|
2-6
Chapter 2
Planning a TCP/IP Network Infrastructure
General practice in network design calls for using registered IP addresses
only on com-
puters that must be accessible from the Internet, such as Web and mail
servers. You can
obtain the addresses you need from your ISP. In most cases, designers place
these
computers on a perimeter network that is separate from the servers and
workstations
needed by the organization’s internal users, as shown in Figure 2-1. This
perimeter net-
work is sometimes referred to colloquially as a demilitarized zone (DMZ)
because
these registered computers are not as fully protected as the internal
systems. Although
the registered computers are still behind a firewall, they are able to
receive more traffic
from the Internet than the internal computers can.
F02pm01
Figure 2-1 Computers with registered IP addresses located in a perimeter
network
Hub
Router
Backbone
Unregistered Network |
Firewall |
Hub
Router
Unregistered Network
Firewall |
Hub
Router
Perimeter Network
(Registered)
To
Internet
Internet
Router/Firewall |
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)