With the increasing number and different types of devices attaching to the network, managing IP addresses efficiently and accurately introduces many challenges for network operators of large-scale networks, including service providers and enterprises (see Figure 1). Both Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) are mission-critical capabilities that need to be able to scale, and many service providers have created dynamic service delivery based on DNS to achieve service quality and deliver advantages. However, if DNS fails, then the Internet fails. Similarly, DHCP is a core technology for network access. Assigning a unique address to every device connecting to the network has become a virtually impossible task to perform manually with the proliferation of IP devices.
Figure 1. The IP Address Management Challenge
The Need for Migration/Upgrading
Superior IP Address Management with Cisco Prime Network Registrar 8.x
• High performance and scalability: The DHCP server is the industry's most scalable server, supporting more than 50 million devices in a single customer deployment and providing up to 47,000 leases per second (when operating on Cisco® hardware).A dedicated DNS caching server provides significant acceleration of DNS query throughput compared to other implementations with up to 170,000 queries per second.
• High reliability: The solution offers multiple levels of redundancy with DHCP safe failover, support for High Availability (HA) DNS, and Cisco's patent-pending discriminating rate limiter that helps provide avalanche prevention to reduce downtime after network outages.
• Consolidated IPv4/IPv6 address management: Dual-stack support helps enable management of IP addresses from a single server with support for address assignment (for both stateless and stateful configuration) and IPv6 prefix delegation.
• Simplified management complexity through centralization and automation: Network operators can control and monitor DNS and DHCP servers from a central location. With a single point of data aggregation and delegation, IP address information can be synchronized dynamically while eliminating many time-consuming and error-prone manual tasks. In addition, automation reduces IP conflicts and configuration errors while reducing downtime of DHCP and DNS services.
• Powerful extensibility: Allows network operators to alter and customize DHCP server operations for both IPv4 and IPv6 to improve network security, performance, and integration with third-party applications.
Figure 2. Cisco IPAM Lifecycle Approach
Major Enhancