Previous Table of Contents Next

Designers are also typically responsible for allocating addresses in DHCP pools—a mechanism that permits dynamic addressing in IP networks. This greatly simplifies the administration requirements at the workstation and is covered in greater detail in Chapter 7.

One of the keys to a strong network design is the use of consistent addresses in the network. For example, most designers allocate a block of addresses for network devices at the beginning or end of the address range. This arrangement accomplishes two goals: First, the identification of a device is greatly simplified, and second, access lists and other security mechanisms can be defined consistently.

Public and Private Addresses

The Internet connects a wide array of networks, with each requiring a methodology of uniquely identifying each device in the network. As such a methodology, IP addresses must be unique between devices.

Unlike the burned-in address (MAC) found on a network adapter, the IP address is assigned and is used to create a logical confederation of devices. These groupings are then used to distribute information to other devices in the network. This scenario is typically referred to as routing.

The IP address itself is likely familiar to most readers, so just consider the following as beneficial review. IP addresses, in version 4, are 32-bit values written in dotted decimal notation. For example, an IP address might appear as This address must be unique within the network, and the address may be assigned either manually or dynamically via a process such as DHCP.

All devices contain an address (subnet) mask in addition to the IP address. This mask is applied to the address to identify the scope of the logical grouping. The mask is also 32 bits long.

Consider that the designer wishes to create a medium-sized IP network. The mask could be, which when applied to the address yields a grouping of 256 addresses. The first address and the last are reserved, and the resulting mask permits 254 hosts. Note that the network portion of the address was defined by the ones portion of the mask—the 255 decimal notation. The zero notation signified eight zero bits, or the number of unique hosts within that network—equal to the same decimal number as two to the eighth power. In the same manner, the designer could select a mask of, which would permit a total of two hosts. These would be and The addresses and would fall into the reserved region. It is also important to note that all IP addresses incorporate an implied mask. This will be discussed later in this chapter; however, it is important to note that would contain a natural mask of

Once the routers understand the mask information, it is possible to cluster these devices. Clustering is similar to the area-code function in phone numbers. (Clearly, it is easier to remember that 312 is located in Chicago and 213 is in Los Angeles. Each of these area codes represents millions of telephones.) This clustering function makes IP routing possible—otherwise, a forwarding table containing each individual host address would require extreme amounts of processing capacity to maintain the database.

The concept of prefix routing is also called hierarchical addressing. This process differs from summarization, but the basic concepts are similar. Again, the example of an area code and telephone number works well to illustrate the process, as shown in Figure 3.1.

FIGURE 3.1  Hierarchical addressing

Designers should note that traditional classful routing would typically combine the area code and prefix numbers in route determination. Address assignments making use of summarization more closely mirror the telephone company model—using the area code to reach an area and then using the prefix, followed by the host number.

In addition to assigning an address and network, the designer must also choose which addresses to use. There are four possible methods for accomplishing this:

  Use legal, public addresses assigned to the Internet Service Provider (ISP).
  Use legal, public addresses assigned to the organization.
  Use legal, public addresses that belong to another organization—a choice that precludes full connectivity to the Internet.
  Use private addresses that do not propagate across the Internet.

Private Addresses—RFC 1918/RFC 1597

RFC 1918, one of the most-used RFCs (requests for comments), defines the private, reserved IP address space. Addresses in this space can be quite convenient, as the designer need not register with any authority. In addition, addresses assigned by the ISP belong to the ISP—should the corporation wish to change providers, it will also need to readdress all its devices.

RFC 1918 replaced RFC 1597; however, each basically defines the same policy. Under these RFCs, the public Internet will never assign or transport specific blocks of addresses, which are thus reserved for the private use of organizations. These addresses are shown in Table 3.3.

TABLE 3.3 RFC 1918 Addresses

Address Available Allocation 1 Class A network through 16 Class B networks through 255 Class C networks

This presentation will focus on IP v4. Designers should consider IP v6, a newer addressing scheme that uses 128 bits.

These address ranges provide the designer with an allocation in each of the IP classes—Classes A, B, and C, which will be defined in greater detail later in this chapter. The primary advantage to this approach is that the designer may assign addresses based on Class A or B address space. This option rarely exists for most small and medium-sized organizations.

Another advantage to RFC 1918 addresses is that they imply a degree of security. If the address cannot be routed on the Internet, it is very difficult for a remote attacker to reach the internal network. This is clearly oversimplified, as it would likewise be impossible for the internal devices to reach legal addresses on the Internet. Actually, designers use proxies, or devices that represent the internal network resources, in order to reach the public Inter-net. These proxies typically present themselves in firewalls; however, it is possible to translate only the address information or provide non-secure proxy services. The translation of address information is called NAT, or network address translation, which is presented in Chapter 11.

Previous Table of Contents Next