|Previous||Table of Contents||Next|
Designers are also typically responsible for allocating addresses in DHCP poolsa mechanism that permits dynamic addressing in IP networks. This greatly simplifies the administration requirements at the workstation and is covered in greater detail in Chapter 7.
One of the keys to a strong network design is the use of consistent addresses in the network. For example, most designers allocate a block of addresses for network devices at the beginning or end of the address range. This arrangement accomplishes two goals: First, the identification of a device is greatly simplified, and second, access lists and other security mechanisms can be defined consistently.
The Internet connects a wide array of networks, with each requiring a methodology of uniquely identifying each device in the network. As such a methodology, IP addresses must be unique between devices.
Unlike the burned-in address (MAC) found on a network adapter, the IP address is assigned and is used to create a logical confederation of devices. These groupings are then used to distribute information to other devices in the network. This scenario is typically referred to as routing.
The IP address itself is likely familiar to most readers, so just consider the following as beneficial review. IP addresses, in version 4, are 32-bit values written in dotted decimal notation. For example, an IP address might appear as 10.100.100.9. This address must be unique within the network, and the address may be assigned either manually or dynamically via a process such as DHCP.
All devices contain an address (subnet) mask in addition to the IP address. This mask is applied to the address to identify the scope of the logical grouping. The mask is also 32 bits long.
Consider that the designer wishes to create a medium-sized IP network. The mask could be 255.255.255.0, which when applied to the address 10.100.100.9 yields a grouping of 256 addresses. The first address and the last are reserved, and the resulting mask permits 254 hosts. Note that the network portion of the address was defined by the ones portion of the maskthe 255 decimal notation. The zero notation signified eight zero bits, or the number of unique hosts within that networkequal to the same decimal number as two to the eighth power. In the same manner, the designer could select a mask of 255.255.255.252, which would permit a total of two hosts. These would be 10.100.100.9 and 10.100.100.10. The addresses 10.100.100.8 and 10.100.100.11 would fall into the reserved region. It is also important to note that all IP addresses incorporate an implied mask. This will be discussed later in this chapter; however, it is important to note that 10.100.100.9 would contain a natural mask of 255.0.0.0.
Once the routers understand the mask information, it is possible to cluster these devices. Clustering is similar to the area-code function in phone numbers. (Clearly, it is easier to remember that 312 is located in Chicago and 213 is in Los Angeles. Each of these area codes represents millions of telephones.) This clustering function makes IP routing possibleotherwise, a forwarding table containing each individual host address would require extreme amounts of processing capacity to maintain the database.
The concept of prefix routing is also called hierarchical addressing. This process differs from summarization, but the basic concepts are similar. Again, the example of an area code and telephone number works well to illustrate the process, as shown in Figure 3.1.
FIGURE 3.1 Hierarchical addressing
Designers should note that traditional classful routing would typically combine the area code and prefix numbers in route determination. Address assignments making use of summarization more closely mirror the telephone company modelusing the area code to reach an area and then using the prefix, followed by the host number.
In addition to assigning an address and network, the designer must also choose which addresses to use. There are four possible methods for accomplishing this:
RFC 1918, one of the most-used RFCs (requests for comments), defines the private, reserved IP address space. Addresses in this space can be quite convenient, as the designer need not register with any authority. In addition, addresses assigned by the ISP belong to the ISPshould the corporation wish to change providers, it will also need to readdress all its devices.
RFC 1918 replaced RFC 1597; however, each basically defines the same policy. Under these RFCs, the public Internet will never assign or transport specific blocks of addresses, which are thus reserved for the private use of organizations. These addresses are shown in Table 3.3.
|10.0.0.0 1||Class A network|
|172.16.0.0 through 172.31.0.0||16 Class B networks|
|192.168.0.0 through 192.168.255.0||255 Class C networks|
|This presentation will focus on IP v4. Designers should consider IP v6, a newer addressing scheme that uses 128 bits.|
These address ranges provide the designer with an allocation in each of the IP classesClasses A, B, and C, which will be defined in greater detail later in this chapter. The primary advantage to this approach is that the designer may assign addresses based on Class A or B address space. This option rarely exists for most small and medium-sized organizations.
Another advantage to RFC 1918 addresses is that they imply a degree of security. If the address cannot be routed on the Internet, it is very difficult for a remote attacker to reach the internal network. This is clearly oversimplified, as it would likewise be impossible for the internal devices to reach legal addresses on the Internet. Actually, designers use proxies, or devices that represent the internal network resources, in order to reach the public Inter-net. These proxies typically present themselves in firewalls; however, it is possible to translate only the address information or provide non-secure proxy services. The translation of address information is called NAT, or network address translation, which is presented in Chapter 11.
|Previous||Table of Contents||Next|