Dwight Reifsnyder 1009 IP Numbers and VLANs – Everything You Always Wanted To Know.

Dwight Reifsnyder

1009 IP Numbers and VLANs – Everything You Always Wanted To Know

Administrivia

• Please remember to turn cell phones to vibrate or off

• Please remember to complete the session evaluation at the end of this session

• The session number is: 1009

Boulder Valley School District

• 50 Schools• 28,000 Kids

• New Fiber Infrastructure• Extreme Networks• Avaya Phones

Boulder Valley School District

Early VoIP

• Managed the first Avaya VoIP implementation in Colorado

• Network Assessments didn’texist! We ‘learned by doing’

• As my spell checker says, it was VoID!

VoIP Bedrock

• IP Numbers are one of the most basic building blocks of current networks

• Without really understanding IP numbers, Telecom Administrators can’t deploy VoIP

• If the Telecom Administrator cannot deploy VoIP, it will be turned over to the IT department

Avaya Certification

Communications Networking test:

Given the IP number 207.174.21.156, with a subnet mask of 255.255.255.192, find:

a) The number of hosts in the subnetb) The network addressc) The broadcast address

What is an IP Number?

• An IP Number identifies a host (computer or phone) on a subnet, just like an extension identifies a phone on a cabinet

• IP configuration has 3 parts:IP Number – 192.168.1.1Subnet Mask – 255.255.255.0Gateway – 192.168.1.254

• What? Why 3 parts?

Phone Talk

• Telephones talk to each other on dedicated wires

• Ports are connected dedicated physical ports

• How do computers find each other to talk?

Computer Talk

• Computers talk to other computers in two ways.

Broadcast (L2)

Routing (L3)

Inside Subnet - Broadcast

• Recipient is determined to be inside

• Message is sent to all computers

• The intended recipient listens

• Other computers ignore the message

Outside Subnet - Routed

• Recipient determined to be outside

• Message broadcast to local Gateway (router)

• Gateway forwards message to destination subnet

• Message is broadcast to final destination

IP Configuration – 3 Parts

• IP Configuration includes the host identifier (computer, phone, router, etc)

• IP Configuration includes a ‘subnet mask’ to show which destinations are inside and which are outside their subnet (broadcast vs routing)

• IP Configuration includes a gateway to reach all destinations outside the subnet

192.168.1.1

255.255.255.0

192.168.1.254

Dwight’s College Diploma

The blank space above is an accurate depiction of what was inside Dwight’s diploma case at graduation time.

Bits and Bytes

• Computers store things in binary, either a zero or a one.

• A single zero or one is a bit. 8 zeros or ones are a byte.

IP Numbers

• An IP number is made up of 32 bits, divided into four groups of 8 (four bytes).

11000000 10101000 00000001 00000001

IP Numbers for Humans

• Since humans don’t usually speak binary, we use the decimal system

• Each byte (or octect) is written as a decimal number ranging from 0 to 255

• The decimal numbers are separated by periods, or dots

192. 168. 1. 1

11000000101010000000000100000001

Binary Math – Really Easy

• Binary math is based on powers of 2, as opposed to powers of 10 for decimal math.

• Decimal math has a 1s place, 10s place, 100s place, etc…

• Binary math has a 1s place, 2s place, 4s place, 8s place, etc…

128 64 32 16 8 4 2 1 bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8

Most significant bit Least significant bit

Binary Math to Decimal

• When a bit is 0 its value is zero• When a bit is 1, its value is its place value • The total is the decimal value (the one we use)

• 11000000 = 128 + 64 = 192• 10101000 = 128 + 32 + 8 = 168• 11111111 = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

128 64 32 16 8 4 2 1 bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8

Most significant bit Least significant bit

Binary-Decimal Translation

128 64 32 16 8 4 2 1 bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8

Most significant bit Least significant bit

192. 168. 1. 1

11000000101010000000000100000001

11000000 = 128 + 64 = 19210101000 = 128 + 32 + 8 = 16800000001 = 100000001 = 1

Birthday Bytes

Dwight is 00101100 years old

Broadcast vs Routing

• All computers reside in a subnet – ie, a portion of the larger network

• Computers choose broadcast or routing by deciding whether their destination is inside their subnet or outside of their subnet

• The subnet mask defines which is which, but how?

What does ‘Mask’ Mean?

mask [mæsk], Noun

- a covering to disguise or conceal the face

- cover with a sauce; "mask the rotting meat with catsup“

- Block out, divide into parts

Subnet Masks Divide

• An IP Address is divided into two components

• The Network bits, or ‘outside part’• The Host bits, or ‘inside part’

• This is kind of like area codes / DID blocks

Host BitsNetwork bits

32-bit IP Address

Subnet Mask Secrets

• The subnet mask overlays the IP number

• Ones are network bits, zeros are host bits

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001

11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000

IP Number

Subnet Mask

The Decimal Numbers

• The subnet mask overlays the IP number

• Ones are network bits, zeros are host bits (this is a 24 bit subnet)

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001

11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000

IP Number

Subnet Mask

192 . 168 . 1 . 1

255 . 255 . 255 . 0

192 . 168 . 1 . 1

Bigger Subnets

• The subnet mask overlays the IP number

• Ones are network bits, zeros are host bits (this is a 16 bit subnet)

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001

11111111 11111111 00000000 0000000011111111 11111111 00000000 00000000

IP Number

Subnet Mask

192 . 168 . 1 . 1

255 . 255 . 0 . 0

192 . 168 . 1 . 1

Who is In My Subnet?

• The network bits of an IP number are the same for all hosts within a subnet.

• The host bits change for each host

Sesame Street for Networks

If the network bits are the same, the hosts are in the same subnet

If the network bits are different, the hosts are in the different subnets

Hosts in a 24 bit Subnet

• The network bits stay the same

• The host bits change for each host

11000000 10101000 00000001 00000000

11111111 11111111 11111111 00000000

First Host IP

Subnet Mask

192 . 168 . 1 . 0

255 . 255 . 255 . 0

11000000 10101000 00000001 11111111Last Host IP192 . 168 . 1 . 255

Questions

• Note to self – stop here to see if you have totally confused people, because the really hard part is coming next

Subnet Size

• Subnet masks that match to octets are easy to work with

• 255.255.255.0 Class C• 255.255.0.0 Class B• 255.0.0.0 Class A

• Subnet masks that match to octets are not very efficient (256 hosts jumps to 65534!)

Variable Length Subnet Masks

• What about making things more efficient by allowing subnets to be defined at any point in the 32 bit IP number?

• Aka ClasslessInter DomainRouting or C I D R!

Valid Subnet Masks

• Subnet masks use zeros and ones to divide the IP number into network bits and host bits.

11111111 11111111 11111111 00000000

11111111 11111111 00000000 00000000

11111111 11111111 11110001 00011000

OK!

OK!

NO!

Dividing at Octects is Easy

• The subnet mask overlays the IP number

• Each decimal number is either part of the network, or part of the host

11000000 10101000 00000001 1100000111000000 10101000 00000001 11000001

11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000

IP Number

Subnet Mask

192 . 168 . 1 . 193

255 . 255 . 255 . 0

192 . 168 . 1 . 193

VLSM can divide Anywhere!

• The subnet mask overlays the IP number

• A decimal number can be a combination of network and host bits!

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001

11111111 11111111 11111111 1000000011111111 11111111 11111111 10000000

IP Number

Subnet Mask

192 . 168 . 1 . 1

255 . 255 . 255 . 128

192 . 168 . 1 . 1192 . 168 . 1 . 1

0 + 1

VLSM can divide Anywhere!

• The subnet mask overlays the IP number

• A decimal number can be a combination of network and host bits!

