Chapter 8 - Subnets and VLANs Flashcards
NETWORK SEGMENTATION
When a network is segmented into multiple smaller networks, traffic on one network is separated from another network’s traffic and each network is its own broadcast domain.
A network administrator might separate a network’s traffic into smaller portions to accomplish the following:
→ enhance security - Transmissions in broadcast domains are limited to each network so there’s less possibility of hackers or malware reaching remote, protected networks in the enterprise domain. At the same time, other devices such as web server, can be made more accessible to the open Internet than the rest of the network. For example, a DMZ (demilitarized zone) can provide an area of the network with less stringent security for these purposes.
→ improve performance - Segmenting limits broadcast traffic by decreasing the size of each broadcast domains. The more efficient use of bandwidth results in better overall network performance.
→ simplify troubleshooting - When troubleshooting, rather than examining the whole network for errors or bottlenecks, the network administrator can narrow down the problem area to a particular, smaller network.
THE OSI MODEL also plays a part in network segmentation
→ You can use PHYSICAL devices at LAYER 1 to create separate LANs
→ At LAYER 2, you can create VIRTUAL LANs
→ And at LAYER 3, you can use SUBNETTING to organize devices within the available IP address space, whether the LANs are defined physically or virtually.
SUBNETS
Subnetting - the technique of DIVIDE the pool of IP addresses into GROUPS, or SUBNETS, one for each LAN
→ Subnetting helps us manage IP address space more efficiently. Also, though it might not be obvious at this point, using well-chosen subnets provides the following benefits:
a) network documentation is easier to manage;
b) problems are easier to locate and resolve;
c) routers can more easily manage IP address spaces that don’t overlap;
d) routing is more efficient on larger networks when IP address spaces are mathematically related at a binary level
HOW SUBNET MASKS WORKS
A device uses a subnet mask to determine WHICH subnet or network IT BELONGS TO.
When a computer is ready to send a transmission to another host, it first compares the bits in its own network ID to the bits in the network ID of the destination host.
If the bits MATCH, the remote host is on the sending computer’s OWN network, and it sends the transmission directly to that host.
If the bits DON’T match, the destination host is on ANOTHER network, and the computer sends the transmission to the DEFAULT GATEWAY on its network.
The gateway is responsible for sending the transmission toward the correct network.
How does a computer KNOW HOW MANY BITS OF ITS IP ADDRESS IS THE NETWORK ID?
→ The SUBNET MASKS gives that information
→ The number of 1s (ones) in the subnet mask DETERMINES THE NUMBER OF BITS in the IP address that belong to the NETWORK ID.
→ To identify the bits that make up the network ID, first convert these numbers to binary, as follows:
● IP address 192.168.123.132 in binary:
11000000.10101000.01111011.10000100
● Subnet mask 255.255.255.0 in binary:
11111111.11111111.11111111.00000000
A subnet mask is always a series of 1s (ones) followed by a series of 0s (zeros).
» The 1s mark the NETWORK PORTION of an IP address and the 0s mark the HOST PORTION.
The NETWORK ID portion of the IP address in our example is 24 bits, or the first three octets: 192.168.123. The HOST PORTION is the last octet: 132.
By convention, you see 0s used to complete the four octets when referring to the network ID and the host portion of an IP address separately, like this:
● Network ID: 192.168.123.0
● Host portion: 0.0.0.132
Legacy Networking: CLASSFUL ADDRESSING IN IPv4
Recall that every IPV4 address can be associated with a network class - A, B, C, D, or E
Class | n=network ID bit / h= host address bit
A | nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
B | nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
C | nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
When using classful IP4 addressing, the LAST octet of a network ID is ALWAYS equal to 0 (and may have additional, preceding octets equal to 0).
Also, a workstation CANNOT be assigned the SAME address as the NETWORK ID, which explains why the LAST octet of a host’s IP address is almost NEVER 0.
Although classful addressing rules NO LONGER restrict addressing options on modern networks, we still use the classes as a STARTING point for IPv4 subnet calculations.
That means that if you work on a network whose hosts are configured with a subnet mask of 11111111.00000000.00000000.00000000, or 255.0.0.0, you know that the network is using Class A addresses.
Use the Logical ANDing Function to Calculate a Network ID
To calculate a host’s network ID given its IPv4 address and subnet mask, computers follow a logical process of combining bits known as ANDing.
In ANDing, a bit with a value of 1 combined, or anded, with another bit with value 1 results in a 1.
A bit with a value of 0 anded with any other bit results in a 0.
IP address bit | 1 | 1 | 0 | 0
Subnet mask bit | 1 | 0 | 1 | 0
Resulting bit | 1 | 0 | 0 | 0
IP address→ 1100000000.00100010.01011001.011111111 192.34.89.127
Subnet mask→ 11111111.11111111.11111111.00000000 255.255.255.0
Network ID→ 1100000000.00100010.01011001.00000000 192.34.89.0
ClassLESS Interdomain Routing (CIDR)
This shortHAND method for identifying network and host bits in an IP address is also known as CIDR NOTATION or SLASH NOTATION (Note that CIDR is pronounced cider).
CIDR notation takes the network ID or a host’s IP address and follows it with a forward slash (/), which is then followed by the number of bits that are used for the network ID.
For example, this private IP address could be written as 192.168.89.127/24, where 24 represents the number of 1s (ones) in the subnet mask and therefore the number of bits used for the network ID
In CIDR terminology, the forward slash, plus the number of bits used for the network ID - for example, /24, is know as CIDR BLOCK.
IPv4 Subnet Calculations
Subnetting, which alters the rules of classful IPv4 addressing, is called CLASSLESS ADDRESSING
To create a SUBNET, you BORROW BITS that would represent HOST information in CLASSFUL ADDRESSING and use those bits INSTEAD to represent NETWORK information.
By doing so, you INCREASE the number of bits available for the NETWORK ID, and you also REDUCE the number of bits available for identifying hosts.
Consequently, you INCREASE the number of networks and REDUCE the number of usable host addresses in each network or subnet.
The MORE bits you BORROW for network information, the MORE SUBNETS you can have, but the FEWER HOSTS each subnet can have.
Suppose you want to DIVIDE your local network, which has a network ID of 192.168.89.0, into SIX SUBNETS to correspond to your building’s six floors.
The following steps walk you through the process:
1) decide HOW MANY bits to BORROW.
→ 2 to the power n=Y (2 elevado a n=Y), where n equals the NUMBER OF BITS that must be SWITCHED from the host address to the network ID. Y equals the NUMBER OF SUBNETS that result.
…..
……..
