Assigning IP VLSM Subnets for WAN Connections
One common approach is to allocate a subnet that has not been assigned to hosts and to variably subnet it for use with connectivity between, rather than within, areas.
In reference to the case study described earlier, it would be sensible to take a subnet from the bits allocated to the buildings. Because there are enough bits allocated to address eight buildings, you have twice as many subnets as required. Even with the possibility of growth, one subnet would not be missed. Because the building bits come after the bits assigned to the campus, you must make a choice as to which campus will be selected for the honor of contributing a subnet of WAN addressing. This is an arbitrary decision that you need to document. If necessary, a building subnet can be commandeered from each campus.
If possible, the subnet you use should have nothing to do with any of the existing subnets. There is a consistency in numbering that identifies the WAN links, so in a troubleshooting environment, you can immediately see that a WAN link is causing the trouble and will not confuse the subnet (VLSM) with an existing segment.
In this example, if you use the bit pattern 000 as the network address for the building section, as well as for the campus and the region, the third octet would result in a 0. The network address for all interconnectivity would be 140.100.0. . . The last octet would be available for further subnetting with VLSM.
The subnet chosen for the WAN connections will be subnetted further using 30 bits of subnetting. This allows for only two hosts and is therefore a very efficient mask for point-to-point links.
Remember that the old rule for not using all 0s or all 1s is based on the entire subnet, not on the octet boundary. However, it is also important to remember that there is no longer a problem with subnet zero, which current Cisco IOS allows by default. Figure 2-8 shows assigning IP VLSM subnets for WAN connections.
Figure 2-8 Assigning IP VLSM Subnets for WAN Connections
The following is an example of how the addressing might be broken down.
Between the buildings in California:
■ A 27-bit mask allows for 30 end-system addresses. This assumes that the buildings are connected via FDDI or Fast Ethernet.
■ The range of hosts is 220.127.116.11 to 18.104.22.168.
■ The broadcast address is 22.214.171.124.
Between the buildings and the campuses in California:
The prefix mask of /30 provides two host addresses, which allows for point-to-point addresses using Frame Relay.
Between the campuses and the regions:
The prefix mask of /30 provides two host addresses, which allows for point-to-point addresses that might also be using Frame Relay.
Between the regions:
The prefix mask of /30 provides two host addresses, which allows for point-to-point addresses that might also be using Frame Relay or dedicated serial leased lines.
NOTE : In the instance of a subnet being used to address WAN connections, it might not be possible to summarize these networks. To summarize subnets, the subnets contained in the summary address must be contiguous; otherwise, the router is confused as to where to send the data. In a WAN environment, the connections might not be within a confined area, but scattered throughout the network.
The rules and conditions for creating a valid and appropriate IP addressing scheme for the network are complicated. Among other things, the addressing scheme must allow for growth, to scale over time. What works today might not be flexible for next year’s business requirements. You cannot build a network that will accommodate every change and addition to its environment. With careful design, however, it might be possible to anticipate some of these changes and to ensure a network with enough flexibility to survive the changes.
Having assigned IP addressing based on a hierarchical design, you can now consider the full weight of the advantages of VLSM in implementing summarization. The primary advantage is the reduction in network traffic and the size of the routing table.
Summarization allows the representation of a series of networks in a single summary address.
The reasons that the Internet implemented CIDR are equally pertinent in a single organization. VLSM and CIDR use the same principles, with VLSM being just an extension of CIDR at the organizational level.
At the top of the hierarchical design, the subnets in the routing table are more generalized. The subnet masks are shorter because they have aggregated the subnets lower in the network hierarchy. These summarized networks are often referred to as supernets, particularly when seen in the Internet aggregation of class addresses. They are also known as aggregated routes. Figure 2-9 shows the physical network design for the case study discussed earlier. Figure 2-10 shows the allocation of addresses using VLSM to support summarization for this network design.
Figure 2-9 The Application of Summarized Routes on a Hierarchically Designed Network
Figure 2-10 The Binary Calculation of the Hierarchical Addressing for the Organization
The Advantages of Summarization
The capability to summarize multiple subnets within a few subnets has the following advantages, as discussed in the next few sections:
■ Reduces the size of the routing table
■ Simplifies recalculation of the network
■ Hides network changes
■ Allows networks to grow
Reducing the Size of the Routing Table
Reducing the Size of the Routing Table In reducing the size of the routing table, the updates are smaller, demanding less bandwidth from the network. A smaller routing table also requires less memory in the router or CPU in the routing process itself because the lookup is quicker and more efficient.
The recalculation of the network is also simplified by maintaining small routing tables.
Hiding Network Changes
If the routing table contains a summary of the networks beneath it, any changes in the network at these levels are not seen. This is both a good thing and a bad thing. If the network in the earlier case study—126.96.36.199/27, the subnet on the fourth floor of the second building in San Jose, California—were to go down, the router at the core would be oblivious to the LAN problem. This is beneficial because there are no additional updates or recalculation.
The disadvantage is that any traffic destined for that subnet is sent on the assumption that it exists. To be more accurate, the core router sees the inbound IP packet destined for 188.8.131.52 and, instead of applying the /27 mask, uses the mask that it has configured. It employs the /19 mask that sees the subnet 184.108.40.206/19, although in reality the destination subnet is 220.127.116.11/27. If the subnet 18.104.22.168 is no longer available, all traffic is still forwarded until it reaches a router
that sees the network 22.214.171.124 as directly connected or to the first router that sees the network 126.96.36.199 as unavailable. This would be a router using the /27 bit mask. An ICMP message that the network is unreachable is generated to the transmitting host. The host might stop transmitting after hearing that the network is down.