11000000 10101000 00000001 1100000111000000 10101000 00000001 11000001

11111111 11111111 11111111 1000000011111111 11111111 11111111 10000000

IP Number

Subnet Mask

192 . 168 . 1 . 193

255 . 255 . 255 . 128

192 . 168 . 1 . 193192 . 168 . 1 . 193

128 + (64 +1)

VLSM Subnets

• The network bits remain the same for all hosts in the subnet

• Subnets are not required to start at the decimal number zero

• A single decimal range (0-255) can be split into multiple subnets

VLSM – 25 bit Subnet

• The last decimal number is split into two subnets

• This is because the 25th bit can be a zero or a one

11000000 10101000 00000001 0 -------

11111111 11111111 11111111 1 0000000

Subnet A

Subnet Mask

192 . 168 . 1 . 0-127

255 . 255 . 255 . 128

11000000 10101000 00000001 1 ------- Subnet B192 . 168 . 1 . 128-255

VLSM – 26 bit Subnet• The last decimal number is split into four

subnets

• This is because the 25th and 26th bit can form four combinations of zeros and ones

11000000 10101000 00000001 00 ------

11111111 11111111 11111111 11 000000

Subnet A

Subnet Mask

192 . 168 . 1 . 0-63

255 . 255 . 255 . 192

11000000 10101000 00000001 01 ------Subnet B192 . 168 . 1 . 64-127

11000000 10101000 00000001 10 ------Subnet C192 . 168 . 1 . 128-191

11000000 10101000 00000001 11 ------Subnet D192 . 168 . 1 . 192-255

Subnet - Reserved Hosts

• The lowest number in a subnet (host bits all zeros) is called the network address

• The highest number in a subnet (host bits all ones) is called the broadcast address

• The available host addresses are all the remaining combinations of the host bits.

The Subnet Spreadsheet

• If you have an IP number and Subnet Mask, the Subnet Spreadsheet shows you how big the subnet is, and what the first and last hosts in the subnet are.

192.168.1.189

255.255.255.248

VLSM / CIDR Notation

• Network administrators sometimes save time by including the subnet mask as a slash (/) and then the number of network bits

192.168.1.1 / 26

Questions

• Note to self, stop here to let the smoke from the blown up brains disperse a little.

• Go back and review

• Collect the Test

Why Does this Matter?

• Limited number of IP Addresses

• Splitting of Traffic

• Segregating Departments

• Troubleshooting of IP Phones

Binary Math Joke

There are only 10 kinds of people in this world – those who understand binary math and those who don’t

Break – Run While You Can!

• VLANs to follow after a short break to stretch our legs

What’s the Point? Why Bother?

“IEEE 802.1Q tagging (VLAN) is a useful method of managing VoIP traffic in your LAN.

Avaya recommends that you establish a voice VLAN, set L2QVLAN to that VLAN and provide voice traffic with priority over other traffic.”

IP Phones LAN Admin Guide

VLANS – Session Overview

• Provide a basic understanding of VLANS

• Discuss IP phone VLAN implementation

• We might accidentally learn some other useful information if we are not careful

49

What is a Virtual LAN?

• A virtual LAN, commonly known as a VLAN, is a method of creating independent logical networks within a physical network.

• Virtual LANs operate at Layer 2 (the data link layer) of the OSI model.

Wikipedia

50

Background – The 7 layer burrito

OSI Model

Squishy, not specific

VLANs are in Layer 2

What Lives at Layer 2?

• Software – Ethernet Protocol

• End Points• Ethernet Hubs• Ethernet Switches

L2 Hardware – Endpoints

• Phones and PCs are multi layer devices

• We will talk about them at layer 2 today

L2 Hardware – Network Hub

• Network Hubs –

• broadcast traffic• not very efficient

L2 Hardware – Network Switch

• Network Switches –

• Starts like a hub• Gradually directs

traffic to specific ports instead of broadcast

• How do they do that?

Detour - L2 MAC Addresses

• Like a VIN Number on a car

• Unique to each and every network device

00-07-E9-55-64-4D

• MAC addresses are used to identify the sender and recipient of an ethernet packet

Network Switch

• Stores MAC addresses and associated port numbers in a table

• Makes network more efficient!

Evolution - Managed Switches

Have a user console that can show -• If a port is connected or not• Port speed (10MB, 100MB, 1000MB)• MAC address table• Calls out with alarms

• Best solution for Administrators• Cost more $$$$$!

