Networking

Introduction

The keystone of a well-designed network that can grow is a future-proofed IP addressing scheme.

It’s always better to do things right the first time! So why not start with a scheme that can take you all the way from your small suburban office to an underground global headquarters .

Start it off right and you never have to make significant changes to it again

DHCP

The most common way to run low on IP addresses is through the introduction of wireless devices into the network ,the Internet of Things boom will only add to this pressure.

Static IPs

One thing that is hard to know is the amount of static IPs your network will need as it grows. If you get this wrong it can eat into your DHCP scope and cause big problems. This is often when a company needs to rethink their entire IP addressing scheme or resort to inconsistencies in design.

Network Type 1 

Use a Class A (10.0.0.0) IP addressing scheme even if you only have 10 clients and 1 server at the moment. Some technicians may call this overkill.  idea is bringing a bazooka to a gunfight means you always win.

Divide your networks by site location by incrementing the value in the second octet per network.

If the network becomes a multi-site enterprise network, this provision will allow for 254 total site locations whilst still giving an ordered and hierarchical structure to the IP addressing scheme. Your WAN topology should therefore look like this:

Site Location  Network Address Usable Host Range Broadcast Address:

• Primary Site 10.0.0.0/16 10.0.0.1 – 10.0.255.254 10.0.255.255

• Secondary Site 10.1.0.0/16 10.1.0.1 – 10.1.255.254 10.1.255.255

• Tertiary Site 10.2.0.0/16 10.2.0.1 – 10.2.255.254 10.2.255.255

LAN IP Topology:

Each individual site should be further split into 2 subnets.

The first subnet should be given to the devices owned by the store (Router, switch, server, POS system, Security, etc) the remainder should be given to the DHCP scope for Wi-Fi/Ethernet access to your client’s/staff devices should you choose to offer a Wi-Fi service to them. This will provide security for your important transaction services.

Each LAN will use the subnet mask 255.255.255.128, allowing for 126 usable host addresses per network.

Subnet breakdown:

Site 1  

Subnet | Network  | Usable Addresses  | Broadcast Address  | Net Mask 

• Subnet 1 | 10.0.0.0/25 | 10.0.0.1 – 10.0.0.126 | 10.0.0.127 |255.255.255.128

• Subnet 2 | 10.0.0.128/22 | 10.0.0.129 – 10.0.0.254 |10.0.0.255 | 255.255.255.128

Site 2

• Subnet 1 |10.0.1.0/25 |10.0.1.1 – 10.0.1.126 | 10.0.1.127 |255.255.255.128

• Subnet 2 | 10.0.1.128/22 | 10.0.1.129 – 10.0.1.254 |10.0.1.255 | 255.255.255.128

Specific IP Reservations

In order to retain consistency between site locations the following IP reservations should be implemented on each network.

Network IP Addresses

Subnet 1 

Device | IP Address |

• Router interface1| 10.0.0.1/25

• Switch | 10.0.0.2/25

• Firewall |10.0.0.3/25

• POS terminal(s) | 10.0.0.4-10/25

• Security System | 10.0.0.11/25

• Reserved  | 10.0.0.12-59/25

• Servers | 10.0.0.60-79/25

• DHCP | 10.0.0.80-254/25

Subnet 2

Device | IP Address

• Router Interface 2 | 10.0.0.129/25

• WAPs |10.0.0.130-135/25

• DHCP | 10.0.0.135-254/25

 As this setup assumes that there will be a segment of your network that is available for public access it is important to have either a guest wireless network on your router or to configure separate VLANs, configure routing, and DHCP relay for Subnet 1 and 2 in order to secure your business network from the publically accessible network. The specifics of how this is done will depend on the hardware provider that you select.

Autonomous System Numbers (ASN)

An autonomous system number is a unique identifier that is globally available and allows its autonomous system to exchange routing information with other systems 

The Internet Assigned Numbers Authority (IANA) is responsible for globally coordinating DNS Root, IP addressing, and other Internet protocol resources, including ASNs. IANA assigns ASNs to regional Internet registries (RIRs), which are organizations that manage Internet number resources in a particular region of the world.

The five regional Internet registries are:

1. African Network Information Center (AFRINIC)

2. American Registry for Internet Numbers (ARIN)

3. Asia-Pacific Network Information Centre (APNIC)

4. Latin American and Caribbean Network Information Centre (LACNIC)

5. Réseaux IP Européens Network Coordination Centre (RIPE NCC)

16 bit ( 0-65535)
32 bit (65536-4 , 294,967,295 )

Types

1. Public ASN : Controlled by IANA 

2. private ASN 

   • 16 bit private range : 64512 - 65534 

   • 32 bit private range : 4200000000+

VGW

only uses private ASN numbers , AWS defaults to 64512 in all regions , 7224 in most regions prior to June 30,2018

Must be assigned a private ASN in order to support potential BGP route learning 

Can only be attached to Single VPC , Once created a VGW's properties cannot be edited 

Route learning methods 

• Static 

• Dynamic

Static learning :

• Network prefixes manually configured 

• Limited means of applying route preferences 

• Unsuitable for larger networks

Dynamic learning 

• Peer routers share network prefixes by using a routing protocols 

• optional control over route preferences 

• widely used in large networks 

Site to Site VPN can be configured Static or Dynamic 

Direct Connect ONLY Dynamic using BGP 

Border Gateway protocol 

Is an exterior routing protocol, it's the underlying  routing protocol of the internet .   just as there are internal routing protocols for Autonomous networks (Interior gateway protocol -IGP )such as OSPF , grid of Autonomous system routers connect through internet using BGP . 

• BGP allows different autonomous systems to share network route information with each other 

• BGP peering and network advertisement must be manually configured 

• BGP does not care how two peers are physically connected 

World of BGP is divided into MANY Autonomous systems ,   

eBGP and iBGP are types of BGP connection configurations

if an Autonomous system exposes 2 BGP routers , these 2 BGP routers from same Autonomous system will be routed using iBGP 

BGP routers from external routing Autonomous systems will be configured with eBGP connection 

• Exterior routing protocol

• Network routes ( prefixes) are shared between mutually -configured peers 

• No prefixes are automatically shared 

• Selects the best of multiple paths to same destination 

• uses TCP 179 ( if BGP router is behind Firewall this port needs to be open ) 

Quick Summary

• BGP allows different autonomous systems to share network route information with each other.

• BGP peering and network advertisement must be manually configured.

• BGP does not care how two peers are physically connected.

• BGP prefixes include attributes and other properties that  allow BGP to select a "best" prefix for a destination.

•  BGP prefix attributes can be manipulated to control  which prefixes are deemed"best".

• Weight and local preference control outbound paths from either a single router or the entire AS,respectively.

• AS path prepending and multi-exit discriminator control  which local router eBGP peers prefer.

BGP table

Route selection from table basic criteria . BGP cannot sense network quality so BGP admins can override the prefix to override .