A: Assuming that a firewall of some kind is in place, the question boils down to: should a proxy server function hide details of the internal network numbering scheme from the outside world via address translation, or should "real" IANA addresses be used?

Proxy Benefits A proxy server is typically installed as the connection point between an internal network and some outside entity (usually the Internet). This server sh ields the internal network numbering scheme from the external network by performing address translation. What this means is that an Internet proxy firewall server will have a set of IANA-assigned addresses on the Internet side, and a user-defined addressing scheme on the internal side. By the process of address translation, the proxy server maps internal to external addresses.

This procedure clearly gives a lot of freedom to design an appropriate networking scheme for the internal network. As a result, you do not have to pay an ISP for another Class C.

Proxy Pitfalls The most obvious pitfall is if you assign a network number to your internal network that is in use on the Internet, you will not be able to communicate with the Internet sites using that address. The routing table on the proxy server directs all packets destined for that network back to the internal network.

The IANA foresaw this and reserved three network numbers to be used for internal networks that were isolated from the Internet by a proxy server. These reserved addresses are as follows:

Class A 10.0.0.0
Class B 172.16.0.0 to 172.31.0.0
Class C 192.168.XXX.0 (XXX is any value between 0 and 255)
Any number of organi zations can use these addresses for their internal network and still be assured of reaching Internet sites.

This solution creates another problem, however. Firewalls are not used just to connect to the Internet. More corporations are connecting their networks to one another and need to secure communications between the two. If two organizations use 172.16.0.0 as their internal network, they cannot connect their networks without one renumbering or implementing a complicated address translation scheme. To use address translation in this case, each site must implement a network address translation server prior to connecting to a firewall that connects the two organizations. Very messy.

IANA Address Benefits With IANA-assigned addresses on your internal network, you have peace of m ind in knowing that your network can be safely hidden from the Internet, and you can still access any Internet site.

IANA Address Pitfalls IANA addresses can be restrictive. If you have 200 hosts needing addresses, you are likely to get only one Class C from the IANA or an ISP. As a result, you will have to subnet this network number. Such a task is a normal function of IP networking, but it can be tricky if you have a limited, assigned address space. If you are using a distance vector routing protocol such as Routing Information Protocol (RIP) or Interior Gateway Routing Protocol (IGRP) at the boundary between one network number and another, subnet information is not passed between routers. This method is called "route summarization."

Imagine you need to assign host addresses at two sites. The only route between these two is via a backbone network using an implemented network number. You cannot assign hosts at both these sites with different subnets from the same network number, as the rou te information is summarized at each boundary between major network numbers. If you were making up your own addressing scheme, you could assign different Class C addresses to the two locations.

If you do try to implement tw o sites that have their own connections to the backbone with subnets from another network, the routing tables in the routers on the backbone will only allow one entry for the new network number. The new site advertising itself with the lowest metric will be chosen as the route to all addresses within that network number.