Designing IP Addressing

 

Determining the Size.  For starters, a designer needs to determine the size of a network.  The main questions that likely should be asked are.

  • How many locations does the network consist of?
    • also should know types
  • How big is the network?
    • how many devices?
      • desktops
      • end-systems
      • routers
      • switches
      • firewall interfaces
  • What are the IP addressing requirements for individual locations?
    • dynamic addresses (more later)
    • static addresses (more later)
    • private addresses (more later)
    • public addresses (more later)
  • What class of addresses will be used and how many networks can be obtained from the "authorities" at what cost?
    • ISPs allocate addresses received from the IANA

Locations and Devices.  The designer needs to have some representative diagrams of the network.  The diagrams are likely to be quite general, but the designer needs to determine things such as the following.

  • Locations
  • Type/Purpose of Location
  • Comments

The size of the locations is also very important.  This is important in order to determine the actual IP address ranges that will be used.  Basically, anything that is or can be networked is counted including the following.

  • workstations
  • servers
  • IP phones
  • router interfaces
  • switches
  • firewall interfaces

You also need to make intelligent efforts to anticipate network growth.  A common rule of thumb is to up your estimates by 20%.  But you need to make sure to discuss future network growth with the appropriate people.

These results need to be summarized, likely by lumping everything together.  Though lumping too early can be dangerous because you still need to distinguish other characteristics of your network devices.

Private versus Public Addresses.  Now you need to evaluate what addresses should be public and what should be private.  Private addresses are used only internally within administrative domains/trees on the network.  These private addresses won't be used on the Internet.  Public IP addresses will be used for external communications.

The following table displays addresses that can be allocated for private internets.  These were specified in RFC 1918.

 

Private Address Ranges Actual Range Values Potential Devices
10.0.0.0/8 10.0.0.0 to 10.255.255.255 (256)3 = 16,777,216
172.16.0.0/12 172.16.0.0 to 172.16.255.255 (256)2 = 65,536
192.168.0.0/16 192.168.0.0 to 192.168.255.255 (256)2 = 65,536

 

Remember, public addresses must be obtained through your ISP from IANA.  You should also remember they cost money, but usually not that much.

In general, public IP addresses are for external communications.  Private IP addresses can actually be used more than once in different networks, maybe even different locations within a larger enterprise network.

The following questions are important to answer.

  • Do you need public, private or both types of addresses (very likely both)?
  • How many end systems need access to only the private network?
  • How many systems must be visible to the public network?
    • web servers
    • database servers
      • might still hide some/all of these behind a web server
    • application servers
  • How and where will the boundaries between the public and private IP addresses cross?
    • gateways

It is usually reasonable to hide many devices behind one publicly addressed device.  This one public IP address is used on the open Internet.  Where the packets should travel internally after returning from the public network is coordinated by some device at/near the enterprise edge.

In general, you should expect your devices with public IP addresses to be in the following modules in the Enterprise Network.

  • Internet Connectivity Module
    • used for internet connections and publicly accessible servers
  • E-Commerce Module
    • used for database, application and web servers
  • Remote Access and VPN Module
    • used for related connections