Table Of Contents
Assigning IP Addresses to Network Interfaces
Assigning Multiple IP Addresses to Network Interfaces
Disabling Classless Routing Behavior
Enabling IP Processing on a Serial Interface
Configuring Address Resolution Methods
Establishing Address Resolution
Configuring Local-Area Mobility
Mapping Host Names to IP Addresses
Assigning Host Names to IP Addresses
Using the DNS to Discover ISO CLNS Addresses
Configuring HP Probe Proxy Name Requests
Configuring the Next Hop Resolution Protocol
Configuring a Static IP-to-NBMA Address Mapping for a Station
Statically Configuring a Next Hop Server
Configuring NHRP Authentication
Controlling the Triggering of NHRP
Triggering NHRP Based on Traffic Thresholds
Controlling the NHRP Packet Rate
Suppressing Forward and Reverse Record Options
Specifying the NHRP Responder Address
Changing the Time Period NBMA Addresses Are Advertised as Valid
Configuring a GRE Tunnel for Multipoint Operation
Configuring NHRP Server-Only Mode
Routing Assistance When IP Routing Is Disabled
ICMP Router Discovery Protocol
Enabling Integrated Routing and Bridging
Configuring Broadcast Packet Handling
Enabling Directed Broadcast-to-Physical Broadcast Translation
Forwarding UDP Broadcast Packets and Protocols
Establishing an IP Broadcast Address
Forwarding DHCP Broadcasts to Spanning-Tree Interfaces
Speeding Up Flooding of UDP Datagrams
Configuring Network Address Translation
Translating Inside Source Addresses
Configuring Static Translation
Configuring Dynamic Translation
Overloading an Inside Global Address
Translating Overlapping Addresses
Configuring Static Translation
Configuring Dynamic Translation
Providing TCP Load Distribution
Monitoring and Maintaining NAT
Monitoring and Maintaining IP Addressing
Clearing Caches, Tables, and Databases
Specifying the Format of Network Masks
Displaying System and Network Statistics
Monitoring and Maintaining NHRP
Creating a Network from Separated Subnets Example
Serial Interfaces Configuration Example
HP Hosts on a Network Segment Example
Changing the Rate for Triggering SVCs Example
Applying NHRP Rates to Specific Destinations Example
NHRP on a Multipoint Tunnel Example
Flooding of IP Broadcasts Example
Dynamic Inside Source Translation Example
Overloading Inside Global Addresses Example
Translating Overlapping Address Example
Configuring IP Addressing
This chapter describes how to configure IP addressing. For a complete description of the IP addressing commands in this chapter, refer to the "IP Addressing Commands" chapter of the Cisco IOS IP and IP Routing Command Reference publication. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
IP Addressing Task List
A basic and required task for configuring IP is to assign IP addresses to network interfaces. Doing so enables the interfaces and allows communication with hosts on those interfaces using IP. Associated with this task are decisions about subnetting and masking the IP addresses.
To configure various IP addressing features, perform the tasks in the following sections. The first task is required; the remaining are optional.
•
Assigning IP Addresses to Network Interfaces (Required)
•
•
•
•
•
•
•
•
At the end of this chapter, the examples in the "IP Addressing Examples" section illustrate how you might establish IP addressing in your network.
Assigning IP Addresses to Network Interfaces
An IP address identifies a location to which IP datagrams can be sent. Some IP addresses are reserved for special uses and cannot be used for host, subnet, or network addresses. Table 3 lists ranges of IP addresses, and shows which addresses are reserved and which are available for use.
The official description of IP addresses is found in RFC 1166, Internet Numbers.
To receive an assigned network number, contact your Internet service provider.
An interface can have one primary IP address. To assign a primary IP address and a network mask to a network interface, use the following command in interface configuration mode:
A mask identifies the bits that denote the network number in an IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask.
Note
The tasks to enable or disable additional, optional, IP addressing features are contained in the following sections:
•
•
•
Assigning Multiple IP Addresses to Network Interfaces
The software supports multiple IP addresses per interface. You can specify an unlimited number of secondary addresses. Secondary IP addresses can be used in a variety of situations. The following are the most common applications:
•
•
•
Note
To assign multiple IP addresses to network interfaces, use the following command in interface configuration mode:
ip address ip-address mask secondary
Assign multiple IP addresses to network interfaces.
Note
See the "Creating a Network from Separated Subnets Example" section at the end of this chapter for an example of creating a network from separated subnets.
Enabling Use of Subnet Zero
Subnetting with a subnet address of zero is illegal and strongly discouraged (as stated in RFC 791) because of the confusion that can arise between a network and a subnet that have the same addresses. For example, if network 131.108.0.0 is subnetted as 255.255.255.0, subnet zero would be written as 131.108.0.0—which is identical to the network address.
You can use the all zeros and all ones subnet (131.108.255.0), even though it is discouraged. Configuring interfaces for the all ones subnet is explicitly allowed. However, if you need the entire subnet space for your IP address, use the following command in global configuration mode to enable subnet zero:
ip subnet-zero
Enable the use of subnet zero for interface addresses and routing updates.
Disabling Classless Routing Behavior
By default, classless routing behavior is enabled on the router. When classless routing is in effect, if a router receives packets destined for a subnet of a network that has no network default route, the router forwards the packet to the best supernet route.
In Figure 1, classless routing is enabled in the router. Therefore, when the host sends a packet to 128.20.4.1, instead of discarding the packet, the router forwards the packet to the best supernet route.
Figure 1 IP Classless Routing
If you disable classless routing, and a router receives packets destined for a subnet of a network that has no network default route, the router discards the packet. Figure 2 shows a router in network 128.20.0.0 connected to subnets 128.20.1.0, 128.20.2.0, and 128.20.3.0. Suppose the host sends a packet to 128.20.4.1. Because there is no network default route, the router discards the packet.
Figure 2 No IP Classless Routing
To prevent the Cisco IOS software from forwarding packets destined for unrecognized subnets to the best supernet route possible, use the following command in global configuration mode:
Enabling IP Processing on a Serial Interface
You might want to enable IP processing on a serial or tunnel interface without assigning an explicit IP address to the interface. Whenever the unnumbered interface generates a packet (for example, for a routing update), it uses the address of the interface you specified as the source address of the IP packet. It also uses the specified interface address in determining which routing processes are sending updates over the unnumbered interface. Restrictions are as follows:
•
•
•
•
If you are configuring Intermediate System-to-Intermediate System (IS-IS) across a serial line, you should configure the serial interfaces as unnumbered, which allows you to conform with RFC 1195, which states that IP addresses are not required on each interface.
Note
To enable IP processing on an unnumbered serial interface, use the following command in interface configuration mode:
ip unnumbered type number
Enable IP processing on a serial or tunnel interface without assigning an explicit IP address to the interface.
The interface you specify must be the name of another interface in the router that has an IP address, not another unnumbered interface.
The interface you specify also must be enabled (listed as "up" in the show interfaces command display).
See the "Serial Interfaces Configuration Example" section at the end of this chapter for an example of how to configure serial interfaces.
Configuring Address Resolution Methods
Our IP implementation allows you to control interface-specific handling of IP addresses by facilitating address resolution, name services, and other functions. The following sections describe how to configure address resolution methods:
•
•
•
•
Establishing Address Resolution
A device in the IP can have both a local address (which uniquely identifies the device on its local segment or LAN) and a network address (which identifies the network to which the device belongs). The local address is more properly known as a data link address because it is contained in the data link layer (Layer 2 of the OSI model) part of the packet header and is read by data-link devices (bridges and all device interfaces, for example). The more technically inclined person will refer to local addresses as MAC addresses, because the Media Access Control (MAC) sublayer within the data link layer processes addresses for the layer.
To communicate with a device on Ethernet, for example, the Cisco IOS software first must determine the 48-bit MAC or local data-link address of that device. The process of determining the local data link address from an IP address is called address resolution. The process of determining the IP address from a local data-link address is called reverse address resolution.
The software uses three forms of address resolution: Address Resolution Protocol (ARP), proxy ARP, and Probe (similar to ARP). The software also uses the Reverse Address Resolution Protocol (RARP). ARP, proxy ARP, and RARP are defined in RFCs 826, 1027, and 903, respectively. Probe is a protocol developed by the Hewlett-Packard Company (HP) for use on IEEE-802.3 networks.
ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated media address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network. Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol (SNAP).
RARP works the same way as ARP, except that the RARP request packet requests an IP address instead of a local data-link address. Use of RARP requires a RARP server on the same network segment as the router interface. RARP often is used by diskless nodes that do not know their IP addresses when they boot. The Cisco IOS software attempts to use RARP if it does not know the IP address of an interface at startup. Also, our routers are able to act as RARP servers by responding to RARP requests that they are able to answer. See the "Configure Additional File Transfer Functions" chapter in the Cisco IOS Configuration Fundamentals Configuration Guide to learn how to configure a router as a RARP server.
The tasks required to set address resolution are contained in the following sections:
•
The procedures for performing these tasks are described in the following sections.
Defining a Static ARP Cache
ARP and other address resolution protocols provide a dynamic mapping between IP addresses and media addresses. Because most hosts support dynamic address resolution, you generally do not need to specify static ARP cache entries. If you must define them, you can do so globally. Doing this task installs a permanent entry in the ARP cache. The Cisco IOS software uses this entry to translate 32-bit IP addresses into 48-bit hardware addresses.
Optionally, you can specify that the software respond to ARP requests as if it was the owner of the specified IP address. In case you do not want the ARP entries to be permanent, you have the option of specifying an ARP entry timeout period when you define ARP entries.
The following two tables list the tasks to provide static mapping between IP addresses and media address.
Use either of the following commands in global configuration mode:
Use the following command in interface configuration mode:
arp timeout seconds
Set the length of time an ARP cache entry will stay in the cache.
To display the type of ARP being used on a particular interface and also display the ARP timeout value, use the show interfaces EXEC command. Use the show arp EXEC command to examine the contents of the ARP cache. Use the show ip arp EXEC command to show IP entries. To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command.
Setting ARP Encapsulations
By default, standard Ethernet-style ARP encapsulation (represented by the arpa keyword) is enabled on the IP interface. You can change this encapsulation method to SNAP or HP Probe, as required by your network, to control the interface-specific handling of IP address resolution into
48-bit Ethernet hardware addresses.When you set HP Probe encapsulation, the Cisco IOS software uses the Probe protocol whenever it attempts to resolve an IEEE-802.3 or Ethernet local data-link address. The subset of Probe that performs address resolution is called Virtual Address Request and Reply. Using Probe, the router can communicate transparently with Hewlett-Packard IEEE-802.3 hosts that use this type of data encapsulation. You must explicitly configure all interfaces for Probe that will use Probe.
To specify the ARP encapsulation type, use the following command in interface configuration mode:
arp {arpa | probe | snap}
Specify one of three ARP encapsulation methods for a specified interface.
Enabling Proxy ARP
The Cisco IOS software uses proxy ARP (as defined in RFC 1027) to help hosts with no knowledge of routing determine the media addresses of hosts on other networks or subnets. For example, if the router receives an ARP request for a host that is not on the same interface as the ARP request sender, and if the router has all of its routes to that host through other interfaces, then it generates a proxy ARP reply packet giving its own local data-link address. The host that sent the ARP request then sends its packets to the router, which forwards them to the intended host. Proxy ARP is enabled by default.
To enable proxy ARP if it has been disabled, use the following command in interface configuration mode (as necessary) for your network:
Configuring Local-Area Mobility
Local-area mobility provides the ability to relocate IP hosts within a limited area without reassigning host IP addresses and without changes to the host software. Local-area mobility is supported on Ethernet, Token Ring, and FDDI interfaces only.
To create a mobility area with only one router, use the following commands:
Step 1
interface type number
Enter interface configuration mode.
Step 2
ip mobile arp [timers keepalive hold-time] [access-group access-list-number | name]
Enable local-area mobility.
To create larger mobility areas, you must first redistribute the mobile routes into your Interior Gateway Protocol (IGP). The IGP must support host routes. You can use Enhanced IGRP, OSPF, IS-IS, or RIPv2. To redistribute the mobile routes into your existing IGP configuration, use the following commands:
Mobile routes will always be preferred over a subnet boundary or summarized route because they are more specific. It is important to ensure that configured or redistributed static routes do not include any host routes for the potentially mobile hosts; otherwise, a longest match could come up with two routes and cause ambiguity. Mobile routes will be seen as external routes to the configured routing protocol, even within a summarization area; therefore, they will not be properly summarized by default. This is the case even when these routes are advertised at a summarization boundary, if mobile hosts are not on their home subnet.
Mapping Host Names to IP Addresses
Each unique IP address can have a host name associated with it. The Cisco IOS software maintains a cache of host name-to-address mappings for use by the EXEC connect, telnet, ping, and related Telnet support operations. This cache speeds the process of converting names to addresses.
IP defines a naming scheme that allows a device to be identified by its location in the IP. This is a hierarchical naming scheme that provides for domains. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco is a commercial organization that the IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the File Transfer Protocol (FTP) system for example, is identified as ftp.cisco.com.
To keep track of domain names, IP has defined the concept of a name server, whose job is to hold a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names, then specify a name server, and enable the Domain Naming System (DNS), the global naming scheme of the Internet that uniquely identifies network devices. These tasks are described in the following sections:
•
•
Assigning Host Names to IP Addresses
The Cisco IOS software maintains a table of host names and their corresponding addresses, also called a host name-to-address mapping. Higher-layer protocols such as Telnet use host names to identify network devices (hosts). The router and other network devices must be able to associate host names with IP addresses to communicate with other IP devices. Host names and IP addresses can be associated with one another through static or dynamic means.
Manually assigning host names to addresses is useful when dynamic mapping is not available.
To assign host names to addresses, use the following command in global configuration mode:
ip host name [tcp-port-number] address1 [address2...address8]
Statically associate host names with IP addresses.
Specifying the Domain Name
You can specify a default domain name that the Cisco IOS software will use to complete domain name requests. You can specify either a single domain name or a list of domain names. Any IP host name that does not contain a domain name will have the domain name you specify appended to it before being added to the host table.
To specify a domain name or names, use either of the following commands in global configuration mode:
See the "IP Domains Example" section at the end of this chapter for an example of establishing IP domains.
Specifying a Name Server
To specify one or more hosts (up to six) that can function as a name server to supply name information for the DNS, use the following command in global configuration mode:
ip name-server server-address1 [server-address2...server-address6]
Specify one or more hosts that supply name information.
Enabling the DNS
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The global naming scheme of the Internet, the DNS, accomplishes this task. This service is enabled by default.
If the DNS has been disabled, you can reenable it by using the following command in global configuration mode:
See the "Dynamic Lookup Example" section at the end of this chapter for an example of enabling the DNS.
Using the DNS to Discover ISO CLNS Addresses
If your router has both IP and ISO Connectionless Network Service (ISO CLNS) enabled and you want to use ISO CLNS network service access point (NSAP) addresses, you can use the DNS to query these addresses, as documented in RFC 1348. This feature is enabled by default.
To disable DNS queries for ISO CLNS addresses, use the following command in global configuration mode:
Configuring HP Probe Proxy Name Requests
HP Probe Proxy support allows the Cisco IOS software to respond to HP Probe Proxy name requests. These requests are typically used at sites that have Hewlett-Packard equipment and are already using HP Probe Proxy. Tasks associated with HP Probe Proxy are shown in the following two tables.
To configure HP Probe Proxy, use the following command in interface configuration mode:
ip probe proxy
Allow the Cisco IOS software to respond to HP Probe Proxy name requests.
To configure HP Probe Proxy, use the following command in global configuration mode:
ip hp-host hostname ip-address
Enter the host name of an HP host (for which the router is acting as a proxy) into the host table.
See the "HP Hosts on a Network Segment Example" section at the end of this chapter for an example of configuring HP hosts on a network segment.
Configuring the Next Hop Resolution Protocol
Routers, access servers, and hosts can use Next Hop Resolution Protocol (NHRP) to discover the addresses of other routers and hosts connected to a nonbroadcast multiaccess (NBMA) network. Partially meshed NBMA networks are typically configured with multiple logical networks to provide full network layer connectivity. In such configurations, packets might make several hops over the NBMA network before arriving at the exit router (the router nearest the destination network). In addition, such NBMA networks (whether partially or fully meshed) typically require tedious static configurations. These static configurations provide the mapping between network layer addresses (such as IP) and NBMA addresses (such as E.164 addresses for Switched Multimegabit Data Service, or SMDS).
NHRP provides an ARP-like solution that alleviates these NBMA network problems. With NHRP, systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network, allowing these systems to directly communicate without requiring traffic to use an intermediate hop.
The NBMA network is considered nonbroadcast either because it technically does not support broadcasting (for example, an X.25 network) or because broadcasting is too expensive (for example, an SMDS broadcast group that would otherwise be too large).
Cisco Implementation of NHRP
The Cisco implementation of NHRP supports the IETF draft version 11 of NBMA Next Hop Resolution Protocol (NHRP).
The Cisco implementation of NHRP supports IP Version 4, Internet Packet Exchange (IPX) network layers, and, at the link layer, ATM, Ethernet, SMDS, and multipoint tunnel networks. Although NHRP is available on Ethernet, it is not necessary to implement NHRP over Ethernet media because Ethernet is capable of broadcasting. Ethernet support is unnecessary (and not provided) for IPX.
Figure 3 illustrates four routers connected to an NBMA network. Within the network are ATM or SMDS switches necessary for the routers to communicate with each other. Assume that the switches have virtual circuit connections represented by hops 1, 2, and 3 of the figure. When Router A attempts to forward an IP packet from the source host to the destination host, NHRP is triggered. On behalf of the source host, Router A sends an NHRP request packet encapsulated in an IP packet, which takes three hops across the network to reach Router D, connected to the destination host. After receiving a positive NHRP reply, Router D is determined to be the "NBMA next hop," and Router A sends subsequent IP packets for the destination to Router D in one hop.
Figure 3 Next Hop Resolution Protocol
With NHRP, once the NBMA next hop is determined, the source either starts sending data packets to the destination (in a connectionless NBMA network such as SMDS) or establishes a virtual circuit connection to the destination with the desired bandwidth and quality of service (QoS) characteristics (in a connection-oriented NBMA network such as ATM).
Other address resolution methods can be used while NHRP is deployed. IP hosts that rely upon the Logical IP Subnet (LIS) model might require ARP servers and services over NBMA networks, and deployed hosts might not implement NHRP, but might continue to support ARP variations. NHRP is designed to eliminate the suboptimal routing that results from the LIS model, and can be deployed with existing ARP services without interfering with them.
NHRP is used to facilitate building a virtual private network. In this context, a virtual private network consists of a virtual Layer 3 network that is built on top of an actual Layer 3 network. The topology you use over the virtual private network is largely independent of the underlying network, and the protocols you run over it are completely independent of it.
Connected to the NBMA network are one or more stations that implement NHRP, and are known as Next Hop Servers. All routers running Release 10.3 or later can implement NHRP and, thus, can act as Next Hop Servers.
Each Next Hop Server serves a set of destination hosts, which might be directly connected to the NBMA network. Next Hop Servers cooperatively resolve the NBMA next hop addresses within their NBMA network. In addition to NHRP, Next Hop Servers typically participate in protocols used to disseminate routing information across (and beyond the boundaries of) the NBMA network, and might support ARP service.
A Next Hop Server maintains a "next-hop resolution" cache, which is a table of network layer address to NBMA address mappings. The table is created from information gleaned from NHRP register packets extracted from NHRP request or reply packets that traverse the Next Hop Server as they are forwarded, or through other means such as ARP and preconfigured tables.
Protocol Operation
NHRP requests traverse one or more hops within an NBMA subnetwork before reaching the station that is expected to generate a response. Each station (including the source station) chooses a neighboring Next Hop Server to forward the request to. The Next Hop Server selection procedure typically involves performing a routing decision based upon the network layer destination address of the NHRP request. Ignoring error situations, the NHRP request eventually arrives at a station that generates an NHRP reply. This responding station either serves the destination, is the destination itself, or is a client that specified it should receive NHRP requests when it registered with its server. The responding station generates a reply using the source address from within the NHRP packet to determine where the reply should be sent.
NHRP Configuration Task List
To configure NHRP, perform the tasks described in the following sections. The first task is required, the remainder are optional.
•
•
•
•
•
•
•
•
•
•
•
•
Enabling NHRP on an Interface
To enable NHRP for an interface on a router, use the following command in interface configuration mode. In general, all NHRP stations within a logical NBMA network must be configured with the same network identifier.
See the "Logical NBMA Example" section and the "NHRP over ATM Example" section at the end of this chapter for examples of enabling NHRP.
Configuring a Static IP-to-NBMA Address Mapping for a Station
To participate in NHRP, a station connected to an NBMA network should be configured with the IP and NBMA addresses of its Next Hop Server(s). The format of the NBMA address depends on the medium you are using. For example, ATM uses an NSAP address, Ethernet uses a MAC address, and SMDS uses an E.164 address.
These Next Hop Servers may also be the default or peer routers of the station, so their addresses can be obtained from the network layer forwarding table of the station.
If the station is attached to several link layer networks (including logical NBMA networks), the station should also be configured to receive routing information from its Next Hop Server(s) and peer routers so that it can determine which IP networks are reachable through which link layer networks.
To configure static IP-to-NBMA address mapping on a station (host or router), use the following command in interface configuration mode:
Statically Configuring a Next Hop Server
A Next Hop Server normally uses the network layer forwarding table to determine where to forward NHRP packets, and to find the egress point from an NBMA network. A Next Hop Server may alternately be statically configured with a set of IP address prefixes that correspond to the IP addresses of the stations it serves, and their logical NBMA network identifiers.
To statically configure a Next Hop Server, use the following command in interface configuration mode:
ip nhrp nhs nhs-address [net-address [netmask]]
Statically configure a Next Hop Server.
To configure multiple networks that the Next Hop Server serves, repeat the ip nhrp nhs command with the same Next Hop Server address, but different IP network addresses. To configure additional Next Hop Servers, repeat the ip nhrp nhs command.
Configuring NHRP Authentication
Configuring an authentication string ensures that only routers configured with the same string can intercommunicate using NHRP. Therefore, if the authentication scheme is to be used, the same string must be configured in all devices configured for NHRP on a fabric. To specify the authentication string for NHRP on an interface, use the following command in interface configuration mode:
Controlling the Triggering of NHRP
On any platform, there are two ways to control when NHRP is triggered:
•
•
These methods are described in this section.
Triggering NHRP by IP Packets
You can specify an IP access list that is used to decide which IP packets can trigger the sending of NHRP requests. By default, all non-NHRP packets trigger NHRP requests. To limit which IP packets trigger NHRP requests, define an access list and then apply it to the interface.
To define an access list, use one of the following commands in global configuration mode:
Then apply the IP access list to the interface by using the following command in interface configuration mode:
ip nhrp interest access-list-number
Specify an IP access list that controls NHRP requests.
Triggering NHRP on a per-Destination Basis
By default, when the software attempts to send a data packet to a destination for which it has determined that NHRP can be used, it sends a NHRP request for that destination. To configure the system to wait until a specified number of data packets have been sent to a particular destination before NHRP is attempted, use the following command in interface configuration mode:
ip nhrp use usage-count
Specify how many data packets are sent to a destination before NHRP is attempted.
Triggering NHRP Based on Traffic Thresholds
There are two enhancements to NHRP when it is running with BGP over ATM media:
•
•
Prior to Cisco IOS Release 12.0, a single packet could trigger an SVC. Now you can configure the traffic rate that must be reached before NHRP sets up or tears down an SVC. Because SVCs are created only for burst traffic, you can conserve resources.
In the prior implementation of NHRP, by default, any non-NHRP packet triggered an NHRP request and set up an SVC. There were two ways to control the triggering of NHRP packets, which initiated a shortcut to the destination. One way was to create an access list, and the other way was to specify how many data packets would be sent to a destination before NHRP was attempted.
Initiating an NHRP request and creating an SVC immediately upon receiving any packet did not scale to large networks. Furthermore, initiating an NHRP request and SVC based on a configured number of packets was not a sufficient measurement for controlling SVCs. A more precise traffic measurement was needed for SVC creation and deletion.
Restrictions
Cisco IOS releases prior to Release 12.0 implemented NHRP draft version 4. Cisco IOS Release 12.0 implements NHRP draft version 11. These versions are not compatible. Therefore, all routers running NHRP in a network must run the same version of NHRP in order to communicate with each other. All routers must run Cisco IOS Release 12.0 or else all routers must run a release prior to Release 12.0, but not a combination of the two.
The enhancements have the following additional restrictions:
•
•
•
Prerequisites
Before you configure the feature whereby NHRP initiation is based on traffic rate, the router must have the following:
•
•
•
If you have CEF switching or dCEF switching and you want NHRP to work (whether with default values or changed values), the ip cef accounting non-recursive command must be configured.
Configuration Task List
This section describes the following tasks to configure the NHRP triggering and teardown of SVCs based on traffic rate:
•
•
Changing the Rate for Triggering SVCs
When NHRP runs with Border Gateway Protocol (BGP) over ATM media, there is an additional way to control the triggering of NHRP packets. This method consists of SVCs being initiated based on the input traffic rate to a given BGP next hop.
When BGP discovers a BGP next hop and enters this BGP route into the routing table, an NHRP request is sent to the BGP next hop. When an NHRP reply is received, a subsequent entry is put in the NHRP cache that directly corresponds to the BGP next hop.
This entry expires in 2 hours, by default. A new NHRP request is sent to the same BGP next hop to repopulate the NHRP cache. When an NHRP cache entry is generated, a subsequent ATM map statement to the same BGP next hop is also created.
Aggregate traffic to each BGP next hop is measured and monitored. Once the aggregate traffic has met or exceeded the configured trigger rate, NHRP creates an ATM SVC and sends traffic directly to that destination router. The router tears down the SVC to the specified destination(s) when the aggregate traffic rate falls to or below the configured teardown rate.
By default, NHRP will set up an SVC for a destination when aggregate traffic for that destination is more than 1 kbps over a running average of 30 seconds. Similarly, NHRP will tear down the SVC when the traffic for that destination drops to 0 kbps over a running average of 30 seconds. There are several ways to change the rate at which SVC set or teardown occurs. You can change the number of kilobits per second thresholds, or the load interval, or both.
To change the number of kilobits per second at which NHRP sets up or tears down the SVC to this destination, use the following command in interface configuration mode:
ip nhrp trigger-svc trigger-threshold teardown-threshold
Change the point at which NHRP sets up or tears down SVCs.
You can change the sampling time period; that is, you can change the length of time over which the average trigger rate or teardown rate is calculated. By default, the period is 30 seconds; the range is 30 to 300 seconds in 30-second increments. This period is for calculations of aggregate traffic rate internal to Cisco IOS software only, and it represents a worst case time period for taking action. In some cases, the software will act sooner, depending on the ramp-up and fall-off rate of the traffic.
To change the sampling time period during which threshold rates are averaged, use the following command in global configuration mode:
ip cef traffic-statistics [load-interval seconds]
Change the length of time in a sampling period during which trigger and teardown thresholds are averaged.
If your Cisco hardware has a VIP2 adapter, you must perform the following task. By default, the port adapter sends the traffic statistics to the RP every 10 seconds. If you are using NHRP in distributed CEF switching mode, you must change this update rate to 5 seconds. To do so, use the following command in global configuration mode:
ip cef traffic-statistics [update-rate seconds]
Change the rate at which the Port Adapter sends traffic statistics to the RP.
