Download Slide 1

Dwight Reifsnyder
1009
IP Numbers and VLANs –
Everything You Always Wanted To Know
Administrivia
• Please remember to turn cell phones to
vibrate or off
• Please remember to complete the session
evaluation at the end of this session
• The session number is: 1009
Boulder Valley School District
• 50 Schools
• 28,000 Kids
• New Fiber Infrastructure
• Extreme Networks
• Avaya Phones
Boulder Valley School District
Early VoIP
• Managed the first Avaya
VoIP implementation
in Colorado
• Network Assessments didn’t
exist! We ‘learned by doing’
• As my spell checker
says, it was VoID!
VoIP Bedrock
• IP Numbers are one of the most basic
building blocks of current networks
• Without really understanding IP
numbers, Telecom Administrators can’t
deploy VoIP
• If the Telecom Administrator cannot
deploy VoIP, it will be turned over to the
IT department
Avaya Certification
Communications Networking test:
Given the IP number 207.174.21.156, with a
subnet mask of 255.255.255.192, find:
a) The number of hosts in the subnet
b) The network address
c) The broadcast address
What is an IP Number?
• An IP Number identifies a host
(computer or phone) on a subnet, just
like an extension identifies a phone on
a cabinet
• IP configuration has 3 parts:
IP Number –
192.168.1.1
Subnet Mask –
255.255.255.0
Gateway –
192.168.1.254
• What? Why 3 parts?
Phone Talk
• Telephones talk to each other on
dedicated wires
• Ports are connected dedicated physical
ports
• How do computers find each other to
talk?
Computer Talk
• Computers talk to other
computers in two ways.
Broadcast (L2)
Routing (L3)
Inside Subnet - Broadcast
• Recipient is
determined to be
inside
• Message is sent
to all computers
• The intended
recipient listens
• Other computers
ignore the
message
Outside Subnet - Routed
• Recipient determined
to be outside
• Message broadcast
to local Gateway
(router)
• Gateway forwards
message to
destination subnet
• Message is broadcast
to final destination
IP Configuration – 3 Parts
• IP Configuration includes the
host identifier (computer,
phone, router, etc)
• IP Configuration includes a
‘subnet mask’ to show which
destinations are inside and
which are outside their subnet
(broadcast vs routing)
• IP Configuration includes a
gateway to reach all
destinations outside the
subnet
192.168.1.1
255.255.255.0
192.168.1.254
Dwight’s College Diploma
The blank space above is an accurate depiction of what
was inside Dwight’s diploma case at graduation time.
Bits and Bytes
• Computers store things in binary,
either a zero or a one.
• A single zero or one is a bit. 8 zeros or
ones are a byte.
IP Numbers
• An IP number is made up of 32 bits,
divided into four groups of 8 (four bytes).
11000000 10101000 00000001 00000001
IP Numbers for Humans
• Since humans don’t usually speak binary,
we use the decimal system
• Each byte (or octect) is written as a
decimal number ranging from 0 to 255
• The decimal numbers are separated by
periods, or dots
11000000101010000000000100000001
192.
168.
1.
1
Binary Math – Really Easy
• Binary math is based on powers of 2, as
opposed to powers of 10 for decimal math.
• Decimal math has a 1s place, 10s place, 100s
place, etc…
• Binary math has a 1s place, 2s place, 4s
place, 8s place, etc…
128
bit 1
64
bit 2
Most significant bit
32
bit 3
16
8
4
2
bit 4
bit 5
bit 6
bit 7
1
bit 8
Least significant bit
Binary Math to Decimal
• When a bit is 0 its value is zero
• When a bit is 1, its value is its place value
• The total is the decimal value (the one we use)
• 11000000 = 128 + 64 = 192
• 10101000 = 128 + 32 + 8 = 168
• 11111111 = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255
128
bit 1
64
bit 2
Most significant bit
32
bit 3
16
8
4
2
1
bit 4
bit 5
bit 6
bit 7
bit 8
Least significant bit
Binary-Decimal Translation
11000000101010000000000100000001
192.
168.
1.
