Network addressing

Network addressing is fundamental to all networked professional video facilities, so it is important to have a solid understanding of how it works. There are two distinct environments — the local area network (LAN) and the wide area network (WAN).

Understanding LAN

By definition, the LAN environment is a private network. Internet Engineering Task Force (IETF) RFC 1918 establishes guidelines that should be followed when assigning addresses in private networks. RFC 1918 describes three categories of hosts or computers connected to a network.

Category 1 hosts talk to other computers on the LAN. They do not need to access the Internet for any reason. These devices need IP addresses that are unambiguous within their organization, but they do not need to worry about these IP addresses being duplicated in another organization. An example of hosts in this category are the scanners and cash registers in a supermarket. These devices talk to each other, but there is no reason for them to be visible outside the store.

Category 2 hosts may need access to a limited set of outside services such as e-mail, the Web and FTP. As with Category 1 hosts, these hosts need unambiguous LAN addresses, but the addresses may be duplicated inside another organization. These hosts include the average desktop computer or workstation in your facility.

Category 3 hosts need network layer access outside the organization, and they need globally unambiguous IP addresses. When you think of these hosts, think of FTP servers, Web servers, firewall routers and other computers that need direct WAN access.

When it comes to Category 1 and Category 2 hosts, they should be assigned private IP addresses from Figure 1 based upon the recommendations in RFC 1918. The fundamental concept established in RFC 1918 is that hosts in these ranges are not uniquely identified on the Internet. In fact, a single IP address in this range will be in use by hundreds, perhaps hundreds of thousands, of computers at the same time. For this reason, RFC 1918 says that private IP addresses are not routable on the Internet. Packets containing these addresses will be dropped at the first WAN router.

Private IP addresses exist because public IP address space is limited; there are only 4,294,967,296 or 232 unique IP addresses available (using IPv4 addressing). There is no reason to assign a globally unique IP address to a supermarket scanner when it never needs to talk to another computer outside the store.

A private network template

In many cases, you will be working with private networks that have already been designed. But what if you are given the task of setting up a private network from scratch? I offer the following as a template to start your network design. Let's assume that you are designing a network with the following requirements:

  • allow controlled access to the Internet for desktops on the private network for FTP, e-mail and Web;
  • support a mix of FTP servers, Web servers and other devices that need to be exposed to the Internet;
  • allow LAN hosts to access print servers, photocopier servers and other high-quality imaging devices but do not expose these to the Internet;
  • support LAN file and database servers for use within the organization;
  • support visiting clients who may have laptops, which they need to connect to the network to access LAN and Internet services via DHCP; and
  • provide wireless connectivity via wireless access points.

With this as a starting point, it's time to make a few decisions. First, choose a network address from the 192.168.0.0 through 192.168.255.255 range. For this example, we'll choose 192.168.254.0. IP addresses can be assigned randomly anywhere in the address range from 192.168.254.0 through 192.168.254.255. However, two addresses are reserved. 192.168.254.0 is not available because it refers to the network itself. 192.168.254.255 is unavailable because the highest host address on any network is reserved as a broadcast address. Protocols use this address when they need to send broadcast messages to all hosts on the LAN.

Because computers on this network will be able to access the Internet, we need to pick an address for our firewall/router/gateway. This all-in-one device sits between the LAN and the WAN, allowing LAN devices to access the Internet. Let's put it at 192.168.254.1.

In my February article, I mentioned that the last two addresses on a network — .254 and .255 — were reserved. This is not true. The .255 address is reserved for broadcast traffic as described above. Some network designers put gateway devices at .254, so I try to avoid this address in a network that I did not design myself. But an address ending in .254 is perfectly valid. However, my personal preference is to put my gateway device at the first valid address on the network.

This leaves the addresses from 192.168.254.2 through 192.168.254.254 inclusive available for other computers. While we could just start at .2 and begin assigning addresses at random, I prefer a little more organization to my network addressing schemes. Given that we need to support both assigned IP addresses and DHCP automatically assigned addresses, I like to put the pool of fixed addresses low in the network and use them for servers and other devices that need hard-assigned addresses on the LAN. Let's use 192.168.254.1 through 192.168.254.32 for this purpose. Then establish a DHCP pool from 192.168.254.33 through 192.168.254.223. Finally, assign print devices and wireless access points to fixed IP addresses in the range from 192.168.254.224 through 192.168.254.254. Table 1 shows our final network assignments.

Figure 2 shows a concrete example of how this template could be deployed in a facility. In this example, the address assigned to the facility by our Internet Service Provider is 63.224.5.91. The only device using this address is the firewall router. Everything else is behind the router. Per Table 1, we have assigned the firewall router a LAN IP address of 192.168.254.1. Several servers require fixed IP addresses on our WAN. These include two Web servers, an e-mail server and an FTP server. We have grouped these servers together and left space for additional growth. For example, 192.168.254.2 was assigned to the first e-mail server. We have left a gap and added two Web servers at 192.168.254.11 and .12. This leaves room after the existing e-mail server address for additional e-mail servers as the organization grows. The next statically assigned IP address is assigned to our FTP server at 192.168.254.21.

In this network, all client computers and transient computers get their IP addresses using DHCP. They will be automatically assigned addresses in the range from 192.168.254.33 to .233. Finally, we have one print server and one wireless access point, which have been assigned to the static address range starting at 192.168.254.224.

This is only a template, and there are many different ways to set up your network. The important point is to have organization, and to avoid public and prohibited IP addresses.

Brad Gilmer is president of Gilmer & Associates, executive director of the Video Services Forum and executive director of the Advanced Media Workflow Association.

Send questions and comments to:brad.gilmer@penton.com

CATEGORIES