M06 Network Segmentation/Subnetting

avatar
Created by
Fernando Villareal

Cards (30)

  • The IPv4 Packet
    •192-bit header (24 bytes)  Options field rarely used (so typically 20 bytes)
  • The IPv6 Packet

    •320-bit header (40 bytes)• Increase in the address size from 32 bits to 128 bits• Simpler packet structure• Optional fields (between destination and user data)• Uses hexadecimal (base 16) like Ethernet for addressing• Not backward compatible with IPv4
  • Network Layer Addressing
    IPv4 addresses are 32 bits (232 or ~4.3 million possible addresses)
    • Most common way to write is using dot-decimal notation• Breaks address into four bytes and writes each byte in decimal notation instead of binary
  • Network Layer Addressing IPV6
    IPv6 addresses are 128 bits (2128 or ~3.4 × 1038possible addresses)
    •Written as eight sets of 2-byte hexadecimal numbers, “compressed notation” eliminates leading/blocks of zeros Example - : : 81: 4f : 4e : c1. IPv6 is slowly being adopted due to IPv4 address space exhaustion
  • Network Layer Addressing (IPv4)
    •Network layer addresses assigned by software• Every networked computer has IP address (routers have a different IP address for each physical port)• Routable addresses must be unique• Blocks of IP addresses assigned by ICANN; IPv4 expended• Private IPv4 addresses used internally (behind NAT firewall)• Extends IPv4 address space and provides security. IP addresses consist of network portion and host portion
    Expressed as IP address + subnet mask or Classless Inter Domain Routing (CIDR)
    Example: 192.168.200.36 with subnet mask 255.255.255.0 = 192.168.200.36/24
  • Network Device Address Assignment
    •Static (manual) addressing by network admin• Configuring each device manually is time consuming• Assigning addresses permanently can be inefficient when devices are not connected to network. •Dynamic addressing• A server can supply IP addresses automatically. •Dynamic Host Configuration Protocol (DHCP)• Most common protocol for dynamic addressing • Device sends out broadcast message• DHCP responds with IP settings• Addresses are “leased” for a length of time
  • Addressing – IPv4
    •Any computer connected to the Internet requires this network addressing information:1.Device’s own IP address2.Subnet mask - more on this later3.IP address of default gateway (most commonly the first connected router)4.IP address of at least one DNS server•Obtained from a static, admin-created configuration file or DHCP. Practice: Use ipconfig /all (Windows) or ifconfig -a (Linux/Mac OS
  • Internet Addressing
    •Addresses (General)• Used to direct messages from source to destination• Exist at different layers (Application, Network, Data Link)• May be translated (resolved) from one layer to another• Ex: DNS,  ARP• Assigned in various ways• System Administrator/DHCP Server (IP addresses)• ICANN (URLs, IP addresses)• IEEE/Hardware vendor (MAC addresses)
  • Address Resolution
    •Application layer address resolution• Translate host name (Application Layer) to IPv4 address (Network Layer)• Ex: www.indiana.edu → 129.79.78.193• Domain Name Service (DNS). DNS is a hierarchical system making use of Root, Top Level Domain (TLD) and Authoritative Name Servers maintained in various networks throughout the Internet.
  • How the DNS System Works
    Iterative DNS request illustrated (standard)
    Recursive DNS request process also defined
  • Network Segmentation (Subnetting)

    Organizations have an allocated portion of routable IP address space
    •Allocation provides an upper limit number of addressable hosts•Network administrators may (and usually should) segment the allocation into smaller logical subnets, with fewer addressable hosts
  • IPv4 Subnetting - Preparation
    Remember that computers see everything as binary (1,0).
    We need to understand data masking, which is based on the binary operation ‘AND’.  We can treat this like multiplication:
    0∙0=0, 0∙1=0, 1∙0=0, 1∙1=1 (actual symbol for AND is ⋀)
    Performing this operation bitwise between two binary numbers results in a new binary number with 1’s in every space where both original numbers had 1’s, and 0’s everywhere else.   The second binary “masks” the first by passing only the values where it has 1’s. 
  • IPv4 Subnetting
    Subnetting provides an elegant way to partition and organize large networks.  Original subnetting done within Class A, B, C (/8, /16, /24) demarcations: (IMAGE)  In any network/subnet, can use most of the IP addresses for host addresses.
    We lose two addresses for every network or subnet:
    1.Network Address - reserved for network identification (all zeros in host part) 2.Broadcast Address - reserved to address all hosts in subnet (all ones in host part)  
  • IPv4 Subnetting

    Organizations partition their network address space into smaller subnets as needed.  Many subnets are other than convenient /16 and /24 boundaries.
  • IPv4 Subnetting 

    Example: Network address 172.19.0.0/16 is subnettedusing a subnet mask   of 255.255.192.0 (192=11000000)
  • IPv4 Subnetting – Important Considerations
    •Can only subnet the host portion• Subnetting does not provide more hosts, only allows division of larger network into smaller networks• When subnetting, we lose 2 host addresses per subnet:◦ Cannot use the network address of that subnet◦ Cannot use the subnet broadcast address• Why subnet?◦ Divide larger network into smaller networks◦ Limit layer 2 and layer 3 broadcasts Better management of traffic
  • TCP/IP and Network Layers
    •Host Computers• Packets move through all layers• Gateways, Routers• Packet moves from Physical layer to Data Link Layer through the network Layer (no higher)• At each stop along the way• Ethernet frame is removed and a new one is created for the next node• IP and above packets never change in transit (created by the original sender and destroyed by the final receiver)
  • Example: Internetwork HTTP Request
  • TCP/IP Example: Known Address 1

    •Suppose that a client computer in Building A wanted to get a Web page from a Web server located in the data center. Because the computer knows the IP address of the server, it uses its IP address, not its application layer address• The application layer software would pass an HTTP packet to the transport layer software (TCP) with the Internet address of the destination www1.anyorg.com: 128.192.50.2• The transport layer software (TCP) would make sure that the request fits in one segment and hands it to the network layer
  • TCP/IP Example: Known Address 2

    •The network layer software (IP) would then check the subnet mask and would recognize that the Web server is located outside of its subnet• The network layer software would check its address table and find the Ethernet address for the router• The data link layer would surround the frame with an Ethernet frame and transmit it over the physical layer to the Web server• The router would receive the message and its data link layer would perform error checking before passing the packet to the network layer software•
  • TCP/IP Example: Known Address 3

    •This router in the data center would receive the message and read the IP address to determine the final destination• The router would recognize that this address was inside its 128.192.50.x subnet and would search its data link layer address table for this computer• It would then pass the packet to the data link layer along with the Ethernet address• The Web server would receive the message and process it• This process would work in the same way for Web servers located outside the organization on the Internet
  • TCP/IP Example 1
  • TCP/IP Example 2
  • TCP/IP Example 3
  • TCP/IP Example 4
  • TCP/IP Example: Unknown Address
    •Suppose that the client computer in Building A wants to retrieve a Web page from the www1.anyorg.com Web server but does not know the IP address. •We will assume that the client knows the data link layer address of its subnet router. •The Web browser realizes that it does not know the IP address after searching its IP address table. •It issues a DNS request to the name server. •The DNS request is passed to the transport layer (TCP), which attaches a UDP datagram and hands the message to the network layer
  • TCP/IP Example: Unknown Address
    •Using its subnet mask, the network layer (IP) will recognize that the DNS server is outside of its subnet. •It will attach an IP packet and set the data link layer address to its router’s address. •The router will recognize it must send the packet to the data center router, 128.192.254.96 and does this by using this router’s MAC address. •When the data center router receives this packet, it will transmit the packet using the DNS server’s Ethernet address. •The name server will process the DNS request and send the matching IP address back to the client
  • TCP/IP Example: Unknown Address
    •The IP address for the desired computer makes its way back to the application layer software. •The application layer then issues the HTTP request using the IP address for the Web server and passes it to the transport layer, which in turn passes it to the network layer. •The network layer will route the packet to its default gateway, which will then send the HTTP request to the data center’s router, which will deliver the HTTP request to Web server 1
  • Packet Nesting
    •HTTP = Hypertext Transfer Protocol •IP = Internet Protocol •TCP = Transmission Control Protocol
  • Implications for Cyber Security

    •The Internet was not originally designed with security in mind (created for researchers and the military) • Some vulnerabilities ◦With the TCP three-way handshake, a hacker can create so many false connections that a system may run out of memory and crash ◦Your IP address can be used to track your geographical location, operating system, browser version, time zone, and many other pieces of information