All rights reserved © 2022 José María Foces Morán Exercise 0. · Breakdown IP Block 192.168.2.0/24 in 4 IP blocks with the following sizes (Number of hosts): - A = 20 - B = 40 - C = 60 - D = 12 1. Round each to next integral power of 2 2. Compute total and round to next integral power of 2 3. Sort the blocks in non-increasing order of sizes: C, B, A, D 4. Assign the first IP address in all encompassing IP block 192.168.2.0/24 to IP Block C 5. Compute initial IP address of block B by adding the size of C to the initial address of C 6. Repeat for the next block until all blocks are processed   Exercise 1. · Use ifconfig or ip link for obtaining the net configurations to R2 and R3. · ping to 192.168.2.194 from paloalto internal (192.168.1.88) should fail now   Exercise 2. · ping to R1, R2 and R3 must run ok · ping to 192.168.2.194 should fail   Exercise 3. root@tunnel-ssh:/home/administrator/utils# ping 192.168.2.194 PING 192.168.2.194 (192.168.2.194) 56(84) bytes of data. --- 192.168.2.194 ping statistics --- 70 packets transmitted, 0 received, 100% packet loss, time 719ms root@tunnel-ssh:/home/administrator/ip# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1 root@tunnel-ssh:/home/administrator/ip# route add -net 192.168.2.192 netmask 255.255.255.224 gw 192.168.1.99 root@tunnel-ssh:/home/administrator/ip# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1 192.168.2.192 192.168.1.99 255.255.255.224 UG 0 0 0 eno1 root@tunnel-ssh:/home/administrator/utils# ping 192.168.2.194 PING 192.168.2.194 (192.168.2.194) 56(84) bytes of data. --- 192.168.2.194 ping statistics --- 70 packets transmitted, 0 received, 100% packet loss, time 719ms ---------------------------------------------------------------------   Exercise 4. In host 192.168.1.99, check whether the kernel is doing IP forwarding at the moment: networks@protocol:~/ip$ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 networks@protocol:~/ip$ su root@protocol:/home/networks/ip# sysctl -w net.ipv4.ip_forward=1 Check ping to 192.168.1.194 again from paloalto: root@tunnel-ssh:/home/administrator# ping 192.168.2.194 PING 192.168.2.194 (192.168.2.194) 56(84) bytes of data. 64 bytes from 192.168.2.194: icmp_seq=1 ttl=64 time=0.704 ms 64 bytes from 192.168.2.194: icmp_seq=2 ttl=64 time=0.686 ms 64 bytes from 192.168.2.194: icmp_seq=3 ttl=64 time=0.698 ms 64 bytes from 192.168.2.194: icmp_seq=4 ttl=64 time=0.643 ms 64 bytes from 192.168.2.194: icmp_seq=5 ttl=64 time=0.689 ms   Exercise 5. In host 192.168.1.99 (paloalto, internal), check IP connectivity with 192.168.2.2 in network 192.168.2.0/25: root@tunnel-ssh:/home/administrator/utils# ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. From 185.179.107.225 icmp_seq=1 Destination Net Unreachable From 185.179.107.225 icmp_seq=2 Destination Net Unreachable From 185.179.107.225 icmp_seq=3 Destination Net Unreachable From 185.179.107.225 icmp_seq=4 Destination Net Unreachable ^C --- 192.168.2.2 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 7ms In host 192.168.1.99 (paloalto), create a route to network 192.168.2.0/25 through gateway 192.168.1.99, and check again: root@tunnel-ssh:/home/administrator/utils# route add -net 192.168.2.0 netmask 255.255.255.128 gw 192.168.1.99 root@tunnel-ssh:/home/administrator/utils# ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. 64 bytes from 192.168.2.2: icmp_seq=1 ttl=64 time=0.731 ms 64 bytes from 192.168.2.2: icmp_seq=2 ttl=64 time=0.714 ms 64 bytes from 192.168.2.2: icmp_seq=3 ttl=64 time=0.713 ms 64 bytes from 192.168.2.2: icmp_seq=4 ttl=64 time=0.710 ms ^C --- 192.168.2.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 82ms rtt min/avg/max/mdev = 0.710/0.717/0.731/0.008 ms   Exercise 6. # sysctl -w net.ipv4.ip_forward=0 · Check that ping to192.168.2.194 and to 192.168.2.2 both fail because R1 is not doing IP fwd. · Restore IP fwd: # sysctl -w net.ipv4.ip_forward=0   Exercise 7. In paloalto check IP connectivity with 192.168.2.129 in network 192.168.2.0/25: root@tunnel-ssh:/home/administrator/utils# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1 192.168.2.0 192.168.1.99 255.255.255.128 UG 0 0 0 eno1 192.168.2.128 192.168.1.99 255.255.255.192 UG 0 0 0 eno1 192.168.2.192 192.168.1.99 255.255.255.224 UG 0 0 0 eno1 root@tunnel-ssh:/home/administrator/utils# ping 192.168.2.129 PING 192.168.2.129 (192.168.2.129) 56(84) bytes of data. From 192.168.1.99: icmp_seq=1 Redirect Host(New nexthop: 192.168.1.1) From 185.179.107.225 icmp_seq=1 Destination Net Unreachable From 185.179.107.225 icmp_seq=2 Destination Net Unreachable From 185.179.107.225 icmp_seq=3 Destination Net Unreachable ^C --- 192.168.2.129 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 6ms root@tunnel-ssh:/home/administrator/utils# ping 192.168.2.130 PING 192.168.2.130 (192.168.2.130) 56(84) bytes of data. From 192.168.1.99: icmp_seq=1 Redirect Host(New nexthop: 192.168.1.1) From 185.179.107.225 icmp_seq=1 Destination Net Unreachable From 185.179.107.225 icmp_seq=2 Destination Net Unreachable From 185.179.107.225 icmp_seq=3 Destination Net Unreachable ^C --- 192.168.2.130 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 6ms · Add a route to network 192.168.2.128/26 via 192.168.2.194: # route add -net 192.168.2.128 netmask 255.255.255.192 gw 192.168.2.194 · Set IP FWD on R3 with sysctl as we did above · In R1 (192.168.1.99), check IP connectivity with 192.168.2.129 in network 192.168.2.0/25