KDE Private IP Implementation Preparation for Windows 2000 Active Directory Implementation

1
KDE Private IP Implementation (Preparation for
Windows 2000 Active Directory Implementation)

• KATC Summer Conference 2001
• Pike County Central High School
• Pikeville, KY

2
Goals

• To describe the KETS Standard implementation of
  Private IP Address Ranges.
• To explain benefits of using Private IP Addresses
• To explain the implementation of Public and
  Private Addresses in the same network.
• To Explain the reasons for redesigning the
  current Private IP Recommendations

3
Private IP Implementation Overview

• What is a Private IP Address
• Benefits of Using Private IP Addresses
• Reasons for Redesigning Private IP
  Recommendations
• Using Both Private Public IP Addresses on a
  Network
• Address Reservations
• Internal Private Networks Within a District
• Two Phase Approach
• Timeline

4
What is a Private IP Address

• Class A 10.0.0.0 10.255.255.255
• Class B 172.16.0.0 172.31.255.255
• Class C 192.168.0.0 192.168.255.255

• Private IP Addresses are blocks of IP addresses
  that are not recognized by Internet routers.
  Packets with either source or destination private
  addresses are not forwarded across Internet
  links.
• The Internet Assigned Numbers Authority (IANA)
  has reserved the following three blocks of the IP
  address space for private networks
• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
• Private hosts can communicate with all other
  hosts inside their network, both public and
  private. However, they cannot have IP
  connectivity to any external host without the use
  of Network Address Translation (NAT) or a Proxy
  Service.

5
Benefits of Using Private IP Addresses

• Larger ranges of IP Addresses
• Unique IP Addresses Statewide on all devices.
• Implementation of Windows 2000 Active Directory
• Increased Security
• District to District Videoconferencing
• Network Stability
• Ease of Troubleshooting

6
Reasons for Redesigning Private IP
Recommendations

• Planned
• Every networked device will have a unique IP
  Address statewide.
• Every school has their own address block to
  identify them.
• Windows 2000 Active Directory can distinguish all
  networked computers.
• Statewide routing of Private IP Addresses.
• Desktop to Desktop Videoconferencing requires
  unique IP.

• Currently
• Current Plan allows for duplicate IP Addressing
  statewide
• No standards have been established for Private IP
  Implementation within a District
• Windows 2000 Active Directory can not distinguish
  between duplicate IP Addresses
• Private IP Addresses can only route within a
  district
• Some applications do not work well within a
  multi-netted environment

7
Using Both Private Public IP Addresses on a
Network

• Any device that must be visible on the Internet
  should maintain a Public IP Address.
• Any device that does not need to be visible on
  the Internet should maintain a Private IP
  Address.
• Some Servers will be configured with IP Numbers
  in both the public and Private Range.
• This allows devices on the Private Range of the
  same segment the ability to access them directly
  without passing through a Router.
• Any device using a Private IP Address can access
  any Public Address by using Multi-Netted Ethernet
  interfaces on Routers
• Internet accessibility of devices with Private IP
  Addresses can be made available using a V.P.N. or
  R.A.S.

8
Example of Private Public IP Address Scheme in
a District
District Hub Proxy 170.180.183.210
Ex. 1) Computer A request web page from District
Web Server. Ex. 2) Computer A sends print job to
Printer A Ex. 3) Computer B Request Web Page from
Web Server A Ex. 4) Computer C Request Web Page
from Web Server B Ex. 5) Computer C communicates
with Computer B
District Hub Router 10.21.16.1 170.180.183.254
District Web Server 170.180.183.209
District Exchange Server 170.180.183.210
School Router (A) 10.21.33.1 170.180.180.1
School Router (B) 10.21.32.1 170.180.181.1
Switch (A)
Switch (B)
School Proxy (B) 10.21.32.14 170.180.181.25
Computer (A) 10.21.33.100
Printer (A) 10.21.33.110
Web Server (A) 170.180.180.5
Computer (B) 10.21.32.100
Computer (C) 10.21.32.110
Web Server (B) 10.21.32.3 170.180.181.12
School Proxy (A) 10.21.33.14 170.180.180.34
9
DHCP with Private IP Addresses

• Distributing Private IP Addresses within a
  network is best accomplished using DHCP.
• Windows 9x Computers that are currently not using
  DHCP can run a registry editing script to convert
  them to use DHCP.
• Script can be executed when the computer logs on
  the network.
• Detailed instructions are defined on manually
  changing Computers to DHCP in both a MAC and PC
  environment.

10
Address Reservations

• District School Reservations
• Each District is allocated a minimum of 1 Class
  B.
• Each School is allocated 16 Class C Addresses
  allowing for over 4000 addresses per school.
• Each District has a minimum of 48 Class C
  Addresses set aside for future growth of existing
  schools or new schools
• Districts Internal Test Networks can use the
  172.16.0.0 172.31.255.255 range of addresses.

• Device Reservations
• Predefined IP Addresses have been set to allow
  for consistency ease of troubleshooting.
• Router 10.x.x.1
• CSU/DSU 10.x.x.2-3
• Financial 10.x.x.10
• Mail 10.x.x.11
• Daisy 10.x.x.12
• STI 10.x.x.13
• Proxy 10.x.x.14
• Active 10.x.x.15-50
• Network
• Components

11
Internal Private Networks within a District

• Test Labs
• Netknowledge Labs
• STLP Projects

• Internal Private IP Reservations are 172.16.0.0
  172.31.255.255
• Internal Private IP Addresses will be dropped at
  the router.

12
Three Phase Approach

• Phase 1
• Redesign the 91 Districts that are currently
  using private IP addresses.
• Enable internal routing of Private IP Numbers
  10.x.x.x statewide
• Phase 2
• Have the hardware/software and support resources
  in place to maintain and support a statewide NAT.

13
Timeline

• Phase 1
• All schools currently using private IP addresses
  change to new private IP design by January 2002

• Phase 2
• Have a NAT solution in place for schools wishing
  to convert to total private IP June 2002