Segregation – Good for Networks!

• Sometimes we need to have departments separated – • HR, confidentiality• Marketing, high bandwidth usage• Operations

• Each department needs its own LAN

Segregation – The Old Way

• Multiple Managed Network Switches

• Costly • Complex

Segregation – The New Idea

• Multiple MAC Address Tables

• One switch, divided into 'Virtual LANs‘

• Great idea, how would it work?

Detour - RFCs (secret recipes)

• Request for Comments

• Internet Engineering Task Force (IETF)

• Institute of Electrical and Electronics Engineers (IEEE)

Some Common RFCs

802.1a,b,g,etc Wireless Ethernet (WiFi)

854 Telnet

802.1x Network Access Control

1719 Private Class IP numbers

821 SMTP (Simple Mail Transport Protocol)

1939 POP3 (Post Office Protocol 3)

802.3AF Power Over Ethernet

2131 DHCP (Dynamic Host Configuration)

RFC 802.1q - VLANs

• Defines how to segregate a single L2 network switch into multiple “virtual' LANs or networks with multiple MAC tables

• One managed network $witch can now serve multiple departments without losing security or performance

Layer 2 Switch with VLANs

• Logical evolution from switching table

• Port based VLAN identification – every port belongs to a VLAN

• Separate broadcast domains

VLAN 1 – OperationsVLAN 2 – Human ResourcesVLAN 3 – Marketing

VLANs Across Switches

VLAN Tags – Don't Lose my Bag

• DEN• CHI• NYC• ELM• SAT

VLAN Tags – Ethernet Packets

• Ethernet packet fields• Header• Payload • End

• VLAN tagging information is added to the header, making it slightly longer

VLAN Trunking Across Switches

The ports which join the switches are defined as belonging to native VLAN and a secondary VLAN. The

secondary VLAN sends ‘tagged’ packets so they can be segregated

Read you loud and clear…

• VLAN compliant devices can accept tagged or untagged packets

• Packets without tags stay in the native VLAN (port based VLAN)

• Packets with tags go into the VLAN defined by the tag (if that VLAN is allowed on that port)

Eh? What was that?

• Non VLAN compliant devices discard tagged packets –

they have an invalid header length!

What Devices Read Tags?

• VLAN compliant switches

• VLAN compliant IP phones

• Microsoft Windows ?

X

Review - Who Sends Tags?

Devices are all in Port Based VLANs – no tagsTrunk between switches must send and receive tags

802.1q VLAN Port Parameters

• Native VLAN (port based VLAN)

• Secondary VLANs

• Tagging

IP Phone Deployment

• Avaya suggests that phones should always be in their own VLAN

• Increases security • Cuts down on broadcast traffic• Increases voice quality• Makes troubleshooting easier

VLAN Deployment Options

2 VLANs, 2 Ports

2 VLANs, 1 Port!

IP Phones have a Network Switch!

2 VLANs, 1 Port!

The phone contains aVLAN compliant

3 port network switch!!

Detour – Phones & DHCP & VLANs

• DHCP is an ethernet broadcast request used by devices to get an IP number

• Broadcast packets do not cross VLANs

• Each VLAN needs its own DHCP Server

Detour – Phones & DHCP & VLANs #1

• On bootup, the phone sends a DHCP request in the native VLAN (port VLAN)

• The phone is notified if there is a specific voice VLAN

• The phone sends a new DHCP request with the correct VLAN tag

Detour – Phones & DHCP & VLANs #2

• On bootup, the phone and network switch exchange information via LLDP (Link Layer Discovery Protocol)

• The phone is notified if there is a specific voice VLAN

• The phone sends a new DHCP request with the correct VLAN tag

Review – Who Sends Tags?

The green VLAN is the native VLAN for both network switch ports

The blue VLAN is a secondary VLAN for both network switch ports

Do You Understand VLANs?

• You don't really understand something unless you can explain it to your grandmother...

82

Albert Einstein

See you next year in Las Vegas May 22-26 for

the 2011 International Conference