this is gonna be a long one... someone *cough*scottmac*cough wanna help me understand VLSM and CIDR?

[xyyz]

I'm enrolled in the first semester of the CCNP cisco academy... while I didn't mind the "hands-off" approach used in the CCNA academy, this teaching method is killing me with this program.

We're covering advanced routing this semester... and I'm hung-up on VLSM and CIDR.

Can anyone come to my aid and help me out here?

All I understand about the two is as follows:

VLSM allows you to subnet a subnet, and I can understand why... but HOW it is done I don't know
CIDR has something to do with route sumarization, again I know why you'd want to do this... but I don't know how or anything beyond the why

Anyone want to run to my aid on this one (ScottMac, Garion, L3guy, et al?)

Oh yeah, examples... I love lots of examples

Another thing... assume i'm really dumb, which means that you'll have to use many words and talk very very s-l-o-w-l-y

 

[spidey07]

VLSM and CIDR simply mean you can ignore CLASS. you can use any mask you like and it doesn't matter or depend on class. The router will contain specific routes for each network irregardless of class.

Some routing protocols don't support VLSM and CIDR so that's why they showing it to you first.

 

[L3Guy]

Let me give you an abbreviated version of the case study from my IP class.

I am designing a LAN for a company called SCo.
They have a main office with 600 users, and are currently organized into 5 regions, with 10 to 30 offices per region.

In discussions, we decide that with current technology (L3 switches), that we are going to limit subnets to 128 addresses. Also, we are going to summarize heavily, to increase stability, reduce routes and because it has a very high IWBC factor. (IWBC = It would be cool) All our frame connections are going to be point to point, and have minimum address space.

Starting from the top we choose a private address space. 10.0.0.0 /8
Since we want to summarize by region, we decide that we want to design for 16 regions.
that makes the regional summaries:
10.0.0.0/12 Reserved
10.16.0.0 /12 HQ
10.32.0.0/12 East
10.48.0.0/12 West
...
10.248.0.0/12 Reserved

Each region should allow 64 sites.
that would make each site with a /20 mask
For example, the Florin Park location would be 10.33.128.0/20

Each site would have 32 networks for a total of /25 mask.
So a network on Florin parks site might be 10.33.129.128/25
The frame circuits might be 10.32.16.32/30 and 10.32.16.36/30

The router on site will have several routes. and might look something like:

10.48.0.0/12 next hop 10.32.16.33
10,33.0.0/20 next hop 10.32.16.33
10.34.0.0/20 next hop 10.32.16.33
10.35.0.0/20 next hop 10.32.16.33
10.33.129.0/25 next hop 10.33.129.1
10.33.129.128/25 next hop 10.33.129.129
10.32.16.32/30 next hop 10.32.16.33
10.32.16.36/30 next hop 10.32.16.37

Note that there are 4 different subnet masks in this example.
/12 = other region
/20 = other site
/25 = local network
/30 = local wan

this is an example of VLSM in action.

A quick example of CIDR might be:
A school district has each of 50 schools assigned a private 192.168.x.0 network, and is reaching them through an ISDN RAS (remote access server). The RAS is running RIP to tell their router which of the schools is connected. The triggered updates are causing massive problems to the network they are attached to. Using CIDR, we assigned a static route on the router of 192.168.0.0/16, and pointed it at the RAS box. the RAS box was given a default route to the router, then RIP was disabled.
Since 192.168.0.0 was shorter than minimum for a class C network, this is a summary or CIDR route.
Notice that there was not any single network that had a short mask, just a route in a table that said that all these networks could be found "over that-away".

Hope these two examples help.

Doug

 

[xyyz]

<< VLSM and CIDR simply mean you can ignore CLASS. you can use any mask you like and it doesn't matter or depend on class. The router will contain specific routes for each network irregardless of class.

Some routing protocols don't support VLSM and CIDR so that's why they showing it to you first. >>



i sorta know what it does... but how is the problem...

 

[spidey07]

how?

VLSM means you can use a variable length mask. CIDR means class doesn't matter. Not much more too it. I think maybe you're trying to make it some big complicated thing when its not.

 

[bignick]

i know this isn't exactly on topic with this thread, but it seemed like a good time to ask. I've got a server (win2k server sp2) with three nics. Nic1 is DHCP, and goes to the internet.
Nic2 and Nic3 are both internal.
Nic2 is 172.16.1.1 subnet mask 255.255.0.0
Nic3 is 172.16.2.1 subnet mask 255.255.255.0 - had to do this to get to see the 172.16.1.x network

my question is why do i need to have 255.255.255.0 as the subnet mask on Nic2?

thanks.

 

[Santa]

If you didn't use an extra 8 bits (the extra 255 in the third octet) then your two networks would be identical and the two NICs would be considered the same wire (which is not what you want) Each network card on a router is to be connected to a differnt subnet and to accomplish this you need to mask accordingly or you will not be on seperate subnets.

If you had both NICS on a 255.255.0.0 only the first 16 bits are used to indicate the network. So in other words 172.16.1.1 and 172.16.2.1 are both on the 172.16.0.0 network.