Applying the Rates to Specific Destinations
By default, all destinations are measured and monitored for NHRP triggering. However, you can choose to impose the triggering and teardown rates on certain destinations. To do so, use the following commands beginning in global configuration mode:
For an example of setting the load interval, see the section "Changing the Rate for Triggering SVCs Example" at the end of this chapter. For an example of applying rates to destinations, see the section "Applying NHRP Rates to Specific Destinations Example" at the end of this chapter.
Controlling the NHRP Packet Rate
By default, the maximum rate at which the software sends NHRP packets is 5 packets per 10 seconds. The software maintains a per interface quota of NHRP packets (whether generated locally or forwarded) that can be sent. To change this maximum rate, use the following command in interface configuration mode:
ip nhrp max-send pkt-count every interval
Change the NHRP packet rate per interface.
Suppressing Forward and Reverse Record Options
To dynamically detect link-layer filtering in NBMA networks (for example, SMDS address screens), and to provide loop detection and diagnostic capabilities, NHRP incorporates a Route Record in request and reply packets. The Route Record options contain the network (and link layer) addresses of all intermediate Next Hop Servers between source and destination (in the forward direction) and between destination and source (in the reverse direction).
By default, forward record options and reverse record options are included in NHRP request and reply packets. To suppress the use of these options, use the following command in interface configuration mode:
Specifying the NHRP Responder Address
If an NHRP requestor wants to know which Next Hop Server generates an NHRP reply packet, it can request that information by including the responder address option in its NHRP request packet. The Next Hop Server that generates the NHRP reply packet then complies by inserting its own IP address in the NHRP reply. The Next Hop Server uses the primary IP address of the specified interface.
To specify which interface the Next Hop Server uses for the NHRP responder IP address, use the following command in interface configuration mode:
ip nhrp responder type number
Specify which interface the Next Hop Server uses to determine the NHRP responder address.
If an NHRP reply packet being forwarded by a Next Hop Server contains the IP address of that server, the Next Hop Server generates an Error Indication of type "NHRP Loop Detected" and discards the reply.
Changing the Time Period NBMA Addresses Are Advertised as Valid
You can change the length of time that NBMA addresses are advertised as valid in positive NHRP responses. In this context, advertised means how long the Cisco IOS software tells other routers to keep the addresses it is providing in NHRP responses. The default length of time is 7200 seconds (2 hours). To change the length of time, use the following command in interface configuration mode:
ip nhrp holdtime seconds
Specify the number of seconds that NBMA addresses are advertised as valid in positive NHRP responses.
Configuring a GRE Tunnel for Multipoint Operation
You can enable a generic routing encapsulation (GRE) tunnel to operate in multipoint fashion. A tunnel network of multipoint tunnel interfaces can be thought of as an NBMA network. To configure the tunnel, use the following commands in interface configuration mode:
Step 1
tunnel mode gre ip multipoint
Enable a GRE tunnel to be used in multipoint fashion.
Step 2
tunnel key key-number
Configure a tunnel identification key.
The tunnel key should correspond to the NHRP network identifier specified in the ip nhrp network-id command. See the "NHRP on a Multipoint Tunnel Example" section at the end of this chapter for an example of NHRP configured on a multipoint tunnel.
Configuring NHRP Server-Only Mode
You can configure an interface so that it cannot initiate NHRP requests or set up NHRP shortcut SVCs but can only respond to NHRP requests. Configure NHRP server-only mode on routers you do not want placing NHRP requests.
If an interface is placed in NHRP server-only mode, you have the option to specify non-caching. In this case, NHRP does not store information in the NHRP cache, such as NHRP responses that could be used again. To save memory, the non-caching option is generally used on a router located between two other routers.
To configure NHRP server-only mode, use the following command in interface configuration mode:
Enabling IP Routing
IP routing is automatically enabled in the Cisco IOS software. If you choose to set up the router to bridge rather than route IP datagrams, you must disable IP routing. To reenable IP routing if it has been disabled, use the following command in global configuration mode:
When IP routing is disabled, the router will act as an IP end host for IP packets destined for or sourced by it, whether or not bridging is enabled for those IP packets not destined for the device. To reenable IP routing, use the ip routing command.
Routing Assistance When IP Routing Is Disabled
The Cisco IOS software provides three methods by which the router can learn about routes to other networks when IP routing is disabled and the device is acting as an IP host. These methods are described in the sections that follow:
•
•
When IP routing is disabled, the default gateway feature and the router discovery client are enabled, and proxy ARP is disabled. When IP routing is enabled, the default gateway feature is disabled and you can configure proxy ARP and the router discovery servers.
Proxy ARP
The most common method of learning about other routes is by using proxy ARP. Proxy ARP, defined in RFC 1027, enables an Ethernet host with no knowledge of routing to communicate with hosts on other networks or subnets. Such a host assumes that all hosts are on the same local Ethernet, and that it can use ARP to determine their hardware addresses.
Under proxy ARP, if a device receives an ARP Request for a host that is not on the same network as the ARP Request sender, the Cisco IOS software evaluates whether it has the best route to that host. If it does, the device sends an ARP Reply packet giving its own Ethernet hardware address. The host that sent the ARP Request then sends its packets to the device, which forwards them to the intended host. The software treats all networks as if they are local and performs ARP requests for every IP address. This feature is enabled by default. If it has been disabled, see the section "Enabling Proxy ARP" earlier in this chapter.
Proxy ARP works as long as other routers support it. Many other routers, especially those loaded with host-based routing software, do not support it.
Default Gateway
Another method for locating routes is to define a default router (or gateway). The Cisco IOS software sends all nonlocal packets to this router, which either routes them appropriately or sends an IP Control Message Protocol (ICMP) redirect message back, telling it of a better route. The ICMP redirect message indicates which local router the host should use. The software caches the redirect messages and routes each packet thereafter as efficiently as possible. The limitations of this method are that there is no means of detecting when the default router has gone down or is unavailable, and there is no method of picking another device if one of these events should occur.
To set up a default gateway for a host, use the following command in global configuration mode:
To display the address of the default gateway, use the show ip redirects EXEC command.
ICMP Router Discovery Protocol
The Cisco IOS software provides a third method, called router discovery, by which the router dynamically learns about routes to other networks using the ICMP Router Discovery Protocol (IRDP). IRDP allows hosts to locate routers. When the device operates as a client, router discovery packets are generated. When the device operates as a host, router discovery packets are received. Our IRDP implementation fully conforms to the router discovery protocol outlined in RFC 1256.
The software is also capable of wire-tapping Routing Information Protocol and Interior Gateway Routing Protocol (IGRP) routing updates and inferring the location of routers from those updates. The server/client implementation of router discovery does not actually examine or store the full routing tables sent by routing devices, it merely keeps track of which systems are sending such data.
You can configure the four protocols in any combination. We recommend that you use IRDP when possible because it allows each router to specify both a priority and the time after which a device should be assumed down if no further packets are received. Devices discovered using IGRP are assigned an arbitrary priority of 60. Devices discovered through RIP are assigned a priority of 50. For IGRP and RIP, the software attempts to measure the time between updates, and assumes that the device is down if no updates are received for 2.5 times that interval.
Each device discovered becomes a candidate for the default router. The list of candidates is scanned and a new highest-priority router is selected when any of the following events occur:
•
•
•
Enabling IRDP Processing
The only required task for configuring IRDP routing on a specified interface is to enable IRDP processing on an interface. Use the following command in interface configuration mode:
Change IRDP Parameters
When you enable IRDP processing, the default parameters will apply. To optionally change any of these IRDP parameters, use the following commands in interface configuration mode:
The Cisco IOS software can proxy-advertise other machines that use IRDP; however, this is not recommended because it is possible to advertise nonexistent machines or machines that are down.
Enabling IP Bridging
To transparently bridge IP on an interface, use the following commands beginning in global configuration mode:
Step 1
no ip routing
Disable IP routing.
Step 2
interface type number
Specify an interface.
Step 3
bridge-group group
Add the interface to a bridge group.
Enabling Integrated Routing and Bridging
With integrated routing and bridging (IRB), you can route IP traffic between routed interfaces and bridge groups, or route IP traffic between bridge groups. Specifically, local or unroutable traffic is bridged among the bridged interfaces in the same bridge group, while routable traffic is routed to other routed interfaces or bridge groups. IRB can be used to do the following:
•
•
•
For more information about configuring integrated routing and bridging, refer to the "Configuring Transparent Bridging" chapter in the Cisco IOS Bridging and IBM Networking Configuration Guide.
Configuring a Routing Process
At this point in the configuration process, you can choose to configure one or more of the many routing protocols that are available, based on your individual network needs. Routing protocols provide topology information of an internetwork. Refer to subsequent chapters in this document for the tasks involved in configuring IP routing protocols such as BGP, On-Demand Routing (ODR), RIP, IGRP, OSPF, IP Enhanced IGRP, Integrated IS-IS, and IP multicast routing. If you want to continue to perform IP addressing tasks, continue reading the following sections.
Configuring Broadcast Packet Handling
A broadcast is a data packet destined for all hosts on a particular physical network. Network hosts recognize broadcasts by special addresses. Broadcasts are heavily used by some protocols, including several important Internet protocols. Control of broadcast messages is an essential responsibility of the IP network administrator.
