CCNA 3: Switching Basics and Intermediate routing v3.1.1

Module 1: Introduction to Classless Routing

1.1 VLSM 
   
1.1.1 What is VLSM and why is it used? 
 
Cisco routers support VLSM with Open Shortest Path First (OSPF), Integrated IS-IS, Enhanced Interior Gateway Routing Protocol (EIGRP), RIP v2, and static routing. 

Cisco 路由路上的開放最短路徑優先 (OSPF)，整合式 IS-IS，加強型內部閘道路由協定 (EIGRP)，RIP v2 以及靜態路由都支援 VLSM。

Classful routing protocols require that a single network use the same subnet mask. As an example, a network with an address of 192.168.187.0 can use just one subnet mask, such as 255.255.255.0.

具級別的路由協定需要在單一網路上使用相同的子網路遮罩；舉例而言，網路 192.168.187.0 只能使用一個子網路遮罩，譬如255.255.255.0。

A routing protocol that allows VLSM gives the network administrator freedom to use different subnet masks for networks within a single autonomous system.

支援 VLSM 的路由協定，提供網路管理者對單一自治系統內網路，使用不同的子網路遮罩的自由  。

1.1.2 A waste of space 

In the past, the first and last subnet were not supposed to be used. The use of the first subnet, which was known as subnet zero, was discouraged because of the confusion that could occur if a network and a subnet had the same address. This also applied to the use of the last subnet, which was known as the all-ones subnet.

在過去，第一個和最後一個子網路都不建議使用；不建議使用第一個子網路(又稱為子網路 0 )的原因是它與網路位址相同，因而產生混淆。這項限制也適用於最後一個子網路 (又稱為全部為 1 的子網路) 。

The use of the first and last subnets have become an acceptable practice in conjunction with VLSM.

在 VLSM內使用第一個和最後一個子網路已是大家接受的共識。

to use the no ip subnet-zero command, there will be seven usable subnets with 30 hosts in each subnet.

使用 no ip subnet-zero 命令 (禁止使用子網路 0 的 IOS 命令)，將有七個能支援 30 部主機的可用子網路

Cisco routers with Cisco IOS version 12.0 or later, use subnet zero by default.

安裝 Cisco IOS 12.0 或以後版本的 Cisco 路由器，預設值是使用子網路 0 。

 
1.1.3 When to use VLSM 
 

A 30-bit mask is used to create subnets with only two valid host addresses. This is the best solution for the point-to-point connections.

30 位元遮罩用來建立只有兩個有效主機位址的子網路，這是給點對點連接最好的解決方案。

In the example, the team has taken one of the last three subnets, subnet 6, and subnetted it again. This time the team uses a 30-bit mask. Figures 2 and 3 illustrate that after using VLSM, the team has eight ranges of addresses to be used for the point-to-point links.

在這個例子裡，小組取出最後三條子網路中的一條，即子網路 6，並再次對它進行子網路分割，這次用的是 30 位元遮罩。圖 2 及3 解釋了在使用 VLSM 之後，小組擁有 8 個可以用於點對點連接的位址範圍。

1.1.4 Calculating subnets with VLSM 
 

VLSM can be used to subnet an already subnetted address.

VLSM 可以被用來對已經分割子網路的位址進行子網路分割，

For example, consider the subnet address 172.16.32.0/20 and a network that needs ten host addresses. With this subnet address, there are 2¹² – 2, or 4094 host addresses, most of which will be wasted. With VLSM it is possible to subnet 172.16.32.0/20 to create more network addresses with fewer hosts per network. When 172.16.32.0/20 is subnetted to 172.16.32.0/26, there is a gain of 2⁶, or 64 subnets. Each subnet can support 2⁶ – 2, or 62 hosts.