1
11000000 = 128 + 64 = 192
10101000 = 128 + 32 + 8 = 168
00000001 = 1
00000001 = 1
128
bit 1
64
bit 2
Most significant bit
32
bit 3
16
8
4
2
bit 4
bit 5
bit 6
bit 7
1
bit 8
Least significant bit
Birthday Bytes
Dwight is 00101100 years old
Broadcast vs Routing
• All computers reside in a subnet – ie, a portion
of the larger network
• Computers choose broadcast or routing by
deciding whether their destination is inside
their subnet or outside of their subnet
• The subnet mask defines which is which, but
how?
What does ‘Mask’ Mean?
mask [mæsk], Noun
- a covering to disguise
or conceal the face
- cover with a sauce;
"mask the rotting
meat with catsup“
- Block out, divide
into parts
Subnet Masks Divide
• An IP Address is divided into two components
• The Network bits, or ‘outside part’
• The Host bits, or ‘inside part’
• This is kind of like area codes / DID blocks
32-bit IP Address
Network bits
Host Bits
Subnet Mask Secrets
• The subnet mask overlays the IP number
• Ones are network bits, zeros are host
bits
IP Number
11000000 10101000 00000001 00000001
Subnet Mask
11111111 11111111 11111111 00000000
The Decimal Numbers
• The subnet mask overlays the IP number
• Ones are network bits, zeros are host
bits (this is a 24 bit subnet)
192
IP Number
168
.
1
.
1
11000000 10101000 00000001 00000001
255
Subnet Mask
.
.
255
.
255
.
0
11111111 11111111 11111111 00000000
Bigger Subnets
• The subnet mask overlays the IP number
• Ones are network bits, zeros are host
bits (this is a 16 bit subnet)
192
IP Number
168
.
1
.
1
11000000 10101000 00000001 00000001
255
Subnet Mask
.
.
255
.
0
.
0
11111111 11111111 00000000 00000000
Who is In My Subnet?
• The network bits of an IP number are the
same for all hosts within a subnet.
• The host bits change for each host
Sesame Street for Networks
If the network bits are the same, the hosts are in the
same subnet
If the network bits are different, the hosts are in the
different subnets
Hosts in a 24 bit Subnet
• The network bits stay the same
• The host bits change for each host
192
First Host IP
.
1
.
0
.
168
.
1
. 255
11000000 10101000 00000001 11111111
255
Subnet Mask
168
11000000 10101000 00000001 00000000
192
Last Host IP
.
.
255
.
255
.
0
11111111 11111111 11111111 00000000
Questions
• Note to self – stop here to see if you have totally
confused people, because the really hard part is
coming next
Subnet Size
• Subnet masks that match to octets are
easy to work with
• 255.255.255.0 Class C
• 255.255.0.0
Class B
• 255.0.0.0
Class A
• Subnet masks that match to octets are
not very efficient (256 hosts jumps to
65534!)
Variable Length Subnet Masks
• What about making things more efficient by
allowing subnets to be defined at any point
in the 32 bit IP number?
• Aka Classless
Inter Domain
Routing or
C I D R!
Valid Subnet Masks
• Subnet masks use zeros and ones to
divide the IP number into network bits
and host bits.
11111111 11111111 11111111 00000000
OK!
11111111 11111111 00000000 00000000
OK!
11111111 11111111 11110001 00011000
NO!
Dividing at Octects is Easy
• The subnet mask overlays the IP number
• Each decimal number is either part of
the network, or part of the host
192
IP Number
168
.
1
.
193
11000000 10101000 00000001 11000001
255
Subnet Mask
.
.
255
.
255
.
0
11111111 11111111 11111111 00000000
VLSM can divide Anywhere!
• The subnet mask overlays the IP number
• A decimal number can be a combination
of network and host bits!
0 + 1
192
IP Number
168
.
1
.
1
11000000 10101000 00000001 00000001
255
Subnet Mask
.
.
255
.
255
.
128
11111111 11111111 11111111 10000000
VLSM can divide Anywhere!
• The subnet mask overlays the IP number
• A decimal number can be a combination
of network and host bits!
128 + (64 +1)
192
IP Number
168
.
1
.
193
11000000 10101000 00000001 11000001
255
Subnet Mask
.
.
255
.
255
.
