As is the case with many elements of networking, planning is the key to successfully using
VLSM in a network. This is especially true of VLSM implementations being put in place on existing
networks. Without proper planning, a VLSM implementation can provoke serious support
problems. There are numerous ways to implement VLSM; here we will only focus on two.
Divide up a single /24 network. This implementation strategy is best designed for smaller
remote sites connecting to one or two central locations. A single /24 network can be divided
up and used for the remote sites. In this manner, summarization and problem tracking are
made easier. For example, assume that the standard remote location has 60 IP-enabled
devices on a single segment, two routers, one switch, and two point-to-point Frame Relay
links, and is assigned the 10.1.1.0 /24 subnet. Using the small-site VLSM strategy, you can
take this /24 and divide it up into the following:
10.1.1.0 /25 for the user segment
10.1.1.244 /30 for Frame Relay link 2
10.1.1.248 /30 for Frame Relay link 1
10.1.1.253 /32 for router 2 loopback
10.1.1.254 /32 for router 1 loopback
As you can see, /32 subnets are being used for the router loopback addresses. This does not
conform to the rules of IP addressing, but it is supported by Cisco routers. Also, though it is true
that with only 60 IP-enabled devices a /26 mask could have been used, that would leave no
room for future growth. The suggested arrangement, on the other hand, allows for effective
use of the address range and permits some future expansion. Notice also that /30 masks were
used for the Frame Relay links. In the event that these links might become point-to-multipoint
links, however, a different mask should be used.
Use one mask size per service. The second tip for implementing VLSM is to try to use the
same mask size for the same service type. For example, use a /32 mask for all loopback interfaces,
a /30 mask for all point-to point links, a /26 mask for all server segments, and a /24 mask
for all user segments. In this manner you can easily identify the general purpose of a subnet
just by looking at the mask.
As stated, there are various ways to implement VLSM successfully; it just takes some planning
up front. This planning must take into account the current IP addressing scheme. In addition,
make sure that the final implementation is consistently applied and will be scalable and adaptable
as the network requirements change. 1117
IT Certification CCIE,CCNP,CCIP,CCNA,CCSP,Cisco Network Optimization and Security Tips
IP Addressing Review
No review of TCP/IP networking would be complete without a review of IP addressing. In
this section we will not explain the basics of IP addressing; rather, we will focus more on
the application of variable-length subnet masking (VLSM) and the calculation of networks
as it pertains to troubleshooting in an IP environment. If you need a more detailed discussion,
see CCNA: Cisco Certified Network Associate Study Guide, 4th ed., by Todd Lammle
(Sybex, 2004).
As internetworks grew and address space became more scarce, several methodologies were
devised to extend the address space availability. One of these methodologies was VLSM. In older
routing protocols, if you wanted to subnet a major network, you had to make all the subnets the
same size. This was because the routing protocols passed only network information and did not
include subnet mask information. Newer routing protocols pass subnet information along with
the individual routes, allowing for the use of VLSM. This enables better use of address space
because network administrators can size the subnets based on the need. For example, a point-topoint
connection has only two nodes on it, and as such only needs two host addresses. Without
VLSM, if your standard subnet mask was 255.255.255.0, a /24 subnet, then 256 “addresses”
would be used on this point-to-point connection (though 256 addresses are used, only 254 are
usable by hosts). With VLSM, this same connection could use a 255.255.255.252 mask, /30, using
only four addresses—two for the hosts, one for the subnet, and one for the broadcast address. For
reference, Table 36.5 shows various subnet mask information.
One drawback to VLSM is the complexity that it adds to the network. When there was only
one mask used in an environment, the network administrators could easily memorize the subnet
information. With VLSM, however, subnet information needs to be calculated based on the
individual situation. Miscalculation of the subnets can lead to communication problems if
machines are assigned outside a subnet boundary or on a subnet or broadcast address.
this section we will not explain the basics of IP addressing; rather, we will focus more on
the application of variable-length subnet masking (VLSM) and the calculation of networks
as it pertains to troubleshooting in an IP environment. If you need a more detailed discussion,
see CCNA: Cisco Certified Network Associate Study Guide, 4th ed., by Todd Lammle
(Sybex, 2004).
