7/29/2019 ip versions and nating using cisco router
1/35
1
CHAPTER 1
IP VESRSIONS
1.1 INTRODUCTION
The Internet is a global system of interconnected computer networks that use the standard
Internet protocol suite (often called TCP/IP, although not all applications use TCP) to serve
billions of users worldwide.
It is a network of networks that consists of millions of private, public, academic, business,
and government networks, of local to global scope, that are linked by a broad array of
electronic, wireless and optical networking technologies.
The Internet carries an extensive range of information resources and services, such as the
inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to
support email. The Internet allows greater flexibility in working hours and location,
especially with the spread of unmetered high-speed connections.
The Internet can be accessed almost anywhere by numerous means, including through
mobile Internet devices. Mobile phones, data cards, handheld game consoles and cellular
routers allow users to connect to the Internet wirelessly.
Within the limitations imposed by small screens and other limited facilities of such
pocket-sized devices, the services of the Internet, including email and the web, may be
available. Educational material at all levels from pre-school to post-doctoral is available from
websites.
Email is an important communications service available on the Internet. The concept of
sending electronic text messages between parties in a way analogous to mailing letters or
memos predates the creation of the Internet. Pictures, documents and other files are sent as
email attachments
7/29/2019 ip versions and nating using cisco router
2/35
2
Internet telephony is another common communications service made possible by the creation
of the Internet. VoIP stands for Voice-over-Internet Protocol, referring to the protocol that
underlies all Internet communication. The idea began in the early 1990s with walkie-talkie-
like voice applications for personal computers. File sharing is an example of transferring
large amounts of data across the Internet.
The communications infrastructure of the Internet consists of its hardware components and
a system of software layers that control various aspects of the architecture. While the
hardware can often be used to support other software systems, it is the design and the
rigorous standardization process of the software architecture that characterizes the Internet
and provides the foundation for its scalability and success.
The Internet standards describe a framework known as the Internet protocol suite. This is a
model architecture that divides methods into a layered system of protocols (RFC 1122, RFC
1123). The layers correspond to the environment or scope in which their services operate.
At the top is the application layer, the space for the application-specific networking
methods used in software applications, e.g., a web browser program. Below this top layer, the
transport layer connects applications on different hosts via the network (e.g., clientserver
model) with appropriate data exchange methods. Underlying these layers are the core
networking technologies, consisting of two layers.
The internet layer enables computers to identify and locate each other via Internet
Protocol (IP) addresses, and allows them to connect to one-another via intermediate (transit)
networks. Last, at the bottom of the architecture, is a software layer, the link layer, that
provides connectivity between hosts on the same local network link, such as a local area
network (LAN) or a dial-up connection. The model is also known as TCP/IP.
Other models have been developed, such as the Open Systems Interconnection (OSI)
model, but they are not compatible in the details of description or implementation; many
similarities exist and the TCP/IP protocols are usually included in the discussion of OSI
networking.
7/29/2019 ip versions and nating using cisco router
3/35
3
The most prominent component of the Internet model is the Internet Protocol (IP), which
provides addressing systems (IP addresses) for computers on the Internet. IP enables
internetworking and in essence establishes the Internet itself.
1.2 IP ADDRESS
An Internet Protocol address (IP address) is a numerical label assigned to each device
(e.g., computer, printer) participating in a computer network that uses the Internet Protocol
for communication.
An IP address serves two principal functions: host or network interface identification and
location addressing. Its role has been characterized as follows: "A name indicates what we
seek. An address indicates where it is. A route indicates how to get there.
The designers of the Internet Protocol defined an IP address as a 32-bit number and this
system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to
the enormous growth of the Internet and the predicted depletion of available addresses, a new
addressing system (IPv6), using 128 bits for the address, was developed in 1995 and its
deployment has been ongoing since the mid-2000s.
IP addresses are binary numbers, but they are usually stored in text files and displayed in
human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1
(for IPv6).
The Internet Assigned Numbers Authority (IANA) manages the IP address space
allocations globally and delegates five regional Internet registries (RIRs) to allocate IP
address blocks to local Internet registries (Internet service providers) and other entities.
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Binary_numberhttp://en.wikipedia.org/wiki/Human-readablehttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authorityhttp://en.wikipedia.org/wiki/Regional_Internet_registrieshttp://en.wikipedia.org/wiki/Local_Internet_registryhttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Local_Internet_registryhttp://en.wikipedia.org/wiki/Regional_Internet_registrieshttp://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authorityhttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/Human-readablehttp://en.wikipedia.org/wiki/Binary_numberhttp://en.wikipedia.org/wiki/Internet7/29/2019 ip versions and nating using cisco router
4/35
4
1.3 IP VERSIONS
Two versions of the Internet Protocol (IP) are in use:
1) IP Version 42) IP Version 6
IPv4 Internet Protocol version 4 is the fourth revision in the development of the Internet
Protocol (IP) and the first version of the protocol to be widely deployed. IPv4 is a
connectionless protocol for use on packet-switched Link Layer networks (e.g., Ethernet). It
operates on a best effort delivery model. In that it does not guarantee delivery, nor does it
assure proper sequencing or avoidance of duplicate delivery. These aspects, including data
integrity, are addressed by an upper layer transport protocol, such as the Transmission
Control Protocol (TCP).