The Cisco IOS software supports two kinds of broadcasting: directed broadcasting and flooding. A directed broadcast is a packet sent to a specific network or series of networks, while a flooded broadcast packet is sent to every network. A directed broadcast address includes the network or subnet fields.
Several early IP implementations do not use the current broadcast address standard. Instead, they use the old standard, which calls for all zeros instead of all ones to indicate broadcast addresses. Many of these implementations do not recognize an all-ones broadcast address and fail to respond to the broadcast correctly. Others forward all-ones broadcasts, which causes a serious network overload known as a broadcast storm. Implementations that exhibit these problems include systems based on versions of BSD UNIX prior to Version 4.3.
Routers provide some protection from broadcast storms by limiting their extent to the local cable. Bridges (including intelligent bridges), because they are Layer 2 devices, forward broadcasts to all network segments, thus propagating all broadcast storms.
The best solution to the broadcast storm problem is to use a single broadcast address scheme on a network. Most modern IP implementations allow the network manager to set the address to be used as the broadcast address. Many implementations, including the one in the Cisco IOS software, accept and interpret all possible forms of broadcast addresses.
For detailed discussions of broadcast issues in general, see RFC 919, Broadcasting Internet Datagrams, and RFC 922, Broadcasting IP Datagrams in the Presence of Subnets. The support for Internet broadcasts generally complies with RFC 919 and RFC 922; it does not support multisubnet broadcasts as defined in RFC 922.
The current broadcast address standard provides specific addressing schemes for forwarding broadcasts. Perform the tasks in the following sections to enable these schemes:
•
•
•
See the "Broadcasting Examples" section at the end of this chapter for broadcasting configuration examples.
Enabling Directed Broadcast-to-Physical Broadcast Translation
By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP directed broadcasts makes routers less susceptible to denial-of-service attacks.
You can enable forwarding of IP directed broadcasts on an interface where the broadcast becomes a physical broadcast. If such forwarding is enabled, only those protocols configured using the ip forward-protocol global configuration command are forwarded.
You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts.
To enable forwarding of IP directed broadcasts, use the following command in interface configuration mode:
ip directed-broadcast [access-list-number]
Enable directed broadcast-to-physical broadcast translation on an interface.
Forwarding UDP Broadcast Packets and Protocols
Network hosts occasionally use UDP broadcasts to determine address, configuration, and name information. If such a host is on a network segment that does not include a server, UDP broadcasts are normally not forwarded. You can remedy this situation by configuring the interface of your router to forward certain classes of broadcasts to a helper address. You can use more than one helper address per interface.
You can specify a UDP destination port to control which UDP services are forwarded. You can specify multiple UDP protocols. You can also specify the Network Disk (ND) protocol, which is used by older diskless Sun workstations, and you can specify the network security protocol SDNS. By default, both UDP and ND forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol command in the Cisco IOS IP and IP Routing Command Reference publication lists the ports that are forwarded by default if you do not specify any UDP ports.
If you do not specify any UDP ports when you configure the forwarding of UDP broadcasts, you are configuring the router to act as a BOOTP forwarding agent. BOOTP packets carry Dynamic Host Configuration Protocol (DHCP) information, which means that the Cisco IOS software is now compatible with DHCP clients. (DHCP is defined in RFC 1531.)
To enable forwarding and to specify the destination address, use the following command in interface configuration mode:
ip helper-address address
Enable forwarding and specify the destination address for forwarding UDP broadcast packets, including BOOTP.
To specify which protocols will be forwarded, use the following command in global configuration mode:
ip forward-protocol {udp [port] | nd | sdns}
Specify which protocols will be forwarded over which ports.
See the "Helper Addresses Example" section at the end of this chapter for an example of how to configure helper addresses.
Establishing an IP Broadcast Address
The Cisco IOS software supports IP broadcasts on both LANs and WANs. There are several ways to indicate an IP broadcast address. Currently, the most popular way, and the default, is an address consisting of all ones (255.255.255.255), although the software can be configured to generate any form of IP broadcast address. Our software also receives and understands any form of IP broadcast.
To set the IP broadcast address, use the following command in interface configuration mode:
ip broadcast-address [ip-address]
Establish a different broadcast address (other than 255.255.255.255).
If the router does not have nonvolatile memory, and you need to specify the broadcast address to use before the software is configured, you must change the IP broadcast address by setting jumpers in the processor configuration register. Setting bit 10 causes the device to use all zeros. Bit 10 interacts with bit 14, which controls the network and subnet portions of the broadcast address. Setting bit 14 causes the device to include the network and subnet portions of its address in the broadcast address. Table 4 shows the combined effect of setting bits 10 and 14.
Table 4 Configuration Register Settings for Broadcast Address Destination
Out
Out
<ones><ones>
Out
In
<zeros><zeros>
In
In
<net><zeros>
In
Out
<net><ones>
Some router platforms allow the configuration register to be set through the software; see the "Rebooting the Router" chapter of the Cisco IOS Configuration Fundamentals Configuration Guide for details. For other router platforms, the configuration register must be changed through hardware; see the appropriate hardware installation and maintenance manual for your system.
Flooding IP Broadcasts
You can allow IP broadcasts to be flooded throughout your internetwork in a controlled fashion using the database created by the bridging spanning-tree protocol. Turning on this feature also prevents loops. In order to support this capability, the routing software must include the transparent bridging, and bridging must be configured on each interface that is to participate in the flooding. If bridging is not configured on an interface, it still will be able to receive broadcasts. However, the interface will never forward broadcasts it receives, and the router will never use that interface to send broadcasts received on a different interface.
Packets that are forwarded to a single network address using the IP helper address mechanism can be flooded. Only one copy of the packet is sent on each network segment. However, in some cases involving DHCP, a duplicate packet may be sent. See the "Forwarding DHCP Broadcasts to Spanning-Tree Interfaces"section for more information on how to eliminate the duplicate packets.
In order to be considered for flooding, packets must meet the following criteria. (Note that these ar e the same conditions used to consider packet forwarding using IP helper addresses.)
•
•
•
•
A flooded UDP datagram is given the destination address you specified with the ip broadcast-address command on the output interface. The destination address can be set to any desired address. Thus, the destination address may change as the datagram propagates through the network. The source address is never changed. The TTL value is decremented.
After a decision has been made to send the datagram out on an interface (and the destination address possibly changed), the datagram is handed to the normal IP output routines and is, therefore, subject to access lists, if they are present on the output interface.
To use the bridging spanning-tree database to flood UDP datagrams, use the following command in global configuration mode:
ip forward-protocol spanning-tree
Use the bridging spanning-tree database to flood UDP datagrams.
If no actual bridging is desired, you can configure a type-code bridging filter that will deny all packet types from being bridged. Refer to the "Configuring Transparent Bridging" chapter of the Cisco IOS Bridging and IBM Networking Configuration Guide for more information about using access lists to filter bridged traffic. The spanning-tree database is still available to the IP forwarding code to use for the flooding.
Forwarding DHCP Broadcasts to Spanning-Tree Interfaces
Prior to Cisco IOS Release 12.1, when the ip forward-protocol spanning-tree any-local-broadcast command was configured, DHCP broadcasts were forwarded to all spanning-tree enabled interfaces after setting the gateway address (giaddr) field in the DHCP packet.
The behavior of the DHCP relay agent was modified in release 12.1 such that the DHCP broadcasts were still forwarded to all spanning-tree enabled interfaces but the giaddr field was not set on the packets. This behavior can cause problems in a network because the DHCP server uses the giaddr field to properly allocate addresses when the client is not in the local network.
Use the ip dhcp relay forward spanning-tree command to set the giaddr to the IP address of the incoming interface before forwarding DHCP broadcasts to spanning-tree enabled interfaces.
To ensure the setting of the giaddr field in the DHCP packet before forwarding DHCP broadcasts to spanning-tree enabled interfaces, use the following commands in global configuration mode:
The ip forward-protocol udp command is enabled by default and automatically determines that BOOTP client and server datagrams (ports 67 and 68) should be forwarded. This forwarding results in another packet sent to spanning-tree enabled interfaces without the giaddr field set. To avoid these duplicate packets, use the no ip forward-protocol udp bootpc and no ip forward-protocol udp bootps commands.
Speeding Up Flooding of UDP Datagrams
You can speed up flooding of UDP datagrams using the spanning-tree algorithm. Used in conjunction with the ip forward-protocol spanning-tree command, this feature boosts the performance of spanning tree-based UDP flooding by a factor of about four to five times. The feature, called turbo flooding, is supported over Ethernet interfaces configured for ARPA encapsulated, FDDI, and HDLC-encapsulated serial interfaces. However, it is not supported on Token Ring interfaces. As long as the Token Rings and the non-HDLC serial interfaces are not part of the bridge group being used for UDP flooding, turbo flooding will behave normally.
To enable turbo flooding, use the following command in global configuration mode:
ip forward-protocol turbo-flood
Use the bridging spanning-tree database to speed up flooding of UDP datagrams.
Configuring Network Address Translation
Two key problems facing the Internet are depletion of IP address space and scaling in routing. Network Address Translation (NAT) is a feature that allows the IP network of an organization to appear from the outside to use different IP address space than what it is actually using. Thus, NAT allows an organization with nonglobally routable addresses to connect to the Internet by translating those addresses into globally routable address space. NAT also allows a more graceful renumbering strategy for organizations that are changing service providers or voluntarily renumbering into classless interdomain routing (CIDR) blocks. NAT is also described in RFC 1631.
