[Chapter 4] 4.7 netconfig
172.16.12.2
Enter gateway address:
172.16.12.1
Enter netmask:
255.255.255.0
Will you access a nameserver:
Yes
Name Server:
172.16.12.1
## This completes your network setup. ##
## Hold on to the remaining information for future reference.##
Broadcast address:
172.16.12.255
Mail server:
172.16.12.1
Mail relay:
172.16.12.1
Print server:
172.16.12.3
NFS server:
172.16.1.2
Previous: 4.6 Informing the
Users
TCP/IP Network
Administration
Next: 4.8 Summary
4.6 Informing the Users
Book Index
4.8 Summary
[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch04_07.htm (2 of 2) [2001-10-15 09:17:57]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.6 Informing the Users
Previous: 4.5 Other
Services
Chapter 4
Getting Started
Next: 4.7 netconfig

4.6 Informing the Users
All of the configuration information that you gather or develop through the planning process must be
given to the users so that they can configure their systems. You can distribute information with
several techniques.
In
Chapter 3 we discussed NIS, NFS, and configuration servers. All of these play a role in informing
the user and in simplifying the configuration process. NIS supports several system administration
databases that provide many of the basic configuration values. NFS can distribute pre-configured
system files to client systems. Configuration servers, such as BOOTP and DHCP, offer every
parameter needed to configure a TCP/IP system directly to the client. All of these are important, but
they are not the complete solution.
The servers require that the client is configured to be a client. For NIS and NFS, the client must have a
full basic configuration. Even BOOTP and DHCP require that the user know whether BOOTP or
DHCP is being used so that he does not enter any incorrect values during the initial system
installation. Therefore, the network administrator must directly communicate with the administrator of
the end system, usually through written documentation.
4.6.1 Sample Planning Sheets
To communicate this information, the network administrator will often create an installation planning
sheet - a short list of information for the system administrator. A sample planning sheet for the
workstation peanut, based on some of the topics we have discussed, provides basic configuration
details. The planning sheet lists the name, address, subnet mask, the fact that DNS is used, and the

fact that RIP is used on subnet 172.16.12.0:
Hostname:
peanut
IP address:
172.16.12.2
Subnet mask:
file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (1 of 4) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.6 Informing the Users
255.255.255.0
Default gateway:
172.16.12.1 (almond.nuts.com)
Broadcast address:
172.16.12.255
Domain name:
nuts.com
Name servers:
172.16.12.1 (almond.nuts.com)
172.16.6.8 (pack.plant.nuts.com)
Routing protocol:
Routing Information Protocol (RIP)
Mail server:
172.16.12.1 (almond.nuts.com)
Mail relay:
172.16.12.1 (almond.nuts.com)
Print server:
172.16.12.3 (pecan.nuts.com)
NFS server:
172.16.1.2 (filbert.nuts.com)
A similar sheet prepared for almond (see below) varies slightly from the planning sheet for peanut.

The names and address are different, of course, but the real differences are caused by the fact that
almond is a gateway. As a gateway, almond has more than one network interface, and each interface
requires its own configuration. Each interface has its own address and can have its own name, subnet
mask, and routing protocol.
Hostname:
almond (172.16.12.1)
mil-gw (10.104.0.19)
IP address:
file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (2 of 4) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.6 Informing the Users
172.16.12.1
10.104.0.19
Subnet mask:
255.255.255.0 (172.16.12.1)
default (10.104.0.19)
Default gateway:
none
Broadcast address:
172.16.12.255 (172.16.12.1)
default (10.104.0.19)
Domain name:
nuts.com
Name servers:
172.16.12.1 (almond.nuts.com)
172.16.6.8 (pack.plant.nuts.com)
Routing protocol:
Routing Information Protocol (RIP) (172.16.12.1)
Border Gateway Protocol (BGP) (10.104.0.19)
Print server:

172.16.12.3 (pecan.nuts.com)
NFS server:
172.16.1.2 (filbert.nuts.com)
We use the information from these planning sheets to configure the systems in subsequent chapters.
You may, however, want to format your planning sheets differently. In this book we configure the
system directly. We use the configuration commands ourselves so that we can understand and master
them. In reality many basic configuration tasks are performed by a network configuration script
during the initial operating system installation. You may want to format your planning sheet to be
compatible with the prompts of that script. One such script is netconfig, which is used on Linux
systems.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (3 of 4) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.6 Informing the Users
Previous: 4.5 Other
Services
TCP/IP Network
Administration
Next: 4.7 netconfig
4.5 Other Services
Book Index
4.7 netconfig
[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]
file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (4 of 4) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.5 Other Services
Previous: 4.4 Planning
Naming Service
Chapter 4
Getting Started
Next: 4.6 Informing the

Users

4.5 Other Services
Three services that are used on many networks are file servers, print servers, and mail servers. The
purpose of these services and the protocols they are built on is discussed in Chapter 3. In this section
we investigate what information must be passed to the users so that the client systems can be
successfully configured, and how the network administrator determines that information.
4.5.1 File servers
At a minimum the user needs to know the hostnames of the network file servers. Using the names and
the showmount command, the user can determine what filesystems are being offer by the servers and
who is permitted to use those filesystems. [8] Without at least the hostname, the user would have to
guess which system offered file service.
[8] See the showmount command in
Chapter 9.
A better approach is to give users information that also includes what filesystems are being offered
and who should use those filesystems. For example, if the UNIX man pages are made available from
a central server, the users should be informed not to install the man pages on their local disk drives
and they should be told exactly how to access the centrally supported files.
4.5.2 Print servers
Whether printers are shared using lp, lpd, or NFS, the basic information needed to configure the print
server's clients is the same: the hostname and IP address of the print server, and the name of the
printer. Printer security may also require that the user be given a username and password to access the
printer.
This is the only information needed to configure the client. However, you probably will want to
provide your users with additional information about the features, location and administration of
shared printers.
4.5.3 Planning Your Mail System
file:///C|/mynapster/Downloads/warez/tcpip/ch04_05.htm (1 of 3) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.5 Other Services

TCP/IP provides the tools you need to create a reliable, flexible electronic mail system. Servers are
one of the tools that improve reliability. It is possible to create a peer-to-peer email network in which
every end system directly sends and receives its own mail. However, relying on every system to
deliver and collect the mail requires that every system be properly administered and consistently up
and running. This isn't practical, because many small systems are offline for large portions of the day.
Most networks use servers so that only a few systems need to be properly configured and operational
for the mail to go through.
The terminology that describes email servers is confusing because all of the server functions usually
occur in one computer, and all of the terms are used interchangeably to refer to that system. In this
text we differentiate between these functions, but we expect you will do all of these tasks on one
UNIX system running sendmail. We use these terms in the following manner:
Mail server
The mail server collects incoming mail for other computers on the network. It supports
interactive logins as well as POP or IMAP so that users can read their mail as they see fit.
Mail relay
A mail relay is a host that forwards mail between internal systems and from internal systems to
remote hosts. Mail relays allow internal systems to have simple mail configurations because
only the relay host needs to have software to handle special mail addressing schemes and
aliases.
Mail gateway
A mail gateway is a system that forwards email between dissimilar systems. You don't need a
gateway to go from one Internet host to another because both systems use SMTP. You do need
a gateway to go from SMTP to X.400 or to a proprietary mailer. In a pure TCP/IP network, this
function is not needed.
The mail server is the most important component of a reliable system because it eliminates reliance on
the user's system. A centrally controlled, professionally operated server collects the mail regardless of
whether or not the end system is operational.
The relay host also contributes to the reliability of the email system. If mail cannot be immediately
delivered by the relay host, it is queued and processed later. An end system also queues mail, but if it
is shut down no attempts can be made to deliver queued mail until the system is back online. The mail