IPv5, also called the Internet Stream Protocol, was developed in the 1980s as an experiment.
It was created to transmit audio, video, and simulations over the Internet. While it did gain
some popularity with large corporations it was never used as an official protocol. In its
original form, IPv5 was never widely distributed. It was, however, adapted and developed
into whats now known as ST2.
IPv6 (Internet Protocol version 6) is a revision of the Internet Protocol (IP) developed by the
Internet Engineering Task Force (IETF). IPv6 is intended to succeed IPv4, which is the
dominant communications protocol for most Internet traffic as of 2012.
http://en.wikipedia.org/wiki/Link_Layerhttp://en.wikipedia.org/wiki/Link_Layer7/29/2019 ip versions and nating using cisco router
5/35
5
1.4 IP Version 4
IPv4 is a connectionless protocol for use on packet-switched Link Layer networks (e.g.,
Ethernet). It operates on a best effort delivery model. In that it does not guarantee delivery,
nor does it assure proper sequencing or avoidance of duplicate delivery. These aspects,
including data integrity, are addressed by an upper layer transport protocol, such as the
Transmission Control Protocol (TCP).
1.4.1IPV4 HEADER FORMAT
An IP datagram consists of header part and text part. The header has a 20 byte fixed part and
variable length optional part. It is transmitted in big endian order from left to right, with high
order bit of the version field going first.
VERSION FIELD keeps track of which version of the protocol the datagram belongs to. By
including the version each datagram, it becomes possible to have the transition between
versions take years, which some machines running the old version and other running the new
one. Currently a transition between IPV4 and IPV6 is going on.
Sincethe header length is not constant a field in the header, IHL, isprovided to tell how long
the header is, in 32 bit words. The minimum value is 5, which applies when no options are
Version IHL Type of service Total length
Identification D
F
M
F
Fragement offset
Time to live Protocol Header checksum
Source address
Destination address
Options (0 or more words)
http://en.wikipedia.org/wiki/Link_Layerhttp://en.wikipedia.org/wiki/Link_Layer7/29/2019 ip versions and nating using cisco router
6/35
6
present. The maximum value of this 4 bit field is 15, which limits the header to 60 bytes, and
thus the options field to 40 bytes.
Type of service field is one of the few fields that has changed its meaning over the years. It
was and is still intended to distinguish between different classes of service. Various
combinations of reliability and speeds are possible.
Originally, the 6 -bit field contained (from left to right), a three-bit precedence field and 3
flags D, T, and R.
Precedence field was a priority, from 0(normal) to 7(network control packet).The 3 flag bits
allowed the host to specify what it cared most about from the set(Delay
Throughtput,Reliability)
Total length includes everything in the datagram-both header and data. The maximum
length is 65,535 bytes.
Identification field is needed to allow the destination host to determine which datagram a
newly arrived fragment belongs to. All the fragments of a datagram contain the same
identification value.
Next comes an unused bit and then two 1-bit fields.
DF (dont fragment) is an order to the router not to fragment the datagram because the
destination is incapable of putting the pieces back together again.
MF (more fragment) all fragments except the last one have this bit set. It is needed to know
when all fragments of a datagram have arrived. The fragment offset tells where in the current
datagram this fragments belongs. All fragments except the last one in a datagram must be a
multiple of 8 bytes, the elementary fragment unit. Since 13 bits are provided, there is a
maximum of 8192 fragments per datagram, giving a maximum datagram length of 65,536
bytes, one more than the total length field.
Time to live field is a counter used to limit packet life times. It is supposed to count time in
seconds allowing a maximum life time of 255 seconds. It must be decremented on each hope
and is supposed to be decremented multiple times when queued for a long time in a router.
When it hits zero the packet is discarded and a warning packet is sent back to the source host.
7/29/2019 ip versions and nating using cisco router
7/35
7
This feature prevents datagrams from wandering around forever, something that otherwise
might happen if the routing tables ever become corrupted.
Protocol field tells it which transport process to give it to.TCP is one possibility, but so are
UDP and some others. The numbering of protocols is global across the entire Internet.
Header checksum verifies the header only. Such a checksum is useful for detecting errors
generated by bad memory words inside a router. The algorithm is to add up all the 16-bit
halfwords as they arrive, using ones complement arithmetic and then the ones complement
of the result. For purposes of this algorithm, the header checksum is assumed to be zero
upon arrival. This algorithm is more robust than using a normal add.
Source and Destination indicate the network number and host number.
Options field was designed to provide an escape to allow subsequent versions of the protocol
to include information not present in the original design, to permit experimenters to try out
new ideas, and to avoid allocated header bits to information that is rarely needed. The options
are variable length. Each begins with a one byte code identifying the option. The options field
is padded out to a multiple of 4 bytes.
1.4.2 IPV4 ADDRESSES
Decomposition of an IPv4 address from dot-decimal notation to its binary value. In IPv4
an address consists of 32 bits which limits the address space to 4294967296 (232
) possible
unique addresses. IPv4 reserves some addresses for special purposes such as private networks
(~18 million addresses) or multicast addresses (~270 million addresses).
