With the increasing number and different types of devices attaching to the network, managing IP addresses efficiently and accurately introduces many challenges for network operators of large-scale networks, including service providers and enterprises (see Figure 1). Both Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) are mission-critical capabilities that need to be able to scale, and many service providers have created dynamic service delivery based on DNS to achieve service quality and deliver advantages. However, if DNS fails, then the Internet fails. Similarly, DHCP is a core technology for network access. Assigning a unique address to every device connecting to the network has become a virtually impossible task to perform manually with the proliferation of IP devices.
To meet the challenges facing them today, network operators need a holistic, comprehensive approach to IP address management (IPAM).Cisco Prime™ Network Registrar provides integrated, scalable, reliable DNS, DHCP, and IPAM (DDI) services for both IPv4 and IPv6. This whitepaper will explore the benefits of moving to version 8.x of Cisco Prime Network Registrar and describe how Cisco has simplified the process of migration/upgrading to help ensure a seamless transition with minimal impact on network operation.
The Need for Migration/Upgrading
There are several reasons network operators delay upgrading software or migrating to new software that offers higher value than what they are currently using. Two of the primary reasons are the cost of upgrading and a policy of not fixing the network when it isn’t broken. The truth is, the cost of not upgrading is often higher than that of upgrading.
Upgrading management software can also bring substantial value to organizations with new innovations and advances in technology that significantly accelerate processes. For example, as networks scale, manual management of IP addresses becomes increasingly inefficient. By using automation, network operators can remove allocation bottlenecks, eliminate issues caused by operator error, and improve network performance. In addition, upgrading helps enable new levels of scalability, provides better redundancy, and increases application extensibility. In sum, introducing or migrating to Cisco Prime Network Registrar 8.x results in lower operating costs, greater reliability, and higher customer satisfaction.
In terms of not fixing the network when it isn’t broken, IPv4 has, without question, reached the end of its run. Thereare no more IPv4 addresses available from the regional Internet registries for allocation, and organizations that need more address space have to purchase it from other companies. The migration to IPv6 is inevitable, and organizations need DDI tools to help them make the transition as seamlessly and cost-effectively as possible. When DDI tools also provide dual-stack support of IPv4 and IPv6, migrating to IPv6 is greatly eased given that this transition will take place over time and network operators need to continue to support existing IPv4 infrastructure.
Superior IP Address Management with Cisco Prime Network Registrar 8.x
With version 8.x, Cisco Prime Network Registrar integrates its existing DNS and DHCP capabilities with a new, robust IP address management component to create a scalable, high-performance, extensible, and reliable solution for network operators. In addition, it includes DNS caching with support for DNS Security Extensions (DNSSEC) to prevent cache poisoning and other attacks.
The lifecycle approach used by Cisco Prime Network Registrar provides discipline in address allocation and server configuration, facilitates feedback to assure accuracy of IP information, and offers an overall management view of the network (see Figure 2). Key capabilities include:
● High performance and scalability: The DHCP server is the industry’s most scalable server, supporting more than 50 million devices in a single customer deployment and providing up to 47,000 leases per second (when operating on Cisco® hardware).A dedicated DNS caching server provides significant acceleration of DNS query throughput compared to other implementations with up to 170,000 queries per second.
● High reliability: The solution offers multiple levels of redundancy with DHCP safe failover, support for High Availability (HA) DNS, and Cisco’s patent-pending discriminating rate limiter that helps provide avalanche prevention to reduce downtime after network outages.
● Consolidated IPv4/IPv6 address management: Dual-stack support helps enable management of IP addresses from a single server with support for address assignment (for both stateless and stateful configuration) and IPv6 prefix delegation.
● Simplified management complexity through centralization and automation: Network operators can control and monitor DNS and DHCP servers from a central location. With a single point of data aggregation and delegation, IP address information can be synchronized dynamically while eliminating many time-consuming and error-prone manual tasks. In addition, automation reduces IP conflicts and configuration errors while reducing downtime of DHCP and DNS services.
● Powerful extensibility: Allows network operators to alter and customize DHCP server operations for both IPv4 and IPv6 to improve network security, performance, and integration with third-party applications.
Major Enhancements Available with Version 8.0
Whether introducing Cisco Prime Network Registrar to a network or upgrading from a previous version, version 8.0 introduces several key capabilities for network operators:
● Robust IP address management: Innovative tools provide centralized, full-lifecycle support of IP addresses with integrated management of IPv4 and IPv6 addresses.
● DNS caching server: DNS caching improves the performance of high-volume recursive queries, provides DNS64 capabilities (that is, IPv4 access for hosts with only an IPv6 address), and performs DNSSEC validation to authenticate the origin DNS data to protect against DNS vulnerabilities such as DNS cache poisoning.
● Componentized licensing: Each component of Cisco Prime Network Registrar - DHCP, DNS, IPAM, and DNS caching - can be licensed individually based on the specific needs of network operators.
Top Benefits of Using an IPAM system
Cisco Prime Network Registrar is built around an intuitive GUI that offers real-time visibility and access to provide comprehensive IP-based diagnostics, inventory and trending information, and auditing/reporting capabilities all from a single user interface. Its IPAM system includes extensive capabilities to:
● Manage the explosive growth of networks devices: The proliferation of devices that need an IP address is putting an incredible strain on networks. For example, within the enterprise network, each user requires multiple addresses for PCs, tablets, smartphones, printers, and other connected electronic devices. The infrastructure itself also needs more addresses as it expands to include more routers and virtual machines (VMs).The scalability of Cisco Prime Network Registrar IPAM gives network operators the confidence that their tools can grow with their network.
● Allocate IPv4 and IPv6 addresses faster: Without the proper tools, the need to service more devices will slow allocation and degrade the user experience.
● Facilitate the migration from IPv4 and IPv6: The migration to IPv6 won’t happen overnight. Many devices don’t recognize IPv6 and must be supported until they can be upgraded. To support this, Cisco Prime Network Registrar utilizes a dual stack that can automatically map current IPv4 networks and devices to IPv6 space addresses and present a single view of the network.
● Simplify IPv6 address management: IPv6 addresses are much more complex than IPv4 address. Whereas an IPv4 address consists of short blocks of numbers and is easily memorized, IPv6 addresses contain letters and numbers and are longer, making it much easier for operators to make mistakes when typing in addresses. In addition, a prefix delegation such as/64, which has more addresses behind it than the entire IPv4 address space, makes IPv6 addresses extremely complex. Automated allocation and provisioning processes are required to eliminate human error as well as effectively handle the huge volume of addresses in use every day.
● Integrate data collection: Bringing IP address management under one automated tool facilitates data collection from routers, Address Resolution Protocol (ARP) caches, DHCP servers, and ping sweeps. This data allows network operators to more effectively perform IP address space discovery, reconcile planned versus actual allocation of addresses, handle alerts, and improve overall capacity management.
● Help enable tight internal control of addresses: Certain organizations, such as those with secure networks, must follow rigid mandates on how addresses are allocated and used, and the penalties for noncompliance can be severe. Tight internal control of addresses requires automated management of both IPv4 and IPv6 address spaces to enable operators to quickly assess key information such as which addresses are active, which group owns each address, and to whom each address is assigned.
● Conduct regular audits: When IP addresses are managed manually, address databases may not be entirely up to date. An IP address management system helps enable operators to conduct regular audits that accurately capture the dynamically changing configuration of the network. These audits allow organizations to prove compliance to mandates as well as assess efficient utilization of address assets.
Improved Security through DNS Caching
New DNS caching offers even greater security for government, medical, and private organizations that require higher levels of protection. This is achieved through the use of a caching server that caches all addresses resolved by the authoritative server. In addition to improving the speed and performance of high-volume recursive queries, the caching server effectively insulates the authoritative server from the rest of the network, resulting in more secure operation.
Flexible Licensing and Implementation
Version 8.0 of Cisco Prime Network Registrar offers flexible licensing to match the requirements of each network. The result is reduced startup cost with low-risk. You can:
● Purchase only what you need: Components of Cisco Prime Network Registrar may be licensed individually or as part of one of two suites at a discount. In addition, as networks scale, operators can purchase additional components as needed and integrate them seamlessly with existing tools.
● Run on your own hardware: You can install Cisco Prime Network Registrar on the hardware and platform (Windows, Linux, and Solaris) of your choice. This helps enable you to make use of existing network infrastructure as well as deploy best-in-class equipment in the future. In addition, this flexibility can also help facilitate a more seamless migration from Solaris to Linux.
● Reduce operating costs through virtualization: Cisco Prime Network Registrar is available in a Cisco Open Virtual Format (OVF) file, preconfigured for virtualized environments and able to be installed in as little as 15 minutes. This helps enable you to reduce the number of physical servers and lower operating costs by maximizing existing hardware investment. Version 8.0 is also cloud ready with multitenancy capabilities.
● Achieve faster time to value: For organizations wanting the convenience of a preconfigured DNS and DCHP appliance, Cisco Prime Network Registrar Jumpstart is preinstalled and configured with an operating system, as well as Cisco Prime Network Registrar and virtualization software, for a fast and easy deployment of a dual-stack-compliant environment. Cisco Prime Network Registrar Jumpstart also addresses cost concerns by offering a low startup cost.
Straightforward Migration Path
Upgrading to version 8.x of Cisco Prime Network Registrar follows a straightforward migration path. Hardware that meets the minimum specifications for 8.x can be updated directly. These specifications include:
● One of the following operating systems: Solaris 10, Windows 2008, or Red Hat Enterprise Linux (RHEL) 5.0/6.0
● VMware ESXi 4.1
● Java JRE 5.0 (1.5.0_06)
● Internet Explorer 8.0 or Firefox 5
● 4GB of memory
● Two 146 GB RAID 1 drives
Version 8.x can be installed on existing systems running version 22.214.171.124 or higher. Equipment running version 6.1.6 to 126.96.36.199 will need first to be updated to version 188.8.131.52. Similarly, equipment running software older than version 6.1.6 will need first to be updated to version 6.1.6.
There are a few considerations to keep in mind when migrating:
General Issues and Suggestions for Resolution:
● Databases cannot be copied from one operating system to another. However, there are various tools available within Cisco Prime Network Registrar to migrate to version 8.x on a new/different operating system.
● Upgrading from any release older than version 7.2 requires use of the database upgrade tool. This tool is available in the version 8.0 product download directory under “Prime Network Registrar Tools:” http://www.cisco.com/cisco/software/release.html?mdfid=283905278&flowid=30621&softwareid=284240046&release=3.0&relind=AVAILABLE&rellifecycle=&reltype=latest.
● If both partner servers (for high availability and failover) are upgraded, the resource records and leases are synchronized at this point.
DHCP Issues and Suggestions for Resolution:
● Migrate DHCP prior to migrating DNS in environments where both servers are in use.
● Use the DHCP failover functionality to facilitate the migration. Specifically, synchronize the existing configuration with a new backup partner on the target OS. Once failover has initiated, it will synchronize leases with the new backup partner. Migrating in this way facilitates restoration back to the original system (that is, fallback) if the new backup gets corrupted.
● Subsequent to successful migration to the new partner, reverse the process to update the other new partner.
DNS Issues and Suggestions for Resolution:
● Use DNS HA functionality to facilitate DNS migration
● Synchronize the existing (main) configuration with the new system as the backup platform. Once HA is initiated, it will synchronize the resource records with the new backup partner. Migrating in this way facilitates restoration back to the original system that is, fallback) if the new backup gets corrupted.
● Subsequent to successful migration to the new system, reverse the process to update the other new partner.
Cisco Prime Network Registrar provides tremendous out-of-the-box value to network operators whether it is being introduced to a network for the first time or is an upgrade from an older version. Operators can expect reduced operating expenses, improved workflow, automation of key processes, simplified manageability, and enhanced security and compliance while significantly improving the customer experience.