| This section discusses
the use of private IP addresses (addresses that are not
allowed on the public Internet because they are either reserved
addresses or previously assigned) and network address translation
(translation from one IP address to another address).
Some organizations do not need to
connect to the Internet, or any other external IP network. In other
situations, some organizations may have some hosts or networks that
never need to make connections external to their own network. For
example, if the arrival and departure display monitors in a large
airport are individually addressable via TCP/IP, these displays most
likely need not be directly accessible from other networks.
In these cases, you can use private
addresses, as defined in RFC 1918, Address Allocation for Private
Internets. This RFC specifies the following IP addresses as
private:
- Class A --- 10.0.0.0 to
10.255.255.255
- Class B --- 172.16.0.0 to
172.31.255.255
- Class C --- 192.168.0.0 to
192.168.255.255
Implementation Considerations
If you decide to use these private
addresses, you do not need to coordinate them with the Internet
registry because they will never be broadcast external networks. You
should, however, do some planning before randomly assigning the
addresses. Some implementation considerations are as follows:
- Determine which hosts do not need
to have network-layer connectivity to the outside. These hosts
are considered private hosts. Private hosts can communicate with
all other hosts within your network, both public and private,
but they cannot have direct connectivity to external hosts
because their routes cannot be advertised externally.
- Routers that connect to external
networks should be set up with the appropriate packet and
routing filters at both ends of the link in order to prevent the
leaking of the private IP addresses. You should also filter any
private networks from inbound routing information in order to
prevent ambiguous routing situations that can occur if routes to
the private address space point outside the network.
- Changing a host from private to
public will require changing its address, and in most cases, its
physical connectivity. In locations where such changes can be
foreseen, you might want to configure separate physical media
for public and private subnets to make these changes easier.
Accessing the Internet Using Private Addresses
If a host configured with a private
IP address needed to access the Internet or other external hosts,
its IP address would need to be reconfigured, and the host device
would most likely need to be moved physically to a network that used
a public IP address. Reconfiguring and reconnecting an entire
network, building, or corporation can be a very costly venture, both
in time and resources. To avoid having to renumber all hosts, an RFC
--- RFC 1631, The IP Network Address Translator (NAT) ---
was
defined.
A NAT router or host is placed on the
border of a stub domain (an internetwork that has a single
connection to the Internet --- referred to as the inside network) and
a public network, such as the Internet (referred to as the outside
network). The NAT router translates the internal local addresses
into globally unique IP addresses before sending packets to the
outside network, as shown in the main figure.
NAT is also used for security reasons to hide internal IP
addressing.
NAT takes advantage of the fact that
relatively few hosts in a stub domain communicate outside of the
domain at any given time. Because most of the hosts do not
communicate outside of their stub domain, only a subset of the IP
addresses in a stub domain must be translated into globally unique
IP addresses when outside communication is necessary.
NAT can also be used when you need to
modify your internal addresses because you change ISPs. Rather than
renumber your networks, use NAT to translate the appropriate
addresses.
Note The
private IP addresses, as defined by RFC 1918, are as follows:
Class A --- 10.0.0.0 to 10.255.255.255
Class B --- 172.16.0.0 to
172.31.255.255
Class C --- 192.168.0.0 to
192.168.255.255
One disadvantage of using NAT,
however, is with network management. The IP addresses in the SNMP
header do translate, but IP addresses in the data portion of an SNMP
packet do not translate.
 |
 |
Lab
Activity |
| |
In
this lab, you will learn the usage of Network
Address Translation through the use of static translation. |
|
|
|
|