Aspects Strategiques Des Réseaux 2008 2009

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Favorites, Groups & Events

    Aspects Strategiques Des Réseaux 2008 2009 - Presentation Transcript

    1. Veille technologique en TIC Aspects stratégiques des réseaux Eric Vyncke evyncke@ cisco.com Derniè re mise à jour: 27 fé vrier 2009
    2. References & Misc • Slides on http://mastertic.blogspot.com/ • Contacts – Main job: Cisco Systems as Distinguished Engineer – Email: evyncke@ cisco.com – Mobile: +32 475 312458 03/07/09 2
    3. Agenda • Introduction to network • The acronym soup • The impact of security • The impact of IP telephony • The impact of Virtualization • Wrap-up: The Questions to be asked 03/07/09 3
    4. Introduction to Network
    5. Why a Section on Networks? • TIC = Technologie de l’Information et Communication  pas de TIC sans ré seaux  – Connaî tre les technos ré seaux = faire des bons choix  les ré seaux ont impacté le business depuis la fin de 90’s 03/07/09 5
    6. The Acronyms Soup Or a small touch of technology
    7. Importance de la standardisation • peu de domaines ont autant besoin de standards – la communication est un domaine complexe: besoin de spé cifications pré cises – communication entre diverses machines – communication entre divers constructeurs informatiques • plusieurs types de standards: – standards proprié taires: parfois non public, ré servé à un constructeur: SNA d’IBM, NetWare de Novell, DECnet de Digital, Transdata de Siemens Nixdorf, ... • Presque disparus mais encore actifs dans les domaines ‘pre- standard’ • Voix sur IP: SCCP de Cisco, wireless security, … – standards ouverts de jure: OSI de l’ISO, IEEE 802.*, X.25, ... – standards ouverts de facto: TCP/IP, Ethernet, ... 03/07/09 7
    8. Gé né ralité s • les communications sont un domaine complexe et en é volution constante => besoin d’un modè le: – é tablir des spé cifications et les tests – comparer des solutions – é tablir des thé ories • le modè le sera en plusieurs couches simples à vocation pré cise afin de faciliter la compré hension et l’implé mentation 03/07/09 8
    9. ...AN Based on the Span • A lot of acronym ending with ...AN – Area Network • Like – LAN Local Area Network: several 100’s of meters – MAN Metropolitan Area Network: a city, 10’s of km – WAN Wide Area Network: the whole Earth – PAN Personal Area Network: one meter or so – RAN Radio Area Network: from a single antenna 03/07/09 9
    10. ...AN Based on Usage • A lot of acronym ending with ...AN – Area Network • Like – SAN Storage Area Network: • linking servers and hard-disks so that server do not know that disk are not attached 03/07/09 10
    11. Local Area Network: LAN • LAN are usually a layer 2 technology – Using a single media • Most common Ethernet over twisted pair – 10 Mbps, 100 Mbps (= Fast Ethernet), 1 Gbps, 10 Gbps, ... – Standard IEEE 802.3 • Before over a coax cable now over twisted pair and hub/switch • Unique Ethernet address on each Network Interface Card (NIC) – 24 bits unique per vendor: 00-02-8A (Cisco) – 24 bits assigned by vendor: 09-07-CF  48-bits unique global address: 00-02-8A-09-07-CF 03/07/09 11
    12. Ethernet Topologies How to connect more than 2 hosts? • bus topology popular through mid 90s – all nodes in same collision domain (can collide with each other) • today: star topology prevails – active switch in center – each “spoke” runs a (separate) Ethernet protocol (nodes do not collide with each other) switch bus: coaxial cable star 03/07/09 12
    13. Ethernet Hub • Frames are repeated on all ports... • 8 x 100 Mbps ports ~ 15 € A A  C A  C  A C C C D B A 03/07/09 13
    14. Ethernet Switch • Frames are repeated only on destination port – Don’t disturb other machines – While A sends to C, B can simultaneously send to D • 5 x 100 Mbps ports ~ 20 € Enterprises always • High density (8 x 48 ports) => up to 100 € /port use switches C A   A C C D B A 03/07/09 14
    15. Virtual LAN: VLAN • Switched can be partitioned in virtual LAN – VLAN#1: ports A & C – VLAN#2: ports B & D • Use to separate traffic for security, ... C D B A 03/07/09 15
    16. Going Faster than Ethernet • Ethernet is 1 Gbps (10 Gbps) 10 9 bit/s 10 10 bit/s – 1 CD-ROM 800 MB = 64 10 8 bits – 1 DVD 4.7 GB = 40 10 9 bits – Ethernet 1 Gbps transfer • CD-ROM = 6 seconds • DVD = 40 seconds • A very fast hard disk is 800 MB/s write = 6.4 Gbps • Too slow for High Performance Computing – Needs faster  03/07/09 16
    17. High Performance Computing Financial Academic EDA Manufacturing Oil & Gas Biotech Services Research Reduce time to Low-latency, High- Accelerate time to Expand Research Shorten Time market for new message rate market Increase accuracyproducts Capabilities for Tape-Out market data of Reservoir Molecular environments Complex Improve Yield Better Safety & Modeling and Modeling and Research Seismic Analysis Product Design Real-time Protein folding Problems through analytics experiments for Deliver large Simulation drug discovery Greater Industry datasets optimally Outreach Statoil – Honda NCSA @ UIUC Multiple Intel DE Shaw R&D JPMC – 2000+ Clusters Ferrari – F1 Stanford Univ Servers in Global Motorola Cedar Sinai Deployment ONGC RedBull Racing MIT TSMC Stanford BioX Citi – Fixed ENI Airbus Harvard Univ Altis Scripps Institute Income Trading Occidental Boeing Semiconductor UNC Chapel Hill 03/07/09 17
