Reverse Attack of CIDR and NAT separation (1)
Due to the initial design, IPv4 only has 32 characters, so only about 4 billion addresses are provided. This causes the IPv4 address depletion crisis. Subsequently, IPv6 is designed and enough IP addresses are available. However, IPv4 is not compatible with IPv6, and it is not easy to migrate IPv4 to IPv6. Some technologies, such as the CIDR and NAT mentioned here, are successively promoted. These technologies can alleviate the scarcity of IPv4 and achieve a temporary Counterattack of IPv4.
CIDR
CIDR (Classless Inter Domain Routing) improves the traditional IPv4 address classification. In traditional IP Classification, IP addresses are directly mapped to the default category, thus dividing the Internet into networks. CIDR adds a subnet mask (subnet masking) to the routing table to further segment the network. With CIDR, We can flexibly allocate IP addresses in a certain range to a network.
1) ip address classification
In the IP race, I mentioned that IP addresses can be divided into the following categories:
IP class From To Subnet Mask
A 1.0.0.0 126.255.255.255 255.0.0.0
B 128.0.0.0 191.255.255.255 255.255.0.0
C 192.0.0.0 223.255.255.255 255.255.255.0
This is the original IPv4 address classification design. An IPv4 address has a total of 32 bits. It can be divided into two parts: network and host. The subnet mask (subnet mask) is used to indicate which bits represent the network part. For example, the binary representation of subnet mask 255.0.0.0 is as follows:
11111111 00000000 00000000 00000000
The first eight bits are 1, so the first eight bits of the IP address are the network part. The next 24-bit represents each host of the network. A Class A network can have 224 hosts, that is, 16777216. Because the IPv4 address has already been divided into classes, when we get an IP address, we can find its subnet mask through the above. (B, 216; C, 28)
2) traditional route table
IP Classification facilitates the transmission of IP packets. When an IP packet arrives at a vro, it determines the next stop based on the route table of the vrout. A traditional route table looks like this:
Destination Gateway Iface
199.165.145.0 0.0.0.0 eth0
199.165.146.0 0.0.0.0 eth1
0.0.0.0 199.165.146.8 eth1
The route table represents the following network topology:
Because of IP Classification, we do not need to record subnet mask. When we want to go to 199.165.146.17, we already know that this host is located in a class C address, so its subnet mask is 255.255.255.0, that is, 199.165.146 represents the network, and 17 represents the host.
3) CIDR route table
However, due to the default classification, the network can only exist in A, B, and C modes. If A network (such as the MIT network) is assigned A Class A address, the network will allow 16777216 hosts. If the network cannot use these IP addresses, these IP addresses cannot be used by other networks. For example, 199.165.145 must exist as a whole network. If we only have 10 hosts, more than 200 IP addresses will be wasted. The essence of CIDR is to add A subnet mask to the routing table and divide the network based on the column information, rather than the default A, B, and C. For example:
Destination Gateway Genmask Iface
199.165.145.254 0.0.0.0 255.255.255.254 eth2
199.165.145.0 0.0.0.0 255.255.255.0 eth0
199.165.146.0 0.0.0.0 255.255.255.0 eth1
0.0.0.0 199.165.146.8 0.0.0.0 eth1
According to the first record of the route table,
199.165.145.254 (IP address): 11000111 10100101 10010001 11111110
2017100000000254 (subnet mask): 11111111 11111111 11111111 11111110 (31 0)
The subnet mask shows that the first 31 bits represent the network, and the last bits represent the host. The subnet mask is always composed of multiple consecutive ones, such as the 31 above. Therefore, it can be recorded as 199.165.145.254/31 to indicate both the IP address and subnet mask.
Vro Splits a part of the original 199.165.145 network. This network can accommodate two computers, namely 199.165.145.254 and 199.165.145.255. The network adapter for this network is eth2. When an IP packet is directed to these two IP addresses, it will go to eth2 instead of eth0.
The network topology is as follows:
With CIDR, we can split the IP addresses as needed, so as not to waste IP addresses.