Thursday, 31 December 2009

Getting IP Right in Windows: 2. Subnets and Private IP space

Networking in Windows is deceptively easy. The level of development Microsoft has achieved to make it so is quite considerable, and I contrast it here with the amount of tweaking required to get Unix services off the ground.

That said, a well-implemented IP structure is the cornerstone of any enterprise (or even serious home) office deployment. I’ve composed a series of five articles on topics you should be really getting right! There are certainly more, but these stick out in my mind.

2. Subnets and Private IP space

The IP address space is global, centrally controlled and handed out to the bigger ISPs and national controlling bodies in big chunks, and broken into progressively smaller groups to hand out to their customers.

Knowing how to carve the IP address space into networks, subnets, supernets, using broadcast domains and multicasts can be readily understood with a little thought, is certainly very logical, and a bit of planning up front can save you a lot of headache down the line. A great graphical explanation can be found here, and a famous graphical map of world’s IP space is here.

If you’re not responsible for the network design at your organisation, have a chat with the guy who is to understand the principles, how it is expected to evolve over time and what you can expect as it does.

IPX was all the vogue in Novell’s heyday, and it is still a neat protocol, able to route across a vast network, but without a central registry for network numbers it was easy to find conflicts, and certainly inappropriate for Internet-type deployments, hence the rise of IP in the corporate space.

I worked at a 2,500+ user company that had a randomly chosen Class-A IP network to deploy internally, at the time I discovered these numbers had officially been assigned to the People’s Republic of China. Thankfully, none of the business interest lay there, but getting these overlapping networks to communicate had there been a need would have been a tedious task.

A special class of IP address are the Reserved Private IP Addresses (RPIPA), and if an Internet router sees traffic from or to these, it is simply discarded, so you can be certain you won’t conflict with someone on the Internet and deploy them as you like! is probably the most well-known, and the two most common ( and are used almost universally in the default configuration of home routers. Since home networks rarely get integrated with others, this tends to work just fine.

Unfortunately, this also means that a lot of inexperienced network engineers use these as a default. In fact windows XP Internet Connection Sharing (ICS) requires that the internal interface receive the address, no other will do, and they’re so common that very little attention is required to remember them.

But that’s the problem. This can lead to big headaches when two sites with these common subnets do want to communicate, from simple VPN access to your company network to handling a merger and linking it up to your network. There are two other ranges to choose from ( and 10.0.0/8) offering literally hundreds of thousands of the good-old 24-bit subnets, so get creative.

A well-implemented DNS (as I wrote about earlier) will mask your numbering for day-to-day tasks, DHCP keeps track of the pool of assigned addresses, and if you're managing a larger network with different WAN links and routers, you should be documenting it in a coherent design anyway, so there isn’t much of a reason not to.

Previous: 1. Understand DNS
Next: 3. IPv6 is Coming

No comments:

Post a Comment