7/29/2019 ip versions and nating using cisco router
8/35
8
IPv4 addresses are canonically represented in dot-decimal notation, which consists of four
decimal numbers, each ranging from 0 to 255, separated by dots, e.g., 172.16.254.1. Each
part represents a group of 8 bits (octet) of the address. In some cases of technical writing,
IPv4 addresses may be presented in various hexadecimal, octal, or binary representations.
1.4.3IPV4 SUBNETTING
Classful network design allowed for a larger number of individual network assignmentsand fine-grained sub network design. The first three In the early stages of development of the
Internet Protocol, network administrators interpreted an IP address in two parts: network
number portion and host number portion. The highest order octet (most significant eight bits)
in an address was designated as the network number and the remaining bits were called the
rest field or host identifier and were used for host numbering within a network.
This early method soon proved inadequate as additional networks developed that were
independent of the existing networks already designated by a network number. In 1981, the
Internet addressing specification was revised with the introduction of classful network
architecture.
Classful network design allowed for a larger number of individual network assignments
and fine-grained sub network design. The first three bits of the most significant octet of an IP
address were defined as the class of the address. Three classes (A, B, and C) were defined for
universal unicast addressing.
Depending on the class derived, the network identification was based on octet boundary
segments of the entire address. Each class used successively additional octets in the network
identifier, thus reducing the possible number of hosts in the higher order classes (B and C).
7/29/2019 ip versions and nating using cisco router
9/35
9
1.5 ADDRESS CLASSES
The Internet community originally defined five address classes to accommodate networks
of varying sizes. Microsoft TCP/IP supports class A, B, and C addresses assigned to hosts.
The class of address defines which bits are used for the network ID and which bits are used
for the host ID. It also defines the possible number of networks and the number of hosts per
network.
Class A
Class A addresses are assigned to networks with a very large number of hosts. The high-
order bit in a class A address is always set to zero. The next seven bits (completing the first
octet) complete the network ID. The remaining 24 bits (the last three octets) represent the
host ID. This allows for 126 networks and 16,777,214 hosts per network. Figure 1.4
illustrates the structure of class A addresses.
Class B
Class B addresses are assigned to medium-sized to large-sized networks. The two high-
order bits in a class B address are always set to binary 1 0. The next 14 bits (completing the
first two octets) complete the network ID. The remaining 16 bits (last two octets) represent
the host ID. This allows for 16,384 networks and 65,534 hosts per network. Figure 1.5
illustrates the structure of class B addresses.
Class C
Class C addresses are used for small networks. The three high-order bits in a class C
address are always set to binary 1 1 0. The next 21 bits (completing the first three octets)
7/29/2019 ip versions and nating using cisco router
10/35
10
complete the network ID. The remaining 8 bits (last octet) represent the host ID. This allows
for 2,097,152 networks and 254 hosts per network. Figure 1.6 illustrates the structure of class
C addresses.
Class D
Class D addresses are reserved for IP multicast addresses. The four high-order bits in a
class D address are always set to binary 1 1 1 0. The remaining bits are for the address that
interested hosts recognize. Microsoft supports class D addresses for applications to multicast
data to multicast-capable hosts on an internetwork.
Class E
Class Eis an experimental address that is reserved for future use. The high-order bits in a
class E address are set to 1111.
Table 1.5.1 IP Address Class Summary
Class Value for
w 1
Network ID
Portion
Host ID
Portion
Available
Networks
Hosts per
Network
A 1126 w x.y.z 126 16,777,214
B 128191 w.x y.z 16,384 65,534
C 192223 w.x.y z 2,097,152 254
7/29/2019 ip versions and nating using cisco router
11/35
11
1.6 IPV4 PRIVATE ADDRESSES
Early network design, when global end-to-end connectivity was envisioned for
communications with all Internet hosts, intended that IP addresses be uniquely assigned to a
particular computer or device. However, it was found that this was not always necessary as
private networks developed and public address space needed to be conserved.
Computers not connected to the Internet, such as factory machines that communicate only
with each other via TCP/IP, need not have globally unique IP addresses.Today, when needed,
such private networks typically connect to the Internet through network address translation
(NAT).
IANA-reserved private IPv4 network ranges
Start End No. of addresses
24-bit block (/8 prefix, 1 A) 10.0.0.0 10.255.255.255 16777216
20-bit block (/12 prefix, 16 B) 172.16.0.0 172.31.255.255 1048576
16-bit block (/16 prefix, 256 C) 192.168.0.0 192.168.255.255 65536
Any user may use any of the reserved blocks. Typically, a network administrator will divide a
block into subnets; for example, many homerouters automatically use a default address range
of 192.168.0.0 through 192.168.0.255 (192.168.0.0/24).
1.7 IPV4 ADDRESS EXHAUSTION
IPv4 address exhaustion is the decreasing supply of unallocated Internet Protocol Version
4 (IPv4) addresses available at the Internet Assigned Numbers Authority (IANA) and the
regional Internet registries (RIRs) for assignment to end users and local Internet registries,
such as Internet service providers
7/29/2019 ip versions and nating using cisco router
12/35
12
1.8. Subnet Masking
Subnet masking, or subnetting, is used to break one large group into several smaller
subnetworks.
