17-IP Addressing-IP Performance Optimization Configuration
Chapters Download (139.45 KB)
Table of Contents
Assigning an IP Address to an Interface
IP Addressing Configuration Example
Displaying and Maintaining IP Addressing
2 IP Performance Optimization Configuration
IP Performance Optimization Overview
Configuring TCP Optional Parameters
Configuring ICMP to Send Error Packets
Displaying and Maintaining IP Performance Optimization
When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in:
l Displaying and Maintaining IP Addressing
This section covers these topics:
On an IP network, a 32-bit address is used to identify a host. An example is 01010000100000001000000010000000 in binary. To make IP addresses in 32-bit form easier to read, they are written in dotted decimal notation, each being four octets in length, for example, 10.1.1.1 for the address just mentioned.
Each IP address breaks down into two parts:
l Net ID: The first several bits of the IP address defining a network, also known as class bits.
l Host-id: Identifies a host on a network.
IP addresses are divided into five classes, as shown in the following figure (in which the blue parts represent the address class).
Figure 1-1 IP address classes
Table 1-1 describes the address ranges of these five classes.
Table 1-1 IP address classes and ranges
|
Class |
Address range |
Remarks |
|
A |
0.0.0.0 to 127.255.255.255 |
The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link. |
|
B |
128.0.0.0 to 191.255.255.255 |
–– |
|
C |
192.0.0.0 to 223.255.255.255 |
–– |
|
D |
224.0.0.0 to 239.255.255.255 |
Multicast addresses. |
|
E |
240.0.0.0 to 255.255.255.255 |
Reserved for future use except for the broadcast address 255.255.255.255. |
The following IP addresses are for special use, and they cannot be used as host IP addresses:
l IP address with an all-zero net ID: Identifies a host on the local network. For example, IP address 0.0.0.16 indicates the host with a host ID of 16 on the local network.
l IP address with an all-zero host ID: Identifies a network.
l IP address with an all-one host ID: Identifies a directed broadcast address. For example, a packet with the destination address of 192.168.1.255 will be broadcasted to all the hosts on the network 192.168.1.0.
Subnetting was developed to address the risk of IP address exhaustion resulting from fast expansion of the Internet. The idea is to break a network down into smaller networks called subnets by using some bits of the host ID to create a subnet ID. To identify the boundary between the host ID and the combination of net ID and subnet ID, masking is used.
Each subnet mask comprises 32 bits related to the corresponding bits in an IP address. In a subnet mask, the part containing consecutive ones identifies the combination of net ID and subnet ID whereas the part containing consecutive zeros identifies the host ID.
Figure 1-2 shows how a Class B network is subnetted.
Figure 1-2 Subnet a Class B network
In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts. For example, a Class B network can accommodate 65,534 (216 – 2. Of the two deducted Class B addresses, one with an all-one host ID is the broadcast address and the other with an all-zero host ID is the network address) hosts before being subnetted. After you break it down into 512 (29) subnets by using the first 9 bits of the host ID for the subnet, you have only 7 bits for the host ID and thus have only 126 (27 – 2) hosts in each subnet. The maximum number of hosts is thus 64,512 (512 × 126), 1022 less after the network is subnetted.
Class A, B, and C networks, before being subnetted, use these default masks (also called natural masks): 255.0.0.0, 255.255.0.0, and 255.255.255.0 respectively.
Follow these steps to assign an IP address to an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
–– |
|
Enter interface view |
interface interface-type interface-number |
–– |
|
Assign an IP address to the interface |
ip address ip-address { mask | mask-length } [ sub ] |
Required No IP address is assigned by default. |
l The primary IP address you assigned to the interface can overwrite the old one if there is any.
l The primary and secondary IP addresses you assign to the interface can be located on the same network segment.
As shown in Figure 1-3, a port in VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
To enable the hosts on the two network segments to communicate with the external network through the switch, and the hosts on the LAN can communicate with each other, do the following:
l Assign two IP addresses to VLAN-interface 1 on the switch.
l Set the switch as the gateway on all PCs in the two networks.
Figure 1-3 Network diagram for IP addressing configuration
# Assign a primary IP address and a secondary IP address to VLAN-interface 1.
<Switch> system-view
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0
[Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub
# Set the gateway address to 172.16.1.1 on the PCs attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to subnet 172.16.2.0/24.
# Ping a host on subnet 172.16.1.0/24 from the switch to check the connectivity.
<Switch> ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms
--- 172.16.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/26/27 ms
The output information shows that the switch can communicate with the hosts on subnet 172.16.1.0/24.
# Ping a host on subnet 172.16.2.0/24 from the switch to check the connectivity.
<Switch> ping 172.16.2.2
PING 172.16.2.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=25 ms
Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=255 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=255 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms
Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms
--- 172.16.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 25/25/26 ms
The output information shows that the switch can communicate with the hosts on subnet 172.16.2.0/24.
