IP address planning in Enterprises

Source: Internet
Author: User

Basic skills for IP address planning in Enterprises: With the development of networks in enterprises over the years, more and more enterprises have established internal LAN, to achieve efficient and low-cost operations and management such as automated paperless office. Many newly established small and medium-sized enterprises and some old enterprises that have no networking before have also set up enterprise LAN. "No network disadvantage" has become the trend of the times. However, since these enterprises do not have experience in network management and planning, many new network administrators do not pay enough attention to IP address planning and management, as a result, it will cause a lot of inconvenience when you need to expand the network or add services in the future, and over time, there will be no structured compilation to gradually increase the difficulty of daily maintenance management. Therefore, this article will introduce the allocation and management of IP addresses. Let's take a look at several basic rules for address allocation. Rule 1: systematic addressing is structured and organized. The network address is planned in an organized manner based on the enterprise's specific needs and organizational structure. Generally, the planning process is based on the overall situation and overall focus, and then divided from big to small. In fact, this is the same as the actual physical address allocation principle. It must first be divided into provinces, cities, counties, districts, roads, streets, and finally doorboards. In terms of the network, the systematic compilation of adjacent hosts or office communities with the same service nature is also consecutive on the IP address, in this way, effective route aggregation can be easily performed on the border routing devices of each block, so that the entire network structure is clear, the routing information is clear, and the route table in the router can also be reduced. The addresses in each region are relatively independent from those in other regions, which facilitates independent and flexible management. Note: Multiple Route entries are summarized into one containing the total route entries. This is a route summary or route induction. When a router checks and computes a route, resources are consumed. The more route entries there are, the longer the route table is, the more time it takes. Therefore, the route table length is reduced through route aggregation, it is helpful to improve the efficiency of the router. The efficiency of effective route summary and summarization is closely related to the distribution of IP address CIDR blocks in the network structure. The more continuous and organized the IP address deployment, the easier and more effective the route summary. Therefore, we should pay attention to systematic addressing when deploying the network. In a subnet environment, routing induction is the most effective when the network address is a continuous block in the form of 2 exponent. Rule 2: Sustainable scalability is to consider future network expansion in the initial planning stage. The vision should be long-lived, and there will be a lot of room for larger blocks in the future. IP addresses are first divided by class. All standard CIDR blocks A, B, and C can only be used in strict accordance with the rules. However, it has now reached the stage of no class. because the size of the subnet and the actual number of hosts can be freely planned, the allocation of Address resources is more reasonable, which virtually increases the scalability of the network. Although the IP address planning with margin not properly considered can also meet the needs for a long period of time at the beginning of the network, when a local area shows high growth or the overall network scale is increasing, at this time, unreasonable planning is likely to have to re-deploy a local IP address or even an overall IP address, which is not a simple task in a medium or large network. Here, we will briefly describe the concepts of IP addresses, masks, subnets, and so on, so as to understand the significance of classless address division. IPv4-Internet Protocol Version 4 (Internet Protocol Version 4) is the current IP Protocol. The address is usually represented by four decimal numbers separated by dots. Each number corresponds to eight binary BITs, which are called a single-bit group (octets ). For example, if the IP address of a host is 128.10.2.1 in binary format, the IP address is 0000000.00001010.00000010.00000001. Network addresses are divided into 5 categories: 1. class A address: the first octet in the four octets represents the network number, and the remaining three represent the host bit. the value range is 0 xxxxxxx, that is, 0 to 127. 2. Class B address: the first two OCTs represent the network number, and the remaining two represent the host bit. The range is 10 xxxxxx, that is, 128 to 191. 3. Class C address: the first three OCTs represent the network number, and the remaining one represents the host space. The range is 110 xxxxx, that is, 192 to 223. 4. Class D address: multicast address, ranging from 224 to 239. 5. Class E address: Reserved address. used in the experiment. The range is 240 to 255. Some special IP addresses: 1. IP address 127.0.0.1: local loopback test address 2. broadcast address: 255.255.255.255 3. IP address 0.0.0.0: represents any network. 4. network No. 0: indicates this network or this network segment 5. network number: 1 indicates all networks. 