When you introduced an extra 8 bits (the extra 255 in the third octet) you made 172.16.1.1 apart of the 172.16.0.0 network and 172.16.2.1 part of the 172.16.2.0 network.

Ideally you might want to change your 255.255.0.0 subnet mask to be 255.255.255.0 also so you can make sure you will never conflict in IP ranges since it is possible to have 172.16.2.1 on the first NICs subnet and on the second NICs subnet.

 

[ScottMac]

(Since Doug took the hard part, and Spidey covered the practical aspects......)

How does it do it?

It's a programming thing, and I could be wrong, but my understanding is that the router looks at the mask expressed by the routing protocol (or associated with the interface/route) and does an Exculsive OR (XOR) against the address. If the "masked" portion of the address (the "network number") turns up as zeros, it's a match for that route. The incoming packet is XOR'd against all known routes (one at a time) until a zero value is generated (matches a route) . If the routing table is exhausted and all results are non-zero, then the packet is routed to the default route ("Gateway of Last Resort") if it exists.

Remember, the router doesn't care about the host portion of the address; it just wants to get the packet to a router that is connected to the target network, where an ARP process can produce a valid host to deliver the packet to. It only looks at the "network" portion of the address, which is designated by the mask.


Bignick: You should have a 255.255.255.0 mask on both of those addresses. Each NIC has to be on it's own network/subnet. You have the right idea with the actual address, but the "255.255.0.0" mask is wrong for what you're trying to do. Are you familiar with the concept of "Thread-Jacking" ? Just curious......

FWIW

Scott

 

[Santa]

Thread jacking hehe.. oh man the lingo that comes out of these forums..

 

[L3Guy]

Here is a router config that I am practicing on.
The excersize comes from"CCIE Practical Studies Vol 1"
Its called Skylab.

!
hostname r5
!
!
no ip dhcp-client network-discovery
ipx routing 0000.0000.0005
ipx internal-network A5
call rsvp-sync
!
!
interface Loopback0
ip address 140.100.5.5 255.255.255.0
ipx network 5
!
interface Loopback1
ip address 172.16.1.1 255.255.255.0
!
interface Loopback2
ip address 151.100.1.1 255.255.255.0
!
interface Loopback3
ip address 151.101.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 140.100.55.5 255.255.255.0
duplex auto
speed auto
ipx network 55
!
!
interface Serial0/1
ip address 140.100.35.5 255.255.255.252
ip summary-address eigrp 2020 151.100.0.0 255.254.0.0 5
ipx network 35
ipx nlsp 1 enable
ipx nlsp 1 rip off
!
router eigrp 2020
network 140.100.0.0
network 151.101.0.0
distribute-list 5 out Serial0/1
distribute-list 1 in Serial0/1
no auto-summary
no eigrp log-neighbor-changes
!
!
access-list 1 deny 199.199.1.0 0.0.254.255
access-list 1 permit any
access-list 5 deny 151.101.0.0 0.0.255.255
access-list 5 permit any
!
!
!
ipx router nlsp 1
area-address 35 FFFFFFFF
!


If you read through the extranious BS, you will notice a couple of things.
1: interface serial 0/1 has a different subnet mask than the rest of the interfaces.
Its an example of VLSM.
2: Int S0/1 is summerizing the 151.100.0.0/16 and the 151.101.0.0/16 into 151.100.0.0/15
Its an example of a CIDR route.

R3 is on the other end of int s0/1. Here is its IP routing table:

r3#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 192.128.128.0/24 is directly connected, Ethernet0/0
140.100.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 140.100.35.4/30 is directly connected, Serial0/1
D 140.100.55.0/24 [90/2172416] via 140.100.35.5, 01:38:32, Serial0/1
C 140.100.3.0/24 is directly connected, Loopback0
D 140.100.5.0/24 [90/2297856] via 140.100.35.5, 01:38:32, Serial0/1
128.200.0.0/24 is subnetted, 1 subnets
R 128.200.1.0 [120/1] via 192.128.128.1, 00:00:20, Ethernet0/0
128.201.0.0/24 is subnetted, 1 subnets
R 128.201.1.0 [120/1] via 192.128.128.1, 00:00:21, Ethernet0/0
128.202.0.0/24 is subnetted, 1 subnets
R 128.202.1.0 [120/1] via 192.128.128.1, 00:00:21, Ethernet0/0
D 151.100.0.0/15 [90/2297856] via 140.100.35.5, 01:38:34, Serial0/1
r3#

hope this helps;

Doug

 

[spidey07]

<< no auto-summary >>


thank god you remembered that...otherwise your table on R3 would look WAY different. thought that might help with the whole classeless thing.

 

[pcmark]

CIDR means Classless Inter Domain Routing. It basically means that the standard class A, B, and C network designations are tossed aside. This allowed for Classless routing protocols, such as OSPF. Classless routing protocols include the subnet mask information when a route update is sent, where classful protocols, such as RIP don't. This allows different length subnet masks to be used on the network, called Variable Length Subnet Masks (VLSM). Otherwise the routing protocol would automatically assume the IP address 129.250.35.250 was a class B address since it falls in the classic class B range.

 

[pcmark]

BTW, how's the Cisco Academy?