Classless and Classless and Subnet Address Subnet Address Extensions (CIDR) Extensions (CIDR) Chapter 9 Chapter 9
Dec 25, 2015
Classless and Subnet Classless and Subnet Address Extensions Address Extensions
(CIDR)(CIDR)
Chapter 9Chapter 9
Chapter 4Chapter 4 Discussed original Internet addressing schemeDiscussed original Internet addressing scheme
This chapterThis chapter See 4 extensions to conserve network prefixesSee 4 extensions to conserve network prefixes
REVIEWREVIEW32-bit addresses are carefully assigned32-bit addresses are carefully assigned All hosts on given physical network share a All hosts on given physical network share a
common prefixcommon prefix Remainder of the address is the host portionRemainder of the address is the host portion Chief advantage: keeps routing tables smallChief advantage: keeps routing tables small
Router keeps one entry per networkRouter keeps one entry per network
Original scheme divided by network sizeOriginal scheme divided by network size Class A:Class A: 8-bit network, 24-bit host 8-bit network, 24-bit host Class B:Class B: 16-bit network, 16-bit host 16-bit network, 16-bit host Class C:Class C: 24-bit network, 8-bit host 24-bit network, 8-bit host
Need to understand:Need to understand: Individual sites may modify addresses & routesIndividual sites may modify addresses & routes Modifications must be invisible to the outsideModifications must be invisible to the outside
Hosts & routers at the site agree on addressingHosts & routers at the site agree on addressing
Other sites can treat addresses as a normal netid and Other sites can treat addresses as a normal netid and hostid combinationhostid combination
Minimizing Network NumbersMinimizing Network Numbers
Weakness in original scheme: growthWeakness in original scheme: growth
Internet size doubling every 9-15 monthsInternet size doubling every 9-15 months Large admin overhead to manage addressesLarge admin overhead to manage addresses Large routing tablesLarge routing tables
High load on Internet to exchange router informationHigh load on Internet to exchange router information Eventual exhaustion of the address spaceEventual exhaustion of the address space
Particularly Class BParticularly Class B
How to minimize within the scheme?How to minimize within the scheme? Look at three waysLook at three ways
Unnumbered point-to-pointUnnumbered point-to-point
Proxy ARPProxy ARP
Subnet addressingSubnet addressing Extend subnet ideas to network prefixesExtend subnet ideas to network prefixes
Classless addressingClassless addressing
Footnote: was predicted that IPv4 space would be exhaustedFootnote: was predicted that IPv4 space would be exhausted
by 2000; now appears that with careful allocation and thisby 2000; now appears that with careful allocation and this
chapter’s techniques, it will last until around 2019chapter’s techniques, it will last until around 2019
Proxy ARP (1)Proxy ARP (1)
Technique has various namesTechnique has various names Proxy ARP; promiscuous ARP; the ARP hackProxy ARP; promiscuous ARP; the ARP hack Used to map a single IP network prefix into Used to map a single IP network prefix into
two physical addressestwo physical addresses Only applies to networks that use ARP to bind Only applies to networks that use ARP to bind
IP addresses to physical addressesIP addresses to physical addresses
R knows which hosts are on which networkR knows which hosts are on which networkUses ARP to maintain illusion that only one Uses ARP to maintain illusion that only one network existsnetwork exists Intercepts ARP requests from one network to the otherIntercepts ARP requests from one network to the other Gives its own physical addressGives its own physical address Gets datagramGets datagram Uses special routing table to route the datagramUses special routing table to route the datagram
H1
H5H4
H3H2
R
Main Network
Hidden Network
Router running proxy ARP
Routers running proxy ARP lieRouters running proxy ARP lie Take advantage of trust in ARP protocolTake advantage of trust in ARP protocol Mappings are usually installed:Mappings are usually installed:
Without checking their validityWithout checking their validity
Without maintaining consistencyWithout maintaining consistency
So, ARP table can map several IP addresses to the So, ARP table can map several IP addresses to the same physical addresssame physical address
Some ARP implementations tellSome ARP implementations tell Complain about possible security violationsComplain about possible security violations
SpoofingSpoofing: one machine claims to be another: one machine claims to be another Cannot use on networks with proxy ARP routersCannot use on networks with proxy ARP routers
Advantage of proxy ARP:Advantage of proxy ARP: Can be added to a single router without Can be added to a single router without
disturbing the other routing tables on the netdisturbing the other routing tables on the net
Disadvantages:Disadvantages: Only works on networks that use ARP address Only works on networks that use ARP address
resolutionresolution Does not generalize to more complex networksDoes not generalize to more complex networks Does not support reasonable form of routingDoes not support reasonable form of routing
Managers must maintain tables of machines and Managers must maintain tables of machines and addresses manuallyaddresses manually
Subnet Addressing (2)Subnet Addressing (2)
Most common of the 3 address Most common of the 3 address extension techniquesextension techniquesIs a required part of IP addressingIs a required part of IP addressingGeneral idea:General idea: Site has single IP network addressSite has single IP network address Actually has two or more physical networksActually has two or more physical networks Only local routers know thisOnly local routers know this To other routers: single physical networkTo other routers: single physical network
Example of Class B network using subnettingExample of Class B network using subnettingThird octet distinguishes between the two networksThird octet distinguishes between the two networksFourth octet distinguishes between hostsFourth octet distinguishes between hosts
H1
H3
H2
H4
R
Network 128.10.1.0
Network 128.10.2.0
128.10.1.1 128.10.1.2
128.10.2.1 128.10.2.2
Rest of the
Internet
all traffic to
128.10.0.0
IP address now divided into:IP address now divided into: Network portionNetwork portion
Remains the same as for networks not subnettingRemains the same as for networks not subnetting Local portionLocal portion
Interpretation left up to the siteInterpretation left up to the site
Identifies the physical network and host at the siteIdentifies the physical network and host at the site
Result is hierarchical addressingResult is hierarchical addressing Top routing hierarchy uses first two octetsTop routing hierarchy uses first two octets Next level (local) uses an additional octetNext level (local) uses an additional octet Lowest level uses the whole addressLowest level uses the whole address
Advantage of hierarchical addressing:Advantage of hierarchical addressing: Accommodates large growthAccommodates large growth
Disadvantage:Disadvantage: Choosing hierarchical structure is difficultChoosing hierarchical structure is difficult Hierarchy hard to change once establishedHierarchy hard to change once established
Flexibility in subnet addressingFlexibility in subnet addressing TCP/IP standard allows flexibilityTCP/IP standard allows flexibility Don’t have to divide local portion into two even Don’t have to divide local portion into two even
parts for physical net and hostparts for physical net and host Can partition in any desired fashionCan partition in any desired fashion
Defines number of subnetsDefines number of subnets
Defines hosts per subnetDefines hosts per subnet
Possible fixed-length subnets for Class BPossible fixed-length subnets for Class B
Subnet BitsSubnet Bits Number of SubnetsNumber of Subnets Hosts per SubnetHosts per Subnet
00 11 6553465534
22 22 1638216382
33 66 81908190
44 1414 40944094
55 3030 20462046
66 6262 10221022
77 126126 510510
88 254254 254254
99 510510 126126
1010 10221022 6262
1111 20462046 3030
1212 40944094 1414
1313 81908190 66
1414 1638216382 22
* Avoids all 0s and all 1s subnet and host addresses
Variable-length subnetsVariable-length subnets Choosing a partition chooses a subnet Choosing a partition chooses a subnet
schemeschemeMost sites use fixed-lengthMost sites use fixed-length
But, some sites need more internal But, some sites need more internal flexibilityflexibility
May select a subnet partition on a per-network May select a subnet partition on a per-network basisbasis
Partitions doPartitions do notnot vary over time; only between networks vary over time; only between networks All hosts and routers attached must honor the schemeAll hosts and routers attached must honor the scheme