NAT Applications
NAT has several applications. Use it for the following purposes:
•
•
•
As a solution to the connectivity problem, NAT is practical only when relatively few hosts in a stub domain communicate outside of the domain at the same time. When this is the case, only a small subset of the IP addresses in the domain must be translated into globally unique IP addresses when outside communication is necessary, and these addresses can be reused when no longer in use.
Benefits
A significant advantage of NAT is that it can be configured without requiring changes to hosts or routers other than those few routers on which NAT will be configured. As discussed previously, NAT may not be practical if large numbers of hosts in the stub domain communicate outside of the domain. Furthermore, some applications use embedded IP addresses in such a way that it is impractical for a NAT device to translate. These applications may not work transparently or at all through a NAT device. NAT also hides the identity of hosts, which may be an advantage or a disadvantage.
A router configured with NAT will have at least one interface to the inside and one to the outside. In a typical environment, NAT is configured at the exit router between a stub domain and backbone. When a packet is leaving the domain, NAT translates the locally significant source address into a globally unique address. When a packet is entering the domain, NAT translates the globally unique destination address into a local address. If more than one exit point exists, each NAT must have the same translation table. If the software cannot allocate an address because it has run out of addresses, it drops the packet and sends an ICMP Host Unreachable packet.
A router configured with NAT must not advertise the local networks to the outside. However, routing information that NAT receives from the outside can be advertised in the stub domain as usual.
NAT Terminology
As mentioned previously, the term inside refers to those networks that are owned by an organization and that must be translated. Inside this domain, hosts will have addresses in the one address space, while on the outside, they will appear to have addresses in another address space when NAT is configured. The first address space is referred to as the local address space and the second is referred to as the global address space.
Similarly, outside refers to those networks to which the stub network connects, and which are generally not under the control of the organization. As will be described later, hosts in outside networks can be subject to translation also, and can thus have local and global addresses.
To summarize, NAT uses the following definitions:
•
•
•
•
NAT Configuration Task List
Before configuring any NAT translation, you must know your inside local addresses and inside global addresses. The following sections discuss how you can use NAT to perform optional tasks:
•
•
•
•
•
•
Translating Inside Source Addresses
You can translate your own IP addresses into globally unique IP addresses when communicating outside of your network. You can configure static or dynamic inside source translation as follows:
•
•
Figure 4 illustrates a router that is translating a source address inside a network to a source address outside the network.
Figure 4 NAT Inside Source Translation
The following process describes inside source address translation, as shown in Figure 4:
1.
2.
•
•
3.
4.
5.
6.
Configuring Static Translation
To configure static inside source address translation, use the following commands beginning in global configuration mode:
The previous steps are the minimum you must configure. You could configure multiple inside and outside interfaces.
Configuring Dynamic Translation
To configure dynamic inside source address translation, use the following commands beginning in global configuration mode:
Note
See the "Dynamic Inside Source Translation Example" section at the end of this chapter for an example of dynamic inside source translation.
Overloading an Inside Global Address
You can conserve addresses in the inside global address pool by allowing the router to use one global address for many local addresses. When this overloading is configured, the router maintains enough information from higher-level protocols (for example, TCP or UDP port numbers) to translate the global address back to the correct local address. When multiple local addresses map to one global address, the TCP or UDP port numbers of each inside host distinguish between the local addresses.
Figure 5 illustrates NAT operation when one inside global address represents multiple inside local addresses. The TCP port numbers act as differentiators.
Figure 5 NAT Overloading Inside Global Addresses
The router performs the following process in overloading inside global addresses, as shown in Figure 5. Both Host B and Host C think they are talking to a single host at address 2.2.2.2. They are actually communicating to different hosts; the port number is the differentiator. In fact, many inside hosts could share the inside global IP address by using many port numbers.
1.
2.
If no translation entry exists, the router determines that address 1.1.1.1 must be translated, and sets up a translation of inside local address 1.1.1.1 to a legal global address. If overloading is enabled, and another translation is active, the router reuses the global address from that translation and saves enough information to be able to translate back. This type of entry is called an extended entry.
3.
4.
5.
6.
To configure overloading of inside global addresses, use the following commands beginning in global configuration mode:
Note
See the "Overloading Inside Global Addresses Example" section at the end of this chapter for an example of overloading inside global addresses.
Translating Overlapping Addresses
The NAT overview discusses translating IP addresses, perhaps because your IP addresses are not legal, officially assigned IP addresses. Perhaps you chose IP addresses that officially belong to another network. The case of an address used both illegally and legally is called overlapping. You can use NAT to translate inside addresses that overlap with outside addresses. Use this feature if your IP addresses in the stub network are legitimate IP addresses belonging to another network, and you want to communicate with those hosts or routers.
Figure 6 shows how NAT translates overlapping networks.
Figure 6 NAT Translating Overlapping Addresses
The router performs the following process when translating overlapping addresses:
1.
2.
The router examines every DNS reply from everywhere, ensuring that the IP address is not in the stub network. If it is, the router translates the address.
3.
4.
5.
6.
7.
8.
Configuring Static Translation
To configure static outside source address translation, use the following commands beginning in global configuration mode:
Configuring Dynamic Translation
To configure dynamic outside source address translation, use the following commands beginning in global configuration mode.
Note
See the "Translating Overlapping Address Example" section at the end of this chapter for an example of translating an overlapping address.
Providing TCP Load Distribution
Another use of NAT is unrelated to Internet addresses. Your organization may have multiple hosts that must communicate with a heavily used host. Using NAT, you can establish a virtual host on the inside network that coordinates load sharing among real hosts. Destination addresses that match an access list are replaced with addresses from a rotary pool. Allocation is done on a round-robin basis, and only when a new connection is opened from the outside to the inside. Non-TCP traffic is passed untranslated (unless other translations are in effect). Figure 7 illustrates this feature.
Figure 7 NAT TCP Load Distribution
The router performs the following process when translating rotary addresses:
1.
2.
3.
4.
5.
The next connection request will cause the router to allocate 1.1.1.2 for the inside local address.
To configure destination address rotary translation, use the following commands beginning in global configuration mode. These commands allow you to map one virtual host to many real hosts. Each new TCP session opened with the virtual host will be translated into a session with a different real host.
Note
See the "TCP Load Distribution Example" section at the end of this chapter for an example of rotary translation.
Changing Translation Timeouts
By default, dynamic address translations time out after some period of nonuse. You can change the default values on timeouts, if necessary. When overloading is not configured, simple translation entries time out after 24 hours. To change this value, use the following command in global configuration mode:
ip nat translation timeout seconds
Change the timeout value for dynamic address translations that do not use overloading.
If you have configured overloading, you have finer control over translation entry timeout because each entry contains more context about the traffic that is using it. To change timeouts on extended entries, use one or more of the following commands in global configuration mode:
Monitoring and Maintaining NAT
By default, dynamic address translations will time out from the NAT translation table at some point. You can clear the entries before the timeout by using one of the following commands in EXEC mode:
You can display translation information by using either of the following commands in EXEC mode:
show ip nat translations [verbose]
Display active translations.
show ip nat statistics
Display translation statistics.
Monitoring and Maintaining IP Addressing
To monitor and maintain your network, perform the tasks in the following sections:
•
•
•
•
Clearing Caches, Tables, and Databases
You can remove all contents of a particular cache, table, or database. Clearing a cache, table, or database can become necessary when the contents of the particular structure have become or are suspected to be invalid.
To clear caches, tables, and databases, use the following commands as needed in EXEC mode:
Specifying the Format of Network Masks
IP uses a 32-bit mask, called a netmask, that indicates which address bits belong to the network and subnetwork fields, and which bits belong to the host field. This is called a netmask. By default, show commands display an IP address and then its netmask in dotted decimal notation. For example, a subnet would be displayed as 131.108.11.55 255.255.255.0.
You might find it more convenient to display the network mask in hexadecimal format or bitcount format instead. The hexadecimal format is commonly used on UNIX systems. The previous example would be displayed as 131.108.11.55 0XFFFFFF00.
The bitcount format for displaying network masks is to append a slash (/) and the total number of bits in the netmask to the address itself. The previous example would be displayed as 131.108.11.55/24.
To specify the format in which netmasks appear for the current session, use the following command in EXEC mode:
term ip netmask-format {bit-count | decimal | hexadecimal}
Specify the format of network masks for the current session.
To configure the format in which netmasks appear for an individual line, use the following command in line configuration mode:
ip netmask-format {bit-count | decimal | hexadecimal}
Configure the format of network masks for a line.
Displaying System and Network Statistics
You can display specific statistics such as the contents of IP routing tables, caches, and databases. The resulting information can be used to determine resource utilization and to solve network problems. You also can display information about node reachability and discover the routing path that your device's packets are taking through the network.
These tasks are summarized in the table that follows. See the "IP Addressing Commands" chapter in the Cisco IOS IP and IP Routing Command Reference publication for details about the commands listed in these tasks. Use any of the following commands in privileged EXEC mode:
See the "Ping Command Example" section at the end of this chapter for an example of pinging.
