Tải bản đầy đủ
[Chapter 4] 4.3 Planning Routing

[Chapter 4] 4.3 Planning Routing

Tải bản đầy đủ

[Chapter 4] 4.3 Planning Routing

the default gateway in a static routing table.
A network with internal gateways to other subnets and a single gateway to the world
Here there is a real choice. You can statically specify each subnet route and make the gateway
to the world your default route, or you can run a routing protocol. Decide which you want to
do based on the effort involved in maintaining a static table versus the slight overhead of
running a routing protocol on your hosts and networks. If you have more than a few hosts,
running a routing protocol is probably easiest.
A network with multiple gateways to the world
If you have multiple gateways that can reach the same destination, use a routing protocol. This
allows the gateways to adapt to network changes, giving you redundant access to the remote
networks.
Figure 4.1 shows a subnetted network with five gateways identified as A through E. A central subnet
(172.16.1.0) interconnects five other subnets. One of the subnets has a gateway to an external
network. The network administrator would probably choose to run a routing protocol on the central
subnet (172.16.1.0) and perhaps on subnet 172.16.12.0, which is attached to an external network.
Dynamic routing is appropriate on these subnets because they have multiple gateways. Without
dynamic routing, the administrator would need to update every one of these gateways manually
whenever any change occurred in the network - for example, whenever a new subnet was added. A
mistake during the manual update could disrupt network service. Running a routing protocol on these
two subnets is simpler and more reliable.
Figure 4.1: Routing and subnets

file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (2 of 4) [2001-10-15 09:18:00]

[Chapter 4] 4.3 Planning Routing

On the other hand, the administrator would probably choose static routing for the other subnets
(172.16.3.0, 172.16.6.0, and 172.16.9.0). These subnets each use only one gateway to reach all
destinations. Changes external to the subnets, such as the addition of a new subnet, do not change the
fact that these three subnets still have only one routing choice. Newly added networks are still reached
through the same gateway. The hosts on these subnets specify the subnet's gateway as their default
route. In other words, the hosts on subnet 172.16.3.0 specify B as the default gateway, while the hosts
on subnet 172.16.9.0 specify D as the default, no matter what happens on the external networks.
Some routing decisions are thrust upon you by the external networks to which you connect. In Figure
4.1 the local network connects to an external network that requires that Border Gateway Protocol
(BGP) be used for routing. Therefore, gateway E has to run BGP to exchange routes with the external
network.

4.3.1 Obtaining an autonomous system number
The Border Gateway Protocol (BGP) requires that gateways have a special identifier called an
autonomous system number (ASN). (Refer to the section "Internet Routing Architecture" in Chapter 2
file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (3 of 4) [2001-10-15 09:18:00]

[Chapter 4] 4.3 Planning Routing

for a discussion of autonomous systems.) Most sites do not need to run BGP. Most sites do not need a
unique ASN, even when they do run BGP. Usually those sites can select one of the ASNs that have
been set aside for private use, which are the numbers from 64512 to 65535. Select a number and
coordinate your selection with your border gateway peers to avoid any possible conflicts. If you
connect to the Internet through a single ISP, you almost certainly do not need an official ASN. If after
discussions with your service provider you find that you must obtain an official ASN, obtain the
application form at ftp://rs.internic.net/templates/asn-template.txt. (See the "Internet Registries"
sidebar earlier in this chapter.)
If you submit an application, you're asked to explain why you need a unique autonomous system
number. Unless you are an ISP, probably the only reason to obtain an ASN is that you are a multihomed site. A multi-homed site is any site that connects to more than one ISP. Reachability
information for the site may be advertised by both ISPs, confusing the routing policy. Assigning the
site an ASN gives it direct responsibility for setting its own routing policy and advertising its own
reachability information. This doesn't prevent the site from advertising bad routes, but it makes the
advertisement traceable back to one site and ultimately to one technical contact. (Once you submit an
ASN application, you have no one to blame but yourself!)
All of the items we have discussed so far (addressing, subnetting, and routing) are required to
configure the basic physical network on top of which the applications and services run. Now we begin
planning the services that make the network useful and usable.

