OIT Policy IT-POL-004 states that all agencies participating in the Louisiana Secure Intranet shall comply with OTS/NS's internet protocol (IP) addressing technical standard.
The use of private IP addressing (RFC 1918 10.0.0.0) allows more efficient use of scarce public IP addresses. It also allows control and separation of agency traffic within the Intranet. This standard defines the methods to be deployed with regard to private IP addressing.
The private addressing scheme shall be utilized by all participants in the Louisiana Secure Intranet as a standard for IP addressing of all network attached devices. This shall include and apply to all Data Dial Tone subscribers.
OTS shall assign each agency its own unique 16-bit private address space from the 10.0.0.0 network (e.g. 10.2.X.X/16, etc). The assigned address space shall be large enough to accommodate the agency's current and anticipated IP devices. OTS shall keep records of the address space assigned to each agency.
OTS will assign a unique Class C (24 bit) subnet range taken from each agency's newly assigned 10.x.0.0 address for each closet/access switch. Multiple subnets may be assigned to a closet/access switch dependent upon the number of agencies sharing the switch. Agencies shall not share a Class C range nor will a Class C range be assigned to more than one switch.
Agencies are encouraged to utilize Dynamic Host Control Protocol (DHCP).
The first 10 host addresses of each Class C subnet shall be reserved for network management use (e.g. 10.2.1.1/24 through 10.2.1.10/24 are reserved on the 10.2.1.0/24 subnet).
The first host address (.1) shall serve as the default gateway for the subnet on which it is defined.
OTS shall assign a unique private address space to support each agency's public access servers that are located in the DMZ. RFC 1918 192.168.0.0 addresses will be used. The assigned address space shall be large enough to accommodate the agency's current and anticipated public IP devices.
OTS shall provide Network Address Translation (NAT) and Public Address Translation (PAT) at the LSI firewall layer for mapping of private to public addresses. NAT will be implemented using a private to public ratio appropriate for the needs of each agency. Most agencies should not require 1:1.
The agency shall turn over all public addresses to OTS. OTS will pool all public address space for use within the LSI.
OTS shall assign each agency a unique public address space to support internet access to the agency's private address space. A subnet within that public address space will also be used to support servers in the DMZ. If possible, OTS will allow each agency to use the same public address space or a portion of the space that they used previously.
During an agency's transition to the LSI, it may be necessary to temporarily continue use of public IP addresses, or non-standard private IP addressing for some period of time. This is possible with the use of tools like Network Address Translation. However, this should only be used as a temporary measure and a plan and deadline for transition from the non-standard IP addressing schemes shall be agreed upon by OTS and the agency during the early planning stages.