The ability to deploy new equipment and services in a timely and cost-effective manner - a quality known as network agility - is crucial to maintaining profitability. Bottlenecks that hinder deployment, reduce performance, or result in downtime add cost to every operation. As a result, organizations can only be as agile as their IP infrastructure can support. For example, managing thousands of IP addresses by hand creates bottlenecks when provisioning and troubleshooting as well as increases the possibility of service outages caused by human error.
The growing complexity of networks further increases the difficulty of managing today's networks. Operators must accommodate new types of servers and clients, potentially from multiple vendors. TCP/IP continues to connect more devices, resulting in a higher cost to manage each new device as the number of devices added to the network increases. Furthermore, new technologies like IPv6, virtualization, cloud services, and mobile connectivity increase management complexity and drive the need for a comprehensive, integrated, and feature-rich IP address management (IPAM) solution.
Agility helps enable organizations to cut operating expenses by facilitating new ways to identify waste, expense, and risk in everyday network management processes. Networks that are smarter through automation and simplification of the allocation, tracking, and reclaiming of IP addresses can break the vicious cycle of rising costs, increased downtime, and endless stress to network staff. To increase operational efficiency and build a network that responds quickly to changing business needs, operators need an IPAM solution that:
• Centralizes IP address management for the entire network
• Maintains a complete and up-to-date IP address inventory
• Provides comprehensive visibility into IP usage with inventory assurance
• Eliminates manual processes prone to human error
• Simplifies IP address management and accelerates troubleshooting to help enable operators to spend less time managing the network and more time focused on strategic initiatives
• Dynamically scales to match changing IP needs
• Allows multiple administrators with individual and group access controls
• Helps enable a seamless migration from IPv4 to IPv6 without affecting service availability
• Supports user-defined IP blocks and address types with custom fields
• Reduces security and compliance risks associated with unauthorized use of addresses
• Provides extensive reporting capabilities
• Reduces overall operating expenditures
Cisco Prime Network Registrar IPAM
Cisco Prime™ Network Registrar IPAM is designed to optimize operator workflow efficiency by reducing task steps and eliminating manual input where possible. This is achieved by centralizing IP address space management while automating many common management tasks, including discovery of devices, IP address allocation, reconciliation of IP addresses, and support for both IPv4 and IPv6 within the same network. Operators are also able to manage all IP allocation-related tasks from a single point of access.
Simplifying the workflow enforces a consistent and disciplined approach to IP management. This helps enable operators to respond faster and with greater accuracy to dynamic provisioning requirements, resulting in lower operating costs and an improved customer experience.
Cisco Prime Network Registrar IPAM also creates a robust foundation upon which to realize reliable virtualization, cloud, and IPv6 services. Many vendors treat these technologies as problems or exceptions that need to be managed separately from the rest of the network using specialized tools that have not been designed to work with the existing management system. Cisco Prime Network Registrar IPAM provides operators with IP address management capabilities that are integrated into the wider management of the network. The ability to manage these technologies as part of the everyday management workflow allows operators to provide services faster and support on-demand scalability.
Flexibility is essential, especially in heterogeneous environments where IP address management can differ from device to device. Cisco Prime Network Registrar IPAM is able to support non-Cisco devices and different network management systems through APIs. For example, operators need to confirm to a router or network element team that a provisioning request has been completed. Using traditional management techniques, an operator may forget to email a confirmation or perform one of the crucial steps in the provisioning process. Rather than requiring operators to perform this step manually, the system can automatically send confirmations, helping enable operators to drop this step from their checklist. In addition, the system can receive commands and trigger flows back downstream to further automate processes. This is just one example of how Cisco Prime Network Registrar IPAM simplifies the workflow.
Accountability is also an important part of managing a network, whether for creating audit reports or tracking down a problem. Large networks tend to be spread out with multiple administrators each in charge of their own section. To increase reliability and security, Cisco Prime Network Registrar IPAM consolidates IP allocation to a single database and control point. Each local administrator is still able to manage his or her portion of the network but with the added reliability that comes through centralization. For example, when a device generates an alarm on the firewall, operators typically have only the IP address that triggered the problem. With Cisco Prime Network Registrar IPAM, every change is tracked, including who authorized the change and when. The result is faster problem identification and resolution.
Automated Discovery and Updating
Efficient management of network elements requires that operators track the IP addresses assigned to each device when they are attached to the network. When discovery is managed manually, operators must remember to record these addresses by hand.
Cisco Prime Network Registrar IPAM offers a broad scope for automated discovery, including subnets, Address Resolution Protocol (ARP), and switch ports. In addition, IP addresses for new devices are immediately added to the network's IP inventory, guaranteeing that they will not be overlooked or mistyped.
There is also the consideration that not every network device is formally introduced to the network. Users will often attempt to provision their own resources such as routers or printers without consulting IT. When an IP address is used that hasn't been formally allocated, this creates a potential conflict with mission-critical equipment that could result in network downtime that is difficult and time-consuming to troubleshoot.
Cisco Prime Network Registrar IPAM locates and identifies any unknown devices - including smartphones - that are using IP addresses that were not assigned to them. This helps enable operators either to remove these rogue devices from the network or discover them formally. It also shores up potential security vulnerabilities that might otherwise pass undetected.