server and the mail relay are operated 24 hours a day.
The design of most TCP/IP email networks is based on the following guidelines:
●
Use a mail server to collect mail, and POP or IMAP to deliver the mail.
●
Use a mail relay host to forward mail. Implement a simplified email address scheme on the
relay host.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_05.htm (2 of 3) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.5 Other Services
●
Standardize on TCP/IP and SMTP. Users who insist on using a proprietary email system
should be responsible for obtaining and configuring an SMTP mail gateway for that system in
order to connect to your TCP/IP email network.
●
Standardize on MIME for binary attachments. Avoid proprietary attachment schemes; they just
cause confusion when the users of Brand X email cannot read attachments received from
Brand Y.
For their client configurations, provide the users with the hostname and IP address of the mail server
and the mail relay. The mail server will also require a username and password for each person.
Previous: 4.4 Planning
Naming Service
TCP/IP Network
Administration
Next: 4.6 Informing the
Users
4.4 Planning Naming Service
Book Index
4.6 Informing the Users
[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch04_05.htm (3 of 3) [2001-10-15 09:17:58]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm
Previous: 4.3 Planning
Routing
Chapter 4
Getting Started
Next: 4.5 Other Services

4.4 Planning Naming Service
To make your network user-friendly, you need to provide a service to convert hostnames into IP
addresses. Domain name service (DNS) and the host table, explained in Chapter 3, perform this
function. You should plan to use both.
To configure her computer, a network user needs to know the domain name, her system's hostname,
and the hostname and address of at least one name server. The network administrator provides this
information.
4.4.1 Obtaining a Domain Name
The first item you need for domain name service is a domain name. You can obtain an official domain
name from the InterNIC. Your ISP may be willing to do this for you or to assign you a name within its
domain; however, it is likely that you will have to apply for a domain name yourself. You can
download the application from
/>Pre-select a domain name and have your primary domain name server up and running before you
attempt to register the domain name. Use whois as described in
Chapter 13, Internet Information
Resources , to see if the name you want is in use. Double-check with nslookup as described in
Chapter 8, Configuring DNS Name Service . When you are reasonably sure the domain name is still
available, start your primary name server running. If you don't want to run your own server, ask your
ISP if they offer this service. If they don't, you must either find a new ISP that does, or run the service
yourself.
Having the primary server up and running doesn't mean that your entire domain must be fully

operational, but it does mean that a server must be running to respond to basic queries. When asked,
the server should answer that it is the name server for your domain. Configure the primary server as
described in Chapter 8. Test it with nslookup. Once you are sure that it at least answers queries about
itself, register the domain name.
Submit the domain name application form via email to with a subject line
containing the words "NEW DOMAIN" followed by the name of your domain. For example,
assuming the completed template is stored in the file domain.application on a Solaris system, the
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (1 of 4) [2001-10-15 09:17:59]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm
following command might be used to mail it to the InterNIC for a domain named nuts.com:
% Mail
Subject: NEW DOMAIN nuts.com
~r domain.application
"domain.application" 49/2732
^D
EOT
In response to your email, you receive a reply that contains a tracking number that you use to monitor
the status of your domain registration.
Use the domain name registration form to change or delete your existing domain name registration.
Just fill in the form with the corrected information and mail it to
with a
subject line that contains either "MODIFY DOMAIN" or "REMOVE DOMAIN", as appropriate,
followed by your domain name. In the very first field of the application form, item 0, ask for the type
of registration action: either New ("N"), Modify ("M"), or Delete ("D"). Make sure the letter in this
field matches the action indicated on the subject line when you mail in the application.
You're required to use email to submit the domain name application. The logic behind this is that if
you don't have at least email access to the Internet, you don't need an Internet domain name. This
helps reduce the number of frivolous domain name requests, and it automates part of the registration,
further reducing the burden of handling domain name requests.

