If you already have IP addresses for your network, you can skip this section. First, you must decide how many hosts on a new network will be fully accessible from the Internet. Many new networks attach to the Internet indirectly so that access into the new network from other Internet networks is limited.
Users on the new network can access remote Internet hosts but remote users cannot directly access all of the hosts on the indirectly connected network. Because the hosts on this network are not accessible to users in the outside world, they do not require public IP addresses. Only the subset of systems exposed to the outside world requires public IP addresses. Therefore, the network administrator of this network can select a network address from RFC , Address Allocation for Private Internets.
The private network numbers are The pros and cons of using a network address from RFC are covered in Chapter 2 , where private network numbers are discussed in detail.
But, in general, if you can use a private network number, you should. Some organizations choose to give every device on the network an address that will make that device fully accessible from the Internet.
A network that wants to be fully accessible from all sites on the Internet must obtain a public network address to allow outside users direct access into the systems on your network. An official address is needed for every system on the network that is directly accessible to remote Internet hosts. Every network that communicates with the Internet, even those that use NAT, has at least one public address, although that address may be assigned to the NAT box.
To make many or all of the systems on your network accessible, you need a block of addresses. The first step toward obtaining a block of addresses is to determine how many addresses you need.
A small- to medium-sized organization focused on connecting itself to the Internet. What categorizes this organizational type is that it wants to use the Internet while limiting the number of systems it makes available to remote users.
From the point of view of the Internet, all Internet end-user organizations appear small because they use only a limited number of official addresses. A medium- to large-sized organization that distributes official addresses to systems throughout its network.
This type of organization tends to have a distributed management under which divisions within the overall organization are allowed to make systems remotely accessible. High-volume end-user organizations usually satisfy their address requirements through their ISP or a Local Internet Registry. If the organization needs more than 8, addresses, it may go directly to a Regional Internet Registry. While in reality a high-volume end-user organization may not be any larger than an Internet end-user organization, it appears to be larger from the point of view of the Internet because it exposes more systems to the Internet.
An organization that provides Internet connection services to other organizations and provides those organizations with official addresses. Even an ISP connects to the Internet in some way. The upstream provider assigns addresses to the ISP. An organization that provides addresses to ISPs. In effect a Local Internet Registry is an organization that provides addresses to other organizations that provide addresses. RFC lists four organizational types in order to be thorough. Most organizations are either Internet end users or high-volume end users.
In all likelihood, your organization is one of these, and you will obtain all of your addresses from your ISP. Your ISP has been delegated authority over a group of network addresses and should be able to assign you a network number. Ask your local ISP whom it receives service from and ask that organization for an address. If all else fails, you may be forced to go directly to an Internet registry. If you are forced to take your request to a registry, you will need to take certain steps before you make the application.
You need to prepare a detailed network topology. The topology must include a diagram that shows the physical layout of your network and highlights its connections to the Internet. You should include network engineering plans that, in addition to diagramming the topology, describe:. Your routing plans, including the protocols you will use and any constraints that forced your routing decisions. Your subnetting plans, including the mask you will use, and the number of networks and hosts you will have connected during the next year.
The biggest challenge is accurately predicting future requirements for addresses. If you have previously been assigned an address block, you may be required to provide a history of how that address block was used. Even if it is not requested by the Internet registry, a history can be a helpful tool for your own planning. Additionally, you will be asked to prepare a network deployment plan. This plan typically shows the number of hosts you currently have that need official addresses and the number you expect to have in six months, one year and two years.
One factor used to determine how much address space is needed is the expected utilization rate. The expected utilization rate is the number of hosts assigned official addresses divided by the total number of hosts possible for the network. The deployment plans must show the number of hosts that will be assigned addresses over a two-year period. The total number of possible hosts can be estimated from the total number of employees in your organization and the number of systems that have been traditionally deployed per employee.
Clearly you need to have a global knowledge of your organization and its needs before applying for an official address assignment. In addition to providing documentation that justifies the address request, obtaining an official address requires a formal commitment of resources. Most address applications require at least two contacts: an administrative contact and a technical contact.
The administrative contact should have the authority to deal with administrative issues ranging from policy violations to billing disputes. The technical contact must be a skilled technical person who can deal with technical problems and answer technical questions.
Internet registries require that these contacts live in the same country as the organization that they represent. You must provide the names, addresses, telephone numbers, and email addresses of these people.
These are not honorary positions. These people have targets on their backs when things go wrong. In addition to human resources, you need to commit computer resources. You should have systems set up, running, and ready to accept the new addresses before you apply for official addresses.
A three-level bureaucracy controls the allocation of IP addresses:. There are three IRs:. An example might be a national registry or a registry created by a consortium of ISPs.
No matter how much address space you need, you should start at the bottom of the hierarchy and work your way up. Always start with your local ISP.
If they cannot handle your needs, ask them if there is a local IR that can help you. As a last resort, take your request to the regional IR that serves your part of the world. The most important thing to remember is that most organizations never have to go through this process.
Most organizations do not want to expose the bulk of their computers to the Internet. For security reasons, they use private address numbers for most systems and only have a limited number of official IP addresses.
That limited number of addresses can usually be provided by a local ISP. One final note, when you obtain a block of official IP address, you may also need to apply for an in-addr.
Chapter 6 contains more information about how the in-addr. This is the reverse of the normal domain name lookup process, which converts domain names to addresses. If your ISP provides your name service or your ISP assigned you an address from a block of its own addresses, you probably do not need to apply for an in-addr. Check with your ISP before applying. If, however, you obtain a block of addresses from a Regional IR, you probably will need to register your own in-addr.
If you do need to get a reverse lookup domain, register it with the same organization from which you obtained your address assignment. If you obtain your address from your ISP, you probably do not have to take care of this paperwork yourself. These services are one of the reasons you pay your ISP. Refer to Figure However, if you enter the host IP address manually, you must also enter the DNS server address manually.
It is not necessarily the same system as the primary or master DNS server for your domain. In fact, it probably is not.
See Chapter 3 for information on DNS server types. Most often, this is the address of the DNS server that is topographically the closest to the system being configured, which is frequently a server located on the same local network as the host.
The alternate DNS server is a backup server. This server is only queried when the preferred DNS server fails to respond to a query. The alternate server provides reliability for those times when the preferred server is offline. Frequently, an authoritative server, such as the primary or a secondary server for the local domain, is specified here because, given the importance of the authoritative servers, it is highly unlikely that the authoritative servers will be offline when the local DNS server is down.
Another factor to consider when picking an alternate server is reachability. In general, it is a good idea to pick preferred and alternate DNS servers that are reached through different network paths so that the servers are less vulnerable to a network outage.
The General tab creates a minimal configuration. We will examine these additional configuration options in the following sections. Note the Advanced button near the bottom of the General tab shown in Figure The IP Settings tab of this window is shown in Figure This tab defines additional IP addresses with their associated subnet masks, and it defines additional routers. This tab defines additional DNS server addresses and the value used to fully qualify unqualified domain names when constructing DNS queries.
These buttons are global to all tabs in the window. Do not click on OK until you have completed all tabs. Similarly, clicking Cancel discards the changes, not just to the page currently displayed but to all pages. Windows Server allows you to assign multiple IP addresses to a single physical network adapter. This is useful, for example, if you want to run multiple subnets on the same physical network. In the dialog, enter the IP address and its associated netmask. Windows defaults the subnet mask to the natural mask of the IP address you entered.
If the IP address is part of a block with a specifically assigned prefix-length or is a member of a subnet, the correct value must be entered manually.
Always verify that the subnet mask is correct to avoid connectivity problems that can be extremely difficult to resolve. Remove an IP address by highlighting it and clicking Remove. Refer back to the IP Settings tab in Figure In the dialog, enter the IP address of the gateway and select the routing metric that you want to assign to this route.
The automatic metric is determined by the characteristics of the network interface. The following route print command shows an example of this:. The details of the routing table are explained in Chapter 2. In this case, we are only interested in the first two active routes. They both are default gateways as indicated by the fact that they both have destinations and netmasks of 0.
Both of these gateways were entered into the configuration through configuration windows associated with the D-Link Ethernet interface on this sample system. The interface is assigned the IP address The first gateway—the one assigned address Both routes are associated with the same interface, and both have the same metric.
Given the routing table shown above, the system will attempt to use default gateway This discussion is only about default gateways. If a specific route to a destination is included in the routing table, it is always preferred over the default route for packets addressed to that specific destination. Both of the default gateways in the table shown above are reached through the same interface In the routing table shown below, a metric of 5 was manually entered for the The metric defines the order of precedence among routers that can reach the same destination.
The lower the metric, the lower the cost, and thus the more preferred the route. When multiple gateways are defined for a single destination, only one gateway is active at any one time.
Windows Server uses the gateway with the lowest metric. If multiple gateways have the same metric, Windows uses the first gateway listed. Only if the preferred gateway is down or otherwise not accessible does it attempt to use additional gateways. Specifying multiple default gateways has limited utility because it requires that more than one router be directly attached to the same local network as the host, and that more than one of those routers be capable of reaching all destinations.
Give it a value of 1. Now, open up the status for one of your network connections. Under the Activity box, you'll see text that wasn't there before. Hopefully, the numbers indicate 0 errors on your network. In Figure A , you can see that some of the error information is covered by the buttons on the status window.
Figure A The network status window displays error statistics. Figure C You can modify provider order for this server.
Editor's Picks. The best programming languages to learn in Check for Log4j vulnerabilities with this simple-to-use script. TasksBoard is the kanban interface for Google Tasks you've been waiting for. Paging Zefram Cochrane: Humans have figured out how to make a warp bubble.
Comment and share: How to fine-tune Windows Server network connections. Show Comments. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No. Any additional feedback?
Note Computers that run an operating system earlier than Windows will not be able to browse, locate, or create file and print share connections to a computer that runs a product in Windows Server with NetBIOS turned off.
0コメント