In addition to capturing IP address data when devices are deployed, Cisco Prime Network Registrar IPAM maintains the accuracy of the IP address inventory by refreshing it at a regular frequency as determined by the network operator to confirm that it still correlates to the ever-changing configuration of the network. This helps ensure that IP address data is not only complete but also up-to-date so that administrators can see which IP addresses are being used and what equipment they are allocated to.
Having accurate information is critical to reliable network operation. For example, Cisco Prime Network Registrar IPAM proactively forecasts IP address usage to prevent consumption from exceeding capacity and leading to a service outage. Administrators can set multiple thresholds to alert them when IP address utilization reaches a set percentage or is within a certain number of days of exceeding available capacity. Threshold management is especially important for businesses with seasonal demand, such as online retailers during the holidays.
Administrators are also able to automate reclamation of IP addresses that are no longer in use. Given that devices may be rebooting, offline, or retired when pinged, Cisco Prime Network Registrar IPAM provides administrators with detailed information to help enable them to make informed decisions as to how to resolve such issues. For example, administrators can search through transaction records for the last 30 days to see if an address has been used and so is still active.
This feature can also be used for entire subnets to facilitate verification when networks are moved or renumbered. For example, both old and new IP addresses are active while a switchover is initiated. Depending upon the size of the subnet, this process may take several days. Once the switchover is complete, operators can verify that the old addresses are no longer being used and then reclaim them without affecting network performance. The reclamation process can be automated as well. Cisco Prime Network Registrar IPAM facilitates renumbering by handling the reassignment process and then, using a threshold set by the operator, confirming that the old addresses have not been used before reclaiming them.
Moving to IPv6
With the rapid depletion of IPv4 addresses, migrating to IPv6 is no longer an option for many organizations. Part of the challenge operators face is that both IPv4 and IPv6 addresses will be used within the same network, creating the need to maintain two IP address inventories. In addition, individual devices will often have both types of addresses, making it more difficult to view accurately the current network topology.
In anticipation of the need for network administrators to be able to administer and monitor both IPv4 and IPv6 addresses within the same network, Cisco Prime Network Registrar IPAM supports dual-stack architecture to facilitate a seamless transition to IPv6 by providing comprehensive visibility into both IPv4 and IPv6 resources with a single tool. Specifically, it keeps track of the current IPv4 network while automating overlaying of new IPv6 address assignment policies onto the IPv4 topology. This provides a foundation upon which networks can transparently support both IPv4 and IPv6 interoperating together.
Rather than having to maintain two separate inventories, IP address management is centralized to a single combined inventory. Not only does this give operators confidence that the address inventory accurately reflects the current state of the network, it enables them to manage IPv4 and IPv6 addresses from the same interface. This ability to view and manage the network from a single location is essential to enabling a smooth transition to IPv6 without interrupting network operation.
Having to manage both IPv4 and IPv6 address increases the complexity of every task associated with IPv4 resources. When addresses are managed manually, operators have to first look up a resource's IPv4 address and then configure the IPv6 address by hand. Operators then have to set up the address on the Dynamic Host Configuration Protocol (DHCP) server as well. This simple operation takes several steps and involves inputting the same data into the system multiple times. Given that IPv6 addresses are four times longer than IPv4 addresses, this increases the possibility and frequency of human error when inputting addresses manually. When an input error does occur, additional time will be required for troubleshooting and resolving these errors. There is also the downtime to consider while errors are being discovered and corrected (see Table 1).
In contrast, Cisco Prime Network Registrar IPAM automatically correlates the mapping of IPv6 addresses to IPv4 resources. It does this in an abstract manner that greatly simplifies the process for operators. For example, operators can use "containers" to associate address blocks with a particular geography, topology, or other user-defined hierarchy. This allows addresses to be easily allocated using an intuitive GUI. The process is streamlined to eliminate manual errors and make common tasks take a single command. There is no data to enter twice, nor any spreadsheet-based address database to maintain. In addition, operators can complete IP address allocation in substantially less time. Such a high level of automation is key to maintaining an accurate IP address inventory and helping to ensure the reliability of the network.
Cisco Prime Network Registrar IPAM is able to achieve this level of efficiency and reliability because of its heterogeneous integration with the other tools operators are using to manage their network. Rather than being a separate tool that administrators have to go back and forth between, Cisco Prime Network Registrar IPAM provides centralized resource visibility and IP address management.
This centralized visibility is another important capability for simplifying IP address management. A network may comprise many islands, some based on IPv4 and an increasing number on IPv6. While these subnets are different, based on their physical equipment and topology, they still appear as a single network to users and their data. For this reason, they need to be managed as a single network as well.
Consider an IPv4 subnet deployed in a local office. When a call comes from that office, the operator needs to be able to reach the subnet over the IPv6 network to begin troubleshooting the problem. When IPv4 and IPv6 resources are managed separately, the operator has to map out a path to the local office by hand.
Because Cisco Prime Network Registrar IPAM overlays the IPv6 network over IPv4 resources, it can provide the appropriate routing information to give operators a head start on troubleshooting. Rather than wasting time figuring out how to get to the local office to see what is happening, operators are able to immediately focus on solving the problem at hand and minimizing client downtime.
Virtualization and Cloud Services
Cisco Prime Network Registrar IPAM offers a flexible range of capabilities designed to serve the needs of both enterprise and service provider networks. With the ability to scale to high user counts, it provides reliable management capabilities for even the largest networks. Cisco Prime Network Registrar IPAM also offers web-based APIs that enable the system to interoperate with other provisioning systems. This allows service providers to easily support each of its customers with their own IP address space and workflow.
Advanced virtualization and cloud computing applications are supported as well. For example, multitenancy capabilities allow service providers to isolate customer-specific data from different companies. Customers are also able to determine their own hierarchies. In addition, Cisco Prime Network Registrar IPAM performs automatic hierarchical allocation so operators don't have to manually enter every subnet.
For service providers delivering cloud services, the multitenancy and virtualization technology required to support these services is available today from Cisco® and provides isolation and security capabilities. These features are critical to promoting adoption of cloud services to enterprises through third parties. With the ability to provide cloud services securely, more companies will begin to take advantage of cloud services to extend their own network infrastructure. For enterprises wanting access to cloud services, if they know their service provider is running Cisco, they know the network will be capable of providing the reliability and security they need.
Accelerated Return on Investment (ROI)
Cisco Prime Network Registrar IPAM is not just a repository for IP addresses. The simplicity and thoroughness it offers makes for a powerful tool that increases the efficiency and reliability of networks while substantially reducing operating expenses:
• Automation of Processes: Tasks that administrators don't have to manage manually result in direct management time and operating expense savings.
• Simplification of Processes: Reducing the number of steps required for common tasks results in corresponding savings in how long operators must spend on daily management tasks. When considered across a large network, these savings can be a significant percentage of an operator's working hours.
• Elimination of Human Error: Manually tracking IP addresses using a spreadsheet is prone to a variety of reading, typing, and procedural errors. Even the simple mistyping of an IP address can result in configuration errors that are difficult to identify and costly downtime. Automating processes eliminates the possibility of human error, leading to greater network reliability and operating efficiency.
• Comprehensive Auditing: Auditing for compliance and accountability are critical to maintaining network health. Auditing helps enable administrators to verify that best practices are being followed across the network. Administrators can also verify that each person with access to management services has the skill and knowledge to use these capabilities properly.
• Proactive Management: Cisco Prime Network Registrar IPAM's dashboard feature provides visibility into network health and stability using intuitive graphics with a granularity down to individual devices. In this way, pending issues can be identified before they become problems and affect performance.
• Simplified Planning: Cisco Prime Network Registrar IPAM simplifies developing and maintaining a robust IP address management plan. With the ability to monitor both IPv4 and IPv6 addresses from a single point, migration complexity is substantially reduced.
• Greater Network Stability: When there are fewer errors, the network is more stable. In addition, administrators spend less of their time troubleshooting.
Many of these savings are related to human labor. By simplifying and automating many of the processes associated with IP address management, Cisco Prime Network Registrar IPAM frees up network operators so they focus more of their time on strategic planning.
For example, with Cisco Prime Network Registrar IPAM, administrators are able to discover clients in their network. This function saves a great deal of time and reduces errors in transcription. This discovery module informs network administrators of the "as deployed" view of the network. Using a suite of networking tools in the background, the IPAM system provides users with a comprehensive view of the users to help them plan with a baseline of actual data.
Figure 1. Discovery
Furthermore, Cisco Prime Network Registrar IPAM allows a view of the IP address space referred to as containers, providing users the ability to see how their address space is deployed and showing which address blocks are in use and what is free to be used.
Figure 2. Container View
With another Cisco Prime Network Registrar IPAM view of the address space, users can see how aggregates of address blocks are being used so that they can anticipate address depletion. Additionally, a "History Chart" tool graphically depicts historical usage and predicts when available IP resources will be fully depleted based on the current depletion rate.
Figure 3. View of Address Block Usage
These are just some of the Cisco Prime Network Registrar IPAM features that greatly enhance the network operator's ability to perform tasks associated with managing their network efficiently.
Operators can further improve network operating efficiency and reliability by making use of Cisco Prime, a comprehensive platform of integrated network management solutions that provide A-to-Z management for IP next-generation networks (NGNs), mobility, video, and managed services. With Cisco Prime, operators can expand upon the capabilities of Cisco Prime Network Registrar to help enable full end-to-end network management lifecycle capabilities spanning design, fulfillment, assurance (fault and performance), and analysis operations tasks.
Cisco Prime Network Registrar IPAM helps enable operators to take control of their IP address space through intelligent automation, centralized management, and single-point access. Automation of key tasks such as device discovery and IP address updating facilitates the efficient, reliable, and cost-effective deployment of new devices and services. With support for virtualization and cloud services, as well as helping to enable seamless migration to IPv6, Cisco Prime Network Registrar IPAM provides the integrated tools operators need to bring agility to today's complex, heterogeneous networks with fast return on investment.