NightFox Logo

NightFox

?

Networking

One of the areas I have a lot of interest in, and have always been interested in, is networking. It's always been fascinating moving packets around from Point A to Point B. In this section of my site, I hope to document some networking things I have learned over the years.

I work a lot with Cisco equipment, although my preference for it has been changing. One of the deciding factors is because Cisco has changed a lot of how IOS works and is licensed to try and smother out the secondary resale market. It's a joke the amount of effort they put into licensing. Anyways, I digress.

IPv4 (aka "Legacy IP", aka "IP")

When it comes to IP, there is a lot of helpful information out there, but there is something you need to know and I'm going to be blunt about it: IPv4 is really legacy IP. You should be deploying IPv6-first and using IPv4 secondary. Anyways, I'll cover more of that later. For now, let's talk IPv4.

Subnetting and CIDR

One of the fundamental concepts of IPv4 networking is subnetting and CIDR (Classless Inter-Domain Routing). These allow you to efficiently allocate IP addresses and manage routing tables. Here's a quick breakdown:

  • Subnetting: Divides an IP network into smaller segments (subnets). This helps optimize IP usage, isolate traffic, and improve security.
  • CIDR: Replaces the old class-based system and allows for more flexible subnetting using variable-length subnet masks (e.g., /24, /26).

For example, a /24 subnet contains 256 IP addresses (254 usable). By using smaller subnets, such as /28, you can allocate smaller ranges for specific needs while conserving space.

IPv4 Address Exhaustion

As of today, all Regional Internet Registries (RIRs) have exhausted their available pool of IPv4 addresses. This has led to a significant increase in IPv4 address costs on the secondary market. While Network Address Translation (NAT) has helped prolong IPv4 usage, it introduces complexities and limitations, particularly for peer-to-peer applications.

This is why adopting IPv6 is critical, but we'll get into that shortly.

IPv6 (aka "Modern IP")

IPv6 was designed to solve the problems inherent in IPv4, such as address exhaustion. With its 128-bit address space, IPv6 provides 340 undecillion (3.4 × 1038) unique addresses. But IPv6 isn't just about more addresses; it's about simplifying and modernizing networking.

Advantages of IPv6

  • Address Space: Virtually unlimited addresses mean no need for NAT, making end-to-end connectivity simpler.
  • Built-In Security: IPv6 was designed with IPsec support for better security integration.
  • Simplified Header: IPv6 headers are more efficient, reducing overhead for routers and improving performance.
  • Better Multicast: IPv6 enhances multicast capabilities, improving performance for streaming and VoIP applications.

Deploying IPv6

When deploying IPv6, the biggest hurdle is often compatibility. Many legacy systems and applications may not fully support it. However, modern operating systems, networking equipment, and even most hosting platforms are IPv6-ready.

If you're planning a new network, consider the following best practices:

  • Deploy dual-stack configurations to ensure IPv4 and IPv6 coexistence during the transition.
  • Prioritize IPv6 for new services, with IPv4 as a fallback.
  • Familiarize yourself with IPv6 addressing, such as link-local addresses and global unicast addresses.

Networking Tools

Over the years, I've used numerous tools to troubleshoot and manage networks. Here are a few of my go-to tools:

  • Wireshark: For packet capture and analysis, essential for diagnosing network issues.
  • nmap: A powerful network scanner for mapping and auditing networks.
  • IPerf: For measuring network performance and bandwidth.
  • Ping and Traceroute: Basic but invaluable tools for testing connectivity and diagnosing routing issues.
  • NetFlow/SFlow: For monitoring and analyzing traffic patterns in enterprise networks.

Networking Projects

In addition to managing and configuring networks, I’ve worked on a variety of projects. Some notable examples include:

  • Building an RBL system for detecting and blocking spam sources.
  • Designing a secure proxy system for IPMI access in data centers.
  • Implementing BGP configurations to handle multi-homed ISP connections.

These projects have taught me invaluable lessons in scalability, security, and the ever-changing landscape of network protocols.

Stay tuned for more updates as I document my ongoing networking journey!