6. host bit 0: represents any host address of a network segment 7. host bit: 1 indicates all the private IP addresses of the hosts in the CIDR block. To save IP address space and increase security, some IP address segments are reserved as private IP addresses, it will not appear on the Internet. A network with a private IP address is called an intranet or a private network. To communicate with an external network, you must use a Network Address Translation (NAT ). The range of some private addresses: 1. class A address: 10.0.0.0 to 10.20.255.255 2. class B address: 172.16.0.0 to 172.31.255.255 3. classless IP addresses: 192.168.0.0 to 192.168.255.255: First, you must understand Subnet Masks (Subnet mask). It is used to identify which part of the IP address is the network address and which part is the host address, it is composed of 1 and 0, with a length of 32 bits. All bits of 1 represent the network number. Not all networks require subnets. Therefore, we introduce the default subnet mask (default subnet mask ). the default subnet mask of Class a ip addresses is 255.0.0.0 (because 255 is equivalent to 8-bit 1 in binary format, it is also abbreviated as "/8", indicating that the network number occupies 8 digits ); class B is 255.0.0 (/16); Class C is 255.255.255.0 (/24 ). The classless IP subnet does not use the default subnet mask, but allows you to freely divide the network and host spaces, completely breaking the fixed category division such as A, B, and C. For example, in the address 192.168.10.32/28, the mask is 255.255.255.255.240, And the last group is 11110000, that is, only the last four digits are used as the master location, and the first 28 digits are used as the network, because 192. x. x. x is a class C address. The default 24-bit mask. In other words, 4 bits are used as the network bits. In this way, the subnet mask can be used to obtain "2 x to the power-2 (x represents the many-occupied mask bits, here is 4)" = 14 subnets, here, the two CIDR blocks are all 0 and all 1. Each subnet contains "2 to the power of y-2 (y represents the host bit, and 4 here)" = 14 hosts, here, the two addresses are the addresses with all the host locations 0 and 1. In this way, a class C subnet is divided into 14 available small subnets (in some cases, the initial full 0 Segment is also available, after using the IP SUBNET-ZERO command in a Cisco router, you can use all 0 CIDR blocks to obtain 15 available subnets ). You can see that when the number of hosts in each subnet is small, you can use this method to save IP resources and obtain more subnets. Classless IP address in actual use: first, You Need To Know Subnet Masks (Subnet mask), which is used to identify which part of the IP address is the network address and which part is the host address, which is composed of 1 and 0, 32-bit long. The value 1 indicates the network number. Not all networks require subnets. Therefore, we introduce the default subnet mask (default subnet mask ). the default subnet mask of Class a ip addresses is 255.0.0.0 (because 255 is equivalent to 8-bit 1 in binary format, it is also abbreviated as "/8", indicating that the network number occupies 8 digits ); class B is 255.0.0 (/16); Class C is 255.255.255.0 (/24 ). The classless IP subnet does not use the default subnet mask, but allows you to freely divide the network and host spaces, completely breaking the fixed category division such as A, B, and C. For example, in the address 192.168.10.32/28, the mask is 255.255.255.255.240, And the last group is 11110000, that is, only the last four digits are used as the master location, and the first 28 digits are used as the network, because 192. x. x. x is a class C address. The default 24-bit mask. In other words, 4 bits are used as the network bits. In this way, the subnet mask can be used to obtain "2 x to the power-2 (x represents the many-occupied mask bits, here is 4)" = 14 subnets, here, the two CIDR blocks are all 0 and all 1. Each subnet contains "2 to the power of y-2 (y represents the host bit, and 4 here)" = 14 hosts, here, the two addresses are the addresses with all the host locations 0 and 1. In this way, a class C subnet is divided into 14 available small subnets (in some cases, the initial full 0 Segment is also available, after using the IP SUBNET-ZERO command in a Cisco router, you can use all 0 CIDR blocks to obtain 15 available subnets ). You can see that when the number of hosts in each subnet is small, you can use this method to save IP resources and obtain more subnets. In actual use, for example, if you assign an IP address to the devices at both ends of a point-to-point connection, if you assign an IP address strictly according to the classification of subnets, then you can only assign a class C subnet to it. A Class C network contains 254 (that is, the 8th power of 2-2) Available addresses, and you only use 2, 252 available addresses are wasted. In this case, if the/30 mask is used, a subnet only contains 2 (that is, 2 to the power of 2-2) Valid addresses, so that other subnet addresses can be used. Supernetting is a concept similar to subnet (or a relative concept). IP addresses are divided into independent network addresses and host addresses based on the subnet mask. However, unlike a subnet that divides a large network into several small networks, it combines some small networks into a large network-a supernetwork. It can be said that supernetwork is a concept of Address Aggregation, which is closely related to route aggregation. Here is a brief description of Route summary and supernetwork computing methods. For example, the route table of a vro has the following entries: Destination IP Address Mask next hop (or gateway) 192.168.0.0 255.255.255.0 10.1.1.2 192.168.1.0 255.255.255.0 10.1.1.2 192.168.2.0 255.255.255.0 10.1.1.4 where the first two next hop addresses are the same, as you can imagine, the two subnets are attached to a vro. The two routes can be summarized as the