Although unnecessary traffic will traverse the network for a while, it is a minor inconvenience compared to the routing update demands on the network and the CPU utilization on the routers in large networks.
Other Solutions to Address Exhaustion
The efficient use of IP addressing, through prefix routing, CIDR, and VLSM, helps to alleviate address exhaustion experienced by the Internet; however, there are a few other methods that can be used. These are discussed in this section.
The use of the Cisco feature IP unnumbered is useful on the point-to-point serial lines because it saves the use of a subnet. IP unnumbered is a utility that allows point-to-point serial lines to have no IP address assigned. This is possible because the serial line is literally a pipe with two directly connected hosts. Each end of the serial line borrows an IP address from another interface on the Cisco router if an address is required: for example, when generating an IP packet and needing a source address for the packet header.
Cisco’s use of secondary addressing is useful because it provides two subnets to a physical interface and, therefore, more available host bits. This does not save address space, but it is a solution for routing protocols that do not support VLSM. Some compatibility issues exist with some IP routing protocols; for example, not all routing protocols will see the second subnet.
Summarization allows networks to grow because the network overhead can scale.
In the newer routing protocols, summarization must be manually configured; this manual configuration adds subtlety and strength. Each routing protocol deals with summarization in a slightly different way. How summarization works or is configured depends on the routing protocol used. This is discussed in Chapter 5, “IP Link-State Routing Principles.”
NOTE: Although Border Gateway Protocol (BGP) and Enhanced IGRP (EIGRP) perform automatic summarization, the summarization is done at the classful network boundary, using the first octet rule. This is the same as with older routing protocols, such as RIP.
All routing protocols employ some level of summarization. The older protocols, such as RIP and IGRP, automatically summarize at the Internet address or natural class boundary. They have no choice because the subnet mask is not sent in the routing updates. When a routing update is received, the router looks to see whether it has an interface in the same classful network. If it has one, it applies the mask configured on the interface to the incoming routing update. With no interface configured in the same Internet address, there is insufficient information and the routing protocol uses the natural mask for the routing update. Automatic summarization uses the first octet rule.
EIGRP, IS-IS, RIPv2, and OSPF are more sophisticated. They send the subnet mask along with the routing update. This feature allows the use of VLSM and manual summarization. When the routing update is received, it assigns the mask to the particular subnet. When the routing process performs a lookup, it searches the entire database and acts on the longest match. Searching the routing table for the longest match is an important feature because it allows the following:
■ The granularity of the hierarchical design
■ Manual summarization
■ Discontiguous networks
A discontiguous network refers to a network in which a different classful network separates two instances of the same classful network. This can happen through either intentional design or a break in the network topology. If the network is not using a routing protocol that supports VLSM, this creates a problem, because the router does not know where to send the traffic. Without a subnet mask, it resolves the address down to the classful network, which appears as if there is a duplicate address. The same classful network appears twice, but in different locations. In most cases, the router will load balance between the two paths leading to the two instances of the one classful
network address, the two discontiguous subnets. As with any multiple entry in a routing table, the router will load balance over the multiple paths if they are equal, resulting in only a portion of the traffic taking the correct path. The symptoms that the network will see are those of intermittent connectivity.
Figure 2-11 shows an instance of a discontiguous network.
Considerations for Summarization with Discontiguous Networks
Discontiguous networks are not a problem with VLSM, because the routing table does a lookup based on the longest match; therefore, the routing process will choose the network with the longest mask and no duplicate path is seen. However, if VLSM is used on networks that employ automatic summarization, problems of discontiguous networks could arise. Despite the fact that VLSM can distinguish between network 188.8.131.52/20 and 184.108.40.206/24, automatic summarization would reduce these separate networks to 220.127.116.11. If these networks are separated by another classful network, it would cause discontiguous network problems.
Manual summarization allows the administrator to create summarization with greater granularity and thus avoid such problems. Also, if a hierarchical design has been implemented, it is possible that discontiguous networks will not arise when summarization is used, as 18.104.22.168 would be a smaller branch off the main branch of 22.214.171.124.
Figure 2-11 Discontiguous Networks
If there are discontiguous networks in the organization, it is important that summarization is turned off or not configured. Summarization might not provide enough information to the routing table on the other side of the intervening classful network to be capable of appropriately routing to the destination subnets. This is especially true of EIGRP, which automatically summarizes at the classful network boundary, which would be disastrous in this situation.
In OSPF and EIGRP, manual configuration is required for any sophistication in the network design. It is not always possible to achieve summarization because it depends entirely on the addressing scheme that has been deployed. However, because EIGRP can perform summarization at the interface level, it is possible to select interfaces that do not feed discontiguous networks for summarization. This capability to summarize selectively is very powerful.
The key to whether summarization is configurable is determined by whether there are common high- order bits in the addresses.
As demonstrated in the case study “Addressing the Network” earlier in this chapter, the design has created common high-order bits to facilitate summarization. The addressing scheme for the case study, shown in Figure 2-7, shows that every campus within a region will share the same high-order bits (those to the left). In California, every campus, building, floor, and host will share the bits 001, whereas within the California campus of San Jose, every building shares the high-order bits of 00110. Therefore, it is very simple to configure summarization.
This is not necessarily the case if the addressing structure is already in place. Some analysis of the addressing scheme is required to decide whether summarization can be configured.
If summarization is deemed impossible, you have the following two options:
■ Don’t summarize, but understand the scaling limitations that have now been set on the network.
■ Readdress the network. This task is not to be underestimated, although the advantages may well make it worthwhile.