will have some conflicts.  We will find that two devices have the same IP address, and one of them won’t be able to communicate.  But if we mash two private IPv6 networks together, we won’t have any conflicts because each private IPv6 address is randomly generated.  In fact, if mashed all of the private IPv6 networks together, we probably won’t have any conflicts.

Loopback and Reserved

Some addresses are reserved.  They can’t be assigned to anybody.

The addresses that are reserved

• 127.0.0.1 is called the loopback address (mapped to the hostname localhost).  Every network device and computer consider 127.0.0.1 to belong to itself.  If I send traffic from my computer to the address 127.0.0.1, it loops back and heads straight back to my computer. 
  
  What’s the point?  Let’s say that my organization maintains two servers – a web server and a database server.  The web server connects to the database server over the local network.  If I decide to install the web server software and database software on the same physical machine, then I could reprogram the web server to look for the database server at the 127.0.0.1 address.
  
  What if my server IP address is 192.168.0.1?  Why do I need to specify 127.0.0.1?  Why can’t I just tell the web server to look at 192.168.0.1?  I could, but that would create unnecessary traffic along the network for a packet that doesn’t need to leave the server.  Also, what happens if my server IP address changes frequently?  I don’t want to reprogram the server every time the IP address changes.  Or what if I don’t have an active network connection?  What if I’m running a sensitive internal application but the application is looking for a network connection?  I can specify 127.0.0.1.
  
  127.0.0.1 is also used to test the internal operation of the network card.  If I am troubleshooting a network connection, I might try to send traffic to 127.0.0.1.  If it fails, I will know that the network problems are internal to the machine.
  
  
• 0.0.0.0 to 0.255.255.255 is reserved for software testing.
  
  
• 169.254.0.0 to 169.254.255.255 is reserved for the link local IP addresses.  This is a random IP address that a device assigns itself when it can’t find a DHCP server.  That is, if a device joins a network and doesn’t have a preprogrammed IP address, and the network doesn’t assign it an IP address, it will randomly assign itself an IP address from that range.
  
  
• 255.255.255.255 is reserved for broadcasts.  That is, when a device wants to send traffic (like an announcement) to all the other devices on its local network, it can send them to that address.
  
  
• There are other IP addresses that are reserved but to list them all would take forever.

On the IPv6 side

• ::1 also known as 0000:0000:0000:0000:0000:0000:0000:0001 is the loopback address
  
  
• fe80:0000:0000:0000:0000:0000:0000:0000 to febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff is the link local address
  
  
• 2002:0000:0000:0000:0000:0000:0000:0000 to 2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff was used by the 6to4 IP address conversion protocol.  More on this later.
  
  
• ff00:0000:0000:0000:0000:0000:0000:0000 to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff is the multicast address range.  More on this later.

Default Gateway and Subnet Mask

Recall that we have public IP addresses and private IP addresses.  When a device wants to send traffic to another device

• It first must ask itself: is this device on my local network or is it somewhere else?
  
  
• If it is local, the computer sends the traffic to the switch, but with the MAC address of the destination device in the header.

What happens when the destination is not local?  Then the device must send the data to a router.  But how does it know which router to send it to?  And how does it know whether the destination device is local?

Every device has network settings, which include at least three items

• IP address – this is the IP address assigned to the device
  
  
• Subnet mask – this tells the device how big its local network is; the local network is known as a subnet
  
  
• Default gateway – this is another name for a router.  In other words, the default gateway connects the local network with the outside world.

The device uses its IP address and the subnet to figure out the range of IP addresses in its local network.  If the destination IP address is not in the local network, then it is sent to the default gateway.

This is going to be the hardest part of the book.  Learning the complicated math about subnets.

A subnet mask looks like an IP address.  It is 32-bits long (each octet is 8-bits.  Remember that computers are electrical.  They only think in terms of “on or off”.  So, a 1 is on, and a 0 is off.

8-bits makes up one byte.  A computer with 8-bits can only count to 255 in one operation.  If I make a table that is base-two (every entry is double the previous entry), I can combine these eight numbers to make any number from 0 to 255.  Below is my table.

128

64

32

16

8

4

2

1

If you look at the 8-bits in a byte, each bit is assigned to one of the numbers in my table.  If the bit is a one, or in “on’ position, then the number is added to the total, and if the bit is a zero, or in the “off” position, then the bit is ignored.

For example, my byte is 11011001.  If we write this byte into the base-two table below, and add up the corresponding values,

128	64	32	16	8	4	2	1
1	1	0	1	1	0	0	1

The value of this byte is 128 + 64 + 16 + 8 + 1 = 217

Thus, we have two ways to write out this number, either as 217 or as 11011001

At its most basic level, when a processor is doing math, it’s has an electrical circuit that’s turning these different bits on and off. 

So what?  There is a small microprocessor inside each network card and router that thinks about IP addresses.  This allows those devices to make subnet mask and IP address calculations quickly.

255.255.255.252 is an example of a subnet mask. 

We could write it out as

11111111.11111111.11111111.11111100 if we wanted to.  We call this a binary number.  How did I get this?  I simply went back to my table:

128	64	32	16	8	4	2	1

What numbers to add together to come up with 255?  Well, if I start at the left, and work my way to the right, I found that I need all of them.

128	64	32	16	8	4	2	1
1	1	1	1	1	1	1	1

When the computer wants to express the number 255 in binary, it must turn on all of the bits in the byte.

What about 252?  To get to 252, the computer must turn on the first six bytes.

128	64	32	16	8	4	2	1
1	1	1	1	1	1	0	0

Now if we write out the binary value of each octet in the subnet mask, we get 11111111.11111111.11111111.11111100.

We could also call it a /30 subnet mask, because it has 30 “1’s” in it.  Note that you’ll never see a subnet mask like 255.255.255.217.  In a subnet mask, the 1’s always appear on the left and the 0’s always appear on the right. 

128	64	32	16	8	4	2	1
1	1	0	1	0	1	1	1

In binary, 217 is written as 11010111.  Thus the subnet mask 255.255.255.217 would be written as 11111111.11111111.11111111.11010111, which would put some 1’s to the right of some 0’s, which would be invalid.

Many network engineers like to reference a subnet mask as a “/30” or “/28” or “slash whatever number it is”, instead of saying the entire name.

Let’s do an example.  If my device IP address is 192.168.0.29 and my subnet mask is /28, how big is my network?  What IP address does it start on and where does it end?  We can figure it out.

In the IPv6 scheme, there is no such thing as a subnet mask.  If there was, the math would be complicated.  But we do have subnets.  We also have sub-subnets and sub-sub-subnets.

Some things to note about IPv6 addresses

• An IPv6 address is 128 bits wide (unlike an IPv4 which is 32 bits wide). 
  
  
• Each “octet” in the IPv6 address is 4 characters wide, but each octet is 16 bytes wide (unlike an IPv4 octet which is one byte wide)
  
  
• An octet can contain numbers from 0 to 9 and letters from a to f.  This is called hexadecimal because each place goes up to 16 with the letters.  If I was counting in decimal, I could count 1, 2, 3, 4, 5, 6, 7, 8, 9.  When I get to 9, I must move to the next place (10).  If I was counting in hexadecimal, I would count 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e f.  When I get to f, I must move to the next place (10).  My hexadecimal 10 is misleading because it is actually worth 16.
  
  
• There are eight octets in an IPv6 address.
  
  
• Each octet is separated by a colon

An IPv6 address has two parts.  The first part is called the prefix.  A /48 prefix is common.

For example,

Earlier I said that

• 10.0.0.0 to 10.255.255.255 is the largest network, with a range of 16,581,375 possible addresses.  This type of network is known as a class A network.
  
  
• 172.16.0.0 to 172.16.255.255 is the second largest network, with a range of 65,025 possible addresses.  This type of network is known as a class B network.
  
  
• 192.168.0.0 to 192.168.0.255, is the smallest network, with a range of 256 addresses.  This type of network is known as a class C network.

The network classes applies to both public and private networks, not just the private ranges that I described above.

• A Class A network contains 2²⁴ addresses.  Networks in the range of 1.0.0.0 to 126.0.0.0.0 are Class A networks.  So, a network like 2.0.0.0 to 2.255.255.255 is a Class A network.
  
  
• A Class B network contains 2¹⁶ addresses.  Networks in the range of 128.0.0.0 to 191.0.0.0 are Class B networks.  So, a network like 130.0.0.0 to 130.0.255.255 is a Class B network.
  
  
• A Class C network contains 2⁸ addresses.  Networks in the range of 192.168.0.0 to 223.0.0.0 are Class C networks.  So, a network like 200.0.0.0 to 200.0.0.255 is a Class C network.

We have two more classes of networks

• Networks in the range of 224.0.0.0 to 239.0.0.0 are Class D networks.
  
  
• Networks in the range of 240.0.0.0 to 254.0.0.0 are Class E networks.

These networks do not have subnet masks.  They are strictly experimental, and most routers will not accept traffic from IP addresses in their ranges.  The use of a Class A, B, or C network is called Classful Subnetting.

The opposite is Classless Subnetting.  How does it work?

If my network is 192.168.0.0 to 192.168.0.255, I have 256 IP addresses.  I can break it down into one network of 256 addresses, or I can break it down into 2 networks of 128 addresses each, or 4 networks of 64 addresses each, or 8 networks of 32 addresses each, etc..  If my network was a Class A or Class B network, I could break it down into even more subnets and/or have even more IP addresses per subnet.

Subnet Mask	Number of IPs per Subnet	Number of Subnets
/24	254	1
/25	126	2
/26	62	4
/27	30	8
/28	14	16
/29	6	32
/30	2	64

There is no /31 or /32 subnet because we need at least three IP addresses in a subnet – the network ID, the useable IP, and the broadcast IP.  A /31 subnet would be two IP addresses wide and a /32 subnet would be one IP address wide.

We could choose to break down our network into subnets of any size based on our requirements.  We might want to create separate logical networks for each class of devices.  This allows us to improve security by preventing a device on one subnet from communicating with a device on another subnet.  It also makes it easier to manage the network.

We ask ourselves what the largest required subnet is and go from there.  This is known as Fixed Length Subnetting.  Looking at the above table, we have a few choices for how we can break down our network into equally sized subnets.

What if I need subnets of different lengths?  Introducing the Variable Length Subnet Mask

VSLM is part of a system called Classless Inter-Domain Routing, or CIDR.  Writing the IP address with the subnet mask at the end as a slash is known as Classless Inter-Domain Routing Notation.

We can also write an IPv6 address in CIDR notation.  Instead of writing the full IP address, we would write the IP address and subnet length.  For example, we could write 2001:0db8:1234:0000:1111:2222:3333:4444 /48

Since we’re on the subject, let’s look at some other types of special IP addresses

• Broadcast.  A broadcast is a message that is sent to all the devices in a single broadcast domain.  That is, if my computer wants to send a message to all the other computers in the subnet, it addresses it to the broadcast IP address. 
  
  The broadcast IP address will be the largest IP address in a subnet.  For example, if the range of IP addresses is 192.168.0.1 to 192.168.0.255, then the broadcast IP address will be 192.168.0.255.
  
  On an IP network, this message is called a broadcast packet.  Remember that a router will not forward a broadcast packet.
  
  Looking back at the structure of our IP packet, we have a source and destination IP address.  The destination will be the broadcast IP.
  

But the computer must send this packet to the switch that it is connected to, so it must put it inside a frame.  A frame with a broadcast packet will be called a broadcast frame.  The broadcast MAC address is FF:FF:FF:FF:FF:FF.  Any frame addressed to this address will be forwarded to all devices in the broadcast domain.

The broadcast domain is all the network devices that will receive a broadcast.  That is, all of the devices in a subnet make up a broadcast domain.

When the switch receives this broadcast frame, it will notice that the destination MAC address is FF:FF:FF:FF:FF:FF and send it to all of the connected devices.

IPv6 does not use broadcasts, only multicast.

You can think of a broadcast packet like some flyers you see in your mailbox.  An advertiser will print a pile of them without any addresses and dump them at the post office.  The mail man will stick one flyer in every mailbox on his route.  The route is the broadcast domain, and the flyer is the broadcast packet.

• Multicast.  Both IPv4 and IPv6 use multicast.  A multicast message allows a sender to send a message to multiple recipients (but not all the members of a broadcast domain).  The sender creates a single multicast packet, but routers and switches replicate that packet and send it to all the required destinations.
  