    18. Another LAN: Infiniband • Point to point link • Each link can be 2, 4 or 8 Gbps • Links can be aggregated (appearing as one) – 4x => 8, 16 or 32 Gbps – 12x => 24, 48 or 96 Gbps 03/07/09 18
    19. Wide Area Network Services • WAN: transfer of data over 100’s of km • Enterprises cannot build their own network – Too expensive • Service is offered by SP (service provider) – Nation wide: Belgacom, Voo, Mobistar, Telenet – Worldwide: British Telecom, Colt, Verizon, ... • Layer 1: transmit elementary bit • Layer 2 (= Data-Link): transmit a frame (like a packet) 03/07/09 19
    20. WAN: As Layer 1 or 2 Services • Layer 1: leased line = a pair of copper wire with modem • Like from your ADSL router to Skynet/Belgacom • Layer 1: optical fiber • Dark fiber (you need to add laser transmitter): just for you, €€€ • Shared fiber (each customer uses a different color for laser): cheaper • Layer 2: point to point link (or star network) where SP handles the layer 1 (modulation) and repeats frame (layer 2) • Used to be care? Do we the prevalent solution: X.25, Frame Relay Decision based on price for bandwidth • But now reserved for MAN with Ethernet Sharing issue? May means less bandwidth 20 03/07/09
    21. 3: couche ré seau • permet le transfert de paquets via plusieurs couches de liaison de donné es diffé rentes – Permet de passer de WiFi à ADSL à Internet à Ethernet – Notion de route à suivre – Notion d’adresse ré seau unique au niveau mondial • Exemple: IP (Internet Protocol utilisé sur Internet) f Z A b e 03/07/09 21
    22. Network Layer: IP at Home • IP is the network layer we all use  • Our IP packets traverse multiple data links and media Internet = All other ISP 1st data Your ISP link: wifi Nth data link: 2nd data Ethernet or ... link: Ethernet 3rd data link: ADSL or Cable Access Point ADSL Router 03/07/09 22
    23. What is an IP address? • In IPv4, an address is a 32 bit quantity that uniquely identifies a network interface. • In IPv4 there are 2 32 = 4,294,967,296 unique addresses possible 03/07/09 23
    24. Basic Addressing • IP addresses are Dots separate the sections written in dotted decimal format. 64.100.24.1 • Four sections are separated by dots. • Each section contains a number between 0 and Each section contains a number 255. between 0 and 255 03/07/09 24
    25. IP Addressing at Home • If a node has multiple network interfaces, it typically has multiple IP addresses I’m 192.168.100. Internet = 2 All other ISP I’m 192.168.100.1 Your ISP And 192.168.1.2 I’m 192.168.1. I’m 192.168.1.1 3 And 80.123.34.89 Access Point ADSL Router 03/07/09 25 Network Printer
    26. IP Address Hierarchy For Mr. Postman • IP address is divided into two parts to achieve efficient “packet processing” – Network-id: Represents the physical network commonly called a “prefix” (often first 24 bits) – Host-id: Represents a computer on the network (often last 8 bits) 100 250 260 Main St. Tasman Dr. Tasman Dr. Main St. Tasman Dr. 101 Main St. 03/07/09 26
    27. Can we Automate Addressing? • Defining static IP addresses on each host – Does not scale – Error prone (moving a PC to another network), ... • Dynamic Host Configuration Protocol (DHCP) – DHCP server (Windows or a router) is configured with the list of IP addresses for a network – When a host boots, it ask the DHCP for an IP address (and other information like routing, DNS, ...) Most enterprises use DHCP except for servers keeping the log to see who is using which address 03/07/09 27
    28. What is IPv6? • The current IP is version 4 – Limited address space (32 bits), exhaustion in 2010 • The next IP is version 6 – Addresses are 128-bits wide – No more exhaustion – Else nothing has changed – Already in Windows Vista or Mac OS/X or Linux • Windows XP: ‘ipv6 install’ IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6 03/07/09 28
    29. IPv4 Address Fractal Map Jan-2000 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Reserved UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 Reserved SITA Merck Cap Debis AT&T MERIT Reserved Reserved Reserved Reserved Reserved Reserved APnic Reserved Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 Reserved US Postal US DoD El duPONT US DoD Haliburton Reserved PSI Reserved ARIN Reserved Reserved APnic Reserved ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 Reserved APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN Reserved Reserved Reserved Reserved Reserved Reserved Loopback Various Various Various Various Reserved Reserved Reserved Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved 03/07/09 29 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved
    30. IPv4 Address Fractal Map Jan-2001 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 236 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Reserved UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 Reserved SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic Reserved Reserved Reserved APnic Reserved Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 Reserved US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN Reserved Reserved APnic Reserved ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 Reserved APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN Reserved Reserved Reserved Reserved Reserved Reserved Loopback Various Various Various Various Reserved Reserved Reserved Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved 03/07/09 30 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved
    31. IPv4 Address Fractal Map Jan-2002 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 Reserved SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic Reserved Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 Reserved US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN Reserved Reserved APnic Reserved ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 Reserved APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN Reserved Reserved Reserved Reserved Reserved Reserved Loopback Various Various Various Various Reserved Reserved Reserved Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved 03/07/09 31 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved
    32. IPv4 Address Fractal Map Jan-2003 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 Reserved SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic Reserved Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 Reserved US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic Reserved APnic Reserved ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 Reserved APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN Reserved Reserved Reserved Loopback Various Various Various Various Reserved Reserved Reserved Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various Reserved RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved 03/07/09 32 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved
    33. IPv4 Address Fractal Map Jan-2004 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 Reserved SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 Reserved US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 Reserved APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN Reserved Reserved Reserved Loopback Various Various Various Various Reserved Reserved Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various Reserved RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved 03/07/09 33 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved
    34. IPv4 Address Fractal Map Jan-2005 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN Reserved Reserved Reserved Loopback Various Various Various Various Reserved Reserved Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN Reserved Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved ARIN Reserved Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various Reserved RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 Reserved Various Various Various Various Various Various Various Various Reserved RIPE RIPE Reserved Reserved Reserved Reserved 03/07/09 34 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 Reserved Various Various Various Various Various Various Various Various Reserved Reserved Reserved Reserved Reserved Reserved Reserved
    35. IPv4 Address Fractal Map Jan-2006 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AfrNIC 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily Reserved US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN Reserved Reserved APnic Loopback Various Various Various Various Reserved Reserved Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN Reserved Reserved APnic APnic Various Various Various Various Reserved Reserved LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved Reserved Reserved ARIN ARIN Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved ARIN ARIN ARIN Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various RIPE RIPE Reserved Reserved Reserved Reserved Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Reserved RIPE RIPE RIPE Reserved Reserved Reserved 03/07/09 35 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Reserved Reserved Reserved Reserved
    36. IPv4 Address Fractal Map Jan-2007 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AFRnic 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily AFRNic US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN APnic APnic APnic Loopback Various Various Various Various Reserved Reserved Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN APnic Reserved APnic APnic Various Various Various Various Reserved Reserved LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved RIPE RIPE ARIN ARIN Reserved Reserved Reserved Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved RIPE Various Various Various Various Reserved Reserved Reserved Reserved ARIN ARIN ARIN Reserved Reserved Reserved 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE Reserved Reserved ARIN ARIN Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various RIPE RIPE Reserved Reserved ARIN ARIN Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Reserved RIPE RIPE RIPE Reserved Reserved Reserved 03/07/09 36 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Reserved Reserved Reserved Reserved