Figure 2-3 IP Address Structure After Subnetting
These subnets can then be distributed throughout an enterprise. This results in less IP
address waste and better logical organization. Formalized with RFC 950 in 1985, subnetting
introduced a third level of hierarchy to the IPv4 addressing structure. The number of bits
available to the network, subnet, and host portions of a given address varies depending on the
size of the subnet mask.
A subnet mask is a 32-bit number that acts as a counterpart to the IP address. Each bit in
the mask corresponds to its counterpart bit in the IP address. Logical ANDing is applied to
the address and mask. If a bit in the IP address corresponds to a 1 bit in the subnet mask, the
IP address bit represents a network number. If a bit in the IP address corresponds to a 0 bit in
the subnet mask, the IP address bit represents a host number.
When the subnet mask is known, it overrides the address class to determine whether a bit
either a network or a host is. This allows routers to recognize addresses differently than the
format dictated by class. The mask can be used to tell hosts that although their addresses are
Class B, the first three octets, instead of the first two, are the network number. In this case,
the additional octet acts like part of the network number, but only inside the organization
where the mask is configured.
The subnet mask applied to an address ultimately determines the network and host
portions of an IP address. The network and host portions change when the subnet mask
changes. If a 16-bit mask, 255.255.0.0, is applied to an IP address, only the first 16 bits, or
http://popup%28%27/content/images/chap02_1587131358/elementLinks/fig03.jpg')http://popup%28%27/content/images/chap02_1587131358/elementLinks/fig03.jpg')7/29/2019 ip versions and nating using cisco router
13/35
13
two octets, of the IP address 172.24.100.45 represent the network number. Therefore, the
network number for this host address is 172.24.0.0.
Because the rules of class dictate that the first two octets of a Class B address are the
network number, this 16-bit mask does not create subnets within the 172.24.0.0 network.
To create subnets with this Class B address, a mask must be used that identifies bits in the
third or fourth octet as part of the network number.
If a 24-bit mask such as 255.255.255.0 is applied, the first 24 bits of the IP address are
specified as the network number. The network number for the host in this example is
172.24.100.0. The gray portion of the address shown in Figure 2-5 indicates this.
Routers and hosts configured with this mask see all 8 bits in the third octet as part of the
network number. These 8 bits are considered to be the subnet field because they represent
network bits beyond the two octets prescribed by classful addressing.
Inside this network, devices configured with a 24-bit mask use the 8 bits of the third octet
to determine to what subnet a host belongs. Because 8 bits remain in the host field, 254 hosts
may populate each network. Just as hosts must have identical network addresses, they also
must match subnet fields to communicate with each other directly. Otherwise, the services of
a router must be used so that a host on one network or subnet can talk to a host on another.
7/29/2019 ip versions and nating using cisco router
14/35
14
A Class B network with an 8-bit subnet field creates 28, or 256, potential subnets, each one
equivalent to one Class C network. Because 8 bits remain in the host field, 254 hosts may
populate each network. Two host addresses are reserved as the network number and
broadcast address, respectively. By dividing a Class B network into smaller logical groups,
the internetwork can be made more manageable, more efficient, and more scalable.
Notice that subnet masks are not sent as part of an IP packet header. This means that
routers outside this network will not know what subnet mask is configured inside the
network. An outside router, therefore, treats 172.24.100.45 as just one of 65,000 hosts that
belong to the 172.24.0.0 network. In effect, subnetting classful IP addresses provides a
logical structure that is hidden from the outside world.
1.9 IP Version 6
IPv6 (Internet Protocol version 6) is a revision of the Internet Protocol (IP) developed by
the Internet Engineering Task Force (IETF). IPv6 is intended to succeed IPv4, which is the
dominant communications protocol for most Internet traffic as of 2012.IPv6 was developed
to deal with the long-anticipated problem of IPv4 running out of addresses. IPv6 implements
a new addressing system that allows for far more addresses to be assigned than with IPv4.
Each device on the Internet, such as a computer or mobile telephone, must be assigned an
IP address in order to communicate with other devices. With the ever-increasing number of
new devices being connected to the Internet, there is a need for more addresses than IPv4 can
accommodate. IPv6 uses 128-bit addresses, allowing for 2128, or approximately 3.41038
addresses. IPv4 uses 32-bit addresses, allowing for only 4,294,967,296 addresses worldwide.
7/29/2019 ip versions and nating using cisco router
15/35
15
1.8.1 IPV6 ADDRESSES
Decomposition of an IPv6 address from hexadecimal representation to its binary value.
The rapid exhaustion of IPv4 address space, despite conservation techniques, prompted the
Internet Engineering Task Force (IETF) to explore new technologies to expand the Internet's
addressing capability. The permanent solution was deemed to be a redesign of the Internet
Protocol itself.
This next generation of the Internet Protocol, intended to replace IPv4 on the Internet, was
eventually namedInternet Protocol Version 6(IPv6) in 1995.The address size was increased
from 32 to 128 bits or 16 octets. This, even with a generous assignment of network blocks, is
deemed sufficient for the foreseeable future. Mathematically, the new address space provides
the potential for a maximum of 2128
, or about 3.4031038
unique addresses.
