Module 2: TCP/IP as a
Solution for Networking
Contents
Overview

1

Introducing TCP/IP

2

Designing a Functional TCP/IP Solution

7

Securing a TCP/IP Solution

20

Enhancing a TCP/IP Design for Availability

28

Optimizing a TCP/IP Design
for Performance

29

Lab A: Designing a TCP/IP Solution

41

Review

47


Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
 2000 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting,
PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media,
Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries/regions.
Project Lead: Don Thompson (Volt Technical)
Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc.
Instructional Design Consultants: Paul Howard, Susan Greenberg
Program Managers: Jack Creasey, Doug Steen (Independent Contractor)
Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies
Graphic Artist: Kirsten Larson (S&T OnSite)
Editing Manager: Lynette Skinner
Editor: Kristen Heller (Wasser)

Copy Editor: Kaarin Dolliver (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T Consulting)
Multimedia Development: Kelly Renner (Entex)
Test Leads: Sid Benevente, Keith Cotton
Test Developer: Greg Stemp (S&T OnSite)
Production Support: Lori Walker (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Ken Rosen
Group Product Manager: Robert Stewart
Other product and company names mentioned herein may be the trademarks of their respective
owners.


Module 2: TCP/IP as a Solution for Networking

iii

Instructor Notes
Presentation:
60 Minutes
Lab:
60 Minutes

This module provides students with the information and decision-making
experiences needed to design a Transmission Control Protocol/Internet Protocol
(TCP/IP) solution in a Microsoft® Windows® 2000 networking infrastructure.

Students will recognize the appropriate IP address structures when designing a
TCP/IP solution to meet the networking requirements of an organization.
At the end of this module, students will be able to:



Identify the features of TCP/IP in Windows 2000 and the functionality
provided by those features.




Recognize an IP address structure appropriate for private or public network
TCP/IP functionality.




Describe methods available to secure TCP/IP data traffic.




Describe strategies to improve the availability of TCP/IP routing structures.




Describe strategies for the efficient use of IP traffic data transmission.

Upon completion of the design lab, students will be able to design TCP/IP
solutions that meet the networking requirements of a variety of organizations.

Course Materials and Preparation
This section provides you with the required materials and preparation tasks that

are needed to teach this module.

Required Materials
To teach this module, you need the following materials:



Microsoft® PowerPoint® file 1562B_02.ppt

Preparation Tasks
To prepare for this module:



Review the contents of this module.




Read any relevant information in the Windows 2000 Help files, the
Windows 2000 Resource Kit, or in documents provided on the Instructor
CD.




Read any relevant RFCs in the Windows 2000 Help files.




Be familiar with TCP/IP subnetting, supernetting, Classless Inter-Domain
Routing (CIDR), and variable length subnet masks (VLSM).





Know how and where to obtain IP address blocks.




Read the review questions and be prepared to elaborate beyond the answers
provided in the text.




Review the discussion material and be prepared to lead class discussions on
the topics.




Complete the labs and be prepared to elaborate beyond the solutions found
there.


iv

Module 2: TCP/IP as a Solution for Networking

Module Strategy
Use the following strategy to present this module.



Introducing TCP/IP
Provide an introduction to TCP/IP for creating network design solutions.
The purpose of this module is to lay the foundation for developing a

Windows 2000 network.
In this section:
• Provide a brief overview of the TCP/IP suite of protocols. Assume that
the students have experience with TCP/IP network infrastructures.
• Point out that the first step in designing a TCP/IP solution is to
determine the number of hosts, the addressing structure needs, the
number of subnets and routers, and the underlying network
configuration.
• Emphasize the main features of TCP/IP that will assist the students in
designing TCP/IP solutions. Explain how the technology features
provided by TCP/IP in Windows 2000 support business solutions.