  On a network, there can be multiple multicast “groups”.  Each group has an address.  A device that wishes to receive messages addressed to a group sends a “membership report” message to the group’s address, indicating its desire to receive the messages.
  
  Multicast works through the Internet Group Management Protocol.  The current version is IGMPv3, which allows a device to leave a group that it previously joined (previous versions only allowed a device to join and not leave).
  
  Who keeps track of the group?  The local network router keeps track of the groups and the subscribers.  When the local router receives a packet addressed to the group, it sends it to all of the subscribers in the group.
  
  You can think of a multicast packet like a newsletter.  You must subscribe to the newsletter, but every person who subscribes receives a copy.  You can unsubscribe if you want.
  
  
• Unicast.  A unicast packet is one that is addressed to a specific recipient.  Most communications are unicast.  When a device wants to send a packet via unicast, it puts the IP address of the recipient in the destination.
  
  A unicast packet is like a letter from your friend.  It has your address and is sent specifically to you.
  
  
• Anycast.  An anycast packet allows a computer to send a message to one of many recipients.  Any anycast group contains more than one recipient.  When the router receives a packet addressed to the anycast group, it chooses one recipient from the group and sends the packet to it.  The chosen recipient is based on a routing algorithm.  The algorithm may choose a recipient that is closest to the sender or use other factors.
  
  Anycast is used in load balancing.  For example, if I have multiple servers that perform the same task, I can assign all of them to the same anycast group.  I can direct traffic to the anycast group’s address.  The router can then decide which server receives each piece of traffic by selecting the closest server.

What happens when we have two networks separated by a router and they have different IP addressing schemes?  The IP addresses aren’t compatible.

Consider the following example.  I have a router with the address 44.3.2.1.  That is the address that devices on the internet know it as.  Behind the router is my internal network, which has three devices, each with a different address – 192.168.0.1, 192.168.0.2, and 192.168.0.3.  Nobody on the internet knows anything about my internal network – they can only see my router.

Remember that addresses that start with 192.168 are known as private IP addresses.  They can only be used on internal networks.  44.3.2.1 is an example of a public IP address.  But how can a computer on an internal network talk with devices on the internet?  And how can devices on the internet talk to a computer on an internal network?

We use a system called Network Address Translation, or NAT.  NAT is a tool used by the router to move traffic between the internet and the local network devices.  There are several ways that NAT can work depending on the number of public IP addresses available to the router and depending on the number of devices on the internal network.

Let’s say the router has three public IP addresses – 44.3.2.1, 44.3.2.2, and 44.3.2.3 – at least one public IP address for each private IP address.  The router has two options for moving traffic between the internet and the internal network

• It can create a Static NAT, also known as a one-to-one translation.  The router says that 44.3.2.1 belongs to the device 192.168.0.2; 44.3.2.2 belongs to the device 192.168.0.3 and 44.3.2.3 belongs to the device 192.168.0.4.
  
  Let’s look at an example.  192.168.0.3 wants to send traffic to google.com (8.8.8.8). 
  • The device creates a packet with a source field of 192.168.0.3, and a destination field of 8.8.8.8

• The device wraps the packet in an ethernet frame and sends it to the router (the frame’s destination MAC address is that of the router)

• The router strips the frame header and looks at the packet
  • The router changes the Source IP (192.168.0.3) of the packet to reflect its external address.  It knows that it mapped 44.3.2.3 to the internal IP 192.168.0.3, so that is the IP address that it uses.

• The router sends the packet to the 8.8.8.8 address.  It uses a routing protocol to send this packet, which we will worry about later.
  • The Google server at 8.8.8.8 receives the packet and sees that it came from 44.3.2.3
  • The Google server replies to 44.3.2.3 by creating a packet with a Destination IP of 44.3.2.3

• The router receives this packet and checks the NAT mapping.  It knows that 44.3.2.3 is mapped to 192.168.0.3

• It changes the Destination field in the packet to 192.168.0.3 and wraps it in a frame. 
  • It puts the MAC address of the computer in to field and sends it to the computer through the switch.

• One-to-one translation is great but remember that IPv4 addresses are scarce.  What if I have more internal devices than IP addresses (which is usually the case)?  I might need to set up a Dynamic NAT. 
  