Another thing that dramatically reduces the number of frivolous domain name applications is the $100
registration fee. The registration service charges each domain $50 a year to be maintained in the
registry. The initial $100 fee covers the first two years. Question 9 asks if the InterNIC should send
the bill for the registration fee to you via email or postal mail. Answer with an "E" or a "P". If your
"bean counters" will accept an email bill, go that way. You'll get everything finished more quickly.
The application form is largely self-explanatory, but a few items require some thought. Two things
may be confusing - handles and servers. One is the request for a NIC handle. You have a NIC handle
only if you are registered in the NIC white pages. The white pages (discussed in
Chapter 12) is a
directory of information about users, networks, hosts, and domains. A NIC handle is a record
identifier for this directory. A personal NIC handle for a user entry is composed of the user's initials
and perhaps a number. For example, my initials are cwh and my NIC handle is cwh3. It is unlikely
that you will have a handle unless you have contacted the NIC before. If you don't have a handle, just
leave it blank. The NIC will assign you one.
You're also asked for the names and addresses of your primary and secondary name servers. The
servers listed must be operational and connected to the Internet. [7] Provide the full domain name of
the primary server in response to question 7a; e.g. almond.nuts.com. The primary server is usually a
name server located at your site, but not always. It isn't necessary to provide your own primary server;
and if you aren't directly connected to the Internet, you can't. Even though you are not connected, you
may still want to register your domain name with the NIC if you have email access to the Internet.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (2 of 4) [2001-10-15 09:17:59]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm
This allows you to use an email address that clearly identifies your organization. In order to do this,
the online service that receives your email must be able to provide your primary name service. Check
with them before you fill out this form.
[7]
Chapter 8 tells you how to get a name server up and running.
The secondary server should be on a separate physical network from the primary server. Putting it on
a different network guarantees that other sites can look up information about your network, even if

access to your network is unavailable for some reason. A large organization may have multiple
independent networks, but for many sites this requirement means asking another organization to
provide a secondary name server. Who do you ask?
Again, you should turn to the people who are providing your Internet access. The network that
connects you to the Internet should provide secondary name servers as a service to its users. If they do
not, they should be able to point you to other organizations that do provide the service. It is even
possible for two organizations who are both applying for new domains to provide secondary service
for each other. In other words, you provide someone with a secondary server; in return, they provide a
secondary server for you.
Read the instructions that come with the domain application. The remainder of the form should be
easy to fill out.
4.4.1.1 Obtaining an IN-ADDR.ARPA domain
When you obtain your Internet domain name, you should also apply for an in-addr.arpa domain. This
special domain is sometimes called a reverse domain.
Chapter 8 contains more information about how
the in-addr.arpa domain is set up and used, but basically the reverse domain maps numeric IP
addresses into domain names. This is the reverse of the normal process, which converts domain names
to addresses. If your ISP provides your name service or your ISP assigned you an address from a
block of its own addresses, you may not need to apply for an in-addr.arpa domain on your own.
Check with your ISP before applying. If you do need to get a reverse domain, you can obtain the
application from
/>4.4.2 Choosing a Hostname
Once you have a domain name, you are responsible for assigning hostnames within that domain. You
must ensure that hostnames are unique within your domain or subdomain, in the same way that host
addresses must be unique within a network or subnet. But there is more to choosing a host name than
just making sure the name is unique. Choosing a hostname is a surprisingly emotional issue. Many
people feel very strongly about the name of their computer because they identify their computer with
themselves or their work.
RFC 1178 provides excellent guidelines on how to choose a hostname. Some key suggestions from
these guidelines are:

file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (3 of 4) [2001-10-15 09:17:59]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm
●
Use real words that are short, easy to spell, and easy to remember. The point of using
hostnames instead of IP addresses is that they are easier to use. If hostnames are difficult to
spell and remember, they defeat their own purpose.
●
Use theme names. For example, all hosts in a group could be named after human movements:
fall, jump, hop, skip, walk, run, stagger, wiggle, stumble, trip, limp, lurch, hobble, etc. Theme
names are often easier to choose than unrestricted names, and increase the sense of community
among network users.
●
Avoid using project names, personal names, acronyms, numeric names, and technical jargon.
Projects and users change over time. If you name a computer after the person who is currently
using it or the project it is currently assigned to, you will probably have to rename the
computer in the future. Use nicknames to identify the server function of a system, e.g., www,
ftp, ns, etc. Nicknames can easily move between systems if the server function moves. See the
description of CNAME records in Chapter 8 for information on creating nicknames.
The only requirement for a hostname is that it be unique within its domain. But a well-chosen
hostname can save future work and make the user happier.
Name service is the most basic network service, and it is one service that you will certainly run on
your network. There are, however, other services that you should also include in your network
planning process.
Previous: 4.3 Planning
Routing
TCP/IP Network
Administration
Next: 4.5 Other Services
4.3 Planning Routing

Book Index
4.5 Other Services
[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]
file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (4 of 4) [2001-10-15 09:17:59]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.3 Planning Routing
Previous: 4.2 Basic
Information
Chapter 4
Getting Started
Next: 4.4 Planning Naming
Service

4.3 Planning Routing
In Chapter 2, we learned that hosts communicate directly only with other computers connected to the
same network. Gateways are needed to communicate with systems on other networks. If the hosts on
your network need to communicate with computers on other networks, a route through a gateway
must be defined. There are two ways to do this:
●
Routing can be handled by a static routing table built by the system administrator. Static
routing tables are most useful when the number of gateways is limited. Static tables do not
dynamically adjust to changing network conditions, so each change in the table is made
manually by the network administrator. Complex environments require a more flexible
approach to routing than a static routing table provides.
●
Routing can be handled by a dynamic routing table that responds to changing network
conditions. Dynamic routing tables are built by routing protocols. Routing protocols exchange
routing information that is used to update the routing table. Dynamic routing is used when
there are multiple gateways on a network, and is essential when more than one gateway can
reach the same destination.

Many networks use a combination of both static and dynamic routing. Some systems on the network
use static routing tables, while others run routing protocols and have dynamic tables. While it is often
appropriate for hosts to use static routing tables, gateways usually run routing protocols.
The network administrator is responsible for deciding what type of routing to use and for choosing the
default gateway for each host. Make these decisions before you start to configure your system. Here
are a few guidelines to help you plan routing. If you have:
A network with no gateways to other TCP/IP networks
No special routing configuration is required in this case. The gateways referred to in this
discussion are IP routers that interconnect TCP/IP networks. If you are not interconnecting
TCP/IP networks, you do not need an IP router. Neither a default gateway nor a routing
protocol needs to be specified.
A network with a single gateway
If you have only one gateway, don't run any routing protocols. Specify the single gateway as
file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (1 of 4) [2001-10-15 09:18:00]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.3 Planning Routing
the default gateway in a static routing table.
A network with internal gateways to other subnets and a single gateway to the world
Here there is a real choice. You can statically specify each subnet route and make the gateway
to the world your default route, or you can run a routing protocol. Decide which you want to
do based on the effort involved in maintaining a static table versus the slight overhead of
running a routing protocol on your hosts and networks. If you have more than a few hosts,
running a routing protocol is probably easiest.
A network with multiple gateways to the world
If you have multiple gateways that can reach the same destination, use a routing protocol. This
allows the gateways to adapt to network changes, giving you redundant access to the remote
networks.
Figure 4.1 shows a subnetted network with five gateways identified as A through E. A central subnet
(172.16.1.0) interconnects five other subnets. One of the subnets has a gateway to an external
network. The network administrator would probably choose to run a routing protocol on the central