Designing a Functional TCP/IP Solution
Provide an introduction to IP addressing and address schemes used for
public and private Internets.
In this section:
• Avoid spending too much time on explaining the fundamentals of
routing, subnetting, and supernetting.
• Describe the use of addressing structures and subnet masks in IP
addressing.
• Remind the students that public addresses use a direct routing path to the
public network, whereas private addresses require translation before
routing to the public network. Describe IP addressing schemes for
private networks.
• Describe the purpose of subnet masks and how IP devices determine the
portions of an IP address that are used for routing and host addressing.
• Explain the manual allocation, DHCP manual, DHCP dynamic, and
Automatic Private IP Addressing (APIPA) IP configuration

methodologies used by network hosts.




Securing a TCP/IP Solution
When the TCP/IP data is sent on the network, unauthorized users can access
it. Discuss the methods for securing a TCP/IP solution.
In this section:
• Explain how the use of filters in a TCP/IP design can control and block
traffic.
• Present the use of encryption and authentication by using Internet
Protocol Security (IPSec). Point out that IPSec provides data integrity
and data encryption functions to improve security.


Module 2: TCP/IP as a Solution for Networking

v

• Describe the IPSec protection levels. Emphasize that to reduce the CPU
overhead associated with the provision of authentication and encryption,
you must select the lowest level of protection that meets the security
requirements.
• Point out that the exchange of authenticated and encrypted data between
the peer computers that use IPSec, requires negotiation of the security
keys.



Enhancing a TCP/IP Design for Availability
A TCP/IP network must be available for users to transfer data over the

network. In this section, discuss the use of redundant routers and links to
enhance the availability of a TCP/IP design.




Optimizing a TCP/IP Design for Performance
Emphasize the fact that the performance of a TCP/IP network design
focuses on the average length of time required to transmit an IP packet.
Discuss the strategies used to ensure efficient data transmission.
In this section:
• Explain that dividing IP address ranges with variable length subnets, and
combining IP address ranges by supernets, are the two methods of
optimizing subnet designs.
• Describe how to recognize traffic patterns and performance factors to
optimize IP performance on the network. You can use the following
information to explain optimization of IP performance:
The characteristics of a wide area network (WAN) most likely to limit
application performance are the available bandwidth and delay. A
designer may not be able to make the technology decisions, which
affect the Maximum Transmission Unit (MTU) for a network, but the
Receive Window Size may require adjustment to suit the
Delay/Bandwidth product for links within a WAN.
Consider a latency sensitive traffic example. On a 10 megabits per
second (Mbps) local area network (LAN) segment where delay is
essentially zero, consider a client to domain controller log on and an
authentication transaction. If the transaction requires 18 packets, with an
average of 120 bytes per packet, and the domain controller processing
overhead is 150 milliseconds (ms), a simple indication of the transaction
time would be:
(time_for_one_packet) * 18 + (DC_overhead) = Transaction_time

(120*8*1/10*106)*18+150*10-3=151ms
The transaction time here is dominated by the domain controller
response times, so primarily the computers used limit performance. This
level of performance is typical in LAN-based environments.


vi

Module 2: TCP/IP as a Solution for Networking

If the same transaction occurred over a 256Kbps WAN link with 130ms
roundtrip time (RTT) delay:
(time_for_one_packet) * 18 + (9*Delay) + (DC_overhead) =
Transaction_time
(120*8*1/256*103)*18+(9*130*10-3)+150*10-3=1.24Secs
The transaction time here is dominated by the delay time, so link speed
and computer processing time have a reduced effect.
If this transaction is required as part of Web pages transacted over
HTTPS, this authentication might occur many times and be the major
component of the refresh time for a page, thereby rendering the
application unacceptable when used across a WAN. A design may be
required to provide a domain controller at the remote site to bring the
client performance to an acceptable level.
• Emphasize that remote networks require special consideration when you
develop an IP addressing scheme. Describe how to optimize remote
subnets.
• Present Quality of Service (QoS) as a solution for optimizing the
performance of a TCP/IP network.
• Remind the students that implementing QoS enables real-time programs
to make the most efficient use of network bandwidth. The goal of a QoS

implementation is a guaranteed delivery system for network traffic, such
as IP packets.


Module 2: TCP/IP as a Solution for Networking

vii

Lab Strategy
Use the following strategy to present this lab.

Lab A: Designing a TCP/IP Solution
This lab is designed to assist the student in assimilating the information
presented in the workbook into a network design solution. To evaluate a
network solution, students are expected to have basic network design and
technology implementation knowledge.
In this lab, students will design a TCP/IP solution based on specific
requirements outlined in the given scenario. Students review a set of
requirements and read supporting materials. They use the information from the
module to develop a detailed design that uses TCP/IP as a solution for the
scenario.
To conduct this lab:



Read through the lab carefully, paying close attention to the instructions and
to the details of the scenario.




Divide the class into teams of two or more students.





Present the lab and make sure students understand the instructions and the
purpose of the lab.




Explain that the Design Worksheet is to be used to develop the design of
their solution.




Remind students to consider any functionality, security, availability, and
performance criteria that are provided in the scenario, and to think about
how they will incorporate strategies to meet these criteria in their design.




Take the opportunity to assess each student’s comprehension of the design
strategies presented in the module while students are completing the lab.




Allow some time to discuss the solutions after the lab is completed. A
solution is provided on the Instructor CD. Encourage students to critique
each other’s solutions and to discuss any ideas for improving the designs.




Module 2: TCP/IP as a Solution for Networking

Overview
Slide Objective

To provide an overview of
the module topics and
objectives.

Lead-in

TCP/IP provides a suite of
communication protocols as
a solution for the
connectivity requirements of
an organization.
In this module, you will
define the role of TCP/IP in
a networking infrastructure
and create a functional
TCP/IP networking solution.




Introducing TCP/IP




Designing a Functional TCP/IP Solution





Securing a TCP/IP Solution




Enhancing a TCP/IP Design for Availability




Optimizing a TCP/IP Design for Performance

Organizations are facing a growing need for Internet connectivity, and
connectivity between dissimilar operating systems and hardware platforms
spread over large geographic distances. Because Transmission Control
Protocol/Internet Protocol (TCP/IP) operates on a wide variety of physical
networks and can be scaled to suit small to large networks, it is the only
protocol that can meet the requirements of these organizations.
At the end of this module, you will be able to:



Identify the features of TCP/IP in Microsoft® Windows® 2000 and the
functionality provided by those features.




Recognize the IP address structure appropriate for private or public network
TCP/IP functionality.





Describe methods available to secure TCP/IP data traffic.




Describe strategies to improve the availability of TCP/IP routing structures.




Describe strategies for efficient use of IP traffic data transmission.

1


2

Module 2: TCP/IP as a Solution for Networking


Introducing TCP/IP
Slide Objective

To define the role of TCP/IP
in a network and review the
features that support that
role.

Lead-in

TCP/IP operates on a wide
variety of physical networks

and can be scaled to suit
small to large networks.




TCP/IP Protocol Suite




Design Decisions for a TCP/IP Solution




TCP/IP Features

TCP/IP operates on a wide variety of physical networks and can be scaled to
suit small to large networks. IP is the protocol used for communications on
public networks such as the Internet.
To design a TCP/IP network infrastructure, you need to:



Describe the components of the TCP/IP protocol suite.




Determine the design decisions influencing a TCP/IP solution.




Describe the features and functionality provided by TCP/IP in

Windows 2000.


Module 2: TCP/IP as a Solution for Networking

TCP/IP Protocol Suite
Slide Objective

To describe the components
of the TCP/IP protocol suite.

Lead-in

The TCP/IP suite of
protocols supports the
design of a logical peer
network by using an
underlying physical network
infrastructure.

Key Points
The TCP/IP suite of vendorindependent protocols can
be used to implement IP
networks ranging from small
local area networks (LANs)
to large enterprise networks.
Avoid covering the TCP/IP
protocol suite in detail. The
students are expected to
know this information. Use

the slide to remind them of
the extent of the TCP/IP
suite and that the layer one
and two network
infrastructure already exists.

OSI Model

7

TCP/IP Model

TCP/IP Protocol Suite

Application
Application

6 Presentation
Presentation

Application
Application

5

Session
Session

4


Transport
Transport

Transport
Transport
Layer
Layer

3

Network
Network

Network
Network

2
1

Data
Data link
link

Data
Data link
link

Physical
Physical


Physical
Physical

Telnet
Telnet

FTP
FTP

SMTP
SMTP

DNS
DNS

TCP
TCP

SNMP
SNMP

UDP
UDP
IGMP ICMP

IP
IP

ARP
Ethernet

Ethernet

RIP
RIP

Token
Token
Ring
Ring

Frame
Frame
Relay
Relay

ATM
ATM

The TCP/IP suite of protocols allows the design of a logical peer network by
using an underlying physical network infrastructure. These vendor-independent
protocols can be used to implement IP networks ranging from small local area
networks (LANs) to large enterprise networks.
The Internet Engineering Task Force (IETF) continues to revise and improve
the TCP/IP suite of protocols. Microsoft continuously updates the TCP/IP
implementation to comply with the latest IETF standards.
The preceding illustration shows the mapping of the Open Systems
Interconnection (OSI) seven-layer model to the TCP/IP four-layer model, and
the major components of the TCP/IP suite. The OSI layer one and two
infrastructure is considered to be in place for any design considerations in this
module.


3


4

Module 2: TCP/IP as a Solution for Networking

Design Decisions for a TCP/IP Solution
Slide Objective

To introduce the decisions
that influence the design of
a TCP/IP solution.

Internet
Windows 2000–based
Router

Lead-in

IBM Mainframe

To design a TCP/IP
solution, you must
determine the number of
hosts, the addressing
structure needs, the number
of subnets and routers, and
the underlying network

configuration.

Discuss the points listed on
the slide. Tell students that
these are the design
decisions they need to
consider before designing a
TCP/IP solution.

Microsoft
Windows 98

Microsoft
Windows NT®

Router
UNIX System
Windows 2000




Number of Hosts?




Addressing Structure Needs?




Number of Subnets and Routers?





Underlying Network Configuration?

Network Printer

Windows 2000 uses TCP/IP for authentication processes, file and print services,
information replication, and other common network functions such as
communication in heterogeneous, multiple-vendor networks. Before you design
a TCP/IP solution, you must identify the design decisions that influence the
design.
To design a TCP/IP solution, you need to analyze:



The number of hosts requiring IP connectivity.




The requirement for public and/or private IP addressing.




The number of physical subnets and routers.




The OSI layer 1 and 2 network configuration.



Module 2: TCP/IP as a Solution for Networking

TCP/IP Features
Slide Objective

To describe the features of
TCP/IP and the functionality
provided by these features.

Performance
Improvement

Security

Lead-in

After considering the design
decisions, you need to
understand the features
supported by TCP/IP to use
them in designing a TCP/IP
solution.

Bandwidth
Management

TCP/IP

Automatic Private
IP Addressing


Delivery Tip

Focus on the new features
and mention them briefly.
Remind the students that
they will consider these
features while designing
TCP/IP solutions.

ICMP Router
Discovery

Disabling NetBIOS
over TCP/IP

To design an effective TCP/IP solution, you must understand the features of
TCP/IP and how these features solve the connectivity requirements of your
organization.

Security
TCP/IP allows enhanced data and connection security by supporting a number
of IETF-proposed standards for data encryption, authentication, and filtering.
The Windows 2000 implementation of TCP/IP supports Internet Protocol
Security (IPSec) and TCP/IP filtering for packet-level authentication and data
encryption, and for filtering data.

Bandwidth Management
Time-sensitive IP traffic streams such as streaming multimedia require
connection protocols that provide bandwidth reservation within a network.

TCP/IP supports bandwidth reservation by using Quality of Service (QoS)
mechanisms, which allow IP traffic to be prioritized.

Automatic Private IP Addressing
Automatic Private IP Addressing (APIPA) automates TCP/IP address
configuration for hosts on a single-subnet network that has no DHCP server.
APIPA eliminates IP address configuration for simple networks not connected
to the Internet. The IP addresses for APIPA are allocated from 169.254.0.0/16,
which is reserved by the Internet Assigned Numbers Authority (IANA).

5


6

Module 2: TCP/IP as a Solution for Networking

Performance Improvement
The following features of TCP/IP have been enhanced to improve the
performance of TCP/IP solutions:



Large TCP Windows. TCP window size reflects the maximum number of
packets that can be sent without waiting for positive acknowledgment. TCP
window scaling (RFC 1323) improves TCP/IP performance when a large
amount of data is in transit between the sender and receiver, such as in wide
area network (WAN) environments.





TCP Selective Acknowledgment. A selective acknowledgment (SACK) is a
TCP option (RFC 2018) that allows the receiver to selectively notify and
request that the sender resend only data that is actually missing. This results
in smaller amounts of data requiring retransmission and in better use of
network bandwidth.

ICMP Router Discovery
Windows 2000–based computers running Routing and Remote Access support
Internet Control Message Protocol (ICMP) router discovery (RFC 1256). This
allows a host to discover the router automatically, although a default gateway is
not configured for the host. ICMP router discovery is disabled by default on
TCP/IP for Windows 2000 hosts, and is managed by using DHCP.

Disabling NetBIOS over TCP/IP
Windows 2000 allows you to disable network basic input/output system
(NetBIOS) over TCP/IP (NetBT) for computers that use only DNS name
registration and resolution. These computers can browse resources only on
those computers that:



Have NetBT disabled.




Use Client for Microsoft Networks, and File and Print Sharing for Microsoft
Networks components.

Note NetBT is typically disabled only on those computers that you place in
specialized roles in your network, such as edge proxy servers or bastion hosts in
a firewall environment, where NetBT support is not required or desired.



Module 2: TCP/IP as a Solution for Networking


Designing a Functional TCP/IP Solution
Slide Objective

To introduce the functional
aspects of a TCP/IP
solution.

Lead-in

To design the functional
aspects of TCP/IP, you must
determine Internet
accessibility needs, router
usage, and public address
availability.

Explain the fundamentals of
routing, subnetting, and
supernetting. Do not spend
too much time explaining
the mechanics of these.




Reviewing IP Addressing





IP Addressing for a Private Network




IP Address Subnet Requirements




IP Configuration Methodology




Discussion: Evaluating TCP/IP Functional Requirements

To determine the appropriate TCP/IP infrastructure, you must evaluate your
Internet accessibility needs, the use of routers, and public address availability.
To allow peer-to-peer communication, all hosts in a TCP/IP network require
unique IP addresses. IP supports a 32-bit address structure, publicly
administered by a standards body (IETF), which can be used to implement both
public and private address structures.
In designing a functional IP network, you need to consider:



The IP address and mask configuration.




The addressing structures for private network operation.





The addressing structures to allow subnet routing.




A methodology for a consistent design of IP networks.

7


8

Module 2: TCP/IP as a Solution for Networking

Reviewing IP Addressing
Slide Objective

Class B Address

To describe the use of
addressing structures and
subnet masks in IP
addressing.

172

Class B Default Mask


Each TCP/IP host is
identified by a logical IP
address. This address is
unique for each host that
communicates by using
TCP/IP.

The students are likely
familiar with IP addressing.
Use the slide and student
text to ensure that the
students understand that
VLSM and CIDR require
specific routing support.

100

10

Network

Lead-in

Delivery Tip

(Classless 172.100.10.1/20)

255

1

Host

Subnet

255

0

0

255

240

0

Subnet Mask

255



Addressing Structures




Subnet Masks

Each TCP/IP host is identified by a logical IP address. This address is unique
for each host that communicates by using TCP/IP. Because IP addresses
identify devices on a network, you must assign a unique IP address to each

device on the network. The standard for IP addressing is referred to as IP
version 4 (v4). The standard uses a 32-bit address field and 32-bit mask field.