    37. IPv4 Address Fractal Map Jan-2008 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved PDN HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various Reserved 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AFRnic 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily AFRNic US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN APnic APnic APnic Loopback Various Various Various Various LACnic LACnic Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN APnic APnic APnic APnic Various Various Various Various Reserved Reserved LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 Reserved RIPE RIPE ARIN ARIN APnic APnic APnic Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 Reserved RIPE Various Various Various Various Reserved Reserved Reserved Reserved ARIN ARIN ARIN APnic APnic APnic 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 Reserved Reserved RIPE RIPE RIPE RIPE ARIN ARIN Reserved Reserved Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 Reserved Various RIPE RIPE RIPE RIPE ARIN ARIN Reserved Reserved Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Reserved RIPE RIPE RIPE Reserved Reserved Reserved 03/07/09 37 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Reserved Reserved Reserved Reserved
    38. IPv4 Address Fractal Map Jan-2009 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved Reserved HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various AFRINic 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AFRnic 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily AFRNic US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN APnic APnic APnic Loopback Various Various Various Various LACnic LACnic Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN APnic APnic APnic APnic Various Various Various Various Reserved ARIN LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 APnic RIPE RIPE ARIN ARIN APnic APnic APnic Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 APnic RIPE Various Various Various Various Reserved Reserved Reserved Reserved ARIN ARIN ARIN APnic APnic APnic 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 ARIN Reserved RIPE RIPE RIPE RIPE ARIN ARIN APnic APnic Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 ARIN Various RIPE RIPE RIPE RIPE ARIN ARIN Reserved ARIN Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Reserved RIPE RIPE RIPE Reserved Reserved Reserved 03/07/09 38 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Reserved Reserved Reserved Reserved
    39. IPv4 Address Fractal Map - Today 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved Reserved HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various AFRINic 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AFRnic 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily AFRNic US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN APnic APnic APnic Loopback Various Various Various Various LACnic LACnic Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN APnic APnic APnic APnic Various Various Various Various Reserved ARIN LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 APnic RIPE RIPE ARIN ARIN APnic APnic APnic Various Various Various Various Reserved Reserved Reserved Reserved 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 APnic RIPE Various Various Various Various Reserved Reserved Reserved Reserved ARIN ARIN ARIN APnic APnic APnic 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 ARIN Reserved RIPE RIPE RIPE RIPE ARIN ARIN APnic APnic Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 ARIN Various RIPE RIPE RIPE RIPE ARIN ARIN Reserved ARIN Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Reserved RIPE RIPE RIPE Reserved Reserved Reserved 03/07/09 39 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Reserved Reserved Reserved Reserved
    40. IPv4 Address Fractal Map Jan-2010 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved Reserved HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Reserved Xerox AT&T Apple MIT Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Reserved US DoD IBM Private Reserved US DoD Reserved US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Reserved Reserved APnic APnic APnic Reserved APnic LACnic Various AFRINic 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Reserved PSI RIPE ARIN APnic APnic APnic LACnic ARIN AFRnic 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Reserved UK DSS Reserved Interop Eli Lily AFRNic US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Reserved Prudential Bell North Radio Inet Reserved RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN APnic APnic APnic Loopback Various Various Various Various LACnic LACnic Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN APnic APnic APnic APnic Various Various Various Various Reserved ARIN LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 APnic RIPE RIPE ARIN ARIN APnic APnic APnic Various Various Various Various Reserved Next Next Next 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 APnic RIPE Various Various Various Various Reserved Next Next Next ARIN ARIN ARIN APnic APnic APnic 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 ARIN Next RIPE RIPE RIPE RIPE ARIN ARIN APnic APnic Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 ARIN Various RIPE RIPE RIPE RIPE ARIN ARIN Next ARIN Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Next RIPE RIPE RIPE Next Next Next 03/07/09 40 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Next Next Next Next
