OIT Policy IT-POL-004 states that all agencies participating in the Louisiana Secure Intranet shall comply with OTMs internet protocol (IP) addressing technical standard.
The use of private IP addressing (RFC 1918 10.0.0.0) allows more efficient use of scarce public IP addresses. It also allows control and separation of agency traffic within the Intranet. This standard defines the methods to be deployed with regard to private IP addressing.
The private addressing scheme shall be utilized by all participants in the Louisiana Secure Intranet as a standard for IP addressing of all networkattached devices. This shall include and apply to all Data Dial Tone subscribers.
OTMshall assign each agency its own unique 16-bit private address space from the 10.0.0.0 network (e.g. 10.2.X.X/16, etc). The assigned address space shall be large enough to accommodate the agencys current and anticipated IP devices. OTM shall keep records of the address space assigned to each agency.
OTM will assign a unique Class C (24 bit) subnet range taken from each agencys newly assigned 10.x.0.0 address for each closet/access switch. Multiple subnets may be assigned to a closet/access switch dependent upon the number of agencies sharing the switch. Agencies shall not share a Class C range nor will a Class C range be assigned to more than one switch.
Agencies are encouraged to utilize Dynamic Host Control Protocol (DHCP).
The first 10 host addresses of each Class C subnet shall be reserved for network management use (e.g. 10.2.1.1/24 through 10.2.1.10/24 are reserved on the 10.2.1.0/24 subnet).
The first host address (.1) shall serve as the default gateway for the subnet on which it is defined.
OTM shall assign a unique private address space to support each agencys public access servers that are located in the DMZ. RFC 1918 192.168.0.0 addresses will be used. The assigned address space shall be large enough to accommodate the agencys current and anticipated public IP devices.
OTM shall provide Network Address Translation (NAT) and Public Address Translation (PAT) at the LSI firewall layer for mapping of private to public addresses. NAT will be implemented using a private to public ratio appropriate for the needs of each agency. Most agencies should not require 1:1.
The agency shall turn over all public addresses to OTM. OTM will pool all public address space for use within the LSI.
OTM shall assign each agency a unique public address space to support internet access to the agencys private address space. A subnet within that public address space will also be used to support servers in the DMZ. If possible, OTM will allow each agency to use the same public address space or a portion of the space that they used previously.
During an agencys transition to the LSI, it may be necessary to temporarily continue use of public IP addresses, or non-standard private IP addressing for some period of time. This is possible with the use of tools like Network Address Translation. However, this should only be used as a temporary measure and a plan and deadline for transition from the non-standard IP addressing schemes shall be agreed upon by OTM and the agency during the early planning stages.