例如，考慮子網路位址 172.16.32.0/20 及一個需要 10 個主機位址的網路，這個子網路有 2¹² - 2 或者 4094 個主機位址，大部分的位址都將被浪費。使用VLSM分割 172.16.32.0/20 以產生更多擁有較少主機網路位址的網路。當 172.16.32.0/20 被分割成 172.16.32.0/26，獲得了 2⁶ 或 64 個子網路。每個子網路可以支援 2⁶ - 2 或62 個主機位址。

Use the following steps to apply VLSM to 172.16.32.0/20:

1. Write 172.16.32.0 in binary form.
2. Draw a vertical line between the 20^th and 21^st bits, as shown in Figure . The original subnet boundary was /20.
3. Draw a vertical line between the 26^th and 27^th bits, as shown in Figure . The original /20 subnet boundary is extended six bits to the right, which becomes /26.
4. Calculate the 64 subnet addresses with the bits between the two vertical lines, from lowest to highest in value. The figure shows the first five subnets available.

使用下列步驟在 172.16.32.0/20上套用 VLSM：

1. 以二進制形式寫下 172.16.32.0。
2. 如圖 所示，在第 20 和第 21 個位元間畫一條垂直線，原有的子網路邊界是 /20。
3. 如圖 所示，在第 26 和第 27 個位元間畫一條垂直線，原有的 /2子網路 0 邊界被向右擴充了 6 個位元變成 /26。
4. 用兩條垂直線間的位元，以數值由低而高計算 64 個子網路位址，圖中展示了前 5 個可用的子網路。

It is important to remember that only unused subnets can be further subnetted. If any address from a subnet is used, that subnet cannot be further subnetted. In Figure , four subnet numbers are used on the LANs. The unused 172.16.33.0/26 subnet is further subnetted for use on the WAN links.

記得只有未使用的子網路可以再次分割成子網路是重要的，如果子網路中的任何位址被使用了，這個子網路就不能被再次分割成子網路。圖 中，4 個子網路編號被用在區域網路，未被使用的 172.16.33.0/26 子網路為了用在廣域網路連接被再次分割成子網路。

1.1.5 Route aggregation with VLSM 
 

Figure illustrates how route summarization reduces the burden on upstream routers. This complex hierarchy of variable-sized networks and subnetworks is summarized at various points with a prefix address, until the entire network is advertised as a single aggregate route of 200.199.48.0/20. Route summarization, or supernetting, is only possible if the routers of a network use a classless routing protocol, such as OSPF or EIGRP. Classless routing protocols carry a prefix that consists of a 32-bit IP address and bit mask in the routing updates. In Figure , the summary route that eventually reaches the provider contains a 20-bit prefix common to all of the addresses in the organization. That address is 200.199.48.0/22 or 11001000.11000111.0011.

圖 描繪出路徑加總如何減少上游路由器的負荷。不同大小的網路和子網路的複製架構在不同的點以前置位址加總，直到整個網路被使用單一的匯集路徑 200.199.48.0/20 來宣傳；路徑加總或稱超網路，只有在如果網路的路由器使用無級別路由協定，像是 OSPF 或 EIGRP 時可用；無級別路由協定在路由更新中運送包含 32 位元 IP 位址和位元遮罩的前置碼；在圖 中，最後到達網路服務供應商的加總路徑包含了一個對整個組織中的位址共同的20位元的前置碼，那個位址是 200.199.48.0/22 或 11001000.11000111.0011。

The following are important rules to remember:

• A router must know in detail the subnet numbers attached to it.
• A router does not need to inform other routers about each subnet if the router can send one aggregate route for a set of routes.
• A router that uses aggregate routes has fewer entries in its routing table.

下面是要記住的重要規則：

• 路由器必須詳細的知道連接到它的子網路編號。
• 路由器如果能為一組路徑送出一個匯集路徑，則不需要通知其它路由器每一個子網路。
• 使用匯集路徑的路由器在它的路由表中會有較少的登錄

VLSM increases route summarization flexibility because it uses the higher-order bits shared on the left, even if the networks are not contiguous.

VLSM讓路徑加總更具彈性，因為它共享左邊的更高階位元，即使網路並不相鄰。

Figure shows that the addresses share the first 20 bits. These bits are colored red. The 21^st bit is not the same for all the routes. Therefore the prefix for the summary route will be 20 bits long. This is used to calculate the network number of the summary route.