    41. IPv4 Address Fractal Map Jan-2011 000 001 014 015 016 019 020 021 234 235 236 239 240 241 254 255 Reserved Reserved Next HP DEC Ford CsC US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 003 002 013 012 017 018 023 022 233 232 237 238 243 242 253 252 GE Next Xerox AT&T Apple MIT Next US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 004 007 008 011 030 029 024 025 230 231 226 225 244 247 248 251 Fractal map: Layout by Randall Munroe, Time Sequence by Tony Hain, Highlighted by Jeff Apcar L3 ARIN L3 US DoD US DoD US DoD Cable UK Defense Multicast Multicast Multicast Multicast Class E Class E Class E Class E 005 006 009 010 031 028 027 026 229 228 227 224 245 246 249 250 Next US DoD IBM Private Next US DoD Next US DoD Multicast Multicast Multicast Multicast Class E Class E Class E Class E 058 057 054 053 032 035 036 037 218 219 220 223 202 201 198 197 APnic SITA Merck Cap Debis AT&T MERIT Next Next APnic APnic APnic Next APnic LACnic Various AFRINic 059 056 055 052 033 034 039 038 217 216 221 222 203 200 199 196 APnic US Postal US DoD El duPONT US DoD Haliburton Next PSI RIPE ARIN APnic APnic APnic LACnic ARIN AFRnic 060 061 050 051 046 045 040 041 214 215 210 209 204 205 194 195 APnic APnic Next UK DSS Next Interop Eli Lily AFRNic US DoD US DoD APnic ARIN ARIN ARIN RIPE RIPE 063 062 049 048 047 044 043 042 213 212 211 208 207 206 192 192 ARIN RIPE Next Prudential Bell North Radio Inet Next RIPE RIPE APnic ARIN ARIN ARIN RIPE Various 064 127 186 187 188 191 067 068 069 122 123 124 128 131 132 133 ARIN ARIN ARIN ARIN APnic APnic APnic Loopback Various Various Various Various LACnic LACnic Various Various 065 066 071 070 121 120 125 126 130 185 184 189 190 129 135 134 ARIN ARIN ARIN ARIN APnic APnic APnic APnic Various Various Various Various Next ARIN LACnic LACnic 113 078 077 072 073 118 119 114 142 141 136 137 182 183 178 177 APnic RIPE RIPE ARIN ARIN APnic APnic APnic Various Various Various Various Next Next Next Next 112 079 143 140 139 138 181 180 179 176 076 075 074 117 116 115 APnic RIPE Various Various Various Various Next Next Next Next ARIN ARIN ARIN APnic APnic APnic 174 175 080 111 144 145 158 159 160 161 081 094 095 096 097 110 ARIN Next RIPE RIPE RIPE RIPE ARIN ARIN APnic APnic Various Various Various Various Various Various 173 172 083 108 147 146 157 156 163 162 082 093 092 099 098 109 ARIN Various RIPE RIPE RIPE RIPE ARIN ARIN Next ARIN Various Various Various Various Various Various 084 148 151 152 155 164 167 168 171 107 087 088 091 100 103 104 RIPE Various Various Various Various Various Various Various Various Next RIPE RIPE RIPE Next Next Next 03/07/09 41 085 149 150 153 154 165 166 169 170 086 089 090 101 102 105 106 RIPE Various Various Various Various Various Various Various Various RIPE RIPE RIPE Next Next Next Next
    42. Wide Area Network As a Layer 3 Service • The prevalent solution – Service offered by a Service Provider (SP) – Transfer IP packets from your site to another site • Customers does not care about routing – Looks like the Internet but more € but with quality defined (see later) – Typical technology: MPLS (also called IP service) SP Layer 3 Services SP manages Layer 1: cable Layer 2: Ethernet or ... Layer 3: addressing and routing Easier for enterprise Fixed budget... ... But you loose control 42 03/07/09
    43. Wide Area Network Layer 3 Service or In House Network? SP Layer 3 Services 03/07/09 43
    44. Layer 3 Service Pros and Cons • Pros – Outsource the WAN to SP: no more CAPEX, reduce OPEX – Easier to deploy – Easier international WAN • Specially in weird countries • Cons – Lost of network ownership • Could be impossible for some business – Need to check quality of delivered service (SLA see later) • NB: the cost is not a deal breaker usually 03/07/09 44
    45. What about Congestion? • Congestion: too many packets arriving in a router/switch – Specially when input throughput > output throughput – Routers/switches will store the peak in memory • Issue: packets wait in queue, longer delay – Memory exhausted?  dropping packets • Issue: packets are lost forever (hence the need of TCP for retransmission) 100 Mbps = 1 Mbps = 100.000 pps 1.000 pps ADSL Router 03/07/09 45
    46. Quality of Service: QoS • QoS is a sense of quality for packet transfer – Packet loss: due to congestion or frame corruption (rare) – Latency (or delay): the time to transfer data from source to destination – Jitter: variation of the delay (see next slide) 03/07/09 46
    47. Delay Variation—“Jitter” B A C Sender Transmits t d1 d2 C B A B Receives t D2 = d2 D1 = d1 Jitter 03/07/09
    48. How to Guarantee QoS? • Classify & mark – Each IP packet is marked with its priority (precedence) • The is a byte reserved for it in IP packet • By the host • By a network device based on TCP/UDP ports • Enforce – Make different queues: routine, normal, priority, ... – In case of congestion • Drop packets from routine queue • Always process priority packets first – Think about fire trucks in traffic jam 03/07/09 48
    49. QoS in Action Finance Manager Enforcement Remote Campus Campus Backbone Classification Classification Multimedia Order Entry, Training Finance, Servers Manufacturing 03/07/09 49
    50. Service Level Agreement: SLA • This is the contract between – A customer Never forget to put SLA – A provider in any service • About – Penalties (discount) when SLA not met – Quality of service: • Data traffic: packet loss, latency, jitter • Availability: – 99,999% availability is 5 minutes down per year – Maintenance window (scheduled network down) don’t count • Change request: time to establish a new circuit 03/07/09 50
