Cisco CNS Network Registrar User's Guide, 5.5
Introducing Cisco Network Registrar
Downloads: This chapterpdf (PDF - 262.0KB) The complete bookPDF (PDF - 5.45MB) | Feedback

Introducing Cisco Network Registrar

Table Of Contents

Introducing Cisco Network Registrar

Target Users

Network Registrar Features

Configuration and Performance Guidelines

General Configuration Guidelines

Special Configuration Cases

Deployment Case Studies

Small to Medium Size LAN

Large Enterprise and Service Provider Networks

Documentation Road Map

DNS Documentation

DHCP Documentation

Network Registrar Architecture Documentation


Introducing Cisco Network Registrar


Cisco Network Registrar is a full-featured, scalable Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and Trivial File Transfer Protocol (TFTP) implementation for large IP networks. It provides the key benefits of stabilizing the IP infrastructure and automating networking services, such as configuring clients and provisioning cable modems. This provides a foundation for policy-based networking.

Service provider and enterprise users can better manage their networks using the unique features of Network Registrar to integrate with other network infrastructure software and business applications.

Target Users

Network Registrar is designed for the following users:

Internet service providers (ISPs)—Helps ISPs drive the cost of operating networks that provide leased line, dialup, and DSL (Point-to-Point over Ethernet and DHCP) access to customers.

Multiple service operators (MSOs)—Helps MSOs provide subscribers Internet access using cable or wireless technologies. MSOs can benefit from services and tools providing reliable and manageable DHCP and DNS services that meet the Data Over Cable Service Interface Specification (DOCSIS). Network Registrar provides policy-based, robust, and scalable DNS and DHCP services that form the basis for a complete cable modem provisioning system.

Enterprises—Helps meet the needs of single- and multisite enterprises (small to large businesses) to administer and control network functions. Network Registrar automates the tasks of assigning IP addresses and configuring the Transport Control Protocol/Internet Protocol (TCP/IP) software for individual network devices. Forward-looking enterprise users can benefit from class-of-service and other features that help integrate with new or existing network management applications, such as user registration.

Network Registrar Features

Network Registrar includes a wide range of unique and standard features. These features provide numerous benefits over competing products and public domain software. The most critical benefits are stabilizing the IP infrastructure, automating network services, and preparing for policy networking.

Table 1-1 describes the Network Registrar features and benefits. The table is divided into DNS server, DHCP server, and architecture and user interface sections.

Table 1-1 Network Registrar Features and Benefits 

This feature...
Does the following...
Is documented in...
Of DNS servers...
 

Classless reverse (in-addr.arpa) zones

Supports many network topologies and DNS zone structures. Complies with the best practices described in RFC 2317, except that Network Registrar does not generate the large number of alias records suggested in the RFC.

"Adding a Primary Reverse Zone for the Server" section on page 5-9

DNS subzone hiding

Hides the subzone hierarchy for all zones that the server delegates, thereby hiding sensitive information about network topology and devices. When enabled, the DNS server does not transfer Name Server (NS) and Start of Authority (SOA) resource records during a zone transfer.

"Hiding Subzones" section on page 5-20

Dynamic DNS update

Dynamically updates DNS with new IP addresses and DNS name mappings, per RFC 2136. Automatically registers clients in DNS and eliminates DNS management overhead.

"Dynamic DNS Update Process" section on page 9-1

Importing zone files

Accelerates migrating from BIND to Network Registrar. You can import DNS data in the BIND zone file format, either individual zone files or all files specified in named.boot files.

"Importing and Exporting Zone Data" section on page 5-3

Incremental zone transfers (IXFR)

Transfers only the incremental changes in a DNS zone, per RFC 1995. Dramatically reduces time and bandwidth to propagate DNS updates. Particularly valuable if updates must traverse expensive WAN links.

"Enabling Incremental Zone Transfers (IXFR)" section on page 5-21

Internal root-hint servers

Configures a DNS server as an internal root server. Root-hint servers support IP networks that are not connected to the Internet.

"Defining Root Name Servers" section on page 5-16

Interoperable with BIND

Provides for the server to be a primary to a BIND secondary server and vice versa. Supports mixed environments and a phased migration from BIND.

"Importing and Exporting Zone Data" section on page 5-3

NAPTR records

Provides a lookup of services for many resource names that are not in domain name syntax, per RFC 2915.

Appendix A, "Resource Records"

NOTIFY

Notifies secondary servers of changes to zone data, per RFC 1996. Speeds up propagation of dynamic DNS update information.

"Enabling NOTIFY" section on page 5-22

Persistent cache

Stores DNS data in indexed disk files. Controls the physical memory that the DNS server uses and preserves the data across restarts. Improves performance and prevents thrashing when the server consumes all memory.

"Setting Maximum Memory Cache Size" section on page 6-22

Preconfigured root server

Preconfigures servers with the (updatable) names and addresses of Internet root name servers. Speeds up and simplifies DNS configuration.

"Defining Root Name Servers" section on page 5-16

Resolution exception (selective forwarding)

Selectively forwards DNS queries for specified domains to internal servers rather than recursively querying Internet root name and external servers. DNS can work among subsidiaries (intranets) or trading partners (extranets) without using the Internet. Improves network privacy.

"Adding an Exception" section on page 5-18

Resource record refresh (scavenging)

To be compliant with Microsoft Windows 2000 DHCP servers and clients, Network Registrar periodically scans for stale dynamic resource records and purges these records.

"Scavenging Dynamic Records" section on page 9-13

Of DNS servers (continued)...
 

Round-robin

Provides a rudimentary form of load balancing. If one name owns multiple A records, Network Registrar rotates their order in successive queries.

"Enabling Round-Robin" section on page 5-20

SRV records

Satisfies a Microsoft Windows 2000/Active Directory environment requirement for Server (SRV) records, per RFC 2782.

Appendix A, "Resource Records"

Subnet sorting

Lists addresses first that are in the subnet common to the DNS resolver (client), server, and a target with multiple A records.

"Enabling Subnet Sorting" section on page 5-21

Of DHCP servers...
 

BOOTP and Dynamic BOOTP

BOOTP assigns addresses and configurations to clients based on their MAC addresses. Dynamic BOOTP assigns dynamic addresses and shares an address pool with the DHCP server. Both support older BOOTP clients.

Chapter 12, "Configuring BOOTP"

Class of service (client and client-class)

Assigns addresses, DHCP options, and fully qualified domain names (FQDNs) based on a client's MAC address. Client-classing groups similar clients into classes and applies policies to them. Supports integrating with many network applications and supports the DOCSIS standard.

Chapter 10, "Configuring Clients and Client-Classes"

Client caching

The DHCP server maintains a memory cache of DHCPDISCOVER and DHCPREQUEST cycles to reduce database reads. The client cache entries and the time-to-live parameters are adjustable.

"Setting Client Caching Parameters" section on page 10-15

DHCP allocation

Allocates addresses automatically for permanent leases, dynamically for temporary leases, and manually for reserved addresses, per RFC 2131.

"Configuring Leases in the Scope" section on page 8-10

DHCP custom options

Provides flexibility in supporting options required by custom DHCP clients or standardized between Network Registrar versions.

"Defining Advanced Server Parameters" section on page 7-12

DHCP relay-agent-info option (82)

Provides DHCP relay agent information option support, per RFC 3046, to support DOCSIS modems, virtual private networks (VPNs), and on-demand address pools.

Chapter 14, "Configuring the DHCP Server for Virtual Private Networks and Subnet Allocation"

DOCSIS modem support

Supports DOCSIS modems for data-over-cable service providers, including the relay-agent-info option, device class of service, and unrequested options.

"Configuring a BOOTP Relay Router" section on page 7-17

Dynamic DNS update

Updates the DNS server with two records each in the forward and reverse zones. The forward zone gets A and TXT records with the client ID (the MAC address for Microsoft clients). The reverse zone gets PTR and TXT records with the client ID, per RFC 2136. Automatically registers DHCP clients in DNS and eliminates DNS management overhead.

Chapter 9, "Configuring Dynamic DNS Update"

Extension points

Customizes handling individual DHCP packets as the DHCP server processes them. You can write extensions in TCL scripting language or C/C++ compiled languages. Extension points support additional levels of customizing individual DHCP clients.

Network Registrar CLI Reference Guide

Failover

Ensures leases even when a server fails. Provides high-availability DHCP.

Chapter 11, "Configuring DHCP Failover"

Of DHCP servers (continued)...
 

Flexible name options

Provides support for end-user-controlled DNS naming, or as specified in the directory entry for the client or synthesized from the MAC address

"Defining Client-Classes and Setting Their Properties" section on page 10-4

Lightweight Directory Access Protocol (LDAP) support

Reads client information from an LDAP directory and updates the directory with lease data. Supports Cisco's participation in the Directory Enabled Network (DEN) initiative and integration with other network infrastructure applications. Network Registrar now uses the iPlanet LDAP Software Development Kit (SDK) version 5.0.

Chapter 13, "Configuring LDAP"

Lease querying

A relay agent can request lease (and reservation) data directly from a DHCP server in addition to gleaning it from client/server transactions.

"Querying Leases" section on page 8-26

Multiple network interfaces

Automatically discovers and listens on multiple network interfaces. Controls on which interfaces the server should listen.

"Choosing the Server Interface" section on page 7-3

NetWare options

Supports NetWare customers' use of options in RFCs 2241 and 2242.

Appendix B, "DHCP Options"

Subnet allocation (on-demand address pools)

Relies on the DHCP infrastructure to dynamically manage subnets, along with or instead of managing individual client addresses. Can vastly improve IP address provisioning, aggregation, characterization, and distribution.

"Configuring DHCP Subnet Allocation" section on page 14-5

PING before offering lease

Prevents duplicate IP address assignment by pinging the network before offering a DHCP client an address.

"Pinging a Host Before Offering an Address" section on page 8-14

Secondary subnets

Creates DHCP scopes (dynamic address pools) with addresses from multiple logical subnets on the same physical wire. Supports numerous network configurations and allows easy network renumbering.

"Making a Scope a Secondary" section on page 8-6

Server switching (forwarding)

Switches or forwards DHCP traffic from one server to another for requests from certain clients.

"DHCP Forwarding" section on page 7-18

Utilization alerts

Generates e-mail notices of impending problems. Allows timely corrective action if available addresses become scarce.

"Receiving Lease Notification" section on page 8-22

Variable-length subnet masks

Provides scopes on different subnets with different subnet masks to support flexible addressing schemes, including Open Shortest Path First (OSPF).

"Defining and Configuring Scopes" section on page 8-1

Vendor-specific DHCP options

Sends vendor-specific option data to accommodate DHCP clients that request them. The server sends vendor-encapsulated options in DHCP option 43, which is supported in the CLI.

"Supporting Vendor-Specific DHCP Options" section on page 7-10

Virtual private network (VPN) support

Configures the DHCP server to recognize overlapping address pools that are part of VPNs.

"Typical Virtual Private Network" section on page 14-2

Of user interfaces and architecture...
 

Command line interface (CLI)

Supports configuring all aspects of Network Registrar.

Throughout this guide and in the Network Registrar CLI Reference Guide

Graphical user interface (GUI)

Provides a convenient graphical configuration interface.

Chapter 3, "Network Registrar User Interfaces"

Database export

Exports all active addresses into a specified database or CSV text file.

"Using the mcdadmin Tool" section on page 4-27

Multithreaded

Performs concurrent multiple-server tasks.

Chapter 3, "Network Registrar User Interfaces"

Remote configuration and monitoring

Runs both the GUI and CLI remotely.

Chapter 3, "Network Registrar User Interfaces"

Reports and data imports and exports

Imports and exports data in a variety of formats and reports.

