User guide
Designing Your Canopy Network March 2005
Through Software Release 6.1
Issue 1 Page 123 of 425
Canopy System User Guide
VPN. Release 4.2 and later releases support NAT passing L2TP over IPSec but do not
support NAT passing PPTP. When one of these later releases is installed in the SM, NAT
Pass-through of VPN as L2TP over IPSec is enabled with no required further
provisioning.
13.4 DEVELOPING AN IP ADDRESSING SCHEME
Canopy network elements are accessed through IP Version 4 (IPv4) addressing.
A proper IP addressing method is critical to the operation and security of a Canopy
network.
Each Canopy module requires an IP address on the network. This IP address is for only
management purposes. For security, you should either
◦ assign an unroutable IP address.
◦ assign a routable IP address only if a firewall is present to protect the module.
You will assign IP addresses to computers and network components by either static or
dynamic IP addressing. You will also assign the appropriate subnet mask and network
gateway to each module.
13.4.1 Address Resolution Protocol
As previously stated, the MAC address identifies a Canopy module in
◦ communications between modules.
◦ the data that modules store about each other.
◦ the data that the BAM software applies to manage authentication and bandwidth.
The IP address is essential for data delivery through a router interface. Address
Resolution Protocol (ARP) correlates MAC addresses to IP addresses.
For communications to outside the network segment, ARP reads the network gateway
address of the router and translates it into the MAC address of the router. Then the
communication is sent to MAC address (physical network interface card) of the router.
For each router between the sending module and the destination, this sequence applies.
The ARP correlation is stored until the ARP cache times out.
13.4.2 Allocating Subnets
The subnet mask is a 32-bit binary number that filters the IP address. Where a subnet
mask contains a bit set to 1, the corresponding bit in the IP address is part of the network
address.
Example IP Address and Subnet Mask
In Figure 46, the first 16 bits of the 32-bit IP address identify the network:
Octet 1 Octet 2 Octet 3 Octet 4
IP address 169.254.1.1
10101001 11111110 00000001 00000001
Subnet mask 255.255.0.0
11111111 11111111 00000000 00000000
Figure 46: Example of IP address in Class B subnet