IP Address

We can apply access rules and provision services to the users of same or similar responsibilities without the need to change the topology of the network or changing the IP Address. Furthermore, VLAN can also create their own Broadcast Domain# without the help from Network Layer Network Device (modern #Switch and #Router). Basically, we could assign the hosts in a subnet# to be in the same VLAN. By using VLAN, we could have different broadcast domains even in a single switch so that broadcast flooding affects only those in the same grouping. If a link needs to handle more than one VLAN, #VLAN Trunking will be used.

Typical Switch’s interfaces can’t be assigned with #IP Address, therefore it is usually without an IP address.

To prevent SSRF, improve the security on application and network layer. On application layer, avoid reusing input URL provided by user (ignore the parameter upon the parsing error), instead use only the IP Address and hostname for connection. On network layer, setup firewall or NetWork to block the incoming traffics that try to access internal services.

Both its Ethernet# and serial interface (e.g., HWIC-2T) could be assigned with #IP Address. Before adding the interface modules to the router, the best practice is to turn off the router if it is running and then switch it on after the installation. It is same in Cisco Packet Tracer environment.

Every interface or port belongs to a different network. This means that each connected interface represents exactly one network. Although Router itself is a complete entity, the network could only recognise its interfaces, which are independent of the Router in logical perspective. Thus, the Router could be referred in different IP Address depending on which network we are working on.

Router is a #Network Device operates at Network Layer# which forwards packets from source to destination based on network layers protocols (reading the source and destination IP Address). It will communicate with other routers using Routing Protocol# (dynamic routing) or be manually edited by network administrators (static routing) to maintain or update their Routing Table# that contain optimal routing paths. Of course Router needs to be connected to a network to establish either dynamic routing or static routing.

The process of forwarding the packet from its received port to the outgoing port is called switching. Despite the naming, Router will immediately drop the packet when it can’t figure the destination in its routing table maintained by itself. Otherwise, it will simply modify the destination Media Access Control Address (MAC) (the next-hop, can be another Router or the final destination) in the packet without touching the IP Address which defines the final destination. Though the primary forwarding decision will be based on the Routing Table# or routing information, assuming there is a mapping of logical address to its interface or port. If there is no path defined in the routing table to where the packet should be forwarded to, Router will redirect it to a default route if set (usually 0.0.0.0 in IPv4 Address and ::/0 in IPv6 Address), or simply discards it and sends Internet Control Message Protocol (ICMP)# Unreachable message to the source. Additionally, we can divide a physical interface into at most 65,535 logical interfaces using the command interface {interface-name} {interface}.{subinterface}. This is particularly useful in Virtual LAN (VLAN) routing.

Network layer is the third layer in #Open Systems Interconnection (OSI) Model, and it is commonly referred as Internet Layer in #Internet Protocol Suite (TCP/IP). This is where most of the communication protocols operate. It is responsible for addressing, packaging and routing functions. The header that it adds to the packet, which is its #Protocol Data Units (PDU) includes the source and destination IP Address# which are unique. Routing# is done in this layer.

NIC is a piece of hardware which connect a device to the network and assigned its host with an #IP Address. There are two kinds of NICs: Ethernet# NIC for wired connection and WLAN for wireless connection.

Logical Topology Diagram shows devices, ports and IP Addressing# scheme.

In Link-State Routing, aka Shortest Path First (SPF), each #Router needs to know the entire topology of the network with the aid of a database. The database stores link states, that is information about the state of a router’s links, which include IP Address, type of network (Ethernet or serial point-to-point link), cost, and neighbours. This database will be identical to all routers using the same protocol albeit processed independently. The #exchange of topology information (called flooding) only happened upon the initial set-up of the network and when there is a topological change in the network (new router added or router is removed). Since only information specific to the change needs to be propagated, combined with the hierarchical model used by the protocol, it limits the scope of the route changes that occur and provides better scaling than Distance Vector Routing Protocol. Though there still a need for keep alive message between router and its neighbours to detect potential topological changes.

