IP addressing

In an IP network, every device - physical or virtual - uses an IP address for communication. The IP address is included in the header of all IP packets sent between two devices, so that the network can forward and deliver the packet to the device it is intended.

Contents

Fundamentals

There are two types of IP addresses in use - IP version 4 (IPv4) and version 6 (IPv6). Most of the content in this section is relevant to IPv4 only. An IPv4 address contains four segments, each with a number 0-255 separated by dots. IPv4 addresses are 32-bit addresses with a total range of

or approximately 4.3 billion addresses. Thus, a segment in an IPv4 address consists of 8 bits (also known as an octet), which can represent 256 different numbers. The fact that the number of IP addresses is limited makes it necessary to reuse addresses, and for this reason there are public and private addresses used in different domains. Private IP addresses cannot be reached via the Internet, whereas public IP addresses can.

Public IP addresses are assigned to Internet web servers, DNS servers, network routers as well as directly connected computers. The Internet Assigned Numbers Authority (IANA) is responsible for assigning a range of addresses to organizations like Internet Service Providers (ISP), which in turn assign individual public IP addresses to their users.

In a home network or Local Area Network (LAN), there needs to be at least one router with a public IP address (assigned by an ISP) to enable access to the Internet. This node is known as a gateway as it sits on the boundary between the private and public domains. In the cloud, public IP addresses are provided from a set of floating IP addresses.

It is also necessary to have a method to uniquely assign private IP addresses to new hosts on the same network. This is done by a Dynamic Host Configuration Protocol (DHCP) server. Most routers and switches have built-in DHCP servers.

Virtual local area networks

In the process of creating a virtual network, Contrail vRouter sets up a virtual routing and forwarding (VRF) table for each subnet. A full mesh MP-iBGP (multiprotocol extenstions for interior Border Gateway Protocol) is configured by Contrail between all vRouters, using overlay tunnels in the packet backbone (PBN) for transport.

The concept of VRF implements an L3 VLAN by complete traffic separation, which ensures that only packets between interfaces (instances) on the same VRF are forwarded.

IPv4 addressing

Each created VPC is isolated from the rest of the cloud, and the user has full flexibility to use any routable IP address space on the cloud resources for networking.

In accordance with best practices, DT Cloud Services recommends using a private IP address space (RFC 1918) to connect the VPC resources. It is essential to keep track of the subnets to avoid network overlapping (in which case routing and communication may fail).

Some IPv4 address ranges are reserved for specific uses:

Public IP ranges.
Loopback range consisting of addresses from 127.0.0.0 to 127.255.255.255: this range is used by each host to test networking to itself.
Private address spaces, specified according to RFC 1918, that must be used only in private networks:
- 10.0.0.0 to 10.255.255.255
- 172.16.0.0 to 172.31.255.255
- 192.168.0.0 to 192.168.255.255
A shared address space (RFC 6598) for CG-NAT using the 100.64.0.0/10 range.
The link-local space (RFC 3927) for automatic IP configuration using the 169.254.0.0/16 range.
Some other less important/used smaller address ranges defined by IANA.

Private IP addresses can be assigned to any interface using either DHCP or manually by specifying a static IP address. DHCP can be used for an interface that has not been pre-configured. When the interface is enabled, the DHCP client is started and sends a request for network information (containing private IP address, subnet mask, gateway address and DNS server address). The interface will get an IP address which is either:

random, if there is no pre-configured address in the DHCP server
predefined, when an address range is set in the DHCP server (recommended option)

The VM or container is booted using the allocated IP address on its interface. The DHCP server supported by the DT Cloud Services cloud can be configured using standard configuration tools.

IPv6 addressing

IPv6 is the most recent version of the Internet Protocol having a much larger address space than IPv4. The 32-bit IPv4 addresses are replaced by 128-bit IPv6 addresses, which relieves the address exhaustion in IPv4 and renders some IPv4 addressing techniques obsolete. IPv6 also implements features that simplify addressing.

The main differences between IPv6 and IPv4 deployments are:

Relaxed need for private IP addresses (the use of private IP addresses is discouraged)
Network Address Translation is not supported
Multiple addresses can be assigned per interface

Just like for IPv4, there are different types of IPv6 addresses:

Global - public IPv6 addresses used for communication on the Internet
Link-local - always generated when IPv6 is enabled on an interface and used for communication on the local network (fe80::/10)
Unique local - special prefix that should not be found on Internet, used as some sort of private IPv6 addresses (fc00::/7)
Loopback - used to test networking stack (::/8)

It is recommended to use the global IPv6 address space, avoiding the unique local address range. IPv6 address configuration can be done in several ways:

DHCP (stateful autoconfiguration) - recommended for cloud servers
Manual configuration - not recommended since it is inflexible and may lead to error
Stateless Address Autoconfiguration (SLAAC) with or without privacy option. SLAAC with privacy is recommended for the client, since the MAC address is used in the algorithm to derive an IP address, but it should be avoided on servers.

MAC addresses

A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. The MAC address is used by the data link layer (L2), and therefore resolution from the IP address to the MAC address is needed. This is performed by the Address Resolution Protocol (ARP), a communication protocol for discovering the link layer address (such as a MAC address) associated with a given network layer address (such as an IPv4 address).