    51. The Security Impact
    52. 100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it…. ” Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University 03/07/09 52
    53. Risk Assessment in 2006 In the 2004 CSI/FBI survey (481 US organizations): Over 52% reported security breaches. Reported security incidents totaled losses over $52 million.  in decrease  Highest source of loss was virus – over $15 million alone followed by unauthorized use $10 million. Of the top causes of loss, insider misuse of resources was in top 3. 03/07/09 53 -Source: CSI/FBI 2006 Computer Crime & Security Survey
    54. Insiders… “ Over 75% of hacking is done by insiders and it’s easy to see why. The person on the inside is on the right side of the firewall—they know the computer systems and they have access to the passwords ” Neil Barrett, Bull Information Systems, ‘Computer Crime Fighter’—Personal Computer World, Feb 1999 03/07/09 54
    55. Regulations and Compliance... • EU directives on data protection & privacy – Identity Theft legislation, Personal Data Protection (Directive 95/46/EC on the protection of personal data) • Sarbanes Oaxley – Mainly for US companies (listed on Wall Street) – But also for their WW partners • Section 302 requires CEO and CFO to make quarterly and annual certifications regarding company’s internal control over financial reporting. • Section 404 requires management assessment and audit report regarding management’s assessment. • Basel II • Payment Card Industry Data Security Standard: PCI DSS • Even ISO 27001 (or BS 7799) 03/07/09 55
    56. Facts about PCI DSS • Published January 2005 – v1.1 released Sept 7, 2006 – All new audits must use v.1.1 • Impacts ALL who – Process – Transmit – Store: cardholder data Payment Card Industry Data • Developed by MasterCard Security Standard January 2005 and Visa, endorsed by other brands • Global reach – Account Information Security (AIS) regulation 03/07/09 56 outside of US
    57. The Principles of Security: C I A Confidentiality C - Ability to ensure secrecy security I A Integrity Availability -Of service - Ability to ensure asset/data -Of data in not modified 03/07/09 57
    58. Attack against Confidentiality telnet foo.bar.org username: dan password: m-y-p-a-s-s-w-o-r-d d-a-n 03/07/09
    59. Attack on Integrity Deposit $900 in Mallet’s Account and $100 in Deposit $1000 Bob’s Account in Bob’s Account Customer Bank 03/07/09
    60. Attacks of Integrity: Web Defacing 03/07/09 60
    61. Denial of Service (DoS) Prevents authorised people from using a service 03/07/09
    62. Handling Risk… • Transfer: to an insurance company • Reduce: implement countermeasure(s) – Also called controls • Rejecting/Ignoring: foolish… • Accepting: when cost of CM does not make sense 03/07/09 62
    63. Controls • Administrative controls – Policies, standards, procedures – Screening personnel, education • Technical controls – Access control, encryption, security devices • Physical controls – Facility protection, security guards, locks, monitoring, intrusion detection • All the above to protect company assets 03/07/09 63
    64. Technical Control: Access Control • Subject – Active entity – Request access – E.g.: users, program, process, … • Object: – Passive entity – Contain information or other objects – E.g.: computer, disk, file, … • Access: – Flow of information between subject and object • Access Control: – Mechanisms to control the access 03/07/09 64
    65. Access Control Id, Authen, Author, Account • Consecutive steps for access control – Identification: who are you ? – Authentication: prove it ! – Authorization: what can you do ? – Accounting/Auditing: what have you done ? (after the object access) • Sometimes called AAA for Authentication, Authorization and Accounting 03/07/09 65
    66. Technical Control: Cryptography • The science of hiding a message Plaintext: Plaintext: Encryption Hello Hello keys Encryption Decryption Ciphertext: %z$*@ 03/07/09 66
    67. Some Words on Cryptography • Encryption/decryption – mathematical functions with 2 parameters • Message (plain text or cipher text) • Key – Strength: linked to function and size of key – Two classes of crypto systems • Symmetric crypto systems: encryption key = decryption key • Asymmetric crypto systems: encryption key ≠ decryption key 03/07/09 67
    68. Technical Controls More Words on Crypto • Symmetric cryptosystems – Current minimum key size: 128 bits – Examples: AES (from Belgium), RC4 – Very fast: 1 Gbps – Issue: how can we safely share a key? • Asymmetric cryptosystems – Current minimum key size: 2048 bits – Examples: RSA – Very slow: 100 kbps – No shared key, easy to deploy – Mainly used for signatures (non reputable proof of origin) or for authentication (who you are) 03/07/09 68
    69. Crypto on Networks Cryptography alone is NEVER ENOUGH to guarantee security! • IPsec – Used to encrypt all IP packets between two routers/ hosts – Virtual Private Network (VPN) • Linking remote branches over the public Internet • Linking a remote user over the public Internet • Secure Session Layer (SSL) – Used to encrypt a single TCP (like HTTP) connection • https://  allows for e-commerce • Also used for remote user over the public Internet 03/07/09 69