# Ping a host on subnet 172.16.1.0/24 from a host on subnet 172.16.2.0/24 to check the connectivity. Host B can be successfully pinged from Host A.
|
To do… |
Use the command… |
Remarks |
|
Display information about a specified or all Layer 3 interfaces |
display ip interface [ interface-type interface-number ] |
Available in any view |
|
Display brief information about a specified or all Layer 3 interfaces |
display ip interface brief [ interface-type [ interface-number ] ] |
When optimizing IP performance, go to these sections for information you are interested in:
l IP Performance Optimization Overview
l Configuring ICMP to Send Error Packets
l Displaying and Maintaining IP Performance Optimization
In some network environments, you can adjust the IP parameters to achieve best network performance. IP performance optimization configuration includes:
l Configuring TCP timers
l Enabling ICMP error packets sending
TCP optional parameters that can be configured include:
l synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet is received within the synwait timer interval, the TCP connection cannot be created.
l finwait timer: When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is started. If no FIN packets is received within the timer interval, the TCP connection will be terminated. If a FIN packet is received, the TCP connection state changes to TIME_WAIT. If a non-FIN packet is received, the system restarts the timer upon receiving the last non-FIN packet. The connection is broken after the timer expires.
l Size of TCP receive/send buffer
Follow these steps to configure TCP optional parameters:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the TCP synwait timer |
tcp timer syn-timeout time-value |
Optional 75 seconds by default. |
|
Configure the TCP finwait timer |
tcp timer fin-timeout time-value |
Optional 675 seconds by default. |
|
Configure the size of TCP receive/send buffer |
tcp window window-size |
Optional 8 KB by default. |
The actual length of the finwait timer is determined by the following formula:
Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer
Sending error packets is a major function of ICMP. In case of network abnormalities, ICMP packets are usually sent by the network or transport layer protocols to notify corresponding devices so as to facilitate control and management.
There are three kinds of ICMP error packets: redirect packets, timeout packets and destination unreachable packets. Their sending conditions and functions are as follows.
1) Sending ICMP redirect packets
A host may have only a default route to the default gateway in its routing table after startup. The default gateway will send ICMP redirect packets to the source host, telling it to reselect a correct next hop to send the subsequent packets, if the following conditions are satisfied:
l The receiving and forwarding interfaces are the same.
l The selected route has not been created or modified by ICMP redirect packet.
l The selected route is not the default route of the device.
l There is no source route option in the packet.
ICMP redirect packets function simplifies host administration and enables a host to gradually establish a sound routing table to find out the best route.
2) Sending ICMP timeout packets
If the device received an IP packet with a timeout error, it drops the packet and sends an ICMP timeout packet to the source.
The device will send an ICMP timeout packet under the following conditions:
l If the device finds the destination of a packet is not itself and the TTL field of the packet is 1, it will send a “TTL timeout” ICMP error message.
l When the device receives the first fragment of an IP datagram whose destination is the device itself, it starts a timer. If the timer times out before all the fragments of the datagram are received, the device will send a “reassembly timeout” ICMP error packet.
3) Sending ICMP destination unreachable packets
If the device receives an IP packet with the destination unreachable, it will drop the packet and send an ICMP destination unreachable error packet to the source.
Conditions for sending this ICMP packet:
l If neither a route nor the default route for forwarding a packet is available, the device will send a “network unreachable” ICMP error packet.
l If the destination of a packet is local while the transport layer protocol of the packet is not supported by the local device, the device sends a “protocol unreachable” ICMP error packet to the source.
l When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet’s port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet.
l If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure” ICMP error packet.
l When forwarding a packet, if the MTU of the sending interface is smaller than the packet but the packet has been set “Don’t Fragment”, the device will send the source a “fragmentation needed and Don’t Fragment (DF)-set” ICMP error packet.
Although sending ICMP error packets facilitates network control and management, it still has the following disadvantages:
l Sending a lot of ICMP packets will increase network traffic.
l If a device receives a lot of malicious packets that cause it to send ICMP error packets, its performance will be reduced.
l As the redirection function increases the routing table size of a host, the host’s performance will be reduced if its routing table becomes very large.
l If a host sends malicious ICMP destination unreachable packets, end users may be affected.
To prevent such problems, you can disable the device from sending ICMP error packets.
Follow these steps to disable sending of ICMP error packets:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable sending of ICMP redirect packets |
ip redirects enable |
Required Disabled by default. |
|
Disable sending of ICMP timeout packets |
undo ip ttl-expires |
Required Enabled by default. |
|
Enable sending of ICMP destination unreachable packets |
ip unreachables enable |
Required Disabled by default. |
The device stops sending “TTL timeout” ICMP error packets after sending ICMP timeout packets is disabled. However, “reassembly timeout” error packets will be sent normally.
|
To do… |
Use the command… |
Remarks |
|
Display current TCP connection state |
display tcp status |
Available in any view |
|
Display TCP connection statistics |
display tcp statistics |
Available in any view |
|
Display UDP statistics |
display udp statistics |
Available in any view |
|
Display statistics of IP packets |
display ip statistics |
Available in any view |
|
Display statistics of ICMP flows |
display icmp statistics |
Available in any view |
|
Display socket information |
display ip socket [ socktype sock-type ] [ task-id socket-id ] |
Available in any view |
|
Display FIB information |
display fib [ | { begin | include | exclude } regular-expression | acl acl-number | ip-prefix ip-prefix-name ] |
Available in any view |
|
Display FIB information matching the specified destination IP address |
display fib ip-address [ mask | mask-length ] |
Available in any view |
|
Clear statistics of IP packets |
reset ip statistics |
Available in user view |
|
Clear statistics of TCP connections |
reset tcp statistics |
Available in user view |
|
Clear statistics of UDP traffic |
reset udp statistics |
Available in user view |
