IP address management gets serious
Keeping an inventory of IP addresses needs software support.
By Denise Dubie, Network World | Published: 00:55, 20 April 2006
When the Atlanta Journal-Constitution needed to share stories, photos and other editorial content with 15 sister publications in the Cox Newspaper family, network engineer Layne Meier didn't look into updated WAN technologies, but worked with the other Cox Newspaper papers to make sure all were integrated into an existing IP address management system.
"Cox Newspapers has a WAN wherein all newspapers within the organisation can share stories and photos with each other," Meier says. "We had an instance where Cox Corporate had upgraded its DNS servers to BIND 8, and several papers were still running BIND 4 or Novell Netware BIND that was incompatible with the newer features found in BIND 8, so some sites couldn't access the content without a lot of hassle and delay, which just doesn't fly in the newspaper business."
By installing MetaInfo's IP address-management software on one server and using another server for DNS and DHCP software, he says he not only better secured remote locations but also made it possible for multiple sites to share content more easily. While local administrators manage the DNS and DHCP servers, staff at other sites can pluck content from them, because the systems now align and the IP addresses sync up. And Meier gets the 50,000-foot view of all the locations via his MetaInfo interface.
"Every device needs an IP address in order to communicate, and you have to manage those efficiently to keep network services available," he says.
No DNS, no web
In fact, IP address management - long an IT task pushed to the back burner and typically performed disparately with free tools - is getting more attention at companies looking to better secure and manage their networks. For instance, DNS is the network function that translates domain names into IP addresses. If DNS doesn't work properly, a user won't gain access to the web site, and that would become a perceived network failure.
Vendors such as Blue Cat Networks, Cisco, eTelemetry, InfoBlox, INS, Lucent, MetaInfo and Nortel offer products that promise to help customers maintain an inventory of the IP addresses in their network, virtual LANs (VLAN) and more. Using software installed on a server or bundled on an appliance, IP address-management products are designed to keep an up-to-date inventory of network addresses in use.
Some products simply serve as a repository for data that must be updated manually by network engineers, while other products are said to dynamically discover new devices, collect IP address information from them and make sure there is no duplication.
Products today also typically use BIND 9, a more secure version of the protocol that includes features to prevent security issues, such as DNS cache poisoning or viruses, from bringing down enterprise DNS and DHCP servers.
"It's an absolutely scary proposition that many folks in IT that would never think of using Microsoft Access as an enterprise database are using the version of DNS and DHCP that came free with Windows," says Daniel Golding, a senior analyst with the Burton Group.
"That is not a slap at Microsoft, but the company designed the free software for small businesses, so it doesn't have the security and scalability features enterprise IT shops need when managing thousands of IP addresses," he says.
Making IP management easier
Golding says security incidents, availability problems or time-consuming manual processes have many customers looking for an easier way to manage their blocks of IP addresses. Going forward, vendors plan to roll out appliances that can handle more IP addresses across multiple platforms and operating systems, and building their wares to more quickly associate an IP address with a user. For instance, instead of getting a report saying a certain address is assigned to a device, technology from eTelemetry can report an IP address as John Smith's workstation or the edge router at a redundant data centre.
"People are waking up and noticing their legacy systems are antiquated and just not keeping up with the allocation of new addresses," Golding says. "Now they want low-cost and low-maintenance products to get a handle on IP addresses."
In Meier's case, he started using MetaInfo in 1999, when Macintosh computers made it difficult for his staff to manage about half of its 2,000 IP addresses with automated processes. The free software Microsoft provided with PCs didn't support the Apple operating system, which remains popular among artists and designers, and continues to be used in many publications.
"Our Macs became an administrative nightmare, because we had to manually manage those addresses, while the PCs on the business side we could do automatically," Meier explains. "If you can't track that information automatically, you are lost in terms of how many addresses you actually have, what devices are on your network and what the users are doing with the devices - like going to inappropriate Web sites."
VoIP led Bruce Bartolf, CTO at architectural firm Gensler in San Francisco, to begin the process of rolling out more than 30 Infoblox-1200 appliances to distributed offices. Bartolf says he opted for IP address- management appliances to let his network handle DHCP and Trivial File Transfer Protocol (TFTP) in an efficient manner - without adding Windows servers at each location. In Bartolf's Avaya voice roll-out, the IP phones need to identify themselves with the DHCP server as well as the call manager server, which is where TFTP comes into play. Many VoIP phones use TFTP to download configuration files.
"We already have a bunch of Windows servers out there, but I wanted to keep my telephony network as separate as possible across the WAN," he says. "InfoBlox appliances offer a simpler option."
VoIP doubles IP deployments
With about 4,000 IP addresses now - and expectations that the number will at least double when the IP phones are in place - Bartolf says IP address-management tools will speed the DHCP service deployment to all locations.
"Considering the many remote locations, I didn't want to have to open up ports so the IP phones could TFTP to call managers. I wanted to take that out of the hands of the sites without remote administrators," Bartolf says.
Tracie Lang, network engineer in the Telecom Technical Support/EITS group at speciality chemical company Rohm and Haas, says her Philadelphia company outgrew the software it had and wanted to take the appliance route. She began working with IPControl from INS about nine months ago to get some 30,000 addresses under control. Using an appliance over software, she says, enables her to train many IT staff to manage their own parts of the network, while also keeping high-level tabs on IP addresses.
"DNS is integral to every midsize or large network; many products simply won't function without it," Lang says. "For networks, DNS is a service like electricity and the lights. It has to be there and it has to work, and no issues crop up if it is managed properly."