Too many disadvantages; we will not Too many disadvantages; we will not considerconsider
Implementing subnets with masksImplementing subnets with masks 32-bit mask is used to specify the division of the 32-bit mask is used to specify the division of the
IP addressIP address Mask bit set:Mask bit set: treat as part of subnet prefix treat as part of subnet prefix Mask bit 0:Mask bit 0: treat as part of host id treat as part of host id Example:Example:
11111111 11111111 11111111 11111111 11111111 11111111 0000000000000000
First three octets identify the networkFirst three octets identify the network
Fourth octet identifies a host on the networkFourth octet identifies a host on the network Don’t have to use contiguous bits in the maskDon’t have to use contiguous bits in the mask
Makes understanding routing trickyMakes understanding routing tricky
Subnet mask representationSubnet mask representation Specifying masks in binary is difficultSpecifying masks in binary is difficult
AwkwardAwkward
Error proneError prone Most IP sw uses dotted decimal representationMost IP sw uses dotted decimal representation
Works best when subnetting is aligned on octetsWorks best when subnetting is aligned on octets Class B: 3Class B: 3rdrd octet for physical net; 4 octet for physical net; 4thth for host for host Notation: 255.255.255.0Notation: 255.255.255.0
Another way is a 3-tuple representationAnother way is a 3-tuple representation{<network number>, <subnet mask>, <host number>}{<network number>, <subnet mask>, <host number>}
Value Value –1–1 means “all ones” means “all ones”
Above example: {-1, -1, 0}Above example: {-1, -1, 0}
Forwarding with subnetsForwarding with subnets Must modify our standard routing algorithmMust modify our standard routing algorithm All hosts and routers attached to a network using All hosts and routers attached to a network using
subnet addressing must use subnet forwardingsubnet addressing must use subnet forwarding Not so obvious:Not so obvious:
Other hosts & routers at the site may have to as wellOther hosts & routers at the site may have to as well
Unless restrictions on using subnetting are followedUnless restrictions on using subnetting are followed
Illegal topologyIllegal topologyHH would have to use subnet routing even though would have to use subnet routing even though Net 1Net 1 does not have a subnet addressdoes not have a subnet address
Theoretically simple subnet ruleTheoretically simple subnet ruleFor optimal forwardingFor optimal forwardingMachine Machine MM must use subnet forwarding for an IP must use subnet forwarding for an IP network address network address NNUnless there is a single pathUnless there is a single path P P such that such that P P is a shortest is a shortest path between path between MM and every physical network that is a and every physical network that is a subset of subset of NN
Net 1 (not a subnet address)
Net 2 (subnet of address N) Net 3 (subnet of address N)
R1 R2H
Still, hard to assign subnetsStill, hard to assign subnetsShortest path can change (HW fail; re-routing)Shortest path can change (HW fail; re-routing)
Rule does not consider site boundariesRule does not consider site boundaries Subnetting should be kept as simple as possibleSubnetting should be kept as simple as possible
All subnets of a given network IP address should be All subnets of a given network IP address should be contiguouscontiguous
The masks should be uniform across all networksThe masks should be uniform across all networks
All machines should participate in subnet routingAll machines should participate in subnet routing
Subnet forwarding algorithmSubnet forwarding algorithm Algorithm searches a table of routes like beforeAlgorithm searches a table of routes like before Normal entries for standard algorithm:Normal entries for standard algorithm:
(network address, next hop address)(network address, next hop address)
Per-host and default routes are special casesPer-host and default routes are special cases Must be checked explicitlyMust be checked explicitly
Algorithm compares network portion of Algorithm compares network portion of destination to the network address fielddestination to the network address field
Knows how address is partitionedKnows how address is partitioned With subnets, not possible to know the partitioning With subnets, not possible to know the partitioning