    70. Technical Controls Perimeter Security and Firewalls • Security often relies on segregation of security domains – Trusted – Untrusted: Internet, … • Trusted domains are protected by a perimeter – Hence the term of security perimeter • When a point of passage between domains is required – Firewall: security policy enforcement 03/07/09 70
    71. Technical Controls Security Perimeter Untrusted Zone firewall Trusted Zone 03/07/09 71
    72. Technical Controls Usual Firewall Locations Internet intranet Partner Y Partner X HR Network Source: Cisco Systems 03/07/09
    73. Technical Controls: Firewalls Deep Packet Inspection • More and more protocols run over HTTP – SOAP (= XML over HTTP) –… • Security policy must be enforced for those new protocols  need to also inspect the payload of HTTP • This is called Deep Packet Inspection 03/07/09 73
    74. Impact of Voice
    75. Why Voice over IP? • Before voice had a separated network • If voice is over IP then – Single network to operate (or to outsource) – Toll by-pass: • Data communication is usually cheaper than voice communication – More functions in phones • Video • User directory – Data and voice applications can merge • Voice mail • Web conferencing • Customer Relation Management systems 03/07/09 75
    76. Voice in an IP Packet 1. Transform usual voice (analog) in digital with CODEC 2. Cut voice in small chunks Voice Payload 3. Transport those chunks over IP RTP Voice Payload UDP RTP Voice Payload IP UDP RTP Voice Payload 03/07/09 76
    77. What Is a CODEC? Analog to Digital Conversion Quantize 256 Steps Sample 8,000/sec DS0 = Using 8 Bits Nyquist Frequency 64 Kbps 4000 Hz Analog Signal Sample Compand = 0101 Frame Quantize Encode Analog Audio Source Everything Is Bits G.711 Pulse Code Modulation (PCM) is the DS0 03/07/09 77
    78. IP Telephony vs. Voice over IP • IP telephony is a super-set of services over IP – Pure Voice over IP transport – Conferencing – Voice mail – ... 03/07/09 78
    79. Network Requirements for Voice • Power over the Ethernet – No need for power cord for the phone • Quality of service – Voice is delay sensitive (< 150 msec) • Other issue – Relationships between • Network department • Voice department 03/07/09 79
    80. The Skype Service • P2P based VoIP software • Founded by the founders of Kazaa • Can be downloaded free at: – http://www.skype.com • Services – Both paid and free services available – Free - Instant Messaging - Voice and Video communication (PC to PC) A typical Skype user interface 03/07/09 80
    81. Skype Architecture Hierarchical P2P architecture but involves a central Skype authority for registration and certification services Skype Architecture: Normal peers, super nodes, and centralized Skype server 03/07/09 81
    82. Should You Use Skype? • If you can answer yes to four questions: – Are you willing to circumvent the perimeter controls of your network? – Do you trust the Skype developers to implement security correctly (being closed-source)? – Do you trust the ethics of the Skype developers? – Can you tolerate the Skype network being unavailable? 03/07/09 82
    83. Impact of Virtualization
    84. What is Virtualization • Separation of location and services – Services can run anywhere – Users cannot see the difference • Corollary – Several services in the same location 03/07/09 84
    85. “ [Virtualization is] a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource.” Mann, Andi, Virtualization 101 Enterprise Management Associates (EMA) 03/07/09 85 BRKDCT-1870 85 14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
    86. Why Virtualization • Flexibility – Can add a new server/service in less than 1 second – Can move a service to a better server • Being faster, more secure, cheaper • Cost efficiency – Share a physical €€€ server by several application • Green – No need to power 10 servers for 10 services if all 10 services can run on a single server 03/07/09 86
    87. Data Center Trends 60–180 Days to Deploy Applications < 25% Server/Storage Utilization 40–400% Annual Storage Growth 7–10 DC Records Retention (Years) ~ 25–30% DC Power and Cooling Costs > 30% Data Center Operations “By 2008, 50% of Today’s Data Centers Will Have Insufficient Power and Cooling Capacity to Meet the Demands of High-Density Equipment” 03/07/09 87 Source: Gartner, 2008
    88. Data Center Virtualization • Enables consolidation or sharing of physical assets to increase utilization  Reduces physical devices and cabling, space, power, and cooling  Enables rapid deployment and redeployment of resources to meet business objectives 03/07/09 88
    89. Data Center Virtualization Network Network Virtualization Virtualization • Consolidation of physical networks • Greater flexibility • Improved capacity utilization Server Virtualization Server Virtualization App App App App App OS OS OS OS  Consolidation of physical servers OS Hypervisor  Improved server utilization  Greater flexibility Storage Virtualization Storage Virtualization  Consolidation of physical SANs  Improved storage utilization  Greater flexibility 03/07/09 89
