Regardless of whether or not your network is connected to the Internet, you must provide certain basic information to configure the physical TCP/IP network interface. As we see in Chapter 6, Configuring the Interface , the network interface needs an IP address and may also need a subnet mask and broadcast address. In this section we look at how the network administrator arrives at each of the required values.
Every interface on a TCP/IP network must have a unique IP address. If a host is part of the Internet, its IP address must be unique within the entire Internet. If a host's TCP/IP communications are limited to a local network, its IP address only needs to be unique locally. Administrators whose networks will not be connected to the Internet select an address from RFC 1918, Address Allocation for Private Internets , which lists network numbers that are reserved for private use.  The private network numbers are:
Networks connecting to the Internet must obtain official network addresses. An official address is needed for every system on your network that directly exchanges data with remote Internet hosts.  Obtain the address from your ISP. Your ISP has been delegated authority over a group of network addresses, and should be able to assign you a network number. If your local ISP doesn't offer this service, perhaps the ISP's upstream provider does. Ask your local ISP who it receives service from and ask that organization for an address. If all else fails, you may be forced to go directly to an Internet registry. The box Internet Registries provides information about the Internet registry services. The form required for registering an address is available at ftp://rs.internic.net/templates/internet-number-template.txt . Use the application as a last resort to obtain an address.
The advantages to choosing a network address from RFC 1918 are that you do not have to apply for an official address and you save address space for those who do need to connect to the Internet.  The advantage to obtaining your address from an Internet registry is that you will not have to change your address in the future if you do connect to the Internet.
If you do choose an address from RFC 1918 it is still possible to connect to the Internet without renumbering all of your systems. But it will take some effort. You'll need a network address translation (NAT) box or a proxy server. NAT is available as a separate piece of hardware or as an optional piece of software in some routers and firewalls. It works by converting the source address of datagrams leaving your network from your private address to your official address. Address translation has several advantages.
Proxy servers provide many of the same advantages as NAT boxes. In fact, these terms are often used interchangeably. But there are differences. Proxy servers are application gateways originally created as part of firewall systems to improve security. Internal systems connect to the outside world through the proxy server, and external systems respond to the proxy server. Unlike routers, even routers with network address translation, the external systems do not see a network of internal systems. They see only one system - the proxy server. All ftp , telnet , and other connections appear to come from one IP address: the address of the proxy server. Therefore, the difference between NAT boxes and proxy servers is that NAT uses a pool of IP addresses to differentiate the connection between internal and external systems. The true proxy server has only one address and therefore must use protocol numbers and port numbers to differentiate the connections.
Proxy servers often have added security features. Address translation can be done at the IP layer. Proxy services require the server to handle data up to the application layer. Security filters can be put in proxy servers that filter data at all layers of the protocol stack.
Given the differences discussed here, network address translation servers should scale better than proxy servers, and proxy servers should provide better security. Proxy servers are frequently used in place of address translation for small networks. Before you decide to use either NAT or proxy services, make sure they are suitable for your network needs.
So far we have been discussing network numbers . Our imaginary company's network ( nuts-net ) was assigned network number 172.16.0.0/16. The network administrator assigns individual host addresses within the range of IP addresses available to the network address; i.e., the nuts-net administrator assigns the last two bytes of the four-byte address.  The portion of the address assigned by the administrator cannot have all bits 0 or all bits 1; i.e., 172.16.0.0 and 172.16.255.255 are not valid host addresses. Beyond these two restrictions, you're free to assign host addresses in any way that seems reasonable to you.
The assignment of groups of addresses is most common when the network is subnetted, and the address groups are divided along subnet boundaries. But assigning blocks of addresses does not require subnetting. It can be just an organizational device for delegating authority. Delegating authority for groups of addresses is often very convenient for large networks, while small networks tend to assign host addresses one at a time. No matter how addresses are assigned, someone must retain sufficient central control to prevent duplication and to ensure that the addresses are recorded correctly on the domain name servers.