from the address alonefrom the address alone
Modified algorithm needs additional informationModified algorithm needs additional informationMust have the subnet maskMust have the subnet mask
Table entries are of the form:Table entries are of the form:
(address mask, network address, next hop address)(address mask, network address, next hop address)
Address mask used in routingAddress mask used in routing Extracts right bits for comparison with network address entryExtracts right bits for comparison with network address entry Performs bit-wise Boolean Performs bit-wise Boolean andand
32-bit destination IP address32-bit destination IP address
Subnet mask fieldSubnet mask field Checks to see if result matches entry’s network address fieldChecks to see if result matches entry’s network address field
If so, next hop address is used to route the datagramIf so, next hop address is used to route the datagram
By using arbitrary masks, will not need the By using arbitrary masks, will not need the special case checking of the standard algorithmspecial case checking of the standard algorithm
Example: route to single hostExample: route to single hostMask of all 1’sMask of all 1’s
Network address equal to host’s IP addressNetwork address equal to host’s IP address Example: default routeExample: default route
Mask of all 0’sMask of all 0’s
Network address of all 0’sNetwork address of all 0’s Example: route to non-subnetted Class BExample: route to non-subnetted Class B
Mask of two octets of 1’s and two octets of 0’sMask of two octets of 1’s and two octets of 0’s Thus, the “unified” routing algorithm will contain Thus, the “unified” routing algorithm will contain
fewer special casesfewer special cases
Algorithm:Algorithm:Forward_IP_Datagram (datagram, routing_table)Forward_IP_Datagram (datagram, routing_table)
Extract destination IP address, IExtract destination IP address, IDD, from datagram;, from datagram;
IfIf prefix of I prefix of IDD matches address of any directly connected matches address of any directly connected
network send datagram to destination over that networknetwork send datagram to destination over that network
(This involves resolving I(This involves resolving IDD to a physical address, to a physical address,
encapsulating the datagram, and sending the frame.)encapsulating the datagram, and sending the frame.)elseelse forfor each entry in routing table do each entry in routing table do
Let N be the bitwise-and of ILet N be the bitwise-and of IDD and the subnet mask and the subnet mask
If N equals the network address field of the entry thenIf N equals the network address field of the entry then forward the datagram to the specified next hop forward the datagram to the specified next hop
addressaddress endforloopendforloopIf no matches were found, declare a routing errorIf no matches were found, declare a routing error
Maintenance of subnet masksMaintenance of subnet masks How do subnet masks get propagated?How do subnet masks get propagated?
Answer that question laterAnswer that question later How do subnet masks get assigned?How do subnet masks get assigned?
Harder questionHarder question
Each site free to choose masks for own networksEach site free to choose masks for own networks
Nonuniform masks give more flexibility, but may cause Nonuniform masks give more flexibility, but may cause ambiguityambiguity
Valid assignments may become invalid as hosts are addedValid assignments may become invalid as hosts are added
Usually:Usually: Select contiguous bits from the local portion to ID a networkSelect contiguous bits from the local portion to ID a network Use the same partition for all local physical networks on siteUse the same partition for all local physical networks on site
Broadcasting to subnetsBroadcasting to subnets More difficultMore difficult Router cannot just send broadcast packet to all Router cannot just send broadcast packet to all
interfaces that share the subnet prefixinterfaces that share the subnet prefixWill cause a routing loopWill cause a routing loop
Use reverse path forwarding to prevent loopsUse reverse path forwarding to prevent loops Router extracts source of broadcast datagramRouter extracts source of broadcast datagram Looks up source in routing tableLooks up source in routing table Discards datagram unless it arrived on the interface used to Discards datagram unless it arrived on the interface used to