Monitoring and Maintaining NHRP
To monitor the NHRP cache or traffic, use either of the following commands in EXEC mode:
The NHRP cache can contain static entries caused by statically configured addresses and dynamic entries caused by the Cisco IOS software learning addresses from NHRP packets. To clear static entries, use the no ip nhrp map command. To clear the NHRP cache of dynamic entries, use the following command in EXEC mode:
IP Addressing Examples
The following sections provide IP configuration examples:
•
•
•
•
•
•
Creating a Network from Separated Subnets Example
In the following example, subnets 1 and 2 of network 131.108.0.0 are separated by a backbone, as shown in Figure 8. The two networks are brought into the same logical network through the use of secondary addresses.
Figure 8 Creating a Network from Separated Subnets
The following examples show the configurations for Routers B and C:
Configuration for Router B
interface ethernet 2ip address 192.5.10.1 255.255.255.0ip address 131.108.3.1 255.255.255.0 secondaryConfiguration for Router C
interface ethernet 1ip address 192.5.10.2 255.255.255.0ip address 131.108.3.2 255.255.255.0 secondarySerial Interfaces Configuration Example
In the following example, the second serial interface (serial 1) is given Ethernet 0's address. The serial interface is unnumbered.
interface ethernet 0ip address 145.22.4.67 255.255.255.0interface serial 1ip unnumbered ethernet 0IP Domains Example
The following example establishes a domain list with several alternate domain names.
ip domain-list csi.comip domain-list telecomprog.eduip domain-list merit.eduDynamic Lookup Example
A cache of host name-to-address mappings is used by connect, telnet, ping, trace, write net, and configure net EXEC commands to speed the process of converting names to addresses. The commands used in this example specify the form of dynamic name lookup to be used. Static name lookup also can be configured.
The following example configures the host name-to-address mapping process. IP DNS-based translation is specified, the addresses of the name servers are specified, and the default domain name is given.
! IP Domain Name System (DNS)-based host name-to-address translation is enabledip domain-lookup! Specifies host 131.108.1.111 as the primary name server and host 131.108.1.2 ! as the secondary serverip name-server 131.108.1.111 131.108.1.2! Defines cisco.com as the default domain name the router uses to complete ! unqualified host namesip domain-name cisco.comHP Hosts on a Network Segment Example
The following example has a network segment with Hewlett-Packard devices on it. The commands in this example customize the first Ethernet port to respond to Probe name requests for bl4zip and to use Probe as well as ARP.
ip hp-host bl4zip 131.24.6.27interface ethernet 0arp probeip probe proxyLogical NBMA Example
A logical NBMA network is considered the group of interfaces and hosts participating in NHRP and having the same network identifier. Figure 9 illustrates two logical NBMA networks (shown as circles) configured over a single physical NBMA network. Router A can communicate with Routers B and C because they share the same network identifier (2). Router C can also communicate with Routers D and E, as they share network identifier 7. After address resolution is complete, Router A can send IP packets to Router C in one hop, and Router C can send them to Router E in one hop, as shown by the dotted lines.
Figure 9 Two Logical NBMA Networks over One Physical NBMA Network
The physical configuration of the five routers in Figure 9 might actually be that shown in Figure 10. The source host is connected to Router A and the destination host is connected to Router E. The same switch serves all five routers, making one physical NBMA network.
Figure 10 Physical Configuration of a Sample NBMA Network
Refer again to Figure 9. Initially, before NHRP has resolved any NBMA addresses, IP packets from the source host to the destination host travel through all five routers connected to the switch before reaching the destination. When Router A first forwards the IP packet toward the destination host, Router A also generates an NHRP request for the destination host's IP address. The request is forwarded to Router C, whereupon a reply is generated. Router C replies because it is the egress router between the two logical NBMA networks.
Similarly, Router C generates an NHRP request of its own, to which Router E replies. In this example, subsequent IP traffic between the source and the destination still requires two hops to traverse the NBMA network, because the IP traffic must be forwarded between the two logical NBMA networks. Only one hop would be required if the NBMA network were not logically divided.
NHRP over ATM Example
The following example shows a configuration of three routers using NHRP over ATM. Additionally, subinterfaces and dynamic routing are used. Router A obtains an OSPF route that it can use to reach the LIS where Router B resides. Router A can then initially reach Router B through Router C. Router A and Router B are able to directly communicate without Router C once NHRP has resolved Router A's and Router C's respective NSAP addresses.
The significant portions of the configurations for Routers A, B, and C follow.
Router A
interface ATM0/0ip address 10.1.0.1 255.255.0.0ip nhrp network-id 1map-group aatm nsap-address 11.1111.11.111111.1111.1111.1111.1111.1111.1111.11atm rate-queue 1 10atm pvc 1 0 5 qsaalrouter ospf 1network 10.0.0.0 0.255.255.255 area 0map-list aip 10.1.0.3 atm-nsap 33.3333.33.333333.3333.3333.3333.3333.3333.3333.33Router B
interface ATM0/0ip address 10.2.0.2 255.255.0.0ip nhrp network-id 1map-group aatm nsap-address 22.2222.22.222222.2222.2222.2222.2222.2222.2222.22atm rate-queue 1 10atm pvc 2 0 5 qsaalrouter ospf 1network 10.0.0.0 0.255.255.255 area 0map-list aip 10.2.0.3 atm-nsap 33.3333.33.333333.3333.3333.3333.3333.3333.3333.33Router C
interface ATM0/0no ip addressatm rate-queue 1 10atm pvc 2 0 5 qsaalinterface ATM0/0.1 multipointip address 10.1.0.3 255.255.0.0ip nhrp network-id 1map-group aatm nsap-address 33.3333.33.333333.3333.3333.3333.3333.3333.3333.33atm rate-queue 1 10interface ATM0/0.2 multipointip address 10.2.0.3 255.255.0.0ip nhrp network-id 1map-group batm nsap-address 33.3333.33.333333.3333.3333.3333.3333.3333.3333.33atm rate-queue 1 10router ospf 1network 10.0.0.0 0.255.255.255 area 0neighbor 10.1.0.1 priority 1neighbor 10.2.0.2 priority 1map-list aip 10.1.0.1 atm-nsap 11.1111.11.111111.1111.1111.1111.1111.1111.1111.11map-list bip 10.2.0.2 atm-nsap 22.2222.22.222222.2222.2222.2222.2222.2222.2222.22Changing the Rate for Triggering SVCs Example
Figure 11 and the example configuration following it show how to configure a threshold of 100 kbps for triggering SVCs and 50 kbps for tearing down SVCs.
Figure 11 Using NHRP and Triggering SVCs
Router A
ip cefip cef accounting non-recursive!interface Loopback0ip address 140.206.58.130 255.255.255.255no ip directed-broadcastno ip mroute-cache!interface ATM0/1/0no ip addressno ip directed-broadcastno ip mroute-cacheatm pvc 5 0 5 qsaalatm pvc 16 0 16 ilmi!interface ATM0/1/0.1 multipointip address 140.206.58.55 255.255.255.192no ip directed-broadcastip nhrp network-id 1ip ospf network point-to-multipointatm pvc 102 0 40 aal5snap inarp 5atm esi-address 525354555355.01!interface Fddi1/0/0ip address 10.2.1.55 255.255.255.0no ip directed-broadcastno ip mroute-cacheno keepalive!router ospf 1passive-interface Fddi1/0/0network 10.2.1.0 0.0.0.255 area 1network 140.206.58.0 0.0.0.255 area 1!router bgp 7170no synchronizationnetwork 140.206.0.0neighbor 10.2.1.36 remote-as 102neighbor 140.206.59.130 remote-as 7170neighbor 140.206.59.130 update-source Loopback0neighbor 140.206.59.130 next-hop-selfRouter B
ip cefip cef accounting non-recursive!interface Loopback0ip address 140.206.59.130 255.255.255.255no ip directed-broadcastno ip mroute-cache!interface ATM0/0no ip addressno ip directed-broadcastno ip mroute-cacheatm pvc 5 0 5 qsaalatm pvc 16 0 16 ilmi!interface ATM0/0.1 multipointip address 140.206.58.54 255.255.255.192no ip directed-broadcastip nhrp network-id 1ip nhrp server-only non-cachingip route-cache same-interfaceip ospf network point-to-multipointatm pvc 102 0 40 aal5snap inarp 5atm pvc 111 0 85 aal5snap inarp 5atm esi-address 525354555354.01!router ospf 1network 140.206.58.0 0.0.0.255 area 1network 140.206.59.0 0.0.0.255 area 0area 0 range 140.206.59.0 255.255.255.0!router bgp 7170no synchronizationbgp cluster-id 1network 140.206.0.0aggregate-address 140.206.0.0 255.255.0.0 summary-onlyneighbor 140.206.58.130 remote-as 7170neighbor 140.206.58.130 route-reflector-clientneighbor 140.206.58.130 update-source Loopback0neighbor 140.206.58.131 remote-as 7170neighbor 140.206.58.131 route-reflector-clientneighbor 140.206.58.131 update-source Loopback0Router C
ip cefip cef accounting non-recursive!interface Loopback0ip address 140.206.58.131 255.255.255.255no ip directed-broadcastno ip mroute-cache!interface ATM0/0no ip addressno ip directed-broadcastno ip mroute-cacheatm pvc 5 0 5 qsaalatm pvc 16 0 16 ilmi!interface ATM0/0.1 multipointip address 140.206.58.56 255.255.255.192no ip directed-broadcastip nhrp network-id 1ip nhrp trigger-svc 100 50ip ospf network point-to-multipointatm pvc 111 0 85 aal5snap inarp 5atm esi-address 525354555356.01!!interface Fddi4/0/0ip address 10.3.1.56 255.255.255.0no ip directed-broadcastno ip mroute-cacheno keepalive!!router ospf 1passive-interface Fddi4/0/0network 10.3.1.0 0.0.0.255 area 1network 140.206.58.0 0.0.0.255 area 1!router bgp 7170no synchronizationnetwork 140.206.0.0neighbor 10.3.1.45 remote-as 103neighbor 140.206.59.130 remote-as 7170neighbor 140.206.59.130 update-source Loopback0neighbor 140.206.59.130 next-hop-selfApplying NHRP Rates to Specific Destinations Example
In the following example, only the packets that pass extended access list 101 are subject to the default SVC triggering and teardown rates:
interface atm0/0/0.1 multipointip nhrp interest 101!access-list 101 permit ip any anyaccess-list 101 deny ip any 10.3.0.0 0.0.255.255NHRP on a Multipoint Tunnel Example
With multipoint tunnels, a single tunnel interface may be connected to multiple neighboring routers. Unlike point-to-point tunnels, a tunnel destination need not be configured. In fact, if configured, the tunnel destination must correspond to an IP multicast address. Broadcast or multicast packets to be sent over the tunnel interface can then be transmitted by sending the GRE packet to the multicast address configured as the tunnel destination.