圖 展示共享前 20 位元的位址，這些位元被標成紅色。第 21 個位元對所有路徑而言並不相同，因此加總路徑的前置碼將是 20 位元長，它被用來計算加總路徑的網路編號。

Figure shows that the addresses share the first 21 bits. These bits are colored red. The 22^nd bit is not the same for all the routes. Therefore the prefix for the summary route will be 21 bits long. This is used to calculate the network number of the summary route.

圖 展示共用前 21 個位元的位址，這些位元被標示成紅色，對所有的路徑而言，第 22 個位元並不相同，因此加總路徑的前置碼將是 21 位元長，它被用來計算加總路徑的網路編號。

1.1.6 Configuring VLSM 
 

The following are VLSM calculations for the LAN connections in Figure :

• Network address: 192.168.10.0
• The Perth router has to support 60 hosts. That means a minimum of six bits are needed in the host portion of the address. Six bits will yield 2⁶ – 2, or 62 possible host addresses. The LAN connection for the Perth router is assigned the 192.168.10.0/26 subnet.
• The Sydney and Singapore routers have to support 12 hosts each. That means a minimum of four bits are needed in the host portion of the address. Four bits will yield 2⁴ – 2, or 14 possible host addresses. The LAN connection for the Sydney router is assigned the 192.168.10.96/28 subnet and the LAN connection for the Singapore router is assigned the 192.168.10.112/28 subnet.
• The KL router has to support 28 hosts. That means a minimum of five bits are needed in the host portion of the address. Five bits will yield 2⁵ – 2, or 30 possible host addresses. The LAN connection for the KL router is assigned the 192.168.10.64/27 subnet.

以下是對圖 : 區域網路連接的 VLSM 計算：

• 網路位址：192.168.10.0
• Perth 路由器必須支援 60 部主機，意謂位址的主機部分至少需要 6 個位元，6 個位元將產生 2⁶ - 2 或 62 個可能的主機位址；Perth 路由器的區域網路分配到 192.168.10.0/26 子網路。
• Sydney 和 Singapore 路由器每一部必須支援 12 部主機，意謂位址的主機部分至少需要 4 個位元，4 個位元將產生 2⁴ - 2 或 14 個可能的主機位址；Sydney 路由器的區域網路分配到 192.168.10.96/28 子網路而 Singapore 路由器的區域網路分配到 192.168.10.112/28 子網路。
• KL 路由器必須支援 28 部主機，意謂位址的主機部分至少需要 5 個位元，5 個位元將產生 2⁵ - 2 或 30 個可能的主機位址；KL 路由器的區域網路分配到 192.168.10.64/27 子網路。

The following are VLSM calculations for the point-to-point connections in Figure :

• Perth to KL

  The connection from Perth to KL requires only two host addresses. That means a minimum of two bits are needed in the host portion of the address. Two bits will yield 2² – 2, or 2 possible host addresses. The Perth to KL connection is assigned the 192.168.10.128/30 subnet.

• Sydney to KL

  The connection from Sydney to KL requires only two host addresses. That means a minimum of two bits are needed in the host portion of the address. Two bits will yield 2² – 2, or 2 possible host addresses. The Sydney to KL connection is assigned the 192.168.10.132/30 subnet.

• Singapore to KL

  The connection from Singapore to KL requires only two host addresses. That means a minimum of two bits are needed in the host portion of the address. Two bits will yield 2² – 2, or 2 possible host addresses. The Singapore to KL connection is assigned the 192.168.10.136/30 subnet.

