LISTSERV - HP3000-L Archives

HP3000-L Archives

September 1999, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 1999, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: How can I configure Static Route address?
From:	Wirt Atmar <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 14 Sep 1999 22:47:23 EDT
Content-Type:	text/plain
Parts/Attachments:	text/plain (142 lines)
Greg asks:

> My HP3000 Series 957 is configured with IP address 192.1.1.1
>  I am trying to connect my New York office to our network.    I need to
>  configure HP that when information comes to 172.16.anything.anything to be
>  redirected to 192.1.1.1   Will this be handled in NMMGR?
>
>  ( I have Windows NT network up and running with LA & NY connected)  New
York
>  is using IP address 172.16.0.0 and LA is using 192.1.1.1.  I can change one
>  of the addresses and we will be ok, but the problem is we have over 200
> users all over the place and we are looking for a quick solution.

Stan and Jeff have already responded appropriately. All this posting is going
to do is to attempt to "translate" Jeff's comments a little bit more into
plain English.

Comment 1, made previously both by Stan and Jeff: Your address 192.1.1.1 is
illegal. It is a legitimate IP address already assigned to someone else
(BBN). While it didn't cause you any trouble when you were your own
independent, isolated network (an intranet), as soon as you connect your
network and your HP3000 to world, things are going to go downhill in a hurry.
If you're going to connect your HP3000 to the world, you HAVE to change your
HP3000's IP address -- and you do do that in NMMGR.

Comment 2: You nowadays want to use "private address space" IP addresses for
your internal networks. As Jeff mentioned, these addresses are specified in
RFC 1918. A part of that RFC is:

"3. Private Address Space

   "The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

   "An enterprise that decides to use IP addresses out of the address
   space defined in this document can do so without any coordination
   with IANA or an Internet registry. The address space can thus be used
   by many enterprises. Addresses within this private address space will
   only be unique within the enterprise, or the set of enterprises which
   choose to cooperate over this space so they may communicate with each
   other in their own private internet.

   "As before, any enterprise that needs globally unique address space is
   required to obtain such addresses from an Internet registry. An
   enterprise that requests IP addresses for its external connectivity
   will never be assigned addresses from the blocks defined above."

Addresses in these ranges are declared to be "non-routable." Packets directed
to any of these addresses will never make it out onto the internet because
every router-like device knows not to allow them onto the internet. Packets
with these addresses stay totally locally within your network.

However, to use private address space IP addresses, you don't actually need a
physical router. Inside every copy of Windows 95/98/NT is a software router.
If you have multiple "adapters" defined in your PC's network setup, packets
addressed to private address space IP addresses will only go to your local
network listeners. They will not be passed onto the internet. Similarly,
packets addressed to a real-world address (outside of the addresses listed
above) will be directed out only to internet, through whichever
adapter/gateway that you've defined, and these packets will not appear on
your local LAN.

It's all done very simply and very transparently, and it is actually quite
simple once you get the hang of it.

Comment 3: To connect one or several of your fixed-IP private address
machines to the internet, you're going to need a router with NAT (network
address translation) capabilities, as Jeff said.

The router we use to perform this task is a Cisco 2610. Now to be absolutely
honest, it took me three solid days to get the router set up -- but that was
in great part because the router was shipped with the wrong firmware. We
needed Cisco's "IPPlus" to obtain NAT capabilities. They shipped the router
with only "IP" software.

Nonetheless, even with the right firmware, routers aren't easy to set up.
They're the last great frontier in easy-to-use software. However, Cisco's
support was second to none. I was very impressed with the person I had
assisting me. And Jeff Kell is an extremely valuable resource. I'm absolutely
sure that if enough silver crosses his palms, he'll be able to assist you in
doing anything that you need to do.

After saying all that, the theoretical ideas behind NAT are not complicated
however. All a NAT table is doing is translating an internal, private address
space fixed-IP address to a real-world address and back. In our case, the
bottom-line equation is:

       209.181.113.217  =  192.168.1.1
          (real-world)          (private address space)

I've put up on the web a simplified schematic of our private address space
LAN and some of the devices connected to it. It's URL is:

          http://aics-research.com/qc/schema.html

I use this diagram for teaching purposes. Only one HP3000 is shown on the
schematic, the one that some of you have been telnetting into, a 918DX. This
HP3000's LAN-internal address is 192.168.1.1, a legal private address. The
Cisco router has been programmed to translate that one address to one of our
assigned real-world IP addresses, 209.181.113.217.

Indeed, if you telnet into this 918, using the 209.181.113.217 address and
sign on as:

         :hello yourname,demo.qcterm

and then ask for the HPLOCIPADDR, you will see 192.168.1.1, not the
209.181.113.217 address that you might expect. The Cisco router has
transparently translated those two addresses.

The other HP3000s that we have on our internal network are at 192.168.1.2 and
192.168.1.3. From the outside world, these machines are completely invisible.
You can't get to them because you can't see them, although anyone inside our
private address space LAN can see them quite easily. There are simply no
entries in the NAT table for these two devices.

Comment 4: These private address space IP addresses are designed to be used
over and over again. Very likely the same addresses that we use are the same
ones in use at Adager, Boeing, Citibank, Delta Airlines, and E-systems. And
you can use them over again at your various locations too. You only need a
few real-world IP addresses assigned to you so that these real-world
addresses are equated to the internal hosts that you want to be able to see
externally.

When using a router with NAT, the PCs that you have on the various internal
LANs will then "lease" an IP address for a bit of time, picking up whatever
address and port is available. After a period of quiesence, that IP address
will returned to the pool, to be used by the next PC that needs it.

By organizing LANs in this manner, NAT has basically saved the world. We
(meaning all of us) were going to run out of IP addresses (and that shortage
is what underlies Jeff's comment about it being exceedingly difficult to get
a block of IP addresses assigned to you nowadays; the best and easiest path
is to obtain your IP addresses from your ISP). NAT allows a very few
real-world IP addresses to be used very conservatively.

Wirt Atmar
ATOM RSS1 RSS2
RAVEN.UTC.EDU