Chapter 3, "Network Registrar User Interfaces"

SNMP notification

Warns of server error conditions and possible problems.

Appendix E, "SNMP Notification"


Configuration and Performance Guidelines

Network Registrar is an integrated DHCP, DNS, and TFTP server cluster, capable of running on a Windows 2000, Windows NT, Solaris, and Linux workstation and server.

Because of the wide range of network topologies on which you can deploy Network Registrar, you should first consider the following guidelines and case studies. These guidelines are very general and cover most cases. Specific or challenging implementations could require additional hardware or servers.

General Configuration Guidelines

The following suggestions apply to most Network Registrar deployments:

Configure a separate DHCP server to run in remote segments of the wide area network (WAN)—Ensure that the DHCP client can consistently send a packet to the server in under a second. The DHCP protocol dictates that the client receive a response to a DHCPDISCOVER or DHCPREQUEST packet within four seconds of transmission. Many clients (notably early releases of the Microsoft DHCP stack) actually implement a two-second timeout.

Separate the DHCP server from secondary DNS servers used for DNS updating—Because writing a full zone to disk can take some time, performance can be slow when a DHCP server transfers large zones to a secondary DNS server. To ensure that the DHCP server is not adversely affected during large zone transfers, it should run on a different cluster than your secondary DNS servers.

Set DHCP lease times in a policy to about four to ten days—To prevent leases from expiring when the DHCP client is turned off (overnight or over long weekends), set the DHCP lease time longer than the longest period of expected downtime. A lease time of ten days should be sufficient. See the "Creating a Policy" section on page 7-6.

Locate backup DNS servers on separate network segments—DNS servers are redundant by nature. However, to minimize client impact during a network failure, ensure that primary and secondary DNS servers are on separate network segments.

Use NOTIFY/IXFR—Secondary DNS servers can receive their data from the primary DNS server in two ways: through a full zone transfer (AXFR) or an incremental transfer (NOTIFY/IXFR, as described in RFCs 1995 and 1996). Use NOTIFY/IXFR in environments where the namespace is relatively dynamic. This reduces the number of records transferred from the primary to the secondary server. See the "Enabling NOTIFY" section on page 5-22.

Special Configuration Cases

The following suggestions apply in some special configurations:

During network reconfiguration, set DHCP renew times to a small value—Several days before making changes in network infrastructure (such as to gateway router and DNS server addresses), set the DHCP renew time to a relatively small value. A DHCP renew time of eight hours ensures that all DHCP clients receive a changed DHCP option parameter within one working day. See the "Types of Policies" section on page 7-5.

When using dynamic DNS update for large deployments, divide DNS and DHCP servers across multiple clusters. Dynamic DNS generates an additional load on Network Registrar servers.

Deployment Case Studies

The following cases suggest hardware and software deployments for two different types of sites—a small to medium local area network (LAN) and a large enterprise or service provider network.

Small to Medium Size LAN

In a small to medium LAN serving fewer than 15 thousand DHCP clients, low end Sun, Windows, or Linux servers are acceptable. You can also use systems with EIDE disk, although Cisco recommends Ultra-SCSI disks for dynamic DNS update. Figure 1-1 shows a configuration that would be adequate for this network. Recommendations include the following:

Windows—Single-processor Pentium 300 or better, NT Server 4.0 SP6a or Windows 2000 SP1, 128 MB RAM, 2 GB disk

Solaris—Sun Ultra 5S or better, Solaris 7 or 8, 128 MB RAM, 2 GB disk

Linux—Pentium II or better, Red Hat Linux 6.2 (kernel version 2.2), 64 MB of RAM, 2 GB disk

Figure 1-1 Deployment in a Small to Medium LAN

Large Enterprise and Service Provider Networks

In a large enterprise or service provider network serving over 150 thousand DHCP clients, use high-end Sun, Windows, or Linux servers. Put DNS and DHCP servers on different systems. Figure 1-2 shows the hardware that would be adequate for this network. Recommendations include the following:

Windows—Dual-processor Pentium 400 or better, NT Server 4.0 SP6a or Windows 2000 SP1 Server, 512 MB RAM, 2 GB disk (10,000 RPM)

Solaris—Dual-processor Sun Netra 1400 or better, Solaris 7 or 8, 512 MB RAM, 2 GB disk (10,000 RPM)

Linux—Pentium II or better, Red Hat Linux 6.2 (kernel version 2.2), 64 MB of RAM, 2 GB disk

Figure 1-2 Deployment in a Large Enterprise or Service Provider Network

Documentation Road Map

The Network Registrar version 5.5 documentation set consists of the following documents:

Network Registrar Installation Guide (Order Number DOC-7812876=)

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/nr/nr55/install/index.htm

Network Registrar User's Guide (Order Number DOC-7812873=)

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/nr/nr55/nrug/index.htm

Network Registrar CLI Reference Guide (Order Number DOC-7812875=)

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/nr/nr55/cliref/index.htm

Network Registrar Release Notes (Order Number DOC-7812874=)

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/nr/nr55/relnot/index.htm

DNS Documentation

Table 1-2 lists the DNS features and the parts of the documentation that describe them.

Table 1-2 Locations of DNS Features in Network Registrar Documentation 

The location of this DNS feature...
User's Guide
CLI Reference Guide, Chapter 2

Dynamic resource records, removing

Chapter 6

zone name removeDynRR

Dynamic updates

Chapter 9

DNS: zone name enable dynamic
DHCP: scope name enable dynamic-dns

Forwarding servers, adding

Chapter 5

dns addForwarder

Incremental zone transfers (IXFRs)

Chapter 5

dns enable ixfr-enable

NOTIFY

Chapter 5

dns enable notify

Resolution exception list

Chapter 5

dns addException

Resource record scavenging

Chapter 9

dns enable scvg-enabled
zone name enable scvg-enabled

Root-hint servers

Chapter 5

dns addRootHint

Round-robin, enabling

Chapter 5

dns enable round-robin

Subnet sorting, enabling

Chapter 5

dns enable subnet-sorting

Subzones, hiding

Chapter 5

dns enable hide-subzones

Zone files, importing

Chapter 5

import


DHCP Documentation

Table 1-3 lists the DHCP features and the parts of the documentation that describe them.

Table 1-3 Locations of DHCP Features in Documentation 

The location of this DHCP feature...
User's Guide
CLI Reference Guide

BOOTP and dynamic BOOTP

Chapter 8

scope name enable bootp
scope name enable dynamic-bootp

Client caching

Chapter 10

dhcp set client-cache-xxx parameters

Client class and client

Chapter 10

client-class, client

Custom options

Chapter 7

custom-option

Dynamic DNS updates

Chapter 9

zone name enable dynamic

Extension points

Chapter 7

Chapter 4, "Using Extension Points"

Failover

Chapter 11

dhcp enable failover
scope name set failover

Flexible name options

Chapter 10

client name set host-name

LDAP directory support

Chapter 13

ldap

Lease allocation

Chapter 7

lease

Lease utilization alerts

Chapter 8

lease-notification

Multiple network interfaces

Chapter 7

dhcp-interface

NetWare options

Appendix B

policy name setOption

VPN and on-demand pool support

Chapter 14

address-block, namespace, subnet

PING before offering leases

Chapter 8

scope name ping-clients

Secondary subnets

Chapter 8

scope name set primary

Server switching (forwarding)

Chapter 7

dhcp (the "DHCP Forwarding" usage guidelines)

Vendor-specific options

Chapter 7

vendor-option, option-datatype
policy name set vendor-option


Network Registrar Architecture Documentation

Table 1-4 lists the architecture features and the parts of the documentation that describe them.

Table 1-4 Locations of Network Registrar Architecture Features in Documentation  

The location of this architecture feature...
User's Guide
CLI Reference Guide

Reports and data exports

Chapter 3

export, report, lease-notification

SNMP notification

Appendix E

trap