Title: KDE Private IP Implementation Preparation for Windows 2000 Active Directory Implementation
1KDE Private IP Implementation (Preparation for
Windows 2000 Active Directory Implementation)
- KATC Summer Conference 2001
- Pike County Central High School
- Pikeville, KY
2Goals
- To describe the KETS Standard implementation of
Private IP Address Ranges. - To explain benefits of using Private IP Addresses
- To explain the implementation of Public and
Private Addresses in the same network. - To Explain the reasons for redesigning the
current Private IP Recommendations
3Private IP Implementation Overview
- What is a Private IP Address
- Benefits of Using Private IP Addresses
- Reasons for Redesigning Private IP
Recommendations - Using Both Private Public IP Addresses on a
Network - Address Reservations
- Internal Private Networks Within a District
- Two Phase Approach
- Timeline
4What is a Private IP Address
- Class A 10.0.0.0 10.255.255.255
- Class B 172.16.0.0 172.31.255.255
- Class C 192.168.0.0 192.168.255.255
- Private IP Addresses are blocks of IP addresses
that are not recognized by Internet routers.
Packets with either source or destination private
addresses are not forwarded across Internet
links. - The Internet Assigned Numbers Authority (IANA)
has reserved the following three blocks of the IP
address space for private networks - 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
- Private hosts can communicate with all other
hosts inside their network, both public and
private. However, they cannot have IP
connectivity to any external host without the use
of Network Address Translation (NAT) or a Proxy
Service.
5Benefits of Using Private IP Addresses
- Larger ranges of IP Addresses
- Unique IP Addresses Statewide on all devices.
- Implementation of Windows 2000 Active Directory
- Increased Security
- District to District Videoconferencing
- Network Stability
- Ease of Troubleshooting
6Reasons for Redesigning Private IP
Recommendations
- Planned
- Every networked device will have a unique IP
Address statewide. - Every school has their own address block to
identify them. - Windows 2000 Active Directory can distinguish all
networked computers. - Statewide routing of Private IP Addresses.
- Desktop to Desktop Videoconferencing requires
unique IP.
- Currently
- Current Plan allows for duplicate IP Addressing
statewide - No standards have been established for Private IP
Implementation within a District - Windows 2000 Active Directory can not distinguish
between duplicate IP Addresses - Private IP Addresses can only route within a
district - Some applications do not work well within a
multi-netted environment
7Using Both Private Public IP Addresses on a
Network
- Any device that must be visible on the Internet
should maintain a Public IP Address. - Any device that does not need to be visible on
the Internet should maintain a Private IP
Address. - Some Servers will be configured with IP Numbers
in both the public and Private Range. - This allows devices on the Private Range of the
same segment the ability to access them directly
without passing through a Router. - Any device using a Private IP Address can access
any Public Address by using Multi-Netted Ethernet
interfaces on Routers - Internet accessibility of devices with Private IP
Addresses can be made available using a V.P.N. or
R.A.S.
8Example of Private Public IP Address Scheme in
a District
District Hub Proxy 170.180.183.210
Ex. 1) Computer A request web page from District
Web Server. Ex. 2) Computer A sends print job to
Printer A Ex. 3) Computer B Request Web Page from
Web Server A Ex. 4) Computer C Request Web Page
from Web Server B Ex. 5) Computer C communicates
with Computer B
District Hub Router 10.21.16.1 170.180.183.254
District Web Server 170.180.183.209
District Exchange Server 170.180.183.210
School Router (A) 10.21.33.1 170.180.180.1
School Router (B) 10.21.32.1 170.180.181.1
Switch (A)
Switch (B)
School Proxy (B) 10.21.32.14 170.180.181.25
Computer (A) 10.21.33.100
Printer (A) 10.21.33.110
Web Server (A) 170.180.180.5
Computer (B) 10.21.32.100
Computer (C) 10.21.32.110
Web Server (B) 10.21.32.3 170.180.181.12
School Proxy (A) 10.21.33.14 170.180.180.34
9DHCP with Private IP Addresses
- Distributing Private IP Addresses within a
network is best accomplished using DHCP. - Windows 9x Computers that are currently not using
DHCP can run a registry editing script to convert
them to use DHCP. - Script can be executed when the computer logs on
the network. - Detailed instructions are defined on manually
changing Computers to DHCP in both a MAC and PC
environment.
10Address Reservations
- District School Reservations
- Each District is allocated a minimum of 1 Class
B. - Each School is allocated 16 Class C Addresses
allowing for over 4000 addresses per school. - Each District has a minimum of 48 Class C
Addresses set aside for future growth of existing
schools or new schools - Districts Internal Test Networks can use the
172.16.0.0 172.31.255.255 range of addresses.
- Device Reservations
- Predefined IP Addresses have been set to allow
for consistency ease of troubleshooting. - Router 10.x.x.1
- CSU/DSU 10.x.x.2-3
- Financial 10.x.x.10
- Mail 10.x.x.11
- Daisy 10.x.x.12
- STI 10.x.x.13
- Proxy 10.x.x.14
- Active 10.x.x.15-50
- Network
- Components
11Internal Private Networks within a District
- Test Labs
- Netknowledge Labs
- STLP Projects
- Internal Private IP Reservations are 172.16.0.0
172.31.255.255 - Internal Private IP Addresses will be dropped at
the router.
12Three Phase Approach
- Phase 1
- Redesign the 91 Districts that are currently
using private IP addresses. - Enable internal routing of Private IP Numbers
10.x.x.x statewide - Phase 2
- Have the hardware/software and support resources
in place to maintain and support a statewide NAT.
13Timeline
- Phase 1
- All schools currently using private IP addresses
change to new private IP design by January 2002
- Phase 2
- Have a NAT solution in place for schools wishing
to convert to total private IP June 2002