route to the source (the shortest path)route to the source (the shortest path)
Is possible to broadcast to a specific subnetIs possible to broadcast to a specific subnet Consistent subnets masks are criticalConsistent subnets masks are critical
Anonymous Point-to-Point (3)Anonymous Point-to-Point (3)Original IP schemeOriginal IP scheme Each network was assigned a unique prefixEach network was assigned a unique prefix Point-to-point connections viewed as networksPoint-to-point connections viewed as networks Different view as addresses became scarceDifferent view as addresses became scarce
Anonymous networkingAnonymous networking Invented to avoid assigning such prefixesInvented to avoid assigning such prefixes Does not number leased linesDoes not number leased lines Does not assign host address to routers at each endDoes not assign host address to routers at each end No HW address needed; next hop address ignoredNo HW address needed; next hop address ignored
-Called unnumbered or anonymous network
-Possible since only one destination
Figure 9.8
Classless Addressing (4)Classless Addressing (4)(Supernetting)(Supernetting)
Subnetting invented in early 1980sSubnetting invented in early 1980sBy 1993, saw address space still in troubleBy 1993, saw address space still in trouble New IP version in works with bigger addressesNew IP version in works with bigger addresses Needed something until new version standardizedNeeded something until new version standardized
Temporary solution was Temporary solution was classless addressingclassless addressing Permits a network prefix to be of arbitrary lengthPermits a network prefix to be of arbitrary length Also invented forwarding & route propagation Also invented forwarding & route propagation
techniquestechniques Entire technology: Entire technology: CClassless lassless IInter-nter-DDomain omain RRoutingouting
Was adopted because:Was adopted because: Different number of networks in each classDifferent number of networks in each class Class C number were being requested slowlyClass C number were being requested slowly Class B numbers were running out quicklyClass B numbers were running out quickly
Early use of classless: Early use of classless: supernettingsupernetting Organization wants Class B addressOrganization wants Class B address Instead, give block of Class C addressesInstead, give block of Class C addresses
Suppose organization wanted 200 networksSuppose organization wanted 200 networks
With Class B, want to subnet with 3With Class B, want to subnet with 3rdrd octet octet
Assign 256 contiguous Class C numbers insteadAssign 256 contiguous Class C numbers instead
CIDR address blocks and bit masksCIDR address blocks and bit masks Intended use beyond single organizationIntended use beyond single organization
For hierarchical InternetFor hierarchical InternetISPs get large part of the address spaceISPs get large part of the address space
They, in turn, allocate to their subscribersThey, in turn, allocate to their subscribers
Uses a bit mask to identify the size of the blockUses a bit mask to identify the size of the blockFor 2048 addresses starting at 128.211.168.0For 2048 addresses starting at 128.211.168.0
lowest: 128.211.168.0 lowest: 128.211.168.0 1000000010000000 1101001111010011 1010110101000 00000000000 00000000highest: 128.211.175.255 highest: 128.211.175.255 1000000010000000 1101001111010011 1010110101111 11111111111 11111111
Mask: 11111111 11111111 11111000 00000000Mask: 11111111 11111111 11111000 00000000
To specify the block of addresses, CIDR needsTo specify the block of addresses, CIDR needs 32-bit value of lowest address32-bit value of lowest address 32-bit mask32-bit mask
Mask delineates the end of the prefixMask delineates the end of the prefixAbove, need 21 bits set in the maskAbove, need 21 bits set in the mask
CIDR notationCIDR notation Also called Also called slash notationslash notation Used to specify the address and maskUsed to specify the address and mask For the previous example:For the previous example:
128.211.168.0/21128.211.168.0/21
/21/21 denotes 21 bits in a mask denotes 21 bits in a mask
Classless addressing provides complete Classless addressing provides complete flexibility in allocating various size blocksflexibility in allocating various size blocks ISP can choose to assign each customer a block ISP can choose to assign each customer a block