接下來是圖 裡點對點連接的 VLSM 計算：

• Perth 至 KL

自 Perth 至 KL 的連接只需要兩個主機位址，意謂位址的主機部分至少需要 2 個位元，2 個位元將產生 2² - 2 或 2 個可能的主機位址；Perth 至 KL 的連接分配到 192.168.10.128/30 子網路 。

• Sydney 至 KL

自 Sydney 至 KL 的連接只需要兩個主機位址，意謂位址的主機部分至少需要 2 個位元，2 個位元將產生 2² - 2 或 2 個可能的主機位址；Sydney 至 KL 的連接分配到 192.168.10.132/30 子網路 。

• Singapore 至 KL

自 Singapore 至 KL 的連接只需要兩個主機位址，意謂位址的主機部分至少需要 2 個位元，2 個位元將產生 2² - 2 或 2 個可能的主機位址；Singapore至 KL 的連接分配到 192.168.10.136/30 子網路 。

The following configuration is for the Singapore to KL point-to-point connection:

下面的組態是為了 Singapore 至 KL 的點對點連接：

Singapore(config)#interface serial 0

Singapore(config-if)#ip address 192.168.10.137 255.255.255.252

KualaLumpur(config)#interface serial 1

KualaLumpur(config-if)#ip address 192.168.10.138 255.255.255.252

 
1.2 RIP Version 2 
   
1.2.1 RIP history 
 

RIP is designed to work as an IGP in a moderate-sized AS. It is not intended for use in more complex environments.

RIP 的設計適合在一個中等大小的 AS 做為 IGP，它不是被設計用於更複雜的環境。

RIP v1 is considered a classful IGP.

RIP v1 是一個具級別的 IGP。

1.2.2 RIP v2 features 
 

RIP v2 provides prefix routing, which allows it to send out subnet mask information with the route update. Therefore, RIP v2 supports the use of classless routing.

RIP v2 提供前置碼路由，允許它隨著路由更新送出子網路遮罩的資訊，因此 RIP v2 支援無級別路由的使用。

RIP v2 provides for authentication in its updates. A set of keys can be used on an interface as an authentication check. RIP v2 allows for a choice of the type of authentication to be used in RIP v2 packets. The choice can be either clear text or Message-Digest 5 (MD5) encryption. Clear text is the default. MD5 can be used to authenticate the source of a routing update. MD5 is typically used to encrypt enable secret passwords and it has no known reversal.

RIP v2 在它的更新中提供認證，介面可使用一組金鑰來做認證檢查。RIP v2 允許RIP v2 封包選擇認證類型，認證類型可以是明文或是訊息摘要5 (MD5) 加密，明文是預設值。MD5 可用來認證路由更新的來源，MD5 的典型範例是 enable secret password的加密，它沒有已知的還原方式。

RIP v2 multicasts routing updates using the Class D address 224.0.0.9, which provides for better efficiency.

RIP v2 使用D級位址 224.0.0.9 以群播方式發送路由更新，群播提供了比較好的效率。

1.2.3 Comparing RIP v1 and v2 
 

RIP v2 is an improved version of RIP v1. It has many of the same features of RIP v1. RIP v2 is also a distance vector protocol that uses hop count, holddown timers, and split horizon. Figure compares and contrasts RIP v1 and RIP v2. The TTL field in the IP packet forces the packet to be dropped. When the hop count reaches 15 routers, the network is considered unreachable, and the packet is dropped because the router doesn't have a route to the destination network.

RIP v2 是 RIP v1 的改良版本，它擁有許多跟 RIP v1 相同的特色。RIP v2 也是一個使用躍過路由器個數，限制計時器以及水平分割的距離向量協定。圖 比較並對照了 RIP v1 和 RIP v2。IP 封包中的 TTL 欄位強迫封包被丟棄；當躍過路由器個數到達 15 部路由器時，網路將被認為無法到達，因為路由器沒有通往目的網路的路由，封包將被丟棄。

1.2.4 Configuring RIP v2 
 

The router rip and version 2 commands combined specify RIP v2 as the routing protocol, while the network command identifies a participating attached network.

router rip 和 version 2 命令的結合，指定以 RIP v2 作為路由協定，而 network 命令標識出參與的連接網路。

In this example, the configuration of Router A includes the following:

• router rip – Enables RIP as the routing protocol
• version 2 – Identifies version 2 as the version of RIP being used
• network 172.16.0.0 – Specifies a directly connected network
• network 10.0.0.0 – Specifies a directly connected network

在這個例子中，Router A 的組態設定包含了以下：

• router rip – 啟用 RIP 作為路由協定
• version 2 – 標明以第二版作為使用的RIP版本
• network 172.16.0.0 – 指定一個直接連接的網路
• network 10.0.0.0 – 指定一個直接連接的網路

The interfaces on Router A connected to networks 172.16.0.0 and 10.0.0.0, or their subnets, will send and receive RIP v2 updates. Routers B and C have similar RIP configurations but with different network numbers specified.