subnet (172.16.1.0) and perhaps on subnet 172.16.12.0, which is attached to an external network.
Dynamic routing is appropriate on these subnets because they have multiple gateways. Without
dynamic routing, the administrator would need to update every one of these gateways manually
whenever any change occurred in the network - for example, whenever a new subnet was added. A
mistake during the manual update could disrupt network service. Running a routing protocol on these
two subnets is simpler and more reliable.
Figure 4.1: Routing and subnets
file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (2 of 4) [2001-10-15 09:18:00]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.3 Planning Routing
On the other hand, the administrator would probably choose static routing for the other subnets
(172.16.3.0, 172.16.6.0, and 172.16.9.0). These subnets each use only one gateway to reach all
destinations. Changes external to the subnets, such as the addition of a new subnet, do not change the
fact that these three subnets still have only one routing choice. Newly added networks are still reached
through the same gateway. The hosts on these subnets specify the subnet's gateway as their default
route. In other words, the hosts on subnet 172.16.3.0 specify B as the default gateway, while the hosts
on subnet 172.16.9.0 specify D as the default, no matter what happens on the external networks.
Some routing decisions are thrust upon you by the external networks to which you connect. In
Figure
4.1 the local network connects to an external network that requires that Border Gateway Protocol
(BGP) be used for routing. Therefore, gateway E has to run BGP to exchange routes with the external
network.
4.3.1 Obtaining an autonomous system number
The Border Gateway Protocol (BGP) requires that gateways have a special identifier called an
autonomous system number (ASN). (Refer to the section "Internet Routing Architecture" in Chapter 2
file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (3 of 4) [2001-10-15 09:18:00]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.3 Planning Routing
for a discussion of autonomous systems.) Most sites do not need to run BGP. Most sites do not need a
unique ASN, even when they do run BGP. Usually those sites can select one of the ASNs that have

been set aside for private use, which are the numbers from 64512 to 65535. Select a number and
coordinate your selection with your border gateway peers to avoid any possible conflicts. If you
connect to the Internet through a single ISP, you almost certainly do not need an official ASN. If after
discussions with your service provider you find that you must obtain an official ASN, obtain the
application form at (See the "Internet Registries"
sidebar earlier in this chapter.)
If you submit an application, you're asked to explain why you need a unique autonomous system
number. Unless you are an ISP, probably the only reason to obtain an ASN is that you are a multi-
homed site. A multi-homed site is any site that connects to more than one ISP. Reachability
information for the site may be advertised by both ISPs, confusing the routing policy. Assigning the
site an ASN gives it direct responsibility for setting its own routing policy and advertising its own
reachability information. This doesn't prevent the site from advertising bad routes, but it makes the
advertisement traceable back to one site and ultimately to one technical contact. (Once you submit an
ASN application, you have no one to blame but yourself!)
All of the items we have discussed so far (addressing, subnetting, and routing) are required to
configure the basic physical network on top of which the applications and services run. Now we begin
planning the services that make the network useful and usable.
Previous: 4.2 Basic
Information
TCP/IP Network
Administration
Next: 4.4 Planning Naming
Service
4.2 Basic Information
Book Index
4.4 Planning Naming Service
[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]
file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (4 of 4) [2001-10-15 09:18:00]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.2 Basic Information

Previous: 4.1 Connected
and Non-Connected
Networks
Chapter 4
Getting Started
Next: 4.3 Planning Routing

