Cisco CNS Network Registrar User's Guide, 6.0
Introducing Network Registrar
Downloads: This chapterpdf (PDF - 267.0KB) The complete bookPDF (PDF - 7.06MB) | Feedback

Introducing Network Registrar

Table Of Contents

Introducing Network Registrar

Target Users

Network Registrar Features

New Features in Network Registrar 6.0

Features List

Configuration and Performance Guidelines

General Configuration Guidelines

Special Configuration Cases

Deployment Case Studies

Small to Medium Size LAN

Large Enterprise and Service Provider Networks

Documentation Road Map


Introducing Network Registrar


Cisco CNS Network Registrar is a full-featured, scalable Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and Trivial File Transfer Protocol (TFTP) implementation for large IP networks. It provides the key benefits of stabilizing the IP infrastructure and automating networking services, such as configuring clients and provisioning cable modems. This provides a foundation for policy-based networking.

Service provider and enterprise users can better manage their networks using the unique features of Network Registrar to integrate with other network infrastructure software and business applications.

Target Users

Network Registrar is designed for these users:

Internet service providers (ISPs)—Helps ISPs drive the cost of operating networks that provide leased line, dialup, and DSL (Point-to-Point over Ethernet and DHCP) access to customers.

Multiple service operators (MSOs)—Helps MSOs provide subscribers Internet access using cable or wireless technologies. MSOs can benefit from services and tools providing reliable and manageable DHCP and DNS services that meet the Data Over Cable Service Interface Specification (DOCSIS). Network Registrar provides policy-based, robust, and scalable DNS and DHCP services that form the basis for a complete cable modem provisioning system.

Enterprises—Helps meet the needs of single- and multisite enterprises (small to large businesses) to administer and control network functions. Network Registrar automates the tasks of assigning IP addresses and configuring the Transport Control Protocol/Internet Protocol (TCP/IP) software for individual network devices. Forward-looking enterprise users can benefit from class-of-service and other features that help integrate with new or existing network management applications, such as user registration.

Network Registrar Features

Network Registrar includes a wide range of unique and standard features. These features provide numerous benefits over competing products and public domain software. The most critical benefits are stabilizing the IP infrastructure, automating network services, and preparing for policy networking.

New Features in Network Registrar 6.0

Table 1-1 describes the features new or revised in Network Registrar 6.0.

Table 1-1 New or Revised Features in Network Registrar 6.0 

Feature
Description

Dynamic DNS update encrypted keys

Secures dynamic DNS updates through Transaction Signatures (TSIG) by using shared keys and a one-way hash function for authentication.

Importing named.conf zone files

The ability to import DNS named.conf files in addition to named.boot files.

Expressions in DHCP

Customizes handling of DHCP packets to associate packet information to clients, client-classes, and policies.

Subscriber limitation

Use options such as the relay-agent-info DHCP option (82) to limit the number of IP addresses given out by a DHCP server to devices on customer premises, as described in RFC 3046, especially by the use of expressions. A new DHCP extension, post-class-lookup, was also added to facilitate this.

Web-based user interface (Web UI)

Supports configuring administrators (with granular administrative capabilities) and DNS zones and hosts, and DHCP scopes, address blocks, subnets, and failover.

TAC Tool (tactool) utility

Provides collection, diagnosis, and packaging of Network Registrar server and system data to aid Cisco engineers and the Technical Assistance Center (TAC) in resolving customer software issues.


Features List

Table 1-2 describes the Network Registrar features and benefits. The table is divided into DNS server, DHCP server, and architecture and user interface sections.

Table 1-2 Network Registrar Features and Benefits 

Feature
Description
Documented
DNS Servers

Classless reverse (in-addr.arpa) zones

Supports many network topologies and DNS zone structures. Complies with the best practices described in RFC 2317, except that Network Registrar does not generate the large number of alias records suggested in the RFC.

"Adding a Primary Reverse Zone for the Server" section

DNS subzone hiding

Hides sensitive information about network topology and devices. When enabled, the DNS server does not transfer Name Server (NS) and Start of Authority (SOA) resource records during a zone transfer.

"Hiding Subzones" section

Dynamic DNS update

Dynamically updates DNS with new IP addresses and DNS name mappings, per RFC 2136. Automatically registers clients in DNS and eliminates DNS management overhead.

"Dynamic DNS Update Process" section

Dynamic DNS update encrypted keys

Secures dynamic DNS updates through Transaction Signatures (TSIG) by using shared keys and a one-way hash function for authentication, as described in RFC 2845.

"Setting Transaction Security" section

Importing zone files

Accelerates migrating from BIND to Network Registrar. You can import DNS data in the BIND zone file format, either individual zone files or all files specified in named.boot and named.conf files.

"Importing and Exporting Zone Data" section

Incremental zone transfers (IXFR)

Transfers only the incremental changes in a DNS zone, per RFC 1995. Dramatically reduces time and bandwidth to propagate DNS updates. Particularly valuable if updates must traverse expensive WAN links.

"Enabling Incremental Zone Transfers (IXFR)" section

Internal root-hint servers

Configures a DNS server as an internal root server. Root-hint servers support IP networks that are not connected to the Internet.

"Defining Root Name Servers" section

Interoperability with BIND

Provides for the server to be a primary to a BIND secondary server and vice versa. Supports mixed environments and a phased migration from BIND.

"Importing and Exporting Zone Data" section

NAPTR records

Provides a lookup of services for many resource names that are not in domain name syntax, per RFC 2915.

"Using NAPTR Records" section

NOTIFY

Notifies secondary servers of changes to zone data, per RFC 1996. Speeds up propagation of dynamic DNS update information.

"Enabling NOTIFY" section

Persistent cache

Stores DNS data in indexed disk files. Controls the physical memory that the DNS server uses and preserves the data across restarts. Improves performance and prevents thrashing when the server consumes all memory.

"Setting Maximum Memory Cache Size" section

Preconfigured root server

Preconfigures servers with the (updatable) names and addresses of Internet root name servers. Speeds up and simplifies DNS configuration.

"Defining Root Name Servers" section

Resolution exception (selective forwarding)

Selectively forwards DNS queries for specified domains to internal servers rather than recursively querying Internet root name and external servers. DNS can work among subsidiaries (intranets) or trading partners (extranets) without using the Internet. Improves network privacy.

"Adding an Exception" section

Resource record purging (scavenging)

To facilitate management of networks that include Microsoft Windows 2000 DHCP servers and clients, Network Registrar periodically scans for stale dynamic resource records and purges these records.

"Scavenging Dynamic Records" section

Round-robin

Provides a rudimentary form of load balancing. If one name owns multiple A records, Network Registrar rotates their order in successive queries.

"Enabling Round-Robin" section

SRV records

Satisfies a Microsoft Windows 2000/Active Directory environment requirement for Server (SRV) records, per RFC 2782.

"Resource Records"

Subnet sorting

Re-orders the A records in a query response by putting the target's closest address first in the response packet.

"Enabling Subnet Sorting" section

DHCP Servers

BOOTP and Dynamic BOOTP

BOOTP assigns addresses and configurations to clients based on their MAC addresses. Dynamic BOOTP assigns dynamic addresses and shares an address pool with the DHCP server.

"Configuring BOOTP"

Class of service (client and client-class)

Assigns addresses, DHCP options, and fully qualified domain names (FQDNs) based on a client's MAC address. Client-classing groups similar clients into classes and applies policies to them. Supports integrating with many network applications and supports the DOCSIS standard.

"Configuring Clients and Client-Classes"

Client caching

The DHCP server maintains a memory cache of DHCPDISCOVER and DHCPREQUEST cycles to reduce database reads. The client cache entries and the time-to-live parameters are adjustable.

"Setting Client Caching Parameters" section

DHCP allocation
(leases)

Allocates addresses automatically for permanent leases, dynamically for temporary leases, and manually for reserved addresses, per RFC 2131. You can also inhibit lease renewal for certain types of clients.

"Configuring Leases in the Scope" section

DHCP custom options

Provides flexibility in supporting options required by custom DHCP clients or standardized between Network Registrar versions.

"Defining Advanced Server Parameters" section

DHCP relay-agent-info option (82)

Provides DHCP relay agent information option support, per RFC 3046, to support DOCSIS modems, virtual private networks (VPNs), and on-demand address pools. Network Registrar now also supports limiting the subscriber use of DHCP-allocated IP addresses through this option.

"Configuring the DHCP Server for Virtual Private Networks and Subnet Allocation"

DOCSIS modem support

Supports DOCSIS modems for data-over-cable service providers, including the relay-agent-info option, device class of service, and unrequested options.

"Enhanced DHCP Request Processing Using Expressions" section

Dynamic DNS update

Updates the DNS server with two records each in the forward and reverse zones. The forward zone gets A and TXT records with the client ID (the MAC address for Microsoft clients). The reverse zone gets PTR and TXT records with the client ID, per RFC 2136. Automatically registers DHCP clients in DNS and eliminates DNS management overhead.

"Configuring Dynamic DNS Update"

Expressions

Retrieves, modifies, and makes decisions based on data in incoming DHCP packets.

"Creating Expressions" section

Extension points

Customizes handling individual DHCP packets as the DHCP server processes them. You can write extensions in TCL scripting language or C/C++ compiled languages. Extension points support additional levels of customizing individual DHCP clients.

"Using Extension Points"

Failover

Ensures granting leases even when a server fails. Provides high-availability DHCP.

"Configuring DHCP Failover"

Flexible name options

Provides support for end-user-controlled DNS naming, or as specified in the directory entry for the client or synthesized from the MAC address

"Defining Client-Classes and Their Properties" section

Lightweight Directory Access Protocol (LDAP) support

Reads client information from an LDAP directory and updates the directory with lease data. Supports Cisco's participation in the Directory Enabled Network (DEN) initiative and integration with other network infrastructure applications. Network Registrar now uses the iPlanet LDAP Software Development Kit (SDK) version 5.0.

"Configuring LDAP"

Lease querying

A relay agent can request lease (and reservation) data directly from a DHCP server in addition to gleaning it from client/server transactions.

"Querying Leases" section

Multiple network interfaces

Automatically discovers and listens on multiple network interfaces. Controls on which interfaces the server should listen.

"Choosing the Server Interface" section

NetWare options

Supports NetWare customers' use of options in RFCs 2241 and 2242.

"DHCP Options"

PING before offering lease

Prevents duplicate IP address assignment by pinging the network before offering a DHCP client an address.

"Pinging a Host Before Offering an Address" section

Secondary subnets

Creates DHCP scopes (dynamic address pools) with addresses from multiple logical subnets on the same physical wire. Supports numerous network configurations and allows easy network renumbering.

"Making a Scope a Secondary" section

Server switching (forwarding)

Switches or forwards DHCP traffic from one server to another for requests from certain clients.

"DHCP Forwarding" section

Subnet allocation (on-demand address pools)

Relies on the DHCP infrastructure to dynamically manage subnets, along with or instead of managing individual client addresses. Can vastly improve IP address provisioning, aggregation, characterization, and distribution.

"Configuring DHCP Subnet Allocation" section

Subscriber limitation

Use options such as the relay-agent-info DHCP option (82) to limit the number of IP addresses given out by a DHCP server to devices on customer premises, as described in RFC 3046, especially by the use of expressions.

"Enhanced DHCP Request Processing Using Expressions" section

Utilization alerts

Generates e-mail notices of impending problems. Allows timely corrective action if available addresses become scarce.

"Receiving Lease Notification" section

Variable-length subnet masks

Provides scopes on different subnets with different subnet masks to support flexible addressing schemes, including Open Shortest Path First (OSPF).

"Defining and Configuring Scopes" section

Vendor-specific DHCP options

Sends vendor-specific option data to accommodate DHCP clients that request them. The server sends vendor-encapsulated options in DHCP option 43, which is supported in the CLI.

"Supporting Vendor-Specific DHCP Options" section

Virtual private network (VPN) support

Configures the DHCP server to recognize overlapping address pools that are part of VPNs.

"Typical Virtual Private Network" section

User Interfaces and Architecture

Command line interface (CLI)

Supports configuring all aspects of Network Registrar.

This guide and in the Network Registrar CLI Reference

Database exporting

Exports all active addresses into a specified database or CSV text file.

"Using the mcdadmin Tool" section

Graphical user interface (GUI)

Provides a Windows-based graphical configuration interface.

"Network Registrar User Interfaces"

Multithreaded

Performs concurrent multiple-server tasks.

"Network Registrar User Interfaces"

Remote configuration and monitoring

Runs the Web UI, CLI, and GUI remotely.

"Network Registrar User Interfaces"

SNMP notification

Warns of server error conditions and possible problems.

"SNMP Notification"

TAC Tool (tactool) utility

Provides collection, diagnosis, and packaging of Network Registrar server and system data to aid Cisco engineers and the Technical Assistance Center (TAC) in resolving customer software issues.

"Using the TAC Tool" section

Web-based user interface (Web UI)

Supports configuring administrators (with granular administrative capabilities) and DNS zones and hosts, and DHCP scopes, address blocks, subnets, and failover.

Network Registrar Web UI Guide


Configuration and Performance Guidelines

Network Registrar is an integrated DHCP, DNS, and TFTP server cluster, capable of running on a Windows 2000, Windows NT, Solaris, or Linux workstation or server.

Because of the wide range of network topologies on which you can deploy Network Registrar, you should first consider the following guidelines and case studies. These guidelines are very general and cover most cases. Specific or challenging implementations could require additional hardware or servers.

General Configuration Guidelines

The following suggestions apply to most Network Registrar deployments:

Configure a separate DHCP server to run in remote segments of the wide area network (WAN)—Ensure that the DHCP client can consistently send a packet to the server in under a second. The DHCP protocol dictates that the client receive a response to a DHCPDISCOVER or DHCPREQUEST packet within four seconds of transmission. Many clients (notably early releases of the Microsoft DHCP stack) actually implement a two-second timeout.

In large deployments, separate the secondary DHCP server from the primary DNS server used for dynamic DNS updates—Because both lease requests and dynamic DNS updates must be persisted to disk, performance of both servers is impacted when using a common disk system. To ensure that the primary DNS server is not adversely affected, it should run on a different cluster than the secondary DHCP server.

Set DHCP lease times in a policy to four to ten days—To prevent leases from expiring when the DHCP client is turned off (overnight or over long weekends), set the DHCP lease time longer than the longest period of expected downtime. A lease time of seven days should be sufficient. See the "Creating a Policy" section.

Locate backup DNS servers on separate network segments—DNS servers are redundant by nature. However, to minimize client impact during a network failure, ensure that primary and secondary DNS servers are on separate network segments.

Use NOTIFY/IXFR—Secondary DNS servers can receive their data from the primary DNS server in two ways: through a full zone transfer (AXFR) or an incremental transfer (NOTIFY/IXFR, as described in RFCs 1995 and 1996). Use NOTIFY/IXFR in environments where the namespace is relatively dynamic. This reduces the number of records transferred from the primary to the secondary server. See the "Enabling NOTIFY" section.

Special Configuration Cases

The following suggestions apply in some special configurations:

During network reconfiguration, set DHCP renew times to a small value—Several days before making changes in network infrastructure (such as to gateway router and DNS server addresses), set the DHCP renew time to a relatively small value. A DHCP renew time of eight hours ensures that all DHCP clients receive a changed DHCP option parameter within one working day. See the "Types of Policies" section.

When using dynamic DNS updates for large deployments or very dynamic networks, divide primary and secondary DNS and DHCP servers across multiple clusters. Dynamic DNS updates generate an additional load on all Network Registrar servers as new DHCP lease requests trigger dynamic DNS updates to primary servers that update secondary servers through zone transfers.

Deployment Case Studies

The following cases suggest hardware and software deployments for two different types of sites—a small to medium local area network (LAN) and a large enterprise or service provider network.

Small to Medium Size LAN

In a small to medium LAN serving fewer than 50000 DHCP clients, low end Sun, Windows, or Linux servers are acceptable. You can also use systems with EIDE disk, although Cisco recommends Ultra-SCSI disks for dynamic DNS update. Figure 1-1 shows a configuration that would be adequate for this network. Recommendations include for:

Windows—Single-processor Pentium III or better, NT Server 4.0 SP6a or Windows 2000 SP1,
512 MB of RAM, 18 GB disk

Solaris—Sun Netra AC200, Solaris 8 or 9, 512 MB of RAM, 18 GB disk

Linux—Pentium III or better, Red Hat Linux 7.3 (kernel version 2.4), 512 MB of RAM, 18 GB disk

Figure 1-1 Deployment in a Small to Medium LAN

Large Enterprise and Service Provider Networks

In a large enterprise or service provider network serving over 500K DHCP clients, use high-end Sun, Windows, or Linux servers. Put DNS and DHCP servers on different systems. Figure 1-2 shows the hardware that would be adequate for this network. Recommendations include for:

Windows—Dual-processor Pentium III or better, NT Server 4.0 SP6a or Windows 2000 SP1 Server, 2 GB of RAM, 36 GB disk (10,000 RPM)

Solaris—Dual-processor Sun Netra 1400 or better, Solaris 8 or 9, 2 GB of RAM, 36 GB disk (10,000 RPM)

Linux—Dual-processor Pentium III or better, Red Hat Linux 7.3 (kernel version 2.4), 2 GB of RAM, 36 GB disk

Figure 1-2 Deployment in a Large Enterprise or Service Provider Network

Documentation Road Map

The Network Registrar version 6.0 documentation set consists of:

Cisco CNS Network Registrar Installation Guide (Order Number DOC-7814454=)

Cisco CNS Network Registrar Web UI Guide (Order Number DOC-7814451=)

Cisco CNS Network Registrar User's Guide (Order Number DOC-7814452=)

Cisco CNS Network Registrar CLI Reference (Order Number DOC-7814453=)

Cisco CNS Network Registrar Release Notes (Order Number DOC-7814455=)