Addressing Structures
Depending on the routing protocols used, you can specify IP addresses
based on:



Classes (A, B, C) with an associated default mask.




Classes with variable length subnet masks (VLSM).




Classless Inter-Domain Routing (CIDR) with a specified prefix length.

Class-based networks support a single subnet mask, and are suitable for
networks routed by using Routing Information Protocol (RIP) version 1. VLSM
and CIDR support multiple masks or prefixes per network. Both VLSM and
CIDR require routers that support more advanced interior routing protocols
such as RIP version 2 and Open Shortest Path First (OSPF).
The following table lists the class-based addresses.
Address Class

Address Range

Default Mask


Purpose

A

1-126.xxx.xxx.xxx

255.000.000.000

Host/Network

B

128-191.xxx.xxx.xxx

255.255.000.000

Host/Network

C

192-223.xxx.xxx.xxx

255.255.255.000

Host/Network

D

224-239.xxx.xxx.xxx


None

Multicast groups

E

240-255.xxx.xxx.xxx

None

Experimental


Module 2: TCP/IP as a Solution for Networking

9

Subnet Masks
Class-based IP addresses are split into two portions—the network and host
address fields. The subnet mask allows the derivation of network and host fields
of the IP address. The network field is required to make routing decisions.
Note When using class-based addresses and VLSM, you cannot decrease the
number of bits that determine the network address below the number that is
assigned to the default subnet mask.
The following table lists and describes the RFCs pertaining to subnet masks.
RFC

Reference title

Describes


950

Internet Standard Subnetting Procedure

Subnetting of IP addresses

1518

An Architecture IP Address Allocation
with CIDR

Introduction to the architecture
required to support CIDR

1519

Classless Inter-Domain Routing (CIDR)
an Address Assignment and
Aggregation Strategy

Designing with route aggregation

1812

Requirements for IPv4 Routers, Section
4.2.2.11

All ones and zeros in the IP
address mask


1878

Variable Length Subnet Table For IPv4

Subnet masking of variable length

Important Before implementing IPv4 by using VLSM or CIDR, you must
ensure that the routers on your network support VLSM and CIDR.


10

Module 2: TCP/IP as a Solution for Networking

IP Addressing for a Private Network
Slide Objective

Scheme
Scheme

To describe the IP
addressing schemes
available for address
configuration in private
networks.

Use
Use


Private network devices can
be defined with either a
public or a private
addressing scheme.

Pros
Pros

Cons
Cons

You can assign hosts that
are not directly connected to
the Internet either a public
or private address, but if you
require connection to the
Internet, you need at least
one public IP address.

Private
Private

•• Large
Large number
number of
of hosts
hosts •• Few
Few hosts
hosts require
require direct

direct Internet
Internet

Lead-in

Key Points

Public
Public
require
require direct
direct Internet
Internet
access
access
•• Sufficient
Sufficient number
number of
of
registered
registered public
public
addresses
addresses exist
exist for
for
private
private network
network hosts
hosts


access
access
•• Sufficient
Sufficient number
number of
of registered
registered
public
public addresses
addresses do
do not
not exist
exist for
for
private
private network
network hosts
hosts

•• Addresses
Addresses are
are owned
owned
•• All
All hosts
hosts are
are Internet
Internet
accessible

accessible

•• Inexpensive
Inexpensive
•• Unrestricted
Unrestricted growth
growth
•• Secure
Secure

•• Costly
Costly to
to lease
lease
•• Restricted
Restricted growth
growth
•• Can
Can be
be insecure
insecure

•• Requires
Requires aa network
network filtering
filtering

device
device for
for public

public access
access
•• Still
Still requires
requires some
some public
public
addresses
addresses

When designing an IP network, you must determine whether a public or a
private address strategy is best for the majority of network hosts. Hosts that are
not directly connected to the Internet can be assigned either a public or private
address, but if connection to the Internet is required, at least one public IP
address is essential.