4.2 Basic Information
Regardless of whether or not your network is connected to the Internet, you must provide certain basic
information to configure the physical TCP/IP network interface. As we see in Chapter 6, Configuring
the Interface , the network interface needs an IP address and may also need a subnet mask and
broadcast address. In this section we look at how the network administrator arrives at each of the
required values.
4.2.1 Obtaining an IP Address
Every interface on a TCP/IP network must have a unique IP address. If a host is part of the Internet,
its IP address must be unique within the entire Internet. If a host's TCP/IP communications are limited
to a local network, its IP address only needs to be unique locally. Administrators whose networks will
not be connected to the Internet select an address from RFC 1918, Address Allocation for Private
Internets, which lists network numbers that are reserved for private use. [2] The private network
numbers are:
[2] The address (172.16.0.0) used in this book is an address set aside for use by non-
connected enterprise networks. Feel free to use this address on your network if it will
not be connected to the Internet.
●
Class A network 10.0.0.0 (10/8 prefix and a 24-bit block of addresses).
●
Class B networks 172.16.0.0 to 172.31.0.0 (172.16/12 prefix and a 20-bit block of addresses).
●
Class C network 192.168.0.0 to 192.168.255.0 (192.168/16 prefix and a 16-bit block of
addresses).

Networks connecting to the Internet must obtain official network addresses. An official address is
needed for every system on your network that directly exchanges data with remote Internet hosts. [3]
Obtain the address from your ISP. Your ISP has been delegated authority over a group of network
addresses, and should be able to assign you a network number. If your local ISP doesn't offer this
service, perhaps the ISP's upstream provider does. Ask your local ISP who it receives service from
and ask that organization for an address. If all else fails, you may be forced to go directly to an
Internet registry. The box Internet Registries provides information about the Internet registry services.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (1 of 8) [2001-10-15 09:18:01]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.2 Basic Information
The form required for registering an address is available at />number-template.txt. Use the application as a last resort to obtain an address.
[3] Hosts that communicate with the Internet through a firewall or proxy server may not
need official addresses. Check your firewall/proxy server documentation.
The advantages to choosing a network address from RFC 1918 are that you do not have to apply for
an official address and you save address space for those who do need to connect to the Internet. [4]
The advantage to obtaining your address from an Internet registry is that you will not have to change
your address in the future if you do connect to the Internet.
[4] See
Chapter 2, Delivering the Data.
If you do choose an address from RFC 1918 it is still possible to connect to the Internet without
renumbering all of your systems. But it will take some effort. You'll need a network address
translation (NAT) box or a proxy server. NAT is available as a separate piece of hardware or as an
optional piece of software in some routers and firewalls. It works by converting the source address of
datagrams leaving your network from your private address to your official address. Address
translation has several advantages.
●
It conserves IP addresses. Most network connections are between systems on the same
enterprise network. Only a small percentage of systems need to connect to the Internet at any
one time. Therefore far fewer official IP addresses are needed than the total number of systems
on an enterprise network. NAT makes it possible for you to use a large address space from

RFC 1918 for configuring your enterprise network while using only a small official address
space for Internet connections.
●
It eliminates address spoofing, a security attack in which a remote system pretends to be a local
system. The addresses in RFC 1918 cannot be routed over the Internet. Therefore, even if a
datagram is routed off of your network toward the remote system, the fact that the datagram
contains an RFC 1918 destination address means that the routers in the Internet will discard the
datagram as a martian. [5]
[5] A martian is a datagram with an address that is known to be invalid.
●
It eliminates the need to renumber your hosts when you connect to the Internet.
Network address translation also has disadvantages:
Cost
NAT may add cost for new hardware or optional software.
Performance
Address translation adds overhead to the processing of every datagram. When the address is
file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (2 of 8) [2001-10-15 09:18:01]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.2 Basic Information
changed, the checksum must be recalculated. Furthermore, some upper-layer protocols carry a
copy of the IP address that also must be converted.
Reliability
NAT is a new technology and there is very little experience with it in the network. Routers
never modify the addresses in a datagram header, but NAT does. This might introduce some
instability. Similarly, no one has much experience in determining how many addresses should
be kept in a NAT address pool or how long an address should be held by a connection before it
is released back to the pool.
Security
NAT limits the use of encryption and authentication. Authentication schemes that include the
header within the calculation do not work because the router changes the addresses in the

