IP subnets for external traffic

Primary tabs

introduction

The LIC uses three ranges of IP addresses. Two ranges are for external use and one range is internal.

Each block is split into smaller chunks called IP subnets using a technique called CIDR.

what it is

Figuring out CIDR and IP address ranges can fry the brain of a normal person. Use the handy IP calculator web site (http://jodies.de/ipcalc) and save your head.

LIC topology: destination NATs LIC topology: source NATs

IP subnets for Internet traffic

The NAT subnet 200.0.0.x contains the real live Internet addresses. A few addresses are for network devices and the rest for Internet services running in the LIC. I split the little block into tiny blocks, each containing 32 addresses. Knocking off the first and last addresses for network name and broadcast means we can use each tiny block to make one network containing 30 hosts.

LIC table: IP subnets for Internet traffic
Subnet Description Address Netmask Prefix
LIC Internet NATs 200.0.0.0 255.255.255.0 /24
NAT (Network Address Translation) addresses for hiding LIC destination addresses from the Internet. Every request from the Internet to the LIC is addressed to one of these. These addresses are usually on the biz01 network, but may be failed over to the biz02 network. 200.0.0.0 255.255.255.224 /27
NAT addresses for hiding LIC source addresses from the Internet. Every request from the LIC to an Internet host has its source address hidden by one of these IP addresses. These addresses are usually on the biz01 network, but may be failed over to the biz02 network. 200.0.0.32 255.255.255.224 /27
adm01 network NAT addresses for hiding LIC destination addresses from the Internet. 200.0.0.64 255.255.255.224 /27
adm01 network NAT addresses for hiding LIC source addresses from the Internet. 200.0.0.96 255.255.255.224 /27
  200.0.0.128 255.255.255.224 /27
  200.0.0.160 255.255.255.224 /27
  200.0.0.192 255.255.255.224 /27
  200.0.0.224 255.255.255.224 /27

IP subnets for enterprise traffic

I did not bother adding a connection to an enterprise network in this architecture. If I did, and the enterprise network was a 10.0.0.0/8 subnet, I would use NATs like these.

LIC table: IP subnets for enterprise traffic
Subnet Description Address Netmask Prefix
LIC enterprise NATs 10.2.0.0 255.255.0.0 /16
NAT (Network Address Translation) addresses for hiding LIC destination addresses from the enterprise network. Every request from the enterprise network to the LIC is addressed to one of these. 10.2.0.0 255.255.255.0 /24
NAT addresses for hiding LIC source addresses from the enterprise network. Every request from the LIC to an enterprise host has its source address hidden by one of these IP addresses. 10.2.1.0 255.255.255.0 /24
  ...