destination IP address 192.168.0.0, mask 255.254.0, And the next hop 10.1.1.2. Why can't I write 192.168.0.0 255.0.0 10.1.1.2? Because such a summary is not accurate, it contains some subnets (192.168.2.0 ~ 192.168.255.0), the most obvious is that the subnet 192.168.2.0 in the routing table is under 10.1.1.4, so the routing will fail. How is the mask calculated in the route summary? We all know that IPv4 addresses are composed of four 8-bit binary numbers, one is the network bit, and the other is the host bit. The subnet mask network bit is the binary number of all 1, and the host bit is the binary number of all 0. When each information packet passes through a vro, it checks its destination IP address, performs "and" operation with the subnet mask of the route entry in the routing table, and compares it with the destination IP address in the route entry, if they are the same, they will be forwarded according to this routing rule. If they are different, they will be checked and compared to the next one. We can see that the summary routing operation is to extract the network bits with the same destination IP addresses from Multiple Route entries into one. For example, in the preceding route table, the destination IP address is 192.168.0.0, And the destination IP address is 192.168.1.0. We have extracted only the first two segments of 192.168, and the third segment of the network bit still has the same part. In 192.168.0.0, the third part is written as 00000000 binary (8 bits 0), and in 182.161.0, the third part is written as 00000001 binary (7 bits 1 bits), so their first seven digits are the same, the corresponding subnet mask should be 11111110 (7-bit, 1-bit, 0) and the synthetic decimal value is 254. Therefore, this summary route should be written as follows: the destination IP address is 192.168.0.0, The subnet mask is 255.254.0, And the next hop is 10.1.1.2. In this way, this summary route contains only two subnets: 192.168.0.0 and 192.168.1.0. It is a precise summary route. At this time, the information packet sent to the 192.168.2.0 CIDR block is written as a binary value of 00000010 (the first six digits are 0) and is not included in this precise summary route. Rule 3: assigning public IP addresses on demand is not required by the owner of Public IP addresses, but is uniformly allocated and rented by ISP and other institutions. This leads to the scarcity of public IP addresses. Therefore, public IP addresses must be allocated as needed. For example, the area of the server group that provides external services must not only be sufficient, but also reserve a margin. the area where employees and Departments only need to browse the Internet and other basic requirements, you can use NAT (Network Address Translation) to allow multiple nodes to share one or several public IP addresses. Finally, these nodes only provide internal services, or, hosts that are limited to internal communication do not need to allocate public IP addresses. The specific allocation of public IP addresses must be properly planned based on actual needs. Note: NAT (Network Address Translation) is a technology that translates an internal private Network Address (IP Address) into a valid Network IP Address. When an intranet user connects to the Internet, NAT converts the user's internal private IP address into an external public IP address. Otherwise, when data is returned from the outside, NAT reversely replaces the target address with the address of the initial internal user. The process is based on a record table of the address port to compare the returned address port information with the sent information. The broadband routing sharing device on the market is based on this technology to allow multiple LAN PCs to share one public IP address. Because NAT hides the internal IP address, it forms a natural firewall, making it impossible for Internet users to directly view the Intranet host. For this reason, the external services on some hosts cannot be directly accessed by Internet users. Therefore, the concept of port ing is introduced. In this case, you must map the external service port of the Intranet host to the public IP address through port ing, so that the Internet user can access your public IP Address Service port again, the router automatically transfers the access to the mapped host. In addition, because the current IPv4 network is transitioning to IPv6, it is likely that there will be a long period of coexistence between IPv4 and IPv6 in the future. Therefore, when building a network, we should try our best to consider the compatibility with IPv6, select devices and systems that support IPv6. The environment in which static or dynamic IP addresses are selected for static and dynamic allocation needs to be discussed from the advantages and disadvantages of these two types of allocation mechanisms. First, the dynamic Address Allocation is implemented by the DHCP server to facilitate centralized and unified management, in addition, each newly accessed host can correctly obtain parameters such as IP address, subnet mask, default gateway, and DNS through simple operations. The management workload is much less than the static address, the larger the network, the more obvious it is. Static allocation is just the opposite. You need to specify the IP addresses used by those hosts, and you must never repeat them. Then, you can set necessary network parameters on the client host, in addition, when the host region is migrated, you must record the release of IP addresses, and re-allocate new regional IP addresses and configure network parameters. This requires a table that records the usage of IP Address Resources in detail and must be updated in real time based on changes. Otherwise, IP conflict and other problems