2.4 IP addressing and subnetting

IP addressing and subnetting are crucial for network communication and security. These concepts allow devices to be uniquely identified and located on a network, enabling efficient routing and communication between devices.

Understanding IP addressing and subnetting is essential for network security professionals. It enables them to properly configure networks, troubleshoot issues, and implement security measures to protect against unauthorized access and potential threats.

IP addressing fundamentals

• IP addressing is a critical component of network communication, allowing devices to be uniquely identified and located on a network
• Understanding IP addressing is essential for network security professionals to properly configure, troubleshoot, and secure networks

IPv4 vs IPv6

Top images from around the web for IPv4 vs IPv6

• 

  tag | IPv6 View original

  Is this image relevant?

• 

  IPsec View original

  Is this image relevant?

• 

  File:IPv6 vs IPv4.jpg - Wikipedia View original

  Is this image relevant?

• 

  tag | IPv6 View original

  Is this image relevant?

• 

  IPsec View original

  Is this image relevant?

1 of 3

Top images from around the web for IPv4 vs IPv6

• 

  tag | IPv6 View original

  Is this image relevant?

• 

  IPsec View original

  Is this image relevant?

• 

  File:IPv6 vs IPv4.jpg - Wikipedia View original

  Is this image relevant?

• 

  tag | IPv6 View original

  Is this image relevant?

• 

  IPsec View original

  Is this image relevant?

1 of 3

• IPv4 uses 32-bit addresses, allowing for approximately 4.3 billion unique addresses (192.168.0.1)
• IPv6 uses 128-bit addresses, providing a vastly larger address space to accommodate the growing number of devices (2001:0db8:85a3:0000:0000:8a2e:0370:7334)
• IPv6 includes built-in security features, such as IPsec, which provides encryption and authentication for network traffic

Structure of IP addresses

• IP addresses are divided into network and host portions, determined by the subnet mask
• The network portion identifies the network to which the device belongs, while the host portion identifies the specific device within that network
• IP addresses are typically represented in dotted-decimal notation (IPv4) or hexadecimal notation (IPv6)

Network vs host portions

• The network portion of an IP address is used for routing, determining the destination network for a packet
• The host portion is used to identify the specific device within the destination network
• The subnet mask determines the boundary between the network and host portions of an IP address

Public vs private IP addresses

• Public IP addresses are globally unique and can be accessed directly from the Internet (e.g., 8.8.8.8)
• Private IP addresses are used within local networks and are not globally unique (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
• Network Address Translation (NAT) is used to translate between private and public IP addresses, allowing devices with private addresses to communicate with the Internet

Subnetting concepts

• Subnetting is the process of dividing a larger network into smaller subnetworks, enabling more efficient use of IP address space and improved network performance
• Understanding subnetting is crucial for network security professionals to properly design, implement, and troubleshoot network architectures

Purpose of subnetting

• Subnetting allows for more efficient use of IP address space by dividing a larger network into smaller, more manageable subnetworks
• It enables better network performance by reducing broadcast traffic and allowing for more targeted network management
• Subnetting also enhances security by allowing for the creation of separate network segments with different access controls and security policies

Subnet masks

• A subnet mask is a 32-bit number that determines the boundary between the network and host portions of an IP address
• It is used in conjunction with the IP address to determine which part of the address represents the network and which part represents the host
• Subnet masks are typically represented in dotted-decimal notation (255.255.255.0) or CIDR notation (/24)

CIDR notation

• Classless Inter-Domain Routing (CIDR) notation is a compact way of representing a subnet mask
• It specifies the number of bits in the network portion of an IP address, written as a suffix to the IP address (192.168.0.0/24)
• CIDR notation allows for more flexible and efficient allocation of IP addresses compared to the traditional class-based system

Default subnets for address classes

• In the traditional class-based system, IP addresses were divided into five classes (A, B, C, D, and E), each with a default subnet mask
• Class A addresses (0.0.0.0 to 127.255.255.255) have a default subnet mask of 255.0.0.0 (/8)
• Class B addresses (128.0.0.0 to 191.255.255.255) have a default subnet mask of 255.255.0.0 (/16)
• Class C addresses (192.0.0.0 to 223.255.255.255) have a default subnet mask of 255.255.255.0 (/24)

Subnetting techniques

• Various subnetting techniques are used to divide networks into smaller subnetworks, each with its own set of rules and calculations
• Network security professionals must be proficient in these techniques to effectively design and manage network architectures

Basic subnetting steps

1. Determine the number of required subnets and hosts per subnet
2. Choose an appropriate subnet mask based on the requirements
3. Calculate the network address, broadcast address, and range of usable host addresses for each subnet
4. Assign IP addresses to devices within each subnet

Subnetting formulas and calculations

• Subnetting involves various formulas and calculations to determine the number of available subnets, hosts per subnet, and the range of usable IP addresses
• Key formulas include:
  • Number of subnets: $2^n$, where n is the number of borrowed bits
  • Number of hosts per subnet: $2^m - 2$, where m is the number of remaining bits in the host portion
  • Block size: $256 - subnet\:mask$

Variable Length Subnet Masking (VLSM)

• VLSM allows for the creation of subnets with different sizes within the same network, enabling more efficient use of IP address space
• It involves borrowing bits from the host portion of an IP address to create additional subnets of varying sizes
• VLSM is useful when a network has subnetworks with different requirements for the number of hosts

Classless Inter-Domain Routing (CIDR)

• CIDR is a method of allocating IP addresses and routing IP packets more efficiently than the traditional class-based system
• It allows for the creation of subnets of arbitrary size, rather than being limited to the default subnet masks of classes A, B, and C
• CIDR notation is used to specify the network prefix and the number of bits in the network portion of an IP address

IP address allocation

• IP address allocation is the process of assigning IP addresses to devices on a network, which can be done statically or dynamically
• Understanding the different methods of IP address allocation and their associated protocols is essential for network security professionals

Static vs dynamic allocation

• Static IP address allocation involves manually assigning a fixed IP address to a device, which remains constant over time
• Dynamic IP address allocation uses a protocol, such as DHCP, to automatically assign IP addresses to devices from a pool of available addresses
• Static allocation is useful for devices that require a consistent IP address, while dynamic allocation is more flexible and easier to manage for larger networks

DHCP protocol and operation

• Dynamic Host Configuration Protocol (DHCP) is a network protocol used to automatically assign IP addresses and other network configuration parameters to devices
• DHCP operates on a client-server model, with the DHCP server managing the pool of available IP addresses and the DHCP client requesting an address from the server
• The DHCP process involves four main steps: DHCP Discover, DHCP Offer, DHCP Request, and DHCP Acknowledgement

DHCP server configuration

• Configuring a DHCP server involves defining the pool of available IP addresses, setting lease durations, and specifying any additional network parameters (default gateway, DNS servers)
• DHCP servers can be configured to assign addresses based on various criteria, such as device MAC address or network port
• Proper DHCP server configuration is essential to ensure efficient and secure IP address allocation

DHCP relay and IP helpers

• DHCP relay, also known as IP helper, is a feature that allows DHCP requests to be forwarded across different subnets
• It enables a single DHCP server to manage IP address allocation for multiple subnets, simplifying network management
• DHCP relay agents receive DHCP broadcasts from clients and forward them to the DHCP server, then return the server's response to the client

IP address management

• IP address management (IPAM) is the process of planning, tracking, and controlling the allocation and use of IP addresses within a network
• Effective IPAM is crucial for maintaining network performance, security, and scalability

Planning IP addressing schemes

• Planning an IP addressing scheme involves determining the number of required subnets, the size of each subnet, and the allocation of IP addresses within each subnet
• Factors to consider include the current and future size of the network, the types of devices and services, and any security or regulatory requirements
• A well-planned IP addressing scheme enables efficient use of address space and simplifies network management

Documenting IP address assignments

• Documenting IP address assignments is essential for keeping track of which devices are using which IP addresses, and for troubleshooting network issues
• Documentation should include the device name, MAC address, assigned IP address, subnet mask, and any relevant notes
• Tools such as spreadsheets, databases, or specialized IPAM software can be used to maintain IP address documentation

Tools for IP address management

• Various tools are available to assist with IP address management, ranging from simple spreadsheets to comprehensive IPAM software suites
• These tools can automate IP address allocation, track address usage, and provide reporting and visualization capabilities
• Examples of IPAM tools include Microsoft Excel, Open-AudIT, SolarWinds IP Address Manager, and Infoblox NetMRI

Best practices for IP address management

• Implement a consistent and hierarchical IP addressing scheme that aligns with the network architecture and business requirements
• Use DHCP for dynamic IP address allocation, reserving static addresses for devices that require them
• Regularly audit IP address usage to identify and reclaim unused or misallocated addresses
• Maintain accurate and up-to-date documentation of IP address assignments
• Use access controls and authentication to secure access to IPAM tools and data

Troubleshooting IP addressing issues

• IP addressing issues can cause various network problems, from connectivity failures to performance degradation
• Network security professionals must be skilled in identifying and resolving these issues to maintain network availability and security

Common IP addressing problems

• Duplicate IP addresses, causing IP conflicts and connectivity issues
• Misconfigured subnet masks, leading to incorrect routing and communication failures
• Exhaustion of available IP addresses within a subnet
• Incorrect default gateway settings, preventing devices from communicating across subnets
• Misconfigured DNS settings, causing name resolution failures

Ping, traceroute, and other diagnostic tools

• Ping is a basic network diagnostic tool that tests the reachability of a device by sending ICMP echo request packets and awaiting a response
• Traceroute maps the network path between a source and destination device, showing the sequence of routers through which packets travel
• Other diagnostic tools include ipconfig/ifconfig (displaying IP configuration), nslookup (testing DNS resolution), and Wireshark (analyzing network traffic)

Resolving IP conflicts

• IP conflicts occur when two devices on the same network are assigned the same IP address, causing communication issues
• To resolve an IP conflict:
  1. Identify the devices involved using tools like ipconfig or arp
  2. Determine which device should retain the IP address based on network requirements
  3. Assign a new IP address to the other device, either manually or through DHCP
  4. Update any relevant documentation and DNS records

Identifying and fixing misconfigurations

• Misconfigurations in IP settings, such as incorrect subnet masks or default gateways, can cause various network issues
• To identify and fix misconfigurations:
  1. Review the device's IP configuration settings, comparing them to the network's documented IP addressing scheme
  2. Use diagnostic tools like ping and traceroute to test connectivity and identify any anomalies
  3. Correct any identified misconfigurations, such as updating the subnet mask or default gateway
  4. Test connectivity again to verify that the issue has been resolved
  5. Document the changes made and update any relevant network diagrams or configurations