The new design is not intended to provide a sufficient quantity of addresses on its own,
but rather to allow efficient aggregation of subnet routing prefixes to occur at routing nodes.
As a result, routing table sizes are smaller, and the smallest possible individual allocation is a
subnet for 264
hosts, which is the square of the size of the entire IPv4 Internet. At these levels,
actual address utilization rates will be small on any IPv6 network segment.
The new design also provides the opportunity to separate the addressing infrastructure of
a network segment that is the local administration of the segment's available space
http://en.wikipedia.org/wiki/Octet_%28computing%29http://en.wikipedia.org/wiki/Octet_%28computing%297/29/2019 ip versions and nating using cisco router
16/35
16
from the addressing prefix used to route external traffic for a network. IPv6 has facilities that
automatically change the routing prefix of entire networks, should the global connectivity or
the routing policy change, without requiring internal redesign or renumbering.
The large number of IPv6 addresses allows large blocks to be assigned for specific
purposes and, where appropriate, to be aggregated for efficient routing. With a large address
space, there is not the need to have complex address conservation methods as used in
Classless Inter-Domain Routing (CIDR).
Many modern desktop and enterprise server operating systems include native support for
the IPv6 protocol, but it is not yet widely deployed in other devices, such as home networking
routers, voice over IP (VoIP) and multimedia equipment, and network peripherals.
IPv6 ADDRESSING
IPv6 addresses are 128-bit identifiers for interfaces and sets of interfaces. There are three
types of addresses:
Unicast: An identifier for a single interface. A packet sent to a unicast address is delivered
to the interface identified by that address.
Anycast: An identifier for a set of interfaces (typically belonging to different nodes). A
packet sent to an anycast address is delivered to one of the interfaces identified by that
address (the "nearest" one, according to the routing protocols' measure of distance).
Multicast: An identifier for a set of interfaces (typically belonging to different nodes). A
packet sent to a multicast address is delivered to all interfaces identified by that address.
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routinghttp://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing7/29/2019 ip versions and nating using cisco router
17/35
17
1.9 COMPARISON BETWEEN IPV4 AND IPV6:
IPV4 IPV6
1.Addresses are 32 bits (4 bytes) in length 1.Addresses are 128 bits (16 bytes) in length
2.Address (A) resource records in DNS to
map host names to IPv4 addresses
2.Address (AAAA) resource records in DNS
to map host names to IPv6 addresses
3. IPSec is optional and should be supported
externally
3.IPSec support is not optional
4.Header does not identify packet flow for
QoS handling by routers
4. Header contains Flow Label field, which
Identifies packet flow for QoS handling by
router
5. Both routers and the sending host fragment
packets.
5. Routers do not support packet
fragmentation. Sending host fragments
packets
6. Header includes a checksum. 6. Header does not include a checksum.
7. Header includes options. 7. Optional data is supported as extension
headers.
8. Must support a 576-byte packet size
(possibly fragmented).
8. Must support a 1280-byte packet size
(without fragmentation).
9. Broadcast addresses are used to send
traffic to all nodes on a subnet
9. IPv6 uses a link-local scope all-nodes
multicast address.
10.Internet Group Management Protocol
(IGMP) manages membership in local subnet
groups
10. Multicast Listener Discovery (MLD)
messages manage membership in local
subnet groups.
11. Configured either manually or through
DHCP.
11. Does not require manual configuration or
DHCP.
7/29/2019 ip versions and nating using cisco router
18/35
18
1.10 ADVANTGES OF IPV6 OVER IPV4
Larger address space
The main advantage of IPv6 over IPv4 is its larger address space. The length of an IPv6
address is 128 bits, compared to 32 bits in IPv4.The address space therefore has 2128
or
approximately 3.41038
addresses.
Multicasting
Multicasting, the transmission of a packet to multiple destinations in a single send
operation, is part of the base specification in IPv6. In IPv4 this is an optional although
commonly implemented feature.IPv6 multicast addressing shares common features andprotocols with IPv4 multicast, but also provides changes and improvements by eliminating
the need for certain protocols.
Mandatory network-layer security
Internet Protocol Security (IPsec) was originally developed for IPv6, but found
widespread deployment first in IPv4, into which it was back-engineered. Earlier, IPsec was
an integral part of the base IPv6 protocol suite
but has since been made optional
.
Simplified processing by routers
In IPv6, the packet header and the process of packet forwarding have been simplified.
Although IPv6 packet headers are at least twice the size of IPv4 packet headers, packet
processing by routers is generally more efficientthereby extending the end-to-end principle
of Internet design.
Privacy
The privacy enhancements in IPv6 have been mostly developed in response to a
misunderstanding. Interfaces can have addresses based on the MAC address of the machine,
but this is not a requirement. Even when an address is not based on the MAC address though,
the interface's address is (contrary to IPv4) usually global instead of local, which makes it
much easier to identify a single user through the IP address.