may easily occur, we can see how terrible the workload is in a large network. However, in some specific blocks, such as the server group area, each server has a fixed IP address, which is required in most cases. Of course, you can also use the DHCP address binding function or dynamic domain name system to achieve similar results. Second, you can dynamically allocate IP addresses as needed. When an IP address is not used by the host, it can be released for use by other new access hosts, in this way, IP resources can be used efficiently to a certain extent. The IP address pool of DHCP can meet the peak value of the IP address used at the same time. Static allocation must take into account a larger margin of use. Many hosts temporarily not connected to the network will not release their IP addresses, and because they are temporarily disconnected and accessed, manually releasing and adding IP addresses is obviously a thankless task. Therefore, you must consider using a larger IP address segment to ensure sufficient IP resources. Third, Dynamic Allocation requires one or more stable and efficient DHCP servers in the network, because when IP management and allocation are concentrated, the fault points are also concentrated, as long as the DHCP server in the network fails, the entire network may be paralyzed. In many networks, there are more than one DHCP server, but another or a group of Hot Backup DHCP servers, you can also share the workload of Address Allocation at ordinary times. In addition, when the client communicates with the DHCP server, such as address application, renewal, and release, it will generate a certain amount of network traffic, although not large, it should still be considered. Static allocation does not have these two disadvantages, and the most attractive advantage of static addresses is that it is easier to locate fault points than dynamic allocation. In most cases, CEN has an IP address resource usage table when using static address allocation. All Hosts and specific IP addresses are matched one by one, when a fault occurs or some hosts are controlled and managed, it is much easier than Dynamic Address allocation. Note: Pay attention to DHCP server redundancy. To prevent Multiple DHCP servers from assigning the same IP address to different clients, the IP segments of the subnet should be divided into several parts, the IP address pools of Multiple DHCP servers cannot overlap. In addition, make sure that the IP address provided is sufficient for clients on the network even if only one DHCP server works. That is to say, each split address pool must be larger than the actual address quantity, so as to ensure maximum redundancy. What is the use of dynamic allocation and static allocation? The most important factor is the size of the network. This is a factor that directly determines the workload of network administrators. Therefore, large enterprises and remote access networks are suitable for Dynamic Address Allocation, while small enterprise networks and hosts providing external services are suitable for static address allocation. After reading the previous descriptions, readers may find it boring. The following is a simple example to illustrate which areas of the enterprise need to deploy IP resources, which makes it easy to understand. The functions are divided into three areas: external public server groups, internal server groups, and Intranet clients. The private IP address is deployed in the Intranet client area, and then the network segment is selected based on factors such as the number and organization size, and whether to use DHCP Dynamic IP Address allocation. The client that needs to access the Internet can be implemented through NAT technology. Generally, a NAT device (possibly a proxy server or router) is configured after the enterprise firewall ), configure a NAT pool on it to place an appropriate public IP address for the Intranet to access the Internet. You can also perform an ACL (Access Control List) on a layer-3 switch or router connected to it to restrict the access permission of an Intranet server to the Internet. Because the Intranet server area only provides services for Intranet users, no public IP address or NAT is required, and a fixed private IP address should be deployed for its functions. If the overall network scale is large and the vro is separated between the Intranet server zone and the client zone, when using the DHCP server, pay attention to the use of broadcast packets during the DHCP process, vro isolates broadcast. In this case, you need to configure a DHCP relay proxy on the vro (enable the relay proxy by using ip-help address on the port required by the Cisco vro ). In this way, the process of obtaining the IP address is no different from accessing the local DHCP, that is, the DHCP relay proxy is transparent to the client. The last DMZ area contains a group of servers that provide external services. This part is naturally deployed with a fixed public IP address. Of course, the IP address allocation policies may be slightly different due to the use of Server clusters and other redundancy and load balancing measures. In a typical enterprise network structure, the allocation and deployment of IP Address resources are roughly the same. The details will certainly vary according to the actual situation, but the general direction will not change. Summary: IP address planning and allocation at the initial stage play an important role in the difficulty of maintaining and expanding the entire network, which directly affects the efficiency of maintenance, upgrade, and operation in the future. Therefore, all network administrators and network planners must not wait for a while.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.