Other than that, there are some differences between Version 5 and Version 4#. Firstly, Version 4 depends solely on the use of Data Encryption Standard (DES) whereas Version 5 accepts any kind of encryption scheme or technique. Furthermore, V4 requires the use of IP Address# only whereas V5 allows any type of network address such as Media Access Control Address (MAC)# to be used. In V4, the sender of the message could choose its own message byte ordering, but the message structure is standardised using Abstract Syntax Notation One (ANS.1) and Basic Encoding Rules (BER) in V5. Moreover, the ticket lifetime is now indicated using explicit start and end time in V5, in contrast to the encoded 8-bit lifetimes values (up to 1280 minutes) in V4. Additionally, authentication forwarding is allowed in V5, but it is not in V4. Last but not least, the interopability (the degree of two things could be used together) among \(N\) realms requires \(O(N^2)\) Kerberos-to-Kerberos relationships in V4. V5 has a method that requires fewer relationships than in V4.

IPv6 Address is a 128-bit #IP Address intended to replace the existing #IPv4 Address. It is possible to give every user on the Earth multiple global IP addresses without worrying the eventuality of running out of them. This allows true peer-to-peer networking among hosts.

IPv4 Address is a 32-bit #IP Address. The address is separated into four 8-bit numbers (called octet) by dots. An example of an IPv4 address: 192.160.3.18. The address 0.0.0.0, sometimes referred as quad zero, means any IPv4 address.

The data encapsulation is done by two extension headers (append to the IP header): Authentication Header (AH) and Encapsulating Security Payload (ESP), defined by RFC 4303 and RFC 4302 respectively. AH provides Access Control#, Authentication# (including the IP Address#) and Connectionless Data Integrity# services using Message Authentication Code (MAC# /HMAC) where both parties must share secret key. It guards against address spoofing attacks and Replay Attack. ESP provides Confidentiality# services over message contents and traffic flow (but limited) and optionally support Access Control# services like in AH using MAC. It can also guard against Replay Attack#. The users can design which kind of ciphers, modes, and padding to be used in ESP. The IPsec could be set up to have AH only or ESP only or both.

The command standby {group-id} ip {virtual-ip-addr} run in Interface Configuration Mode will create a virtual router with the assigned virtual IP Address#. The IP address could be extracted using Variable-Length Subnet Masking (VLSM). Any other router interface in the network with the same HSRP group ID will be viewed logically as a virtual router. Within virtual router there consists of two entities: active router and standby routers. There could be only one active router in a group. Its responsibility will be to forward traffic on behalf of the virtual router to the destination unless it fails. If the active router fails, standby routers can come into play.

DNS provides a mean to translate between #IP Address and domain name such as “google.com”, “archlinux.org”, “mmu.edu.my” etc. If DNS is not available or disable within a network, the hosts will not be able to request services with domain name and even loss connection to the Internet entirely.

Default Route is a route that will match all packets when the packet’s destination IP Address# is not known. It reduces the size of the Routing Table#. Typically, Default Route is used to connect edge Router# to Internet Service Provider’s (ISP)# network.

CIDR is an effective method of IP Address# allocation especially for IPv4 Address developed by Internet Engineering Task Force (IETF) which utilises the prefix or the subnet mask. There is no default subnet mask for a network, instead it relies on Variable-Length Subnet Masking (VLSM)#. That being said, for CIDR to be deployed, the network must be contiguous, that is having the same network mask (the prefix must be larger than the default mask).

To configure #Virtual LAN (VLAN) with Switch#, there is a need to set up an IP Address, subnet mask, and default gateway (router to direct switch management traffic for remote access such as Telnet and Secure Shell (SSH)) in a switch. The configuration could be done in IOS# with the command vlan {number} in Interface Configuration Mode follows by the IP address assigned to the VLAN. We can attach a name to a VLAN by simply running the command name {vlan-name} right after vlan {number} command in Global Configuration Mode. Define the VLAN membership mode for the assigned interface (port) as access (see Dynamic Trunking Protocol (DTP)# for other possible modes) with switchport mode {mode} and assign VLAN to it by switchport access vlan {number} in the Interface Configuration Mode.

By default, the router configured with OSPF will have an OSPF router ID with the highest IP address on an active interface. However, it is advised to manually configure the router ID using the command router-id {ip-address} as manually configured router ID has the highest precedence over any methods that configure a router ID. We can also create a router ID by assigning an IP Address# with subnet mask 255.255.255.255 to the loopback 0 interface.

It can come in handy when a device wants to query the network for an IP Address#, when a device is newly added to a network, or when a change occurs in the network.

Summarisation of IP Address will happen when there is a need to transfer the information to different AS.

Authorisation defines what rights and services an entity have or is allowed after a successful Authentication. For example, an authroisation could take place by determining which applications or protocols could be used based on the provided IP Address.