hintonfran6

Smile! You’re at the best WordPress.com site ever

Designing Home and SME Networks 6: Internet IP Addressing Strategies

leave a comment »

So, how do I get an Internet IP address?Every device that needs to communicate with the Internet needs a unique IP address. Without this, the Internet doesn’t know where to send replies to your requests.There are two different, and functionally incompatible, IP addressing schemes:IPv4, which is based on a single 32-bit number that supports rather fewer than 2^32 (4 billion) unique addresses. This version is used almost universally at the moment. Given that every PC, server, router etc on the Internet needs a unique address, we are rapidly running out of addresses.
IPv6, which is intended to replace IPv4, uses a 128-bit number that can support about 3.8 x 10^38 (340 undecillion) addresses. That is a lot of addresses, and, although most operating systems support it, currently, it is used on less than 1% of installed equipment.So, given that, for the moment, we are stuck with IPv4, how do we deal with the shortage of addresses?There are two main strategies within IPv4 to reduce the number of addresses on the Internet, and they work together:Private and Public address ranges.IP addresses are made up of 32 bits, arranged as four ‘octets’. Each octet can take any value from 0 to 255, and so they are normally written as four numbers separated by periods, e.g. 202.12.27.33Blocks of IP addresses are allocated to the various organizations that manage the provision of addresses to businesses and the general public.Certain blocks are designated as ‘private’ while all the others are ‘public’. Private addresses are not allowed to be connected to the internet directly, and any data bearing a private address as source or destination will be blocked by the Internet’s routers: any network that needs to exchange data with the Internet must have at least one public IP address.Because public addresses are in short supply, ISPs use a number of strategies to minimize their use:Normally, ISPs dynamically allocate a single public IP address to each end-user, so that each time they log in, they are given a different address from the ‘pool’ of addresses. Such dynamic addresses are issued by the ISP’s DHCP server and will probably ‘expire’ after a while. Hence, if you leave your Internet router on all the time (as most people do nowadays) you may be disconnected when the DHCP server’s address ‘lease’ expires, and you will need to disconnect your Internet connection and log in again. Some ISPs manage this better than others. If you want to be sure it doesn’t happen, then ask your ISP for a dedicated (static) IP address for your Internet connection.
Most ISPs will assign you a single IP address (or sometimes 2) at no extra charge. If you want more that this (say you have 3 PCs at your home and want them to have unique public IP addresses, you will have to pay extra for the other addresses.NAT (Network Address Translation)If you are limited to a single public IP address but have more than one PC on your network, you will need to use NAT to ‘map’ each of the PCs onto a single address. Normally, the NAT function is included in your Internet router.So how does NAT work?The TCP/IP protocol suite (as well as many other networking protocols) recognize 64K (65,536 or 2^16) different ‘ports’ associated with each IP address. This number is far in excess of the number required for any one PC, so NAT creates a translation list for service that each PC on your network requests to an Internet-facing port on your public IP address. Replies to requests are routed either to the requesting port or to an associated port, and so the Internet router can intercept the replies from the Internet and direct them to the correct PC. Of course, it’s not quite that simple…What are the implications of a static rather than a dynamic IP address?
You will need a static address if you need to access services on your network from elsewhere on the Internet. With only a dynamic address, you’ll never know what address you’ve been assigned so won’t be able to access it remotely.Having a static address makes you slightly more vulnerable to intrusion from the Internet, as attackers can easily find you again. They can still do this with a dynamic address, but it’s harder, and most hackers take the easy option…So, to summarize, you need to:acquire a single public IP address from your ISP (either dynamic or, if you prefer,
select a suitable private IP address range to use on your own network. It doesn’t matter if other people use the same addresses, as these addresses are not carried across the Internet and you’ll only have a problem if you link directly (by a leased line or Internet VPN) to another private network that uses the same address block.
configure and activate NAT on your router.

Advertisements

Written by hintonfran6

August 4, 2013 at 9:23 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: