IPv4
- classes:
- A: 0x0…….
- B: 0x10……
- C: 0x110…..
- D: 0x1110….; mcast
- E: 0x1111….; experimantal
- private (RFC 1918):
- A: 10.0.0.0/8
- B: 172.16.0.0/12
- C: 192.168.0.0/16
- D: 239.0.0.0/8
- bcast: 255.255.255.255 (local)
- default: 0.0.0.0/0
- APIPA: automatic private IP addressing (169.254.0.0/16)
- Shared Address Space: 100.64.0.0/10 – between ISP and CPE if CGN is performed
- fragments reassembly is performed by endpoints only (exception – PAT)
- redirect:
- ingress interface = egress interface
- source IP address is from the same subnet as correct next-hop
- no source routing
- big endian encoding
- fragment length is multiple of 8 because of offset ⇒ 1180 byte packet for MTU = 600 is split into 3 fragments: 576, 576, 8
- waiting for fragments:
- fragment with offset = 0 received
- fragment with MF = 0 (last) received
- verify, using offset, whether all fragments are received
- summarization – up to classful network
- aggregation – several classful networks (supernet)
Format
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL | ToS | Length (bytes, whole packet) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TTL | L4 Protocol | CRC | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Options (0-10 words) / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Data / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IHL:
- IP header length
- 32 bytes unit
Offset:
- 8 bytes unit
- offset of the fragment within parent packet
Identification:
- inherited by all fragments
- reassembly only for fragments with the same ID
Flags:
- 0x0: reserved
- 0x1: DF (don’t fragment), 1 ≡ forbid fragmentation
- 0x2: MF (more fragments), 0 ≡ last fragment
CLI
IOS XE
; permits processing and forwarding broadcast packets (helper-address) (config)# ip forward-protocol <PROTO> ...
(config-line)# ip netmask-format bit-count|hex|decimal
; 255.255.255.255 default (config-if)# ip broadcast-address <IP> ; disabled by default, permits IP bcast → Ethernet bcast (config-if)# ip directed-broadcast ; suppresses connected route on link flap (config-if)# dampening [<HALF> <REUSE> <SUPPRESS> <MAX_SUPPRESS>]
L4 protocols
- 1: ICMP
- 2: IGMP
- 4: IPIP
- 6: TCP
- 17: UDP
- 41: IPv6-over-IPv4
- 46: RSVP
- 47: GRE
- 50: ESP
- 51: AH
- 54: NHRP
- 59: ESP dummy
- 88: EIGRP
- 89: OSPF
- 97: Ethernet-over-IP
- 112: VRRP
ICMPv4
- Packet Too Big: includes MTU value – used by PMTUD
; generates single unreachable within ms timeframe (500 ms by default) ; n – number of packets that trigger log entry, 100 by default ; n-ms – timeframe, when only one log entry is generated; 60s by default (config)# ip icmp rate-limit unreachable [df] <ms> [log <n> <n-ms>]
ICMP Router Discovery Protocol
- discovers GW for IPv4
; on host
(config)# ip gdb irdp; on router
(config-if)# ip irdpEcho
- ICMP
- TCP/UDP (IOS) – test L3+L4
(config)# no service tcp-small-servers
(config)# no service udp-small-serverRedistribute
- if IGP1 has explicit redistribute connected, then interfaces from IGP2 are not redistributed by default – has to be included explicitly
- extended ACL match on prefix+mask
- if update from another ASBR is blocked (including EIGRP), floating static default can be used as backup – connectivity in case main route fails
Networking and IT 