Previous: 4.2 Basic
Information
4.2 Basic Information

TCP/IP Network
Administration
Book Index

Next: 4.4 Planning Naming
Service
4.4 Planning Naming Service

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (4 of 4) [2001-10-15 09:18:00]

[Chapter 4] 4.2 Basic Information

Previous: 4.1 Connected
and Non-Connected
Networks

Chapter 4
Getting Started

Next: 4.3 Planning Routing

4.2 Basic Information
Regardless of whether or not your network is connected to the Internet, you must provide certain basic
information to configure the physical TCP/IP network interface. As we see in Chapter 6, Configuring
the Interface , the network interface needs an IP address and may also need a subnet mask and
broadcast address. In this section we look at how the network administrator arrives at each of the
required values.

4.2.1 Obtaining an IP Address
Every interface on a TCP/IP network must have a unique IP address. If a host is part of the Internet,
its IP address must be unique within the entire Internet. If a host's TCP/IP communications are limited
to a local network, its IP address only needs to be unique locally. Administrators whose networks will
not be connected to the Internet select an address from RFC 1918, Address Allocation for Private
Internets, which lists network numbers that are reserved for private use. [2] The private network
numbers are:
[2] The address (172.16.0.0) used in this book is an address set aside for use by nonconnected enterprise networks. Feel free to use this address on your network if it will
not be connected to the Internet.




Class A network 10.0.0.0 (10/8 prefix and a 24-bit block of addresses).
Class B networks 172.16.0.0 to 172.31.0.0 (172.16/12 prefix and a 20-bit block of addresses).
Class C network 192.168.0.0 to 192.168.255.0 (192.168/16 prefix and a 16-bit block of
addresses).

Networks connecting to the Internet must obtain official network addresses. An official address is
needed for every system on your network that directly exchanges data with remote Internet hosts. [3]
Obtain the address from your ISP. Your ISP has been delegated authority over a group of network
addresses, and should be able to assign you a network number. If your local ISP doesn't offer this
service, perhaps the ISP's upstream provider does. Ask your local ISP who it receives service from
and ask that organization for an address. If all else fails, you may be forced to go directly to an
Internet registry. The box Internet Registries provides information about the Internet registry services.
file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (1 of 8) [2001-10-15 09:18:01]

[Chapter 4] 4.2 Basic Information

The form required for registering an address is available at ftp://rs.internic.net/templates/internetnumber-template.txt. Use the application as a last resort to obtain an address.
[3] Hosts that communicate with the Internet through a firewall or proxy server may not
need official addresses. Check your firewall/proxy server documentation.
The advantages to choosing a network address from RFC 1918 are that you do not have to apply for
an official address and you save address space for those who do need to connect to the Internet. [4]
The advantage to obtaining your address from an Internet registry is that you will not have to change
your address in the future if you do connect to the Internet.
[4] See Chapter 2, Delivering the Data.
If you do choose an address from RFC 1918 it is still possible to connect to the Internet without
renumbering all of your systems. But it will take some effort. You'll need a network address
translation (NAT) box or a proxy server. NAT is available as a separate piece of hardware or as an
optional piece of software in some routers and firewalls. It works by converting the source address of
datagrams leaving your network from your private address to your official address. Address
translation has several advantages.




It conserves IP addresses. Most network connections are between systems on the same
enterprise network. Only a small percentage of systems need to connect to the Internet at any
one time. Therefore far fewer official IP addresses are needed than the total number of systems
on an enterprise network. NAT makes it possible for you to use a large address space from
RFC 1918 for configuring your enterprise network while using only a small official address
space for Internet connections.
It eliminates address spoofing, a security attack in which a remote system pretends to be a local
system. The addresses in RFC 1918 cannot be routed over the Internet. Therefore, even if a
datagram is routed off of your network toward the remote system, the fact that the datagram
contains an RFC 1918 destination address means that the routers in the Internet will discard the
datagram as a martian. [5]
[5] A martian is a datagram with an address that is known to be invalid.



It eliminates the need to renumber your hosts when you connect to the Internet.

Network address translation also has disadvantages:
Cost
NAT may add cost for new hardware or optional software.
Performance
Address translation adds overhead to the processing of every datagram. When the address is
file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (2 of 8) [2001-10-15 09:18:01]