CN-04 Routing, IP Networking & Security

Table of Contents

    CN-04 Routing, IP Networking & Security

    IP Addressing

    • Imagine every device on the internet as a house. For you to send a letter to a friend living in one of these houses, you need their home address.
    • In the digital world, this home address is what we call an IP Address.
    • It's a unique string of numbers separated by periods (IPv4) or colons (IPv6) that identifies each device connected to the internet or a local network
    • Types of IP Address:
      • Based on Addressing Scheme (IPv4 vs. IPv6)
      • Based on Usage (Public vs. Private)
      • Based on Assignment Method (Static vs. Dynamic)

    Based on Addressing Scheme (IPv4 vs. IPv6)

    • IPv4: This is the most common form of IP Address. It consists of four sets of numbers separated by dots. For example, 192.158.1.38. Each set of numbers can range from 0 to 255. This format can support over 4 billion unique addresses
    • IPv6: IPv6 addresses were created to deal with the shortage of IPv4 addresses. They use 128 bits instead of 32, offering a vastly greater number of possible addresses. These addresses are expressed as eight groups of four hexadecimal digits, each group representing 16 bits. The groups are separated by colons.

    Based on Usage (Public vs. Private)

    • Public IP Addresses:
      • A Public IP address is assigned to every device that directly accesses the internet. This address is unique across the entire internet.
      • Here are the key characteristics and uses of public IP addresses:
      • Uniqueness: Each public IP address is globally unique. No two devices on the internet can have the same public IP address at the same time.
      • Accessibility: Devices with a public IP address can be accessed directly from anywhere on the internet, assuming no firewall or security settings block the access
      • Assigned by ISPs: Public IP addresses are assigned by Internet Service Providers (ISPs). When you connect to the internet through an ISP, your device or router receives a public IP address.
      • Types: Public IP addresses can be static (permanently assigned to a device) or dynamic (temporarily assigned and can change over time)
    • Private IP Addresses:
      • Private IP addresses are used within private networks (such as home networks, office networks, etc.) and are not routable on the internet.
      • This means that devices with private IP addresses cannot directly communicate with devices on the internet without a translating mechanism like a router performing Network Address Translation (NAT).
      • Key features include:
      • Not globally unique: Private IP addresses are only required to be unique within their own network. Different private networks can use the same range of IP addresses without conflict.
      • Local communication: These addresses are used for communication between devices within the same network. They cannot be used to communicate directly with devices on the internet.
      • Defined ranges: The Internet Assigned Numbers Authority (IANA) has reserved specific IP address ranges for private use:
      • IPv4: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.255
      • IPv6: Addresses starting with FD or FC

    Based on Assignment Method (Static vs. Dynamic)

    • Static IP Addresses: These are permanently assigned to a device, typically important for servers or devices that need a constant address. Reliable for network services that require regular access such as websites, remote management.
    • Dynamic IP Addresses: Temporarily assigned from a pool of available addresses by the Dynamic Host Configuration Protocol (DHCP). Cost-effective and efficient for providers, perfect for consumer devices that do not require permanent addresses.

    Subnetting

    • Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network.
    • If you do not subnet, you are only able to use one network from your Class A, B, or C network, which is unrealistic.
    • Each data link on a network must have a unique network ID, with every node on that link being a member of the same network.
    • If you break a major network (Class A, B, or C) into smaller subnetworks, it allows you to create a network of interconnecting subnetworks.
    • Each data link on this network would then have a unique network/subnetwork ID.
    • Any device, or gateway, connecting n networks/subnetworks has n distinct IP addresses, one for each network / subnetwork that it interconnects.
    • In order to subnet a network, extend the natural mask using some of the bits from the host ID portion of the address to create a subnetwork ID.
    • For example, given a Class C network of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:
    • For example
      • 204.17.5.0 - 11001100.00010001.00000101.00000000
      • 255.255.255.224 - 11111111.11111111.11111111.11100000
      • Class-A address, there are (255)3 available hosts that can connect to each network. There are many cases in practical where such a large number of hosts are not connected to the network. In such a situation the remaining addresses are wasted and not utilized. Again for each new network of the same intuition new Class– A address is needed. If used so, the address will be exhausted easily, moreover getting a new address every time will be expensive. In order to remove this problem a new concept of subnetting was introduced where each network can be divided into small parts and utilized as a different network.
    • Two subnets were created for different departments:
      • 10.0.0.0/24 for Accounting
      • 10.1.0.0/24 for Marketing.
      • Devices in each subnet are now in a different broadcast domain.
      • This will reduce the amount of traffic flowing on the network
    • Subnetting is the practice of dividing a network into two or more smaller networks. It increases routing efficiency, enhances the security of the network and reduces the size of the broadcast domain.
    • CIDR (Classless inter-domain routing) is a method of public IP address assignment
    • The new system was classless – a classful network was split into multiple smaller networks.
    • For example:
      • If a company needs 12 public IP addresses, it would get something like this: 190.5.4.16/28.
      • The company got 14 usable IP addresses from the 190.5.4.16 – 190.5.4.31 range
      • There are 4 host bits and 2 to the power of 4 minus 2 is 14 The first and the last address are the network address and the broadcast address, respectively.
      • All other addresses inside the range could be assigned to Internet hosts. (190.5.4.17/28 – 190.5.4.30/28)

    IP Routing Algorithm

    • Routing algorithms are procedures that determine the most efficient paths for data packets to travel from a source to a destination across a network, often considering factors like cost, congestion, and hop count.
    • They are broadly categorized as static (manual routing tables) or dynamic (automated, based on network conditions), with dynamic algorithms further divided into distance vector (decentralized) and link state (global information) approaches.

    Categories of Routing Algorithms

    • Non-Adaptive (Static) Routing: In this method, a router's routing table is configured manually by a network administrator. The path remains fixed and doesn't change based on network conditions.
    • Adaptive (Dynamic) Routing: These algorithms are designed to adapt to changes in network conditions, such as congestion or link failures, by automatically updating routing tables.
    • Distance Vector Algorithms (Decentralized): Each router only knows about its directly connected neighbors and exchanges routing information with them. This information is used to calculate the best path, often described by a "distance" or cost to reach various destinations.
    • Link-State Algorithms (Global): Routers with this algorithm have complete information about the network topology and traffic status, allowing them to perform a global calculation of the best path.

    Comparison: Distance Vector & Link State Routing

    Distance Vector RoutingLink State Routing
    Bandwidth required is less due to local sharing, small packets and no floodingBandwidth required is more due to flooding and sending of large link state packets
    Based on local knowledge, since it updates table based on information from neighboursBased on global knowledge, it have knowledge about entire network
    Traffic is lessTraffic is more
    Converges slowly i.e, good news spread fast and bad news spread slowlyConverges faster
    Count of infinity problemNo count of infinity problem
    Persistent loopingproblem i.e, loop will be there foreverNo persistent loops, only transient loops
    Practical implementation is RIPand IGRPPractical implementation is OSPFand ISIS

    IPv4 vs IPv6

    • IPv4 and IPv6 are two versions of the system that gives devices a unique address on the internet, known as the Internet Protocol (IP).
    • IP is like a set of rules that helps devices send and receive data online.
    • Since the internet is made up of billions of connected devices, each one needs its own special number an IP address to be found.
    • IPv4 is the older version and uses a 32-bit address, which allows for about 4 billion unique addresses.
    • It was used to be enough, but with the growth of the internet and smart devices (IoT), we’re running out of IPv4 addresses that’s why IPv6 was created.
    • It uses a 128-bit address, which means it can provide trillions upon trillions of unique addresses, solving the shortage problem and preparing the internet for the future.

    IPv4

    • IPv4, or Internet Protocol version 4, is the original addressing system of the Internet, introduced in 1983.
    • It uses a 32-bit address scheme, which theoretically allows for over 4 billion unique addresses (232).
    • IPv4 addresses are typically displayed in decimal format, divided into four octets separated by dots.
    • For example, 192.168.1.1 is a common IPv4 address you might find in a home network
    • IPv4 Address Format is a 32-bit Address that comprises binary digits separated by a dot (.)

    Characteristics

    • 32-bit address length: Allows for approximately 4.3 billion unique addresses.
    • Dot-decimal notation: IP addresses are written in a format of four decimal numbers separated by dots, such as 192.168.1.1.
    • Packet structure: Includes a header and payload; the header contains information essential for routing and delivery.
    • Check-sum fields: Uses checksums in the header for error-checking the header integrity.
    • Fragmentation: Allows packets to be fragmented at routers along the route if the packet size exceeds the maximum transmission unit (MTU).
    • Address Resolution Protocol (ARP): Used for mapping IP network addresses to the hardware addresses used by a data link protocol.
    • Manual and DHCP configuration: Supports both manual configuration of IP addresses and dynamic configuration through DHCP (Dynamic Host Configuration Protocol).
    • Limited address space: The main limitation which has led to the development of IPv6 to cater to more devices.
    • Network Address Translation (NAT): Used to allow multiple devices on a private network to share a single public IP address.
    • Security: Lacks inherent security features, requiring additional protocols such as IPSec for secure communications.