Public Addressing Schemes
Hosts connected directly to the Internet require a public, globally unique IP
address. Any network connected to the Internet has a minimum of one public
address for Internet connectivity.
To enhance security, a private network that uses public addresses, and is
connected to the Internet, requires isolation from the Internet by a firewall, a
screened subnet, or a packet-filtering router.
Use a public addressing scheme if the organization has:



A large number of hosts that require direct Internet access.





A sufficient number of registered public addresses that can be assigned to
all network hosts.

If the network design requires that a large number of IP addresses be accessible
from the Internet, you must obtain a suitable range of public IP addresses. You
can apply for public IP addresses from an Internet service provider (ISP) or
Internet registry. Acquiring a large number of public addresses is expensive to
maintain and in most cases unnecessary.
Organizations that use a public addressing scheme must also anticipate their
network growth. The total number of addresses available can restrict network
growth. After you assign all of the public addresses, you cannot add additional
devices to the network unless more public addresses are acquired.


Module 2: TCP/IP as a Solution for Networking

Private Addressing Schemes
Most organizations do not require each host to be accessible from the Internet.
Network security is improved by preventing direct Internet access for hosts on
the private network.
Use a private addressing scheme if the organization has:



Few hosts that require direct Internet access.




Insufficient public addresses for all private network hosts.

Using a private addressing scheme for the intranet is inexpensive and can be

designed to accommodate virtually unlimited network growth.
In your network design, include a firewall and a network address translation
(NAT) device to act as an intermediary between the organization’s private
network and the Internet. The only IP address visible to the Internet is the IP
address of the NAT device.
RFC 1918 lists the IP address ranges that are reserved by the IETF and
available for use in private addressing schemes.
In addition to the addresses in RFC 1918, IANA allows the use of
169.254.0.0/16 for private addressing.
Note Any IP address may be used on a private network that is isolated from
the Internet by the use of a NAT device. The use of the addresses shown in
RFC 1918 is recommended because these addresses are not routed on the
Internet.

11


12

Module 2: TCP/IP as a Solution for Networking

IP Address Subnet Requirements
Slide Objective

Subnet Mask
Increase Hosts

To describe how to
determine the number of
hosts per subnet, and the

number of subnets in an IProuted network design.

135
Network



Lead-in

As a designer, after
selecting a public or private
addressing scheme, you
need to design a subnet
mask to suit your network.



Delivery Tip

First explain the interrelationship between the
number of hosts per subnet
and the number of subnets.
After the students have a
clear understanding of that,
talk about determining the
limits for both.

Key Points

A good subnet mask design
must not restrict the
expected growth in either

the number of subnets or
the number of hosts per
subnet. You need to adjust
the subnet mask to provide
for expected host population
and network growth.

100

Increase Subnets

240

20

Subnet

Host

Identify Number of Hosts per Subnet Limits



Network design specifications




Router or IP switch capacity





Future growth

Identify Number of Subnet Limits



Subnet for each remote connection




Overloaded segments




Future growth

An IP-routed network design requires that you examine the interrelationship
between the number of hosts per subnet and the number of subnets. An IPswitched network design evaluates only the number of WAN connections.
Your network design must optimize the number of subnets and the number of
hosts per subnet. In designing an IP network and selecting the masks required to
permit routing, you may be limited by:



The number of physical subnets that exist.




The number of logical subnets that you can create.





The host population on both physical and logical subnets.

A good subnet mask design does not restrict expected growth in either the
number of subnets or the number of hosts per subnet. You need to adjust the
subnet mask to provide for expected host population and network growth.

Limits on the Number of Hosts per Subnet
Consider the following in determining the number of hosts per subnet:



Network design specifications. Create your network design specifications to
meet required performance goals. This requires analyzing the bandwidth
utilization, broadcast domain size, routing configuration, distance vector
delays, and application data flow requirements.




Router performance. Evaluate the number of hosts supported by any new or
existing routers. To determine the maximum number of hosts supported per
subnet, divide the total number of hosts on any LAN by the number of
subnets supported by the router(s). If this number exceeds the host capacity
of a subnet or limits performance, then redesign the network to increase the
number of subnets.