  Dynamic NAT works exactly like the Static NAT with one difference.  That is, with a Dynamic NAT, the router maintains a “pool” of external IP addresses.  Each time an internal device needs to access the internet, the router assigns it an external address from the pool.  The router keeps track of the assignments in a table.  It changes the addresses on the packets just like it did with the Static NAT.
  
  As long as the device is accessing the internet, it continues to be assigned to the external IP address.  If a device doesn’t access the internet for a while, then the NAT entry is deleted from the table and the IP address returns to the pool.
  
• But what if I have a massive number of internal devices and they all want to access the internet at the same time?  What if I don’t have enough IP addresses to go around even with Dynamic NAT?  I can use PAT or Port Address Translation.
  
• We haven’t talked about “ports” yet.  But we are going to introduce a new idea.  Look at the computers on the left.  Each one has one IP address but it might have many different applications that connect to the internet – e-mail, Skype, Teams, Windows Update, web browser, etc..  If it is receiving traffic from multiple sources, how does it know which source should be directed to each application?  Introducing ports.  A port is a number that is attached to the end of the IP address.  In this case, we aren’t talking about physical ports, but logical ports.
  
  Things are going to get more complicated.  The Google server way in California spends its whole day listening to incoming web traffic.  It does so on port 80.  That is, it understands that traffic sent to 8.8.8.8:80 is requesting the Google website.  It might ignore other traffic, or it might listen for different types of traffic on other ports.  For example, it might listen for management traffic on port 300.
  
  Now, let’s say that I have 100 browser tabs open at the same time.  I am trying to access Google, CNN, YouTube, etc..  If my computer is bombarded with traffic from all these sources at the same time, it will not know which packet goes where.  So, what can it do?  It adds a port to the end of each request.
  
  For example, it sends a packet to Google.com with the port 55555 as the source.  Google.com knows that it should send a reply back to 192.168.0.3:55555.
  

• It sends a packet to CNN.com with the port 55556 as the source.  CNN.com knows that it should send a reply back to 192.168.0.3:55556.
  
  

• It sends a packet to YouTube.com with the port 55557 as the source.  Google.com knows that it should send a reply back to 192.168.0.3:55557.
  
  

• These port numbers were present in the NAT scheme.  But the router didn’t change the port numbers.  It didn’t have to because it only changed the IP address (there was a unique address for each internal device).  Now there isn’t.
  
  A router doesn’t really have different software applications.  But it can still understand ports.  Ports allow the router to expand the number of IP addresses.
  
  Let’s look at our example.  But now our router has only one external IP address: 44.3.2.1. 

• Our computer wants to access Google.com
  
• It creates the following packet and packages it into an Ethernet frame, which it sends to the router
  

• Our router sees the source and destination.  It creates an internal translation between the source IP/port and the external IP.  It chooses an available external port, in this case 1002.
  • 192.168.0.3:55555 -> 44.3.2.1:1002
    
    
  • Now our router knows that any traffic received on 44.3.2.1:1002 should be forwarded to the internal address/port 192.168.0.3:55555
• The router changes the Source IP/Port in the packet to reflect the external IP/port and forwards it to 8.8.8.8:80
  
  

• Google.com receives the packet and sees that it came from 44.3.2.1:1002. 
  
  
• It creates a packet and replies to 44.3.2.1:1002.
  
  

• The router notices that it received a packet on port 44.3.2.1:1002. 
  
  
  • It checks the port mapping table and realizes that this packet belongs to 192.168.0.3:55555
    
    
• It changes the destination to 192.168.0.1:80 and forwards the packet.  I should say that it wraps the packet inside an ethernet frame (and puts the MAC address of the computer in the destination field).
  
  

• The computer receives the packet and sees that it arrived on port 55555.  Based on its records, it knows that it was listening for traffic from Google.com on port 55555, and it knows what to do with the traffic.
  
  
  • If the computer decides to seek traffic from another website (with another port), the router will learn about the traffic and create a new mapping.  For example
    • 192.168.0.3:55556 -> 44.3.2.1:1003
      
      
    • 192.168.0.3:55557 -> 44.3.2.1:1004

As we will learn, there are three ways for a device to receive an IP address

• Somebody manually assigns the device a static IP address
  
  
• The device automatically receives an IP address from the network through a process known as DHCP
  
  
• The device does not receive an IP address and is not programmed with a static IP address.  So, it chooses an IP address at random.

