Lesson 6 | IP addressing for a private network |
Objective | Define the IP addressing schemes available in private networks. |
IP Addressing for a Private Network
When designing an IP network, you must determine whether a public or a private address strategy is best for the majority of network hosts.
Hosts that are not directly connected to the Internet can be assigned either a public or private address, but if connection to the Internet is required, at least one public IP address is essential.
Public Addressing Schemes
Hosts connected directly to the Internet require a public, globally unique IP address. Any network connected to the Internet has a minimum of
one public address for Internet connectivity. Use a public addressing scheme if the organization has:
- A large number of hosts that require direct Internet access
- A sufficient number of registered public addresses that can be assigned to all network hosts
To enhance security, a private network that uses public addresses and is connected to the Internet requires isolation from the Internet by a firewall, a screened subnet, or a packet-filtering router.
Network Design
If the network design requires that a large number of IP addresses be accessible from the Internet, you must obtain a suitable range of public IP addresses. You can apply for public IP addresses from an Internet service provider (ISP) or Internet registry.
Acquiring a large number of public addresses is expensive to maintain and in most cases unnecessary. At this time, you must have a very compelling reason to require a large block of public IP addresses. These blocks are given primarily to ISPs; it is very rare that a company can attain them for its own private network use.
Organizations that use a public addressing scheme must also anticipate their network growth. The diminishing number of public IP addresses available can restrict network growth. After you assign all of the public addresses, you cannot add additional devices to the network unless more public addresses are acquired. When you depend on public addressing schemes for your internal network, you give away much of the control you have over your network addressing scheme.
Private Addressing Schemes
Most organizations do not require each host to be accessible from the Internet. Network security is improved by preventing direct Internet access for hosts on the private network.
Use a private addressing scheme if the organization has:
- Few hosts that require direct Internet access
- Insufficient public addresses for all private network hosts
Using a private addressing scheme for the intranet is inexpensive and can be designed to accommodate virtually unlimited network growth. In fact, it costs you nothing to use private network IDs for your internal network. In your network design, include a firewall and a (NAT) network address translation device to act as an intermediary between the organization's private network and the Internet.
The only IP address visible to the Internet is the IP address of the NAT device. Windows 2000 comes with a NAT service that is part of the RRAS. Also, Microsoft Proxy Server 2.0 provides NAT as part of its proxy duties. To find out more about IP address ranges that are reserved by the IETF review RFC 1918.
Public versus Private Address Schemes
Scheme | Public | Private |
Use | Large number of hosts require direct Internet access Sufficient number of registered public addresses exist for private network hosts | Few hosts require direct Internet access Sufficient number of registered public addresses do not exist for private network hosts |
Pros | Addresses are owned All hosts are Internet accessible | Inexpensive Unrestricted growth Secure |
Cons | Costly to lease Restricted growth Can be insecure | Requires a network filtering device for public access Still requires some public addresses |
The next lesson provides an overview of IP address subnet requirements.
Difference between IP address and proxy IP address
An IP address (Internet Protocol address) and a proxy IP address both play crucial roles in the way devices communicate over the internet, but they serve different purposes:
- IP Address:
- Definition: An IP address is a unique numerical label assigned to every device connected to a computer network that uses the Internet Protocol for communication. It's like the postal address for your computer on the internet, enabling it to send and receive data.
- Purpose: The primary purpose of an IP address is to identify a device on a network and enable it to communicate with other devices. It's essential for routing internet traffic to the correct destinations.
- Types: There are two main types of IP addresses: IPv4 (e.g., 192.168.1.1) and IPv6 (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334). IPv4 addresses are limited and have mostly been allocated, leading to the development of IPv6, which has a much larger address space.
- Assignment: IP addresses can be assigned statically, where the address remains constant, or dynamically, where a device can receive a different IP address each time it connects to the network, typically managed by DHCP (Dynamic Host Configuration Protocol).
- Proxy IP Address:
- Definition: A proxy IP address refers to the IP address of a proxy server that acts as an intermediary between your device and the internet. When you use a proxy, your internet traffic is routed through the proxy server, making the proxy's IP address appear as your own to the websites and online services you access.
- Purpose: The primary purposes of using a proxy IP address are to improve security, enhance privacy, and bypass regional or institutional access restrictions. It can hide your actual IP address, making it more difficult for websites to track your location and identity.
- Types: There are several types of proxy servers, including transparent, anonymous, and high-anonymity proxies, each offering different levels of privacy and functionality. Proxy servers can also be specialized, such as web proxies for internet browsing, SOCKS proxies for handling any type of traffic, and reverse proxies for protecting and balancing the load on web servers.
- Usage: Individuals and organizations use proxy servers for various reasons, including to control internet usage, access geo-restricted content, or provide an additional layer of security against malicious actors.
In summary, an IP address is a fundamental identifier for any device connected to the internet, while a proxy IP address is used when a device connects to the internet through a proxy server, effectively masking the device's actual IP address and offering various benefits related to privacy, security, and content access.
DHCP
ip AddressingFor Private Network - Exercise