128
11111111 11111111 11111111 10000000
VLSM Subnets
• The network bits remain the same for all
hosts in the subnet
• Subnets are not required to start at the
decimal number zero
• A single decimal range (0-255) can be split
into multiple subnets
VLSM – 25 bit Subnet
• The last decimal number is split into two
subnets
• This is because the 25th bit can be a zero
or a one
Subnet A
192
. 168
.
1
.
11000000 10101000 00000001 0
192
.
168
.
1
.
0-127
------128-255
Subnet B
11000000 10101000 00000001
1
-------
Subnet Mask
255 .
255 .
255 .
11111111 11111111 11111111 1
128
0000000
VLSM – 26 bit Subnet
• The last decimal number is split into
four subnets
• This is because the 25th and 26th bit can
form four combinations of zeros and
ones
Subnet A
192
. 168
.
1
.
11000000 10101000 00000001 00
0-63
------
Subnet B
192
. 168
.
1
.
11000000 10101000 00000001 01
64-127
------
Subnet C
192
. 168
.
1
.
128-191
11000000 10101000 00000001 10 ------
Subnet D
192
. 168
.
1
.
192-255
11000000 10101000 00000001 11 ------
Subnet Mask
255
. 255
. 255
.
11111111 11111111 11111111 11
192
000000
Subnet - Reserved Hosts
• The lowest number in a subnet (host bits
all zeros) is called the network address
• The highest number in a subnet (host bits
all ones) is called the broadcast address
• The available host addresses are all the
remaining combinations of the host bits.
The Subnet Spreadsheet
• If you have an IP number and Subnet Mask,
the Subnet Spreadsheet shows you how big
the subnet is, and what the first and last
hosts in the subnet are.
192.168.1.189
255.255.255.248
VLSM / CIDR Notation
• Network administrators sometimes save
time by including the subnet mask as a
slash (/) and then the number of network
bits
192.168.1.1 / 26
Questions
• Note to self, stop here
to let the smoke from
the blown up brains
disperse a little.
• Go back and review
• Collect the Test
Why Does this Matter?
• Limited number of IP Addresses
• Splitting of Traffic
• Segregating Departments
• Troubleshooting of IP Phones
Binary Math Joke
There are only 10 kinds of people in this
world – those who understand binary math
and those who don’t
Break – Run While You Can!
• VLANs to follow after a short break to stretch
our legs
What’s the Point? Why Bother?
“IEEE 802.1Q tagging (VLAN) is a useful
method of managing VoIP traffic in your LAN.
Avaya recommends that you establish a voice
VLAN, set L2QVLAN to that VLAN and provide
voice traffic with priority over other traffic.”
IP Phones LAN Admin Guide
VLANS – Session Overview
• Provide a basic understanding of VLANS
• Discuss IP phone VLAN implementation
• We might accidentally learn some other useful
information if we are not careful
49
What is a Virtual LAN?
• A virtual LAN, commonly known as a VLAN, is a
method of creating independent logical networks
within a physical network.
• Virtual LANs operate at Layer 2 (the data link layer)
of the OSI model.
Wikipedia
50
Background – The 7 layer burrito
OSI Model
Squishy, not
specific
VLANs are in
Layer 2
What Lives at Layer 2?
• Software –
Ethernet Protocol
• End Points
• Ethernet Hubs
• Ethernet Switches
L2 Hardware – Endpoints
• Phones and PCs are multi layer devices
• We will talk about them at layer 2 today
L2 Hardware – Network Hub
• Network Hubs –
• broadcast traffic
• not very efficient
L2 Hardware – Network Switch
• Network Switches –
• Starts like a hub
• Gradually directs
traffic to specific
ports instead of
broadcast
• How do they do that?
Detour - L2 MAC Addresses
• Like a VIN Number on a car
• Unique to each and every network device
00-07-E9-55-64-4D
• MAC addresses are used to identify the sender and
recipient of an ethernet packet
Network Switch
• Stores MAC
addresses and
associated port
numbers in a table
• Makes network
more efficient!
Evolution - Managed Switches
Have a user console that can show • If a port is connected or not
• Port speed (10MB, 100MB, 1000MB)
• MAC address table
• Calls out with alarms
• Best solution for Administrators
• Cost more $$$$$!
