written 5.2 years ago by |
The IP address space is divided into public and private spaces. Private addresses are reserved IP addresses that are to be used only internally within a company’s network, not on the Internet. Private addresses must therefore be mapped to a company’s external registered address when sending anything on the Internet. Public IP addresses are provided for external communication. Figure below illustrates the use of private and public addresses in a network.
RFC 1918, Address Allocation for Private Internets, defines the private IP addresses as follows:
■ 10.0.0.0 to 10.255.255.255
■ 172.16.0.0 to 172.31.255.255
■ 192.168.0.0 to 192.168.255.255
The remaining addresses are public addresses.
Interconnecting Private and Public Addresses
According to its needs, an organization can use both public and private addresses. A router or firewall acts as the interface between the network’s private and public sections. When private addresses are used for addressing in a network and this network must be connected to the Internet, Network Address Translation (NAT) or Port Address Translation (PAT) must be used to translate from private to public addresses and vice versa. NAT or PAT is required if accessibility to the public Internet or public visibility is required.
When private addresses are used for addressing in a network and this network must be connected to the Internet, Network Address Translation (NAT) or Port Address Translation (PAT) must be used to translate from private to public addresses and vice versa. NAT or PAT is required if accessibility to the public Internet or public visibility is required.
Static NAT is a one-to-one mapping of an unregistered IP address to a registered IP address.
Dynamic NAT maps an unregistered IP address to a registered IP address from a group of registered IP addresses. NAT overloading, or PAT, is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different port numbers. As shown in Figure below, NAT or PAT can be used to translate the following:
■ One private address to one public address: Used in cases when servers on the internal network with private IP addresses must be visible from the public network. The translation from the server’s private IP address to the public IP address is defined statically.
■ Many private addresses to one public address: Used for end systems that require access to the public network but do not have to be visible to the outside world.
■ Combination: It is common to see a combination of the previous two techniques deployed throughout networks.
Guidelines for the Use of Private and Public Addresses in an Enterprise Network
As shown in Figure below, the typical enterprise network uses both private and public IP addresses. Private IP addresses are used throughout the Enterprise Campus, Enterprise Branch, and Enterprise Teleworker modules. The following modules include public addresses:
■ The Internet Connectivity module, where public IP addresses are used for Internet connections and publicly accessible servers.
■ The E-commerce module, where public IP addresses are used for the database, application, and web servers.
■ The Remote Access and virtual private network (VPN) module, the Enterprise Data Center module, and the WAN and metropolitan-area network (MAN) and Site-to-Site VPN module, where public IP addresses are used for certain connections.