Private Addressing and Network Address Translation
Private addresses are reserved IP addresses to be used
internally within an organization's
network. These addresses are not to be used on the open Internet and
therefore must be mapped to a company's external registered address when
sending anything on the Internet.
The available private addresses are in the following table.
|Ranges of Private IP Addresses|
|10.0.0.0 to 10.255.255.255|
|172.16.0.0 to 172.31.255.255|
|192.168.0.0 to 192.168.255.255|
|Generally, some sort of network translation, such as Cisco's NAT, is used to convert the outside network address to an inside network address or vice-a-versa. The following diagram gives a representation.|
|For example, in the diagram above, the internal SA
- sender's address is 18.104.22.168. When they send a request to some
host on the internet, their firewall/gateway or access to the outside
world router must convert the internal address to something that has
meaning in the rest of the world. This will imply using some
approach to make certain the network address of the source of the
request is used in addition to using something that can be converted
back to determine the address of the original sender when a reply
comes back. Thus the host sees the SA as something different
than what the sender does.
Obviously this conversion process needs to work both forwards and backwards.
The following table gives some terminology and descriptions.
|Inside Local IP Address||The IP address assigned to a particular device or host on the inside of the network. This address is either going to be globally unique but obsolete, allocated by RFC 1918 or randomly picked.|
|Inside Global IP Address||A legitimate IP address, assigned by the NIC or ISP, that represents one or more inside local IP addresses to the outside world. The address was allocated from globally unique space, typically provided by the ISP.|
|Outside Global IP Address||The IP address that was assigned to a host on the outside network by its owner. The address was allocated from a globally routable address space|
|Outside Local IP Address||If the outside host is itself on another inside network this is the IP address this outside host (relative to the sender) has on its own inside network.|
|In order to implement this sort of approach a number of
features must be available on the routers being used. While I am
about to list Cisco's NAT features, these should also somewhat represent
what other companies implement.
Routers are usually configured with fixed static IP addresses, while PCs and other hosts may be assigned dynamic addresses.
One example of an approach to internal IP addressing is Novell's IPX. Each of their addresses contains two parts, the network number and the node number. The network number is usually the typical IP address. The node number may be the serial number of the machine or NIC card.
Steps for Designing Network Layer Addressing and Naming. The following are the main steps outlined in Teare for designing network layer addressing and naming.
1. Design a Hierarchy for Addressing
|Design a hierarchy for
addressing as follows:
The hierarchy that you use will depend on the network layer protocol and routing protocol that you are using.
|2. Design Route Summarization||Summarization, also known as aggregation, allows one route to represent many routes, resulting in smaller routing tables. Route summarization is discussed in detail earlier in this chapter.|
|3. Distribution of Administrative Authority||Once the high level plan is made for the network, lower-level addressing and naming may be delegated. For example, if the client has offices in Europe, Asia and North America the authority to name devices and assign addresses, within established guidelines, could be divided along these geographical lines.|
|4. Design a Method for Mapping Physical Locations to Network Numbers||Assigning network numbers by geographical location will also aid in the summarization task. For example, the client who has offices in North America, Europe and Asia could assign a range of addresses to each continent. This would also likely include local organization's continental officers having the right to assign these numbers locally. The summarized address for each continent would then encompass the entire range of addresses assigned to that continent.|
|5. Identify Special Stations such as Routers and Servers with Special Node IDs||To facilitate troubleshooting, devices such as routers and servers should have fixed addresses. For example, all routers could have an IP address with the node part in the range of 1 through 19, while all servers have the node part of their addresses in the range 20 through 29. Then, if during troubleshooting there is a problem with an address that has a node part of 25, it is immediately obvious that this address belongs to a server.|
|6. Configure User Station Addresses||For scalability, user station addresses should be assigned dynamically, rather than statically, if possible. Dynamic address assignment allows the automatic assignment of addresses from a pool of addresses as user stations join the network: the addresses are released from the device back into the pool if the device leaves the network. This simplifies the network administrator's task of changing IP addresses on user stations when users move to a new location, for example.|
|7. If Necessary, Use Gateways to Map Private Addresses to External Addresses||Private addresses are reserved IP addresses to be used only within a company's network. These addresses are not to be used on the Internet so they must be mapped to an organization's external addresses when sending anything on the Internet.|
|8. Name Servers, Routers, and User Stations||Names should be meaningful to facilitate troubleshooting. For example, if the company has offices in Europe, Asia and North America, the router and server names should all start with an abbreviation of the continent like EUR, ASIA and NA. This could be suffixed with the last octet of the devices address - for example, EUR03 for a router.|