7/29/2019 ip versions and nating using cisco router
19/35
7/29/2019 ip versions and nating using cisco router
20/35
20
When the packets pass through the NAT gateway they will be modified so that they
appear to be coming from the NAT gateway itself. The NAT gateway will record the
changes it makes in its state table so that it can a) reverse the changes on return packets and
b) ensure that return packets are passed through the firewall and are not blocked. For
example, the following changes might be made:
Source IP: replaced with the external address of the gateway (for example, 24.5.0.5) Source port: replaced with a randomly chosen, unused port on the gateway (for
example, 53136)
Neither the internal machine nor the Internet host is aware of these translation steps. To
the internal machine, the NAT system is simply an Internet gateway. To the Internet host, thepackets appear to come directly from the NAT system; it is completely unaware that the
internal workstation even exists.
When the Internet host replies to the internal machine's packets, they will be addressed to
the NAT gateway's external IP (24.5.0.5) at the translation port (53136). The NAT gateway
will then search the state table to determine if the reply packets match an already established
connection. A unique match will be found based on the IP/port combination which tells PF
the packets belong to a connection initiated by the internal machine 192.168.1.35. PF will
then make the opposite changes it made to the outgoing packets and forward the reply
packets on to the internal machine.
Translation of ICMP packets happens in a similar fashion but without the source port
modification.
7/29/2019 ip versions and nating using cisco router
21/35
21
2.2 IMPLEMENTATION OF NATING:
Network address translation can be done:
1) Static
2) DynamicIn static NAT a certain fixed original IP is always translated to the same NAT IP at all
times, and no other IP gets translated to a same NAT IP
In Dynamic NAT the NAT IP depends on various run time conditions and may be a
completely different one for each single connection.
2.2.1 STATIC NAT:
The process of the Static NAT translation is the same for every device that supports it
(assuming the manufacturer has followed the RFCs). This means that whether we use a
router or a firewall appliance to perform Static NAT they'll both follow the same guidelines.
Consider our example network: figure 1
2.2.1.1 example network of static NAT
As the diagram describes we have Workstation No.1, which sends a request to the
Internet. Its gateway is the router that connects the LAN to the Internet and also performs
Static NAT.
7/29/2019 ip versions and nating using cisco router
22/35
22
1) The diagram below shows us how the Workstation's packet is altered as it transits the
router before it's sent to the Internet (outgoing packet):
2.2.1.2 outgoing Packet Modification of static NAT
As you can see, the only thing that changes is the Source IP, which was 192.168.0.3 and
was given the value of 203.31.220.135, which is a real IP Address on the Internet. The
Destination IP Address, Source Port and Destination Port are not modified.
Assuming the packet arrives at its destination, we would most likely expect to see a
reply. It would be logical to assume that the reply, or incoming packet, will require some sort
of modification in order to successfully arrive at the originating host located on our private
network (that's Workstation 1).
2) Here is how the incoming packet is altered as it transits the router:
2.2.1.2 Incoming Packet Modification of static NAT
7/29/2019 ip versions and nating using cisco router
23/35
23
The diagram above shows the part of the incoming packet that is altered by the router.
Only the destination IP Address is changed, from 203.31.220.135 to 192.168.0.3 so the
packet can then be routed to the internal workstation. Source IP Address, Source Port and
Destination Port remain the same.
3) The diagram below shows you what the outgoing and incoming packets looked likebefore and after transiting the router:
2.2.1.4 complete static NAT process
2.2.2 DYNAMIC NAT:
The way Dynamic NAT differentiates from Static NAT is that where Static NAT provides
a one-to-one internal to public static IP mapping, Dynamic NAT does the same but without
making the mapping to the public IP static and usually uses a group of available public IPs.
With Dynamic NAT, we also map our internal IP Addresses to real public IP Addresses,
but the mapping is not static, meaning that for each session our internal hosts communicate
with the Internet, their public IP Addresses remain the same, but are likely to change. These
Ips are taken from a pool of public IP Addresses that have been reserved by our ISP for our
public network.
7/29/2019 ip versions and nating using cisco router
24/35
24
With Dynamic NAT, translations dont exist in the NAT table until the router receives
traffic that requires translation. Dynamic translations have a timeout period after which they
are purged from the translation table, thus making them available for other internal hosts.
1) The diagram below illustrates the way Dynamic NAT works:
2.2.2.1 Dynamic NAT working
The diagram above is an example network and shows router, which is configured to
perform Dynamic NAT for the network. We request 4 public IPs from our ISP
(203.31.218.210 to 203.31.218.213), which will be dynamically mapped by our router to our
internal hosts. In this particular session our workstation, with IP Address 192.168.0.1, sends
a request to the Internet and is assigned the public IP address 203.31.218.210. This mapping
between the workstation's private and public IP Address will remain until the session
finishes.
The router is configured with a special NAT timeout and, after this timeout is reached (no
traffic sent/received during that time), the router will expire the particular mapping and reuse
it for a different internal host.
If users of workstations with IP Address 192.168.0.1 and 192.168.0.3 do not use their
PC , so they log off and leave their PCs on (even if they switched them off, it wouldn't make
a difference unless they had some program running that was constantly generating Internet
traffic because the NAT timeout would never be reached). While these users went out , the
7/29/2019 ip versions and nating using cisco router
25/35
25
user on the workstation with IP Address 192.168.0.2 decided to stay and do some extra work
on the Internet. After 1 hour, the users return and log back on, launch their web browser and
start to search on the net.