header. Encryption does not work if the encrypted data includes the source address.
Proxy servers provide many of the same advantages as NAT boxes. In fact, these terms are often used
interchangeably. But there are differences. Proxy servers are application gateways originally created
as part of firewall systems to improve security. Internal systems connect to the outside world through
the proxy server, and external systems respond to the proxy server. Unlike routers, even routers with
network address translation, the external systems do not see a network of internal systems. They see
only one system - the proxy server. All ftp, telnet, and other connections appear to come from one IP
address: the address of the proxy server. Therefore, the difference between NAT boxes and proxy
servers is that NAT uses a pool of IP addresses to differentiate the connection between internal and
external systems. The true proxy server has only one address and therefore must use protocol numbers
and port numbers to differentiate the connections.
Internet Registries
The original network information center was the SRI NIC, sri-nic.arpa. In 1992 the NIC moved to
nic.ddn.mil and became the DDN NIC. Then in April 1993 the registration, directory, and information
services it provided for the Internet moved to the new Internet NIC, internic.net. The InterNIC still
provides these services but it does not do so alone.
Almost every large network has its own network information center. Most of these NICs provide
access to all the RFCs, FYIs, and other TCP/IP documentation. A few provide registration services.
For the Internet to work properly, IP addresses and domain names must be unique. To guarantee this
addressing, authority is carefully delegated. Authority to delegate domains and addresses has been
given to the Internet Resource Registries (IRR). Currently these are: RIPE for Europe, APNIC for
Asia and the Pacific, CA*net for Canada, RNP for Brazil, and InterNIC for the rest of us. More
registries may be created at any time. (See the discussion of generic top-level domains (gTLDs) in
Chapter 3, Network Services.) Additionally large groups of addresses have been delegated to ISPs so
that they can assign them to their customers.
The place to start looking for registry services is your ISP. If it does not provide these services,
contact the InterNIC. You can contact the InterNIC at the postal address:
file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (3 of 8) [2001-10-15 09:18:01]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
[Chapter 4] 4.2 Basic Information

Network Solutions
InterNIC Registration Services
505 Huntmar Park Drive
Herndon, VA 22070
You can also reach the InterNIC via telephone at 703-742-4777 or via fax at 703-742-4811.
All of the forms needed to register an address, domain name, or other essential value can be obtained
from the InterNIC using either anonymous FTP or a Web browser. Obtain the forms via anonymous
FTP from rs.internic.net, where they are stored in the templates directory. Via the Web, connect to the
Registration Template Guide at
It provides links to all of the
forms and descriptions of when they are used and how they are filled in.
Proxy servers often have added security features. Address translation can be done at the IP layer.
Proxy services require the server to handle data up to the application layer. Security filters can be put
in proxy servers that filter data at all layers of the protocol stack.
Given the differences discussed here, network address translation servers should scale better than
proxy servers, and proxy servers should provide better security. Proxy servers are frequently used in
place of address translation for small networks. Before you decide to use either NAT or proxy
services, make sure they are suitable for your network needs.
4.2.1.1 Assigning host addresses
So far we have been discussing network numbers. Our imaginary company's network (nuts-net) was
assigned network number 172.16.0.0/16. The network administrator assigns individual host addresses
within the range of IP addresses available to the network address; i.e., the nuts-net administrator
assigns the last two bytes of the four-byte address. [6] The portion of the address assigned by the
administrator cannot have all bits 0 or all bits 1; i.e., 172.16.0.0 and 172.16.255.255 are not valid host
addresses. Beyond these two restrictions, you're free to assign host addresses in any way that seems
reasonable to you.
[6] The range of addresses is called the address space.
Network administrators usually assign host addresses in one of two ways:
One address at a time
Each individual host is assigned an address, perhaps in sequential order, through the address

range.
Groups of addresses
Blocks of addresses are delegated to smaller organizations within the overall organization,
which then assign the individual host addresses.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (4 of 8) [2001-10-15 09:18:01]
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.