of appropriate sizeof appropriate sizeIf it owns a block of If it owns a block of NN bits, can assign a customer any bits, can assign a customer any piece of more than piece of more than NN bits bits
Example: ISP has 128.211.0.0/16Example: ISP has 128.211.0.0/16 Can give a customer the 2048 addresses in the /21 rangeCan give a customer the 2048 addresses in the /21 range Or, small customer with 2 computers, use 128.211.176.212/30Or, small customer with 2 computers, use 128.211.176.212/30
Lowest: 128.211.176.212 10000000 11010011 10110000 11010100Lowest: 128.211.176.212 10000000 11010011 10110000 11010100
Highest: 128.211.176.215 10000000 11010011 10110000 11010111Highest: 128.211.176.215 10000000 11010011 10110000 11010111
Recap:Recap:Classless addressing is used by ISPsClassless addressing is used by ISPs
Treats IP addresses as arbitrary integersTreats IP addresses as arbitrary integers
Allows network admin to assign addresses in Allows network admin to assign addresses in contiguous blockscontiguous blocks
Number of addresses in each block is a power of twoNumber of addresses in each block is a power of two
Data structures and algorithmsData structures and algorithms Want speedWant speed
Primary: speed for finding next hopPrimary: speed for finding next hop
Secondary: speed of making changes in tableSecondary: speed of making changes in table CIDR address in not self-identifyingCIDR address in not self-identifying
Router cannot determine division between prefix and Router cannot determine division between prefix and suffix by just looking at the addresssuffix by just looking at the address
For classful addressing, only needed hashingFor classful addressing, only needed hashing Router extracts network portion, Router extracts network portion, NN, and uses as hash key, and uses as hash key Computes hash function Computes hash function hh((NN)) Result is indexResult is index
Router cannot find hash key for arbitrary addressRouter cannot find hash key for arbitrary address
Alternatives: Alternatives: Search by mask lengthSearch by mask length
Iterates over all possible divisions between prefix/suffixIterates over all possible divisions between prefix/suffix Disadvantage: iteration is slowDisadvantage: iteration is slow
Better alternative: binary trie structureBetter alternative: binary trie structure Hierarchical data structureHierarchical data structure Successive address bits determine a path from the root downSuccessive address bits determine a path from the root down
PATRICIA and level compressed triesPATRICIA and level compressed tries Are optimized to allow skipping of levels that do not Are optimized to allow skipping of levels that do not
distinguish between routesdistinguish between routes
32-bit Address32-bit Address Unique PrefixUnique Prefix
00110101 00000000 00000000 0000000000110101 00000000 00000000 00000000 0000
01000110 00000000 00000000 0000000001000110 00000000 00000000 00000000 01000100
01010110 00000000 00000000 0000000001010110 00000000 00000000 00000000 01010101
01100001 00000000 00000000 0000000001100001 00000000 00000000 00000000 011011
10101010 11110000 00000000 0000000010101010 11110000 00000000 00000000 10101010
10110000 00000010 00000000 0000000010110000 00000010 00000000 00000000 1011010110
10111011 00001010 00000000 0000000010111011 00001010 00000000 00000000 1011110111
Interior node
Exterior node
SummarySummary
Four techniques to conserve IP addressesFour techniques to conserve IP addresses Proxy ARPProxy ARP
Router impersonates computer on another physical Router impersonates computer on another physical netnet
Subnet addressingSubnet addressingTCP/IP standardTCP/IP standardSites can share a single IP network address among Sites can share a single IP network address among multiple physical networksmultiple physical networks
Unnumbered point-to-pointUnnumbered point-to-pointPoint-to-point links have no prefixPoint-to-point links have no prefix
CIDRCIDRMajor shift in IP technologyMajor shift in IP technology
Classless addressing with arbitrary prefix and suffix Classless addressing with arbitrary prefix and suffix boundariesboundaries
Not self-identifying like classful addressesNot self-identifying like classful addresses Significant changes to algorithms and data structuresSignificant changes to algorithms and data structures