Router A 上與 172.16.0.0 和 10.0.0.0，或它們的子網路相連接的介面，將發送及接收 RIP v2 更新。Router B 和 C 擁有類似的 RIP 組態設定，但擁有不同指定的網路編號。

1.2.5 Verifying RIP v2 
 
The show ip protocols command displays values about routing protocols and routing protocol timer information associated with the router. 

show ip protocols 命令顯示有關與器由器結合的路由協定和路由協定計時器資訊的值。

The show ip interface brief command can also be used to list a summary of the information and status of an interface.

show ip interface brief 命令也能用來列出介面的資訊摘要以及其狀態。

The show ip route command displays the contents of the IP routing table.  The routing table contains entries for all known networks and subnetworks, and contains a code that indicates how that information was learned.

show ip route 命令顯示 IP 路由表的內容， 路由表包含所有已知網路和子網路的記錄，並且包含一個顯示資訊是如何學習而來的代碼。

1.2.6 Troubleshooting RIP v2 
 

Use the debug ip rip command to display RIP routing updates as they are sent and received. The no debug all or undebug all commands will turn off all debugging.

用 debug ip rip 命令能在 RIP 路由更新被發送或接收的時候顯示出來，no debug all 或 undebug all 命令會關閉全部開啟的除錯。

The example shows that the router being debugged has received updates from one router at source address 10.1.1.2. The router at source address 10.1.1.2 sent information about two destinations in the routing table update. The router being debugged also sent updates, in both cases to the multicast address 224.0.0.9 as the destination. The number in parentheses is the source address encapsulated into the IP header.

這個例子展示正在 debug 的路由器，從一部位於來源位址 10.1.1.2 的路由器接收到更新。 來源位址是 10.1.1.2 的路由器在路由表更新中發送了關於兩個目的地的資訊，正在 debug 的路由器也發送更新；二者都是以群播位址 224.0.0.9 為目的地，括弧中的數字是被封裝在IP標頭中的來源位址。

1.2.7 Default routes 
 

In Figure , the static route is indicated by the following command:

在圖 中，靜態路由以下列命令指定：

Router(config)#ip route 172.16.1.0 255.255.255.0 17.16.2.1

The ip default-network command establishes a default route in networks using dynamic routing protocols:

ip default-network 命令利用動態路由協定，在網路中建立一條預設路由：

Router(config)#ip default-network 192.168.20.0

In Figure , Hong Kong 2 and Hong Kong 3 would use Hong Kong 4 as the default gateway. Hong Kong 4 would use interface 192.168.19.2 as its default gateway. Hong Kong 1 would route packets to the Internet for all internal hosts. To allow Hong Kong 1 to route these packets it is necessary to configure a default route as:

在圖 中，Hong Kong 2 和 Hong Kong 3 必須以 Hong Kong 4 做為預設閘道，Hong Kong 4 必須以介面 192.168.19.2 做為它的預設閘道。Hong Kong 1 將為所有的內部主機的封包路由至 Internet，要讓 Hong Kong 1 能路由這些封包，需要設定預設路由如下：

HongKong1(config)#ip route 0.0.0.0 0.0.0.0 s0/0

The zeros in the IP address and mask portions of the command represent any destination network with any mask. Default routes are referred to as quad zero routes. In the diagram, the only way Hong Kong 1 can go to the Internet is through interface s0/0.

命令裡IP位址和遮罩的 0 表示任何帶有任何網路遮罩的目的網路，預設路由又稱為四個 0 的路由，在圖中，Hong Kong 1能通往 Internet 的唯一通路是經由 s0/0 介面。