Segregation – Good for Networks!
• Sometimes we need to have departments separated –
• HR, confidentiality
• Marketing, high bandwidth usage
• Operations
• Each department needs its own LAN
Segregation – The Old Way
• Multiple Managed
Network Switches
• Costly
• Complex
Segregation – The New Idea
• Multiple MAC
Address Tables
• One switch,
divided into
'Virtual LANs‘
• Great idea, how
would it work?
Detour - RFCs (secret recipes)
• Request for Comments
• Internet Engineering Task
Force (IETF)
• Institute of Electrical and
Electronics Engineers
(IEEE)
Some Common RFCs
802.1a,b,g,etc
Wireless Ethernet (WiFi)
854
Telnet
802.1x
Network Access Control
1719
Private Class IP numbers
821
SMTP (Simple Mail Transport Protocol)
1939
POP3 (Post Office Protocol 3)
802.3AF
Power Over Ethernet
2131
DHCP (Dynamic Host Configuration)
RFC 802.1q - VLANs
• Defines how to segregate a single L2 network
switch into multiple “virtual' LANs or
networks with multiple MAC tables
• One managed network $witch can now serve
multiple departments without losing security
or performance
Layer 2 Switch with VLANs
• Logical evolution
from switching table
• Port based VLAN
identification – every
port belongs to a
VLAN
• Separate broadcast
domains
VLAN
VLAN
2 – 1Human
– Marketing
Resources
VLAN
–3 Operations
VLANs Across Switches
VLAN Tags – Don't Lose my Bag
•
•
•
•
•
DEN
CHI
NYC
ELM
SAT
VLAN Tags – Ethernet Packets
• Ethernet packet fields
• Header
• Payload
• End
• VLAN tagging information is
added to the header, making
it slightly longer
VLAN Trunking Across Switches
The ports which join the switches are defined as belonging
to native VLAN and a secondary VLAN. The secondary
VLAN sends ‘tagged’ packets so they can be segregated
Read you loud and clear…
• VLAN compliant devices can accept tagged or
untagged packets
• Packets without tags stay in the native VLAN
(port based VLAN)
• Packets with tags go into the VLAN defined by
the tag (if that VLAN is allowed on that port)
Eh? What was that?
• Non VLAN compliant
devices discard tagged
packets –
they have an invalid
header length!
What Devices Read Tags?
• VLAN compliant
switches
• VLAN compliant IP
phones
• Microsoft Windows ?
X
Review - Who Sends Tags?
Trunk
Devices
between
areswitches
all in Port
must
Based
send
VLANs
and receive
– no tags
tags
802.1q VLAN Port Parameters
• Native VLAN (port based VLAN)
• Secondary VLANs
• Tagging
IP Phone Deployment
• Avaya suggests that phones should always be in
their own VLAN
•
•
•
•
Increases security
Cuts down on broadcast traffic
Increases voice quality
Makes troubleshooting easier
VLAN Deployment Options
2 VLANs, 2 Ports
2 VLANs, 1 Port!
IP Phones have a Network Switch!
2 VLANs, 1 Port!
The phone contains a
VLAN compliant
3 port network switch!!
Detour – Phones & DHCP & VLANs
• DHCP is an ethernet broadcast request used by
devices to get an IP number
• Broadcast packets do not cross VLANs
• Each VLAN needs its own DHCP Server
Detour – Phones & DHCP & VLANs #1
• On bootup, the phone sends a DHCP request in the
native VLAN (port VLAN)
• The phone is notified if there is a specific voice VLAN
• The phone sends a new DHCP request with the
correct VLAN tag
Detour – Phones & DHCP & VLANs #2
• On bootup, the phone and network switch exchange
information via LLDP (Link Layer Discovery Protocol)
• The phone is notified if there is a specific voice VLAN
• The phone sends a new DHCP request with the
correct VLAN tag
Review – Who Sends Tags?
The blue VLAN is a
secondary VLAN for both
network switch ports
The green VLAN is the
native VLAN for both
network switch ports
Do You Understand VLANs?
• You don't really
understand
something unless
you can explain it to
your grandmother...
Albert Einstein
82
See you next year
in Las Vegas May 22-26 for
the 2011 International Conference