Under IPv4, if a device doesn’t have a static IP address and can’t reach a DHCP server, it generates a random IP address in the range of 169.254.0.0 to 169.254.255.255.  The process for assigning this address is called link-local address autoconfiguration, auto-IP, or Automatic Private IP Addressing (APIPA).  A router will not pass traffic coming from a link-local address.

Under IPv6, every network interface automatically assigns itself a link-local address in the range of fe80::/10, even when it has a routable (static or DHCP) IP address.  Link-local addresses are necessary for some IPv6 protocols to function.  This is known as a locally unique address because it is possible for devices in other networks to assign the same address.  In other words, it will look like the below IP address (where the xxxx’s are unique values).

fe80:0000:0000:0000:xxxx:xxxx:xxxx:xxxx

A link-local IPv4 address is only unique in its own local network, but an IPv6 link-local address is globally unique.  Why?  A MAC address is considered globally unique (no two devices have the same MAC address).  Therefore, if an IPv6 address can be generated from a MAC address, it is also globally unique.  The IP address is generated using a process called Extended Unique Identifier 64 (EUI64),

Remember that a MAC address is 48 bits (6 bytes) and follows the format 11:22:33:44:55:66.  Like an IP address, a MAC address can be converted into 0’s and 1’s.

The device calculates the new IP address like this

• Let’s say our IPv6 prefix is fe80:0000:0000:0000
• Let’s say our MAC address is 11:22:33:44:55:66
• We split the MAC address in half, and add “fffe” in the middle
• Now our MAC address is 11:22:33:ff:fe:44:55:66
• We flip the seventh bit in the MAC address. 
• How can we do that?
• Remember that the MAC address now is 16 characters (or 64 bits) wide.  Each octet (separated by a colon) is one byte (8 bits) wide.
• Thus the number “11” is one byte.
• I can represent the one byte as a combination of eight 0’s and 1’s
• 8-bits makes up one byte.  A computer with 8-bits can only count to 255 in one operation.  If I make a table that is base-two (every entry is double the previous entry), I can combine these eight numbers to make any number from 0 to 255.  Below is my table.

128

64

32

16

8

4

2

1

• If you look at the 8-bits in a byte, each bit is assigned to one of the numbers in my table.  If the bit is a one, or in “on’ position, then the number is added to the total, and if the bit is a zero, or in the “off” position, then the bit is ignored.

• In this example, I want to convert the number 11.  8+2+1 = 11.  If I write in my table that

128	64	32	16	8	4	2	1
0	0	0	0	1	0	1	1

• Then the resulting binary number is 00001011
• The seventh bit is “1”, so I flip it to “0”
• I rewrite my table to reflect the flip

128	64	32	16	8	4	2	1
0	0	0	0	1	0	0	1

• Now I can recalculate the value as 8+1 = 9
• Thus 11 is replaced by 9 and my new MAC address is 09:22:33:ff:fe:44:55:66
• But wait, there’s more!
• We apply this to our IPv6 prefix, and now our globally unique IP address is fe80:0000:0000:0000:0922:33ff:fe44:5566 (I removed some of the colons from the MAC address portion)

An IPv6 address might look like this 2002:0de8:85c3:0010:0300:8b2e:0360:7234.

We can shorten the IP address.  If our IP address looked like this: 2002:0de8:0000:0000:0300:8b2e:0360:7234, we could shorten it to 2002:0de8::300:8b2e:0360:7234.  See what we did there?  We hid the sections with “0000”, and replaced them with ‘::’.  In any IPv6 address, we can hide the longest string of 0’s, as long as they fill up an entire segment or as long as a segment starts with 0.  We can only hide one string per IP address, otherwise it gets confusing.

If my address looked like this: 2002:0de8:0000:0000:0300:8b2e:0000:7234 and I shortened it to 2002:0de8::8b2e::7234, you now have two “::”, but you don’t know which one had four 0’s and which one had eight.

