Calling Every Node

team lib

A unique numeric identification tag, called an IP address , is assigned to each interface on a TCP/IP network. Every IP address in a TCP/IP network must be unique. Each device on a TCP/IP network is known as a host . Each host has at least one network interface with an assigned IP address. However, a host can have multiple network interface cards (NICs), and even multiple IP addresses assigned to each NIC.

To network ID or host ID, that is the question

An IP address consists of two components : a network ID and a host ID. The network ID identifies the network segment to which the host belongs. The host ID identifies an individual host on some specific network segment. A host can communicate directly only with other hosts on the same network segment. A network segment is a logical division of a network into unique numeric network IDs called subnets . A host must use a router to communicate with hosts on other subnets.

A router moves packets from one subnet to another. In addition, a router reads the network ID for a packet's destination address and determines whether that packet should remain on the current subnet or be routed to a different subnet. When a router delivers a packet to the correct subnet, the router then uses the host ID portion of the destination address to deliver the packet to its final destination.

A typical IP address looks like

 207.46.249.222 

(This matches the domain name http://www.microsoft.com.) This numeric IP address format is known as dotted -decimal notation . However, computers "see" IP addresses as binary numbers . This same IP address in binary form is

 11001111 00101110 11111001 11011110 

and is written in collections of eight bits called octets . Each octet is converted to a decimal number and then separated by periods to form the dotted-decimal notation format shown at the beginning of this paragraph.

The dotted-decimal version of IP addresses is more human-friendly than the binary version. As you may already know, domain names and NetBIOS names are even more friendly because they use symbolic names that make sense to humans .

An IP address requires 32 binary digits and defines a 32-bit address space that supports nearly 4.3 billion unique addresses. Although this seems like a lot of addresses, the number of available IP addresses is quickly dwindling. Consequently, several plans exist to expand or change the IP addressing scheme to make many more addresses available. For more information on such plans, search for IPng Transition in your favorite search engine.

IP designers carved the entire galaxy of IP addresses into classes to meet different addressing needs. Today, there are five IP address classes labeled by the letters A through E . Classes A, B, and C are assigned to organizations to allow their networks to connect to the Internet, and Classes D and E are reserved for special uses.

The first three classes of addresses differ by how their network IDs are defined:

  • Class A addresses use the first octet for the network ID.

  • Class B addresses use the first two octets.

  • Class C addresses use the first three octets.

Class A addresses support a relatively small number of networks, each with a huge number of possible hosts. Class C addresses suppor a large number of networks, each with a relatively small number of hosts, as shown in Table 14-1 (Class B falls in the middle). Therefore, branches of the military, government agencies, and large corporations are likely to need Class A addresses; medium- sized organizations and companies need Class B addresses; and small companies and organizations need Class C addresses.

 
Table 14-1: Address Classes and Corresponding Network and Host IDs

Class

High-Order Bits

First Octet Range

# Networks

# Hosts


ClassA

0xxxxxxx

1-126.x.y.z

126

16,777,214


ClassB

10xxxxxx

128-191.x.y.z

16,384

65,534


ClassC

110xxxxx

192-223.x.y.z

2,097,152

254

When it comes to recognizing address Classes A through C, the network ID for Class A addresses always starts it's first octet with a 0.Each Class B network ID always starts with 10, and Class C network IDs always start with 110. Consequently, you can determine address classes by examining an address, either in binary or decimal form. (See Tables 14-1 and 14-2.)

 
Table 14-2: Division of IP Address Component Octets According to Class

Class

IP Address

Network ID

Host ID


A

10.1.1.10

10

1.1.10


B

172.16.1.10

172.16

1.10


C

192.168.1.10

192.168.1

10

TECHNICAL STUFF 

Network ID 127 is missing from Table 14-1 because that ID is a loopback address. Loopback addresses are used when testing IP transmission - they transmit to themselves .

Subnetting: Quiet time for IP addresses

Subnets represent divisions of a single TCP/IP network address into logical subsets . The motivation for subnetting is twofold. First, subnetting reduces the amount of overall traffic on any network segment by collecting systems that communicate often into groups. Second, subnetting makes it easier for networks to grow and expand, and it adds an extra layer of security controls. Subnets work by "stealing" bits from the host part of an IP address and using those bits to divide a single IP network address into two or more subnets.

start sidebar
Routers move packets among subnets and networks

Only routers can transfer packets from one subnet to another, or from one network ID to another, in the TCP/IP world. Routers are specialized, high-end, high-speed devices from companies such as Cisco Systems or Bay Networks. However, any computer with two or more NICs installed (where each NIC resides on a different subnet) can be a router provided that the computer can forward packets from one NIC to another (and thus, from one subnet to another). Right out of the box, in fact, Windows Server 2003 includes the software and built-in capabilities to function as a router. Computer nerds like to call such machines multi- homed computers because the machines are "at home" on two or more subnets.

end sidebar
 

Network administrators typically use subnet masks to divide IP address blocks into smaller subnetworks. A subnet mask is a special bit pattern that takes over part of the host ID portion of an IP address, and permits a larger network to be subdivided into two or more subnetworks, each with its own unique network address. The base subnet masks for Class A, B, and C networks are 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively. You can create additional subset masks by adding extra bits set to 1 in the space occupied by the 0 that appears next to the rightmost 255 in any such number. This transformation is illustrated in Table 14-3, which shows some typical values for usable subnet masks.

 
Table 14-3: Subnet Masks and Results

Binary Mask

Decimal Equivalent

Number of New Subnets

Number of Hosts


00000000

A:255.0.0.0
B:255.255.0.0
C:255.255.255.0

A:16,777,214
B:65,534
C:254

1


10000000

A:255.128.0.0
B:255.255.128.0
C:255.255.255.128

A:Not valid
B:Not valid
C:Not valid

Not valid


11000000

A:255.192.0.0
B:255.255.192.0
C:255.255.255.192

A:4,194,302
B:16,382
C:62

2


11100000

A:255.224.0.0
B:255.255.224.0
C:255.255.255.224

A:2,097,150
B:8,190
C:30

6


11110000

A:255.240.0.0
B:255.255.240.0
C:255.255.255.240

A:1,048,574
B:4,094
C:14

14


11111000

A:255.248.0.0
B:255.255.248.0
C:255.255.255.248

A:524,286
B:2,046
C:6

30


11111100

A:255.252.0.0
B:255.255.252.0
C:255.255.255.252

A:262,142
B:1,022
C:2

62


11111110

A:255.254.0.0
B:255.255.254.0
C:255.255.255.254

A:131,070
B:510
C:Not valid

126

Warning 

Because routers are required to communicate across IP subnets, some router's IP address on each subnet must be known to every client on that subnet. This address is called the default gateway because it's where all out-of-subnet transmissions are directed by default. (It's the gateway to the world outside each local subnet, in other words.) If no default gateway is defined, clients can't communicate outside their subnet.

Hanging your shingle: Obtaining Internet IP addresses

Deploying your own network or using a stand-alone system with Network Address Translation (NAT) to connect to the Internet requires that you obtain one or more valid IP addresses. For some uses, you may simply contract with an ISP to use a dial-up connection. Each time you connect, you're assigned an IP address automatically from a pool of available addresses. After you disconnect from the ISP, that IP address is returned to the pool for reuse. This works equally well for stand-alone machines and for the servers that might dial into an ISP to provide an on-demand connection for users who have private IP addresses but can attach to the Internet using NAT software.

One way to attach an entire network to the Internet is to lease a block, or subnet, of IP addresses from an ISP. However, leasing IP addresses can be expensive and can limit your growth. Also, many ISPs can no longer lease large blocks of IP addresses, so you may have to limit Internet access to specific machines or subnets.