The router, as expected, deleted the old mappings once the NAT timeout had been
reached for each mapping and created new ones once the users launched their web browsers,
because that action generated traffic to the Internet and therefore had to transit the router.
Here's how the new mappings look
2.2.2.2 Dynamic NAT mapping
2.3 SECURITY AND ADMINISTRATION
Implementing dynamic NAT automatically creates a firewall between your internal
network and outside networks or the Internet. Dynamic NAT allows only connections that
originate inside the stub domain. Essentially, this means that a computer on an external
network cannot connect to your computer unless your computer has initiated the contact. So
you can browse the Internet and connect to a site, even download a file. But somebody else
can't simply latch onto your IP address and use it to connect to a port on your computer.
Static NAT, also called inbound mapping, allows connections initiated by external
devices to computers on the stub domain to take place in specific circumstances. For
instance, you may wish to map an inside global address to a specific inside local address that
is assigned to your Web server.
7/29/2019 ip versions and nating using cisco router
26/35
26
2.4 MULTI-HOMING
As businesses rely more and more on the Internet, having multiple points of connection
to the Internet is fast becoming an integral part of their network strategy. Multiple
connections, known as multi-homing, reduces the chance of a potentially catastrophic
shutdown if one of the connections should fail.
In addition to maintaining a reliable connection, multi-homing allows a company to
perform load-balancing by lowering the number of computers connecting to the Internet
through any single connection. Distributing the load through multiple connections optimizes
the performance and can significantly decrease wait times.
Multi-homed networks are often connected to several different ISPs (Internet Service
Providers). Each ISP assigns an IP address (or range of IP addresses) to the company.
Routers use BGP (Border Gateway Protocol), a part of the TCP/IP protocol suite, to route
between networks using different protocols. In a multi-homed network, the router utilizes
IBGP (Internal Border Gateway Protocol) on the stub domain side and EBGP (External
Border Gateway Protocol) to communicate with other routers.
When using NAT with multi-homing, the NAT router is configured with multiple pools
of inside global addresses allocated by different ISPs. The same inside local address should
be mapped to more than one inside global address from the configured pools, depending on
the provider through which the traffic gets routed to the destination. This is known as NAT
by destination.
Multi-homing really makes a difference if one of the connections to an ISP fails. As soon
as the router assigned to connect to that ISP determines that the connection is down, it will
reroute all data through one of the other routers.
NAT can be used to facilitate scalable routing for multi-homed multi-provider connectivity.
7/29/2019 ip versions and nating using cisco router
27/35
27
2.5NAT ADVANTAGES
NAT saves public IP addresses. Because a client only needs a public IP address whenit is communicating with the Internet, the pool of globally routable IP addresses can
be shared with other clients. Therefore, you need fewer public IP addresses than theactual number of internal clients that need access to the public network if you use
NAT. NAT hides the internal network's IP addresses.
It simplifies routing. Since internal hosts are assigned IP addresses from the internalnetwork, other internal systems can access them without special routes or routers.
The same hosts are accessed from the public network through globally routable IP
addresses translated by NAT.
NAT is transparent to the client and, therefore, allows you to support a wider rangeof clients.
NAT supports a wide range of services with a few exceptions. Any application thatcarries and uses the IP address inside the application does not work through NAT.
NAT consumes fewer computer resources and is more efficient than using SOCKSand application proxy servers.
The Universal Connection can flow through NAT.
2.6 NAT DISADVANTAGES
NAT provides minimum logging services. You must enable IP forwarding before you can use NAT to make an Internet
connection.
NAT is not as adept as either the SOCKS or application proxy servers in detectingattacks.
NAT can break certain applications, or make these applications more difficult to run.
7/29/2019 ip versions and nating using cisco router
28/35
28
2.7 IMPLEMENTATION OF NATING USING CISCO ROUTER
CONNECTING TO A CISCO ROUTER
We can connect to a Cisco router to configure it, verify its configuration, and check
statistics. There are different ways to do this, but most often, the first place we would
connect to is the console port. The console port is usually an RJ-45 (8-pin Modular)
connection located at the back of the routerby default, theres no password set.
We can also connect to a Cisco router through an auxiliary portwhich is really the same
thing as a console port, so it follows that you can use it as one. But this auxiliary port also
allows you to configure modem commands so that a modem can be connected to the router.
This is a cool Feature it lets you dial up a remote router and attach to the auxiliary port if
the router is down and you need to configure it out-of-band (which means, basically, out-
of-the-network). Inband means the oppositeconfiguring the router through the
network. The third way to connect to a Cisco router is in-band, through the program
Telnet
Telnet is a terminal emulation program that acts as though its a dumb terminal. You can
use Telnet to connect to any active interface on a router like an Ethernet or serial port
7/29/2019 ip versions and nating using cisco router
29/35
29
2.8GENERAL COMMANDS
There are 3 different modes of operation within the Cisco IOS.
1. Disabled mode2. Enabled mode3. Configuration mode
In the Disabled mode you can use a limited number of commands. This is used primarily to
monitor the router.