    Drawbacks

    • Limited Address Space: IPv4 has a limited number of addresses, which is not enough for the growing number of devices connecting to the internet.
    • Complex Configuration: IPv4 often requires manual configuration or DHCP to assign addresses, which can be time-consuming and prone to errors.
    • Less Efficient Routing: The IPv4 header is more complex, which can slow down data processing and routing.
    • Security Issues: IPv4 does not have built-in security features, making it more vulnerable to attacks unless extra security measures are added.
    • Limited Support for Quality of Service (QoS): IPv4 has limited capabilities for prioritizing certain types of data, which can affect the performance of real-time applications like video streaming and VoIP.
    • Fragmentation: IPv4 allows routers to fragment packets, which can lead to inefficiencies and increased chances of data being lost or corrupted.
    • Broadcasting Overhead: IPv4 uses broadcasting to communicate with multiple devices on a network, which can create unnecessary network traffic and reduce performance

    IPv6

    • It is a widely used version of the Internet Protocol today is IPv6.
    • It is becoming more common, especially in areas like mobile networks, where the demand for IP addresses keeps growing.
    • IPv6 was developed by the Internet Engineering Task Force (IETF) in December 1998 to replace IPv4, which couldn’t handle the rapidly increasing number of internet users and connected devices.
    • It’s the newer and more advanced version of IP, offering improvements in address space, efficiency, and security.
    • IPv6 addresses are written in eight groups of hexadecimal numbers, separated by colons.

    Characteristics

    • 128-bit Addressing: Uses a 128-bit address format, allowing for an almost unlimited number of unique IP addresses.
    • Hexadecimal Notation: IP addresses are written in eight groups of four hexadecimal digits, separated by colons (e.g., 2001:0db8:85a3::8a2e:0370:7334).
    • Connectionless and Connection-Oriented Support: Supports both connectionless (like UDP) and connection-oriented (like TCP) communications.
    • No Broadcast: Does not use broadcasting; instead, uses multicast and anycast for efficient data delivery.
    • Simplified Header Format: Has a simpler and more efficient packet header compared to IPv4, improving processing speed.
    • Integrated Security (IPSec): Includes built-in support for IPSec to provide confidentiality, authentication, and data integrity.
    • Auto-Configuration: Supports stateless and stateful address configuration, including automatic address assignment.
    • No Need for NAT: Eliminates the need for Network Address Translation due to its vast address space.
    • Improved Routing Efficiency: Reduces routing table size and simplifies network structure for faster data delivery.
    • Support for New Services: Designed to work better with modern internet services like mobile IP, VoIP, and IoT devices.

    Benefits of IPv6 over IPv4

    • Larger Address Space: IPv6 has a greater address space than IPv4, which is required for expanding the IP Connected Devices. IPv6 has 128 bit IP Address rather and IPv4 has a 32-bit Address.
    • Improved Security: IPv6 has some improved security which is built in with it. IPv6 offers security like Data Authentication, Data Encryption, etc. Here, an Internet Connection is more Secure.
    • Simplified Header Format: As compared to IPv4, IPv6 has a simpler and more effective header Structure, which is more cost-effective and also increases the speed of Internet Connection.
    • Prioritize: IPv6 contains stronger and more reliable support for QoS features, which helps in increasing traffic over websites and increases audio and video quality on pages.
    • Improved Support for Mobile Devices: IPv6 has increased and better support for Mobile Devices. It helps in making quick connections over other Mobile Devices and in a safer way than IPv4.

    Switching from IPv6 over IPv4

    • Dual Stacking: Devices can use both IPv4 and IPv6 at the same time. This way, they can talk to networks and devices using either version.
    • Tunneling: This method allows IPv6 users to send data through an IPv4 network to reach other IPv6 users. Think of it as creating a "tunnel" for IPv6 traffic through the older IPv4 system.
    • Network Address Translation (NAT): NAT helps devices using different versions of IP addresses (IPv4 and IPv6) to communicate with each other by translating the addresses so they understand each other.

    Difference: IPv4 & IPv6

    FeatureIPv4IPv6
    Address Length32-bit address128-bit address
    Address FormatDecimal format (e.g., 192.168.0.1)Hexadecimal format (e.g., 2001:0db8::1)
    ConfigurationManual and DHCP configurationAuto-configuration and renumbering supported
    Connection IntegrityEnd-to-end integrity is unachievableEnd-to-end integrity is achievable
    SecurityNo built-in security; external tools like IPSec neededIPSec is built-in for encryption and authentication
    FragmentationPerformed by sender and routersPerformed only by the sender
    Flow IdentificationNot availableUses Flow Label field in header for packet flow identification
    Checksum FieldPresentNot present
    Transmission SchemeSupports broadcastUses multicast and anycast; no broadcast
    Header SizeVariable: 20–60 bytesFixed: 40 bytes
    ConversionCan be converted to IPv6Not all IPv6 addresses can be converted to IPv4
    Field Structure4 fields separated by dots (.)8 fields separated by colons (:)
    Address ClassesHas address classes (A, B, C, D, E)No concept of address classes
    VLSM SupportSupports Variable Length Subnet Mask (VLSM)Does not support VLSM
    Example66.94.29.132001:0000:3238:DFE1:0063:0000:0000:FEFB

    Made By SOU Student for SOU Students