For more information about taking this approach, you need to contact your ISP to find out what it can offer by way of available addresses and contiguous subnets. For some uses, public IP addresses are required because security needs dictate a true end-to-end connection between clients and servers across the Internet. In plain English, a true end-to-end connection means that the IP address that a client advertises to the Internet is the same one it uses in reality. In the section "Address translation: The new magic," you discover an alternate approach in which the IP address advertised to the Internet is different than the private IP address that a client uses on its home subnet.

Warning 

For some applications, particularly where secure IP-based protocols such as IP Secure (IPSec) or particular Secure Sockets Layer (SSL) implementations are required, network address translation techniques may not work! Make sure you understand your application requirements in detail before you decide whether to lease public IP addresses or use private IP addresses with network address translation.

Address translation: The new magic

If you don't want to pay to lease a range of IP addresses and your application requirements allow you to use private IP addresses, you can employ the IP addresses reserved for private use in RFC 1918 on your networks. When used with network address translation software to connect to an ISP, a single public IP address (or one for each Internet connection) is all you need to service an entire network.

RFC 1918 (which can be found at http://www.faqs.org/rfcs/rfc1918.html) defines special IP addresses for use on private intranets . These addresses, which appear in Table 14-4, will not be routed on the Internet by design. This approach provides improved security for your network as a fringe benefit, because it means that any impostor who wants to break into your network cannot easily masquerade as a local workstation. (Doing so would require routing a private IP address packet across the Internet.) Because all of these addresses are up for grabs, you can use the address class that makes sense for your organization (and for Class B and Class C addresses, you can use as many as you need within the legal range of such addresses).

 
Table 14-4: Private IP Address Ranges from RFC 1918

Class

Address Range

# Networks


A

10.0.0.0-10.255.255.255

1


B

172.16.0.0-172.31.255.255

16


C

192.168.0.0-192.168.255.255

254

Using address translation software to offer Internet access reduces your costs and allows nearly unlimited growth. If you think private IP addresses combined with NAT software makes sense for your situation, consult with your ISP for specific details and recommendations on how to use this technology on your network.

You've probably seen the terms firewall and proxy thrown about when reading about Internet access. Firewalls and proxy servers are network tools that are little more than special-purpose routers. A firewall may be used to filter traffic - both inbound and outbound.

Firewall filters can be based on a source or destination address, on a specific protocol, or port address, or even on patterns that appear in the contents of a data packet. A proxy server is an enhanced firewall, and its primary purpose is to manage communications between an in-house network and external networks such as the Internet. Proxies hide the identity of internal clients and can keep local copies of resources that are accessed frequently (this is called caching , and it improves response time for users).

You can check out several great online resources for firewalls, but online information on proxies is limited to product documentation. In addition to consulting the Windows Server 2003 Resource Kit and TechNet (http://www.microsoft.com/technet/default.asp), here are several online resources you may want to check to discover more about these technologies:

  • Great Circle Associates: http://www.greatcircle.com/

  • Microsoft's Internet Security and Acceleration Server (ISA): http://www.microsoft.com/isaserver/

  • Aventail VPN: http://www.aventail.com/

  • Zone Lab's ZoneAlarm: http://www.zonealarm.com/

  • Cisco's PIX Firewall: http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm

  • Ositis Software's WinProxy: http://www.ositis.com/

  • Deerfield Communication's WinGate Pro: http://www.deerfield.com/

In addition to these excellent third-party products, Windows Server 2003 offers a built-in native firewall product known as the Internet Connection Firewall (ICF), which is enabled and configured on the Advanced tab of a connection object. ICF can provide basic protection, but it does not offer the versatility and capabilities that a production network requires in a firewall. If you want to learn more about ICF, check the Help and Support Center and the Windows Server 2003 Resource Kit.

team lib


Windows Server 2003 for Dummies
Windows Server 2003 for Dummies
ISBN: 0764516337
EAN: 2147483647
Year: 2003
Pages: 195

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net