As internetworks grew and address space became more scarce, several methodologies were
devised to extend the address space availability. One of these methodologies was VLSM. In older
routing protocols, if you wanted to subnet a major network, you had to make all the subnets the
same size. This was because the routing protocols passed only network information and did not
include subnet mask information. Newer routing protocols pass subnet information along with
the individual routes, allowing for the use of VLSM. This enables better use of address space
because network administrators can size the subnets based on the need. For example, a point-topoint
connection has only two nodes on it, and as such only needs two host addresses. Without
VLSM, if your standard subnet mask was 255.255.255.0, a /24 subnet, then 256 “addresses”
would be used on this point-to-point connection (though 256 addresses are used, only 254 are
usable by hosts). With VLSM, this same connection could use a 255.255.255.252 mask, /30, using
only four addresses—two for the hosts, one for the subnet, and one for the broadcast address. For
reference, Table 36.5 shows various subnet mask information.
One drawback to VLSM is the complexity that it adds to the network. When there was only
one mask used in an environment, the network administrators could easily memorize the subnet
information. With VLSM, however, subnet information needs to be calculated based on the
individual situation. Miscalculation of the subnets can lead to communication problems if
machines are assigned outside a subnet boundary or on a subnet or broadcast address.
IP Packet Structure
Now that you know what IP is, let’s look at the actual packet structure in more detail. The
following is an IP packet that was broken down by EtherPeek, a network analyzer. The entire
header has six layers, and each layer consists of 32 bits. Look at each section of the header
and get an explanation for each:
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5
Precedence: 0
Type of Service: 0
Unused:
Total Length: 60
Identifier: 0
Fragmentation Flags: 0
Fragment Offset: 0
Time To Live: 2
IP Type: 0x58 EIGRP
Header Checksum: 0x10dc
Source IP Address: 205.124.250.7
Dest. IP Address: 224.0.0.10
No Internet Datagram Options
At this point, we will define the key fields that appear in this listing. As you can see, the
packet IP header starts out with the Version field. Right now, the standard is IPv4. The version
parameter uses four of the 32 bits available.
The next field is the IP Header Length, or IHL. This field also uses another four bits, and it
specifies the datagram header length in 32-bit words.
The Type of Service (TOS field) follows the IHL. This field uses eight bits and indicates
datagram priority and how other OSI layers are to handle the datagram once they receive it.
Following the TOS field is the Total Length parameter. This field indicates how long the
packet is, including header and payload or data. The length is in units of bytes. The field itself
uses 16 bits, which brings the total for these fields to 32 bits or four bytes.
The second field begins with the Identifier or Identification field. The Identifier is
a 16-bit field that contains an integer value that identifies the packet. It is like a sequencing number
that is used when reassembling datagram fragments.
The Fragmentation Flags field follows, using only three bits. This field is used to control
fragmentation of a datagram. If the datagram can be fragmented, the first bit has a value of 0;
otherwise, a value of 1 is assigned to the first bit if the datagram is not to be fragmented. The
second bit is used to indicate the last fragment of a fragmented datagram. The third bit is an
undefined bit and is set to 0.
Fragment Offset follows the Flags field. This value uses 13 bits and specifies the fragment’s
position in the original datagram. The position is measured from the beginning of the datagram
and marked off in 64-bit increments. This again brings you to 32 bits, so you must move down
to the next layer in the IP packet.
The third field begins with the Time-to-Live (TTL) field, which is a counter whose units are
measured in hops. A starting value is given, and it counts decrements by 1 as it passes through each
hop or router. Once the value of this field is 0, the packet is discarded. This field uses eight bits.
The protocol field (IP Type) follows the TTL parameter. This field tells layer 3 which upper
layer protocol is supposed to receive the packet. It uses a decimal value to specify the protocol.
This field uses eight bits.
The Header Checksum field finishes the third layer. The checksum is used to help verify the
integrity of the IP header. This field uses 16 bits.
The next two fields are the Source IP Address and Dest. IP Address respectively. Both
of these fields are 32 bits long.
An Options field occupies the final field of the header. The field needs to be 32 bits long, so
any additional empty bits are padded.
Figure 36.13 gives a good visual representation of the IP packet structure.
following is an IP packet that was broken down by EtherPeek, a network analyzer. The entire
header has six layers, and each layer consists of 32 bits. Look at each section of the header
and get an explanation for each:
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5
Precedence: 0
Type of Service: 0
Unused:
Total Length: 60
Identifier: 0
Fragmentation Flags: 0
Fragment Offset: 0
Time To Live: 2
IP Type: 0x58 EIGRP
Header Checksum: 0x10dc
Source IP Address: 205.124.250.7
Dest. IP Address: 224.0.0.10
No Internet Datagram Options
At this point, we will define the key fields that appear in this listing. As you can see, the
packet IP header starts out with the Version field. Right now, the standard is IPv4. The version
parameter uses four of the 32 bits available.
The next field is the IP Header Length, or IHL. This field also uses another four bits, and it
specifies the datagram header length in 32-bit words.
The Type of Service (TOS field) follows the IHL. This field uses eight bits and indicates
datagram priority and how other OSI layers are to handle the datagram once they receive it.
Following the TOS field is the Total Length parameter. This field indicates how long the
packet is, including header and payload or data. The length is in units of bytes. The field itself
uses 16 bits, which brings the total for these fields to 32 bits or four bytes.
The second field begins with the Identifier or Identification field. The Identifier is
a 16-bit field that contains an integer value that identifies the packet. It is like a sequencing number
that is used when reassembling datagram fragments.
The Fragmentation Flags field follows, using only three bits. This field is used to control
fragmentation of a datagram. If the datagram can be fragmented, the first bit has a value of 0;
otherwise, a value of 1 is assigned to the first bit if the datagram is not to be fragmented. The
second bit is used to indicate the last fragment of a fragmented datagram. The third bit is an
undefined bit and is set to 0.
Fragment Offset follows the Flags field. This value uses 13 bits and specifies the fragment’s
position in the original datagram. The position is measured from the beginning of the datagram
and marked off in 64-bit increments. This again brings you to 32 bits, so you must move down
to the next layer in the IP packet.
The third field begins with the Time-to-Live (TTL) field, which is a counter whose units are
measured in hops. A starting value is given, and it counts decrements by 1 as it passes through each
hop or router. Once the value of this field is 0, the packet is discarded. This field uses eight bits.
The protocol field (IP Type) follows the TTL parameter. This field tells layer 3 which upper
layer protocol is supposed to receive the packet. It uses a decimal value to specify the protocol.
This field uses eight bits.
The Header Checksum field finishes the third layer. The checksum is used to help verify the
integrity of the IP header. This field uses 16 bits.
The next two fields are the Source IP Address and Dest. IP Address respectively. Both
of these fields are 32 bits long.
An Options field occupies the final field of the header. The field needs to be 32 bits long, so
any additional empty bits are padded.
Figure 36.13 gives a good visual representation of the IP packet structure.
Internet Protocol (IP)
It is important to distinguish between the Internet Protocol suite and the actual Internet Protocol
that is used in the Network layer of the OSI model.
The IP suite consists of several discrete protocols that are implemented at different levels of
the OSI model.
The Internet Protocol (IP) is a Network layer protocol of the IP suite. It is used to allow
routing among internetworks and heterogeneous systems. IP is a connectionless protocol,
even though it can provide error reporting, and it performs the segmentation and reassembly
of PDUs.
that is used in the Network layer of the OSI model.
The IP suite consists of several discrete protocols that are implemented at different levels of
the OSI model.
The Internet Protocol (IP) is a Network layer protocol of the IP suite. It is used to allow
routing among internetworks and heterogeneous systems. IP is a connectionless protocol,
even though it can provide error reporting, and it performs the segmentation and reassembly
of PDUs.
Layers 3 and 4: IP Routed Protocols
The Network layer is used by the Transport layer to provide the best end-to-end services and
path for PDU delivery. This means that the Network layer also uses protocols to accomplish this task. This section discusses protocols that are used within layer 3 of the OSI model. Some of
these protocols use other protocols within them for finer granularity of certain functions.
There is a significant difference between routing protocols and routed protocols. Routing
protocols are used to exchange route information and to create a network topology, thus
enabling routing decisions to be made. The routed protocols, on the other hand, contain information
regarding the end systems, how communication is established, and other information
relevant to the transfer of data. The routing protocols will be covered in Chapter 38, “TCP/IP
Routing Protocol Troubleshooting.”
path for PDU delivery. This means that the Network layer also uses protocols to accomplish this task. This section discusses protocols that are used within layer 3 of the OSI model. Some of
these protocols use other protocols within them for finer granularity of certain functions.
There is a significant difference between routing protocols and routed protocols. Routing
protocols are used to exchange route information and to create a network topology, thus
enabling routing decisions to be made. The routed protocols, on the other hand, contain information
regarding the end systems, how communication is established, and other information
relevant to the transfer of data. The routing protocols will be covered in Chapter 38, “TCP/IP
Routing Protocol Troubleshooting.”
