|Lesson 6|| IP addressing for a private network |
|Objective|| Define the IP addressing schemes available in private networks.|
IP Addressing for a Private Network
When designing an IP network, you must determine whether a public or a private address strategy is best for the majority of network hosts.
Hosts that are not directly connected to the Internet can be assigned either a public or private address, but if connection to the Internet is required, at least one public IP address is essential.
Public Addressing Schemes
Hosts connected directly to the Internet require a public, globally unique IP address. Any network connected to the Internet has a minimum of
one public address for Internet connectivity. Use a public addressing scheme if the organization has:
- A large number of hosts that require direct Internet access
- A sufficient number of registered public addresses that can be assigned to all network hosts
To enhance security, a private network that uses public addresses and is connected to the Internet requires isolation from the Internet by a firewall, a screened subnet, or a packet-filtering router.
If the network design requires that a large number of IP addresses be accessible from the Internet, you must obtain a suitable range of public IP addresses.
You can apply for public IP addresses from an Internet service provider (ISP) or Internet registry.
Acquiring a large number of public addresses is expensive to maintain and in most cases unnecessary. At this time, you must have a very compelling reason to require a large block of public IP addresses. These blocks are given primarily to ISPs; it is very rare that a company can attain them for its own private network use.
Organizations that use a public addressing scheme must also anticipate their network growth. The diminishing number of public IP addresses available can restrict network growth. After you assign all of the public addresses, you cannot add additional devices to the network unless more public addresses are acquired.
When you depend on public addressing schemes for your internal network, you give away much of the control you have over your network addressing scheme.
Private addressing schemes
Most organizations do not require each host to be accessible from the Internet. Network security is improved by preventing direct Internet access for hosts on the private network.
Use a private addressing scheme if the organization has:
- Few hosts that require direct Internet access
- Insufficient public addresses for all private network hosts
Using a private addressing scheme for the intranet is inexpensive and can be designed to accommodate virtually unlimited network growth. In fact, it costs you nothing to use private network IDs for your internal network.
In your network design, include a firewall and a (NAT) network address translation device to act as an intermediary between the organization's private network and the Internet.
The only IP address visible to the Internet is the IP address of the NAT device. Windows 2000 comes with a NAT service that is part of the RRAS. Also, Microsoft Proxy Server 2.0 provides NAT as part of its proxy duties.
To find out more about IP address ranges that are reserved by the IETF review RFC 1918.
Public versus private address schemes
The next lesson provides an overview of IP address subnet requirements.
| Scheme || Public || Private |
| Use || Large number of hosts require direct Internet access Sufficient number of registered public addresses exist for private network hosts || Few hosts require direct Internet access Sufficient number of registered public addresses do not exist for private network hosts |
| Pros || Addresses are owned All hosts are Internet accessible || Inexpensive Unrestricted growth Secure |
| Cons || Costly to lease Restricted growth Can be insecure || Requires a network filtering device for public access Still requires some public addresses |
ip AddressingFor Private Network - Exercise