We can also get rid of any 0’s that are before a “:”.  That means 2002:0de8:1824:2383:0300:002e:4e4e:7234 can be shortened to 2002:de8:1824:2383:300:2e:4e4e:7234

Since the IPv6 protocol is still being adopted, not all networks understand it yet.  What happens when a router communicating over IPv6 reaches a router that only understands IPv4? 

Let’s say that you are trying to access google.com.  You’re in Florida and google.com is in California.  Your local router understands IPv6 and Google’s router understands IPv6, but the routers in between only understand IPv4. 

Your computer and google.com’s server create an IPv4 tunnel and send your IPv6 data through it.  The most common tunneling protocol is called 6to4.  That is, they package an IPv6 packet inside an IPv4 packet.  On the outside, it looks like a normal IPv4 packet, so routers that only understand IPv4 can pass it along, but on the inside it is actually an IPv6 packet, so routers that understand IPv6 can read it.

The problem with tunneling is that it reduces the capacity of each packet (we have to include additional header data, leaving less room for meaningful data).

A better approach is for each device to obtain both an IPv4 address and an IPv6 address.  This is known as dual stack.  Most modern ISP’s assign both IPv4 and IPv6 addresses to their customers.  A device running dual stack will try to connect over IPv6, and if it can’t then it will try to connect over IPv4.

Remember that when an IPv6 capable device connects to a network, it generates the link-local address automatically.  Well, after generating the link-local address, the device sends a message to it.  This message is known as a Neighbor Solicitation and the purpose is to ensure that no other device is using the same address.  If another device is using the address, it will reply with a Neighbor Advertisement message.  Otherwise there will be no reply; the device will know that the address is unique and will start using it.

If the address is unique, the device sends a message called a Router Solicitation to ff02::2.  All IPv6-enabled routers listen on the ff02::2 address (the long version is ff02:0000:0000:0000:0000:0002).  Upon receipt, the router replies with a message called a Router Advertisement.  The advertisement contains several pieces of information including

• Whether the router can be used as a default router (default gateway)
  
  
• The IPv6 prefix of the link.  The prefix allows the device to generate a globally unique IP address.
  
  
• The lifetime of the link prefix.  The lifetime tells the device how long it can use the IP prefix before generating a new one.  This helps with security.

This process is called Stateless Address Autoconfiguration (SLAAC), because each device can configure its own IP address (a router isn’t telling the device what IP address to use).  The device will use the process I outlined above (EUI64), but use the prefix provided by the router instead of fe80:0000:0000:0000

A Virtual IP address is an address that is not assigned to a specific network interface.  Let’s say I am running a very high availability application, hosted on servers in Atlanta, New York, and Los Angeles.  I don’t want any trouble, so even if there is a flood in one city, we continue to operate.

Each server has its own unique IP address (44.1.1.1, 55.1.1.1, and 66.1.1.1).  I don’t want any disruptions, so I select a single IP address (7.7.7.7) that points to all the servers. 

Instead of pointing it to any server, I point it t a router.  The magic inside the router allows it to forward traffic from 7.7.7.7 to any of the server IP addresses.  We can add and remove servers in different locations across the world without changing the main IP address.

There are many protocols for virtual IP addressing, including Common Address Redundancy Protocol and Proxy ARP.

We can take this a step further and think about subinterfaces.  What is the benefit of a subinterface?  We might want to assign multiple IP addresses in multiple networks to the same physical interface.

Consider the following example

• I have a local area network with two computers (192.168.0.2, 192.168.0.3) and one surveillance camera (192.168.1.3)
  
  
• All the devices are connected to the same switch and are behind the same router/internet connection.
• I don’t want the computers to be able to access the camera, but I don’t want to build a separate physical network for the camera (since I will need a new switch, router, and internet connection)
  
  
• Instead I have created two subnets – 192.168.0.0/24 for the computers and 192.168.1.0/24 for the camera
  
  
• The router has only one local interface – but I can create two “logical” subinterfaces on it – I assign one of them 192.168.0.1 and I assign the other 192.168.1.1
  
  
• Now the computers can communicate with the router through 192.168.0.1 and the camera can communicate with the router through 192.168.1.1, but they can’t talk to each other
  
  
• We might call these separate logical networks VLANs.  When we look in depth at how the switch functions, we will revisit this topic.