Addresses can be assigned statically or dynamically. Static assignment is handled through manually configuring the boot file on the host computer, or through a server such as BOOTP. Dynamic address assignments are always handled by a server, such as PPP or DHCP. Before installing a server for dynamic addressing, make sure it is useful for your purposes. Dynamic PPP addressing is useful for servers that handle many remote dial-in clients that connect for a short duration. If the PPP server is used to connect together various parts of the enterprise network and has long-lived connections, dynamic addressing is probably unnecessary. Likewise, the dynamic address assignment features of DHCP are of most use if you have mobile systems in your network that move between subnets and therefore need to frequently change addresses. See Chapter 6 for information on PPP, and Chapters 3 and 9 for details of DHCP.
Clearly, you must make several decisions about obtaining and assigning addresses. In the next section we look at the subnet mask, which changes how the address is interpreted.
Chapter 2 describes the structure of IP addresses and touches upon the reasons for subnetting. Unless you wish to change the interpretation of your assigned network number, you do not have to define a subnet mask. The decision to subnet is commonly driven by topological or organizational considerations.
Subnetting is not the only way to solve topology problems. Networks are implemented in hardware and can be altered by changing or adding hardware, but subnetting is an effective way to overcome these problems at the TCP/IP software level.
The network administrator decides if subnetting is required and defines the subnet mask for the network. The subnet mask has the same form as an IP address mask. As described in Chapter 2 , it defines which bits form the "network part" of the address and which bits form the "host part." Bits in the "network part" are turned on (i.e., 1), while bits in the "host part" are turned off (i.e., 0).
The subnet mask used on nuts-net is 255.255.255.0. This mask sets aside 8 bits to identify subnets, which creates 256 subnets. The nuts-net administrator has decided that this mask provides enough subnets and that the individual subnets have enough hosts to effectively use the address space of 253 hosts per subnet. Figure 4.1 later in this chapter shows an example of this type of subnetting. Applying this subnet mask to the addresses 172.16.1.0 and 172.16.12.0 causes them to be interpreted as the addresses of two different networks, not as two different hosts on the same network.
Once a mask is defined, it must be disseminated to all hosts on the network. There are two ways this is done: manually, through the configuration of network interfaces; and automatically, through routing protocols. Old routing protocols cannot distribute subnet masks, and old operating systems cannot store the masks in the routing table. In an environment that contains these old systems, every device on the network must use the same subnet mask because every computer believes that the entire network is subnetted in exactly the same way as its local subnet.
New routing protocols distribute address masks for each destination, and new operating systems store those masks in the routing table. This makes it possible to use variable-length subnet masks (VLSM). Using variable-length subnet masks increases the flexibility and power of subnetting. Assume you wanted to divide 192.168.5.0/24 into three networks: one network of 110 hosts, one network of 50 hosts, and one network of 60 hosts. Using traditional subnet masks, a single subnet mask would have to be chosen and applied to the entire address space. At best this would be a compromise. With variable length subnet masks you could use a mask of 255.255.255.128, which creates subnets of 126 hosts, for the large subnet and a mask of 255.255.255.192 to create subnets of 62 hosts for the smaller subnets. VLSMs, however, require UNIX kernels that know how to store and use the masks and routing protocols that can transmit them. See Chapter 7, Configuring Routing , for more information on routing.
The need to specify a broadcast address may not be as clear as, for example, the need to specify a subnet mask. The standard broadcast address is an address where all host bits are set to 1s. This means the standard broadcast address on subnet 172.16.12.0 is 172.16.12.255. We want to use the standard broadcast address, so why worry about it?
The problem arises because some devices use the wrong broadcast address. The BSD 4.2 UNIX release used a broadcast address where the host bits were all set to 0, and there was no facility for changing it. The problem did not exist in BSD 4.3 and later releases; however, some systems still default to the wrong broadcast address. If you have systems on your network that use the wrong broadcast address, fix the address.
In Chapter 6 , we discuss how the IP address, subnet mask, and broadcast address are used to configure the physical network interface. Another essential part of a TCP/IP network is routing.