The Enabled mode is used to show configuration information, enter the configuration mode,
and make changes to the configuration.
The Configuration mode is used to enter and update the runtime configuration.
To get a list of the commands for the cisco type '?' at the prompt. To get further information
about any command, type the command followed by a '?'.
Clear Reset functions
Clock Manage the system clock
Configure Enter configuration mode
DebugDebugging functions (see also
'undebug')
Disable Turn off privileged commands
Enable Turn on privileged commands
EraseErase flash or configuration
memory
Exit Exit from the EXEC
HelpDescription of the interactive
help system
Login Log in as a particular user
Logout Exit from the EXEC
No Disable debugging functions
Ping Send echo messages
Reload Halt and perform a cold restart
SetupRun the SETUP command
facility
ShowShow running system
information
telnet Open a telnet connection
Terminal Set terminal line parameters
TestTest subsystems, memory, and
interfacesTraceroute Trace route to destination
7/29/2019 ip versions and nating using cisco router
30/35
30
Tunnel Open a tunnel connection
UndebugDisable debugging functions
(see also 'debug')
Verify Verify checksum of a Flash file
Write Write running configuration tomemory, network, or terminal
Show
access-lists List access lists
Arp ARP table
Buffers Buffer pool statistics
ConfigurationContents of Non-Volatile
memory
Controllers Interface controller status
Debugging State of each debugging optionDialer Dialer parameters and statistics
Extended Extended Interface Information
Flash System Flash information
flh-log Flash Load Helper log buffer
HistoryDisplay the session command
history
HostsIP domain-name, lookup style,
name servers, and host table
InterfacesInterface status and
configuration
Ip IP information
Isdn ISDN information
Line TTY line information
loggingShow the contents of logging
buffers
Memory Memory statistics
Privilege Show current privilege level
Processes Active process statistics
Protocols Active network routing protocols
Queue Show queue contents
Queueing Show queueing configuration
Reload Scheduled reload information
route-map route-map information
running-config Current operating configuration
sessionsInformation about Telnet
connections
Smf Software MAC filter
Stacks Process stack utilization
7/29/2019 ip versions and nating using cisco router
31/35
31
2.9 CONFIGURATION CORNER
AUTNET#show running-config
Building configuration
Current configuration : 1295 bytes
!
! Last configuration change at 06:52:00
UTC Wed Mar 9 2011
!
Version 15.0
Service timestamps debug datetime msec
Service timestamps log datetime msec
no service password-encryption
!
hostname AUTNET
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip name-server 218.248.255.177
ip name-server 218.248.240.180
ip name-server 218.248.240.23
multilink bundle-name authenticated
license udi pid CISCO 2911/K9 sn
FHK1432F3WY
interface GigabitEthernet0/0
ip address 117.211.86.58 255.255.255.248
ip nat outside
ip virtual-reassembly
7/29/2019 ip versions and nating using cisco router
32/35
32
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.34.130.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 117.211.123.193
255.255.255.224
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip nat pool auniverse 117.211.86.58
117.211.86.62 netmask 255.255.255.0
ip nat inside source list 20 pool
auniverse overload
ip route 0.0.0.0 0.0.0.0 117.211.86.57
!access-list 20 permit 10.34.130.0
0.0.0.255
!
!
!
line con 0
line aux 0
line vty 0 4
7/29/2019 ip versions and nating using cisco router
33/35
33
password Admin123
login
!
scheduler allocate 20000 1000
end
AUINET# wr
Building configuration
[OK]
7/29/2019 ip versions and nating using cisco router
34/35
34
CONCLUSION
Many organizations have been reluctant to widely deploy the next generation Internet
Protocol (IPv6) up to now. However, sooner or later IPv6 will replace IPv4 with a phase of
coexistence of many years.
Enterprises and service providers should carefully plan for the in-evitable transition
towards IPv6. They should develop IPv6 expertise so that they will be able to decide, when
to move to IPv6. Careful transition planning will reduce and distribute costs over many
years.
Multiple client devices can appear to share IP addresses because an IPv4 network
address translator (NAT) acts as an intermediary agent on behalf of its customers, in which
case the real originating IP addresses might be hidden from the server receiving a request.
NAT became a popular tool for alleviating the consequences of IPv4 address exhaustion.
It has become a common, indispensable feature in routers for home and small-office Internet
connections. Most systems using NAT do so in order to enable multiple hosts on a private
network to access the Internet using a single public IP address.
Most NAT devices today allow the network administrator to configure translation table
entries for permanent use. NAT saves public ip address because a client only needs a public
ip address when it is communicating with internet, the pool of globally routable ip address
can be shared with other clients. Therefore we need fewer public ip addresses than the actual
number of internal clients.
NAT is transparent to client and therefore, allows to support the wider range of clients.
Finally, NAT supports a wide range of services with a few exceptions.
http://en.wikipedia.org/wiki/Router_%28computing%29http://en.wikipedia.org/wiki/Host_%28network%29http://en.wikipedia.org/wiki/Host_%28network%29http://en.wikipedia.org/wiki/Router_%28computing%297/29/2019 ip versions and nating using cisco router
35/35
Top Related