Multipoint tunnels require that you configure a tunnel key. Otherwise, unexpected GRE traffic could easily be received by the tunnel interface. For simplicity, it is recommended that the tunnel key correspond to the NHRP network identifier.
In the following example, Routers A, B, C, and D all share a common Ethernet segment. Minimal connectivity over the multipoint tunnel network is configured, thus creating a network that can be treated as a partially meshed NBMA network. Due to the static NHRP map entries, Router A knows how to reach Router B, Router B knows how to reach Router C, Router C knows how to reach Router D, and Router D knows how to reach Router A.
When Router A initially attempts to send an IP packet to Router D, the packet is forwarded through Routers B and C. Through NHRP, the routers quickly learn each other's NBMA addresses (in this case, IP addresses assigned to the underlying Ethernet network). The partially meshed tunnel network readily becomes fully meshed, at which point any of the routers can directly communicate over the tunnel network without their IP traffic requiring an intermediate hop.
The significant portions of the configurations for Routers A, B, C, and D follow.
Router A
interface tunnel 0no ip redirectsip address 11.0.0.1 255.0.0.0ip nhrp map 11.0.0.2 10.0.0.2ip nhrp network-id 1ip nhrp nhs 11.0.0.2tunnel source ethernet 0tunnel mode gre multipointtunnel key 1interface ethernet 0ip address 10.0.0.1 255.0.0.0Router B
interface tunnel 0no ip redirectsip address 11.0.0.2 255.0.0.0ip nhrp map 11.0.0.3 10.0.0.3ip nhrp network-id 1ip nhrp nhs 11.0.0.3tunnel source ethernet 0tunnel mode gre multipointtunnel key 1interface ethernet 0ip address 10.0.0.2 255.0.0.0Router C
interface tunnel 0no ip redirectsip address 11.0.0.3 255.0.0.0ip nhrp map 11.0.0.4 10.0.0.4ip nhrp network-id 1ip nhrp nhs 11.0.0.4tunnel source ethernet 0tunnel mode gre multipointtunnel key 1interface ethernet 0ip address 10.0.0.3 255.0.0.0Router D
interface tunnel 0no ip redirectsip address 11.0.0.4 255.0.0.0ip nhrp map 11.0.0.1 10.0.0.1ip nhrp network-id 1ip nhrp nhs 11.0.0.1tunnel source ethernet 0tunnel mode gre multipointtunnel key 1interface ethernet 0ip address 10.0.0.4 255.0.0.0Broadcasting Examples
The Cisco IOS software supports two types of broadcasting: directed broadcasting and flooding. A directed broadcast is a packet sent to a specific network or series of networks, and a flooded broadcast packet is sent to every network. The following examples describe configurations for both types of broadcasting.
Flooded Broadcast Example
Figure 12 shows a flooded broadcast packet being sent to every network. The packet that is incoming from interface E0 is flooded to interfaces E1, E2, and S0.
Figure 12 IP Flooded Broadcast
A directed broadcast address includes the network or subnet fields. For example, if the network address is 128.1.0.0, the address 128.1.255.255 indicates all hosts on network 128.1.0.0, which would be a directed broadcast. If network 128.1.0.0 has a subnet mask of 255.255.255.0 (the third octet is the subnet field), the address 128.1.5.255 specifies all hosts on subnet 5 of network 128.1.0.0—another directed broadcast.
Flooding of IP Broadcasts Example
In the following example, flooding of IP broadcasts is enabled on all interfaces (two Ethernet and two serial). No specific UDP protocols are listed by a separate ip forward-protocol udp interface configuration command, so the default protocols (TFTP, DNS, Time, NetBIOS, and BOOTP) will be flooded.
ip forward-protocol spanning-treebridge 1 protocol decaccess-list 201 deny 0x0000 0xFFFFinterface ethernet 0bridge-group 1bridge-group 1 input-type-list 201bridge-group 1 input-lsap-list 201interface ethernet 1bridge-group 1bridge-group 1 input-type-list 201bridge-group 1 input-lsap-list 201interface serial 0bridge-group 1bridge-group 1 input-type-list 201bridge-group 1 input-lsap-list 201interface serial 1bridge-group 1bridge-group 1 input-type-list 201bridge-group 1 input-lsap-list 201Helper Addresses Example
In the following example, one router is on network 191.24.1.0 and the other is on network 110.44.0.0, and you want to permit IP broadcasts from hosts on either network segment to reach both servers. Figure 13 illustrates how to configure the router that connects network 110 to network 191.24.1.
Figure 13 IP Helper Addresses
The following example shows the configuration:
ip forward-protocol udp!interface ethernet 1ip helper-address 110.44.23.7interface ethernet 2ip helper-address 191.24.1.19NAT Configuration Examples
The following are NAT configuration examples.
Dynamic Inside Source Translation Example
The following example translates all source addresses passing access list 1 (having a source address from 192.168.1.0/24) to an address from the pool named net-208. The pool contains addresses from 171.69.233.208 to 171.69.233.223.
ip nat pool net-208 171.69.233.208 171.69.233.223 netmask 255.255.255.240ip nat inside source list 1 pool net-208!interface serial 0ip address 171.69.232.182 255.255.255.240ip nat outside!interface ethernet 0ip address 192.168.1.94 255.255.255.0ip nat inside!access-list 1 permit 192.168.1.0 0.0.0.255Overloading Inside Global Addresses Example
The following example creates a pool of addresses named net-208. The pool contains addresses from 171.69.233.208 to 171.69.233.223. Access list 1 allows packets having the source address from 192.168.1.0 to 192.168.1.255. If no translation exists, packets matching access list 1 are translated to an address from the pool. The router allows multiple local addresses (192.168.1.0 to 192.168.1.255) to use the same global address. The router retains port numbers to differentiate the connections.
ip nat pool net-208 171.69.233.208 171.69.233.223 netmask 255.255.255.240ip nat inside source list 1 pool net-208 overload!interface serial0ip address 171.69.232.182 255.255.255.240ip nat outside!interface ethernet0ip address 192.168.1.94 255.255.255.0ip nat inside!access-list 1 permit 192.168.1.0 0.0.0.255Translating Overlapping Address Example
In the following example, the addresses in the local network are being used legitimately by someone else on the Internet. An extra translation is required to access that external network. Pool net-10 is a pool of outside local IP addresses. The statement ip nat outside source list 1 pool net-10 translates the addresses of hosts from the outside overlapping network to addresses in that pool.
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28ip nat pool net-10 10.0.1.0 10.0.1.255 prefix-length 24ip nat inside source list 1 pool net-208ip nat outside source list 1 pool net-10!interface serial 0ip address 171.69.232.192 255.255.255.240ip nat outside!interface ethernet0ip address 192.168.1.94 255.255.255.0ip nat inside!access-list 1 permit 192.168.1.0 0.0.0.255TCP Load Distribution Example
In the following example, the goal is to define a virtual address, connections to which are distributed among a set of real hosts. The pool defines the addresses of the real hosts. The access list defines the virtual address. If a translation does not already exist, TCP packets from serial 0 (the outside interface) whose destination matches the access list are translated to an address from the pool.
ip nat pool real-hosts 192.168.15.2 192.168.15.15 prefix-length 28 type rotaryip nat inside destination list 2 pool real-hosts!interface serial 0ip address 192.168.15.129 255.255.255.240ip nat outside!interface ethernet 0ip address 192.168.15.17 255.255.255.240ip nat inside!access-list 2 permit 192.168.15.1Ping Command Example
You can specify the address to use as the source address for ping packets. In the following example, the address is 131.108.105.62:
Sandbox# pingProtocol [ip]:Target IP address: 131.108.1.111Repeat count [5]:Datagram size [100]:Timeout in seconds [2]:Extended commands [n]: yesSource address: 131.108.105.62Type of service [0]:Set DF bit in IP header? [no]:Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of sizes [n]:Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 131.108.1.111, timeout is 2 seconds:!!!!!Success rate is 100 percent, round-trip min/avg/max = 4/4/4 ms