    90. Network Virtualization • The basis of other virtualization – Virtual LAN: sharing an Ethernet switch for several independent LAN – Virtual Private Network (VPN) sharing a WAN infrastructure among several independent WAN 03/07/09 90
    91. Storage Virtualization • Network Attached Storage – Attaching a hard-disk to ONE computer via USB/Network – NOT a real virtualization: computer is aware of the remote disk • Storage Area Network (SAN) – Attaching hard-disk to SEVERAL computers via network – Virtualization because computers are unaware of the disks being remote – Network must be really fast: Infiniband or Fibre Channel 03/07/09 91
    92. Why SAN? • Virtualization allows – Sharing disk – Adding storage easily without disruption – Single place for all storage • Easier to secure • Easier to take back-up – Storage is no more local to the computer • Can move the computer and keep the same disk • Important when the computer becomes virtual 03/07/09 92
    93. Storage Volume Virtualization Initiator Target Target Initiator SAN Fabric • Adding more storage requires administrative changes • Administrative overhead, prone to errors • Complex coordination of data movement between arrays 03/07/09 93
    94. Storage Volume Virtualization Virtual Virtual Target 1 Initiator VSAN_10 VSAN_30 Initiator Virtual Volume 1 VSAN_10 Virtual Volume Virtual Virtual Initiator 2 Target 2 Initiator VSAN_20 VSAN_20 VSAN_30 SAN Fabric • A SCSI operation from the host is mapped in one or more SCSI operations to the SAN- attached storage • Zoning connects real initiator and virtual target or virtual initiator and real storage 03/07/09 94 •
    95. Server Virtualization • Multiple Computers inside a Computer – Guest OS can be different than host OS – Guest machines are isolated by default App App App App VM VM Guest OS Guest OS Guest OS Guest OS Modified Stripped Hypervisor Down OS with Host OS Hypervisor y y or or CPU CPU em em m m VMware Microsoft 03/07/09 95
    96. Virtual Server Migration • VMotion, aka VM Migration allows a VM to be reallocated on a different Hardware without Console having to interrupt service. App. Console App. App. OS OS • Downtime in the order of few OS OS OS Layer VMware Virtualization Layer VMware Virtualization milliseconds to few minutes, Hypervisor Hypervisor not hours or days • Can be used to perform y y or Maintenance on a server, or em CPU em CPU m m • Can be used to shift workloads more efficiently 03/07/09
    97. How to Deploy a Network? Or the right questions to be asked?
    98. Basic Networking • IPv6 Readiness • Addressing (mainly technical) – Use of DHCP? – Important for mobile user • Routing (mainly technical) 03/07/09 98
    99. Levels of Security • Does the security policy include network? • Risk management: assets, confidentiality requirements – Specific requirements for some business: Basel II, PCI • Which are my security domains? – HR – Sales? – Guests – What about contractors? 03/07/09 99
    100. QoS • Do you need QoS in your network? – Probably for IP telephony • What are my critical application? – ERP? – Emails? – Back-up? 03/07/09 100
    101. High Availability • Availability is usually important • Redundancy – Hot or cold standby? – Redundant links? – Redundant Service Providers? • What are your disaster recovery procedure? 03/07/09 101
    102. Open Standards • Pros – Competition means lower price – Can switch vendors easily • Cons – Having multiple vendors cost a lot of € (training the operators and users) – Lagging (not leading edge) • Be prepared for some compromise – But ask your vendor for commitment to support future standards 03/07/09 102
    103. Future Proof... • Find the balance between – Proven technologies: but obsolete in a few years • Think IPv4 vs. IPv6 – Leading edge technos: but unstable and expensive 03/07/09 103
    104. Operation Cost • Cheap to buy ≠ cheap to run 03/07/09 104
    105. Outsourcing Network • Pros – Reduces CAPEX – Improves balance sheet • Cons – Your business relies on another party (could go bankrupt or be acquired by competitor) – Less flexibility – Long process cycle • Never forget about SLA in the contract 03/07/09 105
    106. Outsourcing Web Portal • Pros – Learning curve pretty small – Cheaper (CAPEX & OPEX) – More secure (no link to your real data) • Cons – Less control – No access to your life data • No e-business 03/07/09 106
    107. Green Impact • A tornado since early 2008 • Sometime a simple excuse to reduce cost • Power consumption – Faster means more power means more cooling... – Data Center location is no more based on salary but power stability & price – Turn off devices when not in use: RFID, electronics, ... – Reduce consumption => slower device? – SHARE equipment: importance of virtualization 03/07/09 107
    108. End THE END 03/07/09 108
    SlideShare Zeitgeist 2009

    + evynckeevyncke Nominate

    custom

    191 views, 0 favs, 2 embeds more stats

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 191
      • 171 on SlideShare
      • 20 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 13
    Most viewed embeds
    • 19 views on http://mastertic.blogspot.com
    • 1 views on http://www.mastertic.blogspot.com

    more

    All embeds
    • 19 views on http://mastertic.blogspot.com
    • 1 views on http://www.mastertic.blogspot.com

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.