Frame Structure
Look at Figure 36.12 to get a picture of the ISDN frame. As you can see, this frame is similar
to the HDLC frame that you studied earlier (Figure 36.11). ISDN uses LAP (Link Access Procedure)
on the D channel for layer 2 functions. Unlike the HDLC frame, the ISDN frame is
bounded by Flag fields.
After the Flag field, again going from right to left, we see the Address field. The Address
field contains several bits of key information:
SAPI This field is the service access point identifier. It defines which services are provided
to layer 3.
C/R This field designates the frame as a command or a response.
EA This is the last bit of the first byte of the Address field. This bit defines the Address field
as one or two bytes. If it is set to one byte, this is the last field within the Address field. If it is
set to two bytes, then one more field follows, ending with another EA bit.
TEI This is the terminal end point identifier, the layer 2 address used to identify individual
devices connecting to an ISDN network.
to the HDLC frame that you studied earlier (Figure 36.11). ISDN uses LAP (Link Access Procedure)
on the D channel for layer 2 functions. Unlike the HDLC frame, the ISDN frame is
bounded by Flag fields.
After the Flag field, again going from right to left, we see the Address field. The Address
field contains several bits of key information:
SAPI This field is the service access point identifier. It defines which services are provided
to layer 3.
C/R This field designates the frame as a command or a response.
EA This is the last bit of the first byte of the Address field. This bit defines the Address field
as one or two bytes. If it is set to one byte, this is the last field within the Address field. If it is
set to two bytes, then one more field follows, ending with another EA bit.
TEI This is the terminal end point identifier, the layer 2 address used to identify individual
devices connecting to an ISDN network.
Integrated Services Digital Network (ISDN)
Integrated Services Digital Network (ISDN) is a service that allows telephone networks to carry
data, voice, and other digital traffic. There are two types of ISDN interfaces: Basic Rate Interface
(BRI) and Primary Rate Interface (PRI). BRI uses two B channels and one D channel. Each
of the two B channels operates at 64Kbps bidirectionally; the D channel operates at 16Kbps.
The B channels are used for transmitting and receiving data. The D channel is used for protocol
communications and signaling.
In contrast, PRI uses 23 B channels and 1 D channel. All 23 B channels are added to a rotary
group, as well. The D channel runs at the same line speed as the B channels—64Kbps. Because of the
D channel’s additional line speed, PRI has the equivalent line speed of a T-1 circuit (1.544Mbps). In
Europe, PRI offers 30 B channels and 1 D channel, making it the equivalent of an E-1 circuit.
Just as there are two types of ISDN interfaces, there are two terminal equipment types. Type 1
(TE1) is equipment that was built specifically for use on ISDN. Type 2 (TE2) is equipment that
was made before the ISDN specifications, and it requires a terminal adapter to actually interface
with ISDN. Terminal equipment, which is comparable to DTE as described in the “Frame Relay”
section earlier in this chapter, includes computers or routers.
In order for terminal equipment to work, it must be able to connect to a network termination.
There are three types of ISDN network terminations, known as NT devices. Type 1 (NT1) devices
are treated as customer premises equipment. Type 2 (NT2) devices are more intelligent devices
than NT1 and can perform concentration and switching functions. The last type is a combination
of Types 1 and 2. It is known as a Type 1/2 or NT1/2.
More information about troubleshooting ISDN is covered in Chapter 40, “Troubleshooting
ISDN.”
data, voice, and other digital traffic. There are two types of ISDN interfaces: Basic Rate Interface
(BRI) and Primary Rate Interface (PRI). BRI uses two B channels and one D channel. Each
of the two B channels operates at 64Kbps bidirectionally; the D channel operates at 16Kbps.
The B channels are used for transmitting and receiving data. The D channel is used for protocol
communications and signaling.
In contrast, PRI uses 23 B channels and 1 D channel. All 23 B channels are added to a rotary
group, as well. The D channel runs at the same line speed as the B channels—64Kbps. Because of the
D channel’s additional line speed, PRI has the equivalent line speed of a T-1 circuit (1.544Mbps). In
Europe, PRI offers 30 B channels and 1 D channel, making it the equivalent of an E-1 circuit.
Just as there are two types of ISDN interfaces, there are two terminal equipment types. Type 1
(TE1) is equipment that was built specifically for use on ISDN. Type 2 (TE2) is equipment that
was made before the ISDN specifications, and it requires a terminal adapter to actually interface
with ISDN. Terminal equipment, which is comparable to DTE as described in the “Frame Relay”
section earlier in this chapter, includes computers or routers.
In order for terminal equipment to work, it must be able to connect to a network termination.
There are three types of ISDN network terminations, known as NT devices. Type 1 (NT1) devices
are treated as customer premises equipment. Type 2 (NT2) devices are more intelligent devices
than NT1 and can perform concentration and switching functions. The last type is a combination
of Types 1 and 2. It is known as a Type 1/2 or NT1/2.
More information about troubleshooting ISDN is covered in Chapter 40, “Troubleshooting
ISDN.”
Frame Structure
Frame Relay does not provide any information on flow and error control. As a result, no space is
reserved within the frame for this information. These functions are left to the upper layer protocols.
Frame Relay does provide congestion detection and can notify the upper layers of possible problems;
however, Frame Relay is primarily concerned only with the transmission and reception of data.
As a mechanism for data circuit identification, Frame Relay uses a DLCI number. Ten bits
of the two-byte Address field are used to define the DLCI. To a Frame Relay frame, the DLCI
is the most significant address in the header. Figure 36.11 depicts a Frame Relay frame.
reserved within the frame for this information. These functions are left to the upper layer protocols.
Frame Relay does provide congestion detection and can notify the upper layers of possible problems;
however, Frame Relay is primarily concerned only with the transmission and reception of data.
As a mechanism for data circuit identification, Frame Relay uses a DLCI number. Ten bits
of the two-byte Address field are used to define the DLCI. To a Frame Relay frame, the DLCI
is the most significant address in the header. Figure 36.11 depicts a Frame Relay frame.
Frame Relay
Frame Relay was developed as a digital packet-switching technology, whereas older technologies
such as X.25 were analog-based technologies. The technology used in Frame Relay allows it to
multiplex several different data flows over the same physical media. More information on Frame
Relay is presented in Chapter 39, “Troubleshooting Serial Line and Frame Relay Connectivity.”
Frame Relay also uses permanent and switched virtual circuits between the data terminal
equipment (DTE) (customer connection) and the data communication equipment (DCE) (service
provider’s frame relay switch). These virtual circuits have unique identifiers that allow the
Frame Relay to keep track of each logical data flow. The identifier is known as a DLCI (data
link connection identifier). The DLCI number is used to create a logical circuit within a physical
circuit. Multiple logical circuits can be created within one physical circuit.
Look at the following router configuration excerpt:
interface Serial1/5
description Physical Circuit
no ip address
no ip directed-broadcast
encapsulation frame-relay
!
interface Serial1/5.1 point-to-point
description To Building A
ip address 172.16.1.17 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 17 IETF
!
interface Serial1/5.2 point-to-point
description To Building B
ip address 172.16.1.25 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 22 IETF
From this configuration, you can see that two logical circuits have been defined to communicate
over one physical circuit. Notice that each subinterface or logical circuit has a unique DLCI. Each
DLCI maps to another DLCI within the Frame Relay cloud. This mapping continues throughout the
Frame Relay cloud until it maps to another DTE on the destination side of the virtual circuit.
such as X.25 were analog-based technologies. The technology used in Frame Relay allows it to
multiplex several different data flows over the same physical media. More information on Frame
Relay is presented in Chapter 39, “Troubleshooting Serial Line and Frame Relay Connectivity.”
Frame Relay also uses permanent and switched virtual circuits between the data terminal
equipment (DTE) (customer connection) and the data communication equipment (DCE) (service
provider’s frame relay switch). These virtual circuits have unique identifiers that allow the
Frame Relay to keep track of each logical data flow. The identifier is known as a DLCI (data
link connection identifier). The DLCI number is used to create a logical circuit within a physical
circuit. Multiple logical circuits can be created within one physical circuit.
Look at the following router configuration excerpt:
interface Serial1/5
description Physical Circuit
no ip address
no ip directed-broadcast
encapsulation frame-relay
!
interface Serial1/5.1 point-to-point
description To Building A
ip address 172.16.1.17 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 17 IETF
!
interface Serial1/5.2 point-to-point
description To Building B
ip address 172.16.1.25 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 22 IETF
From this configuration, you can see that two logical circuits have been defined to communicate
over one physical circuit. Notice that each subinterface or logical circuit has a unique DLCI. Each
DLCI maps to another DLCI within the Frame Relay cloud. This mapping continues throughout the
Frame Relay cloud until it maps to another DTE on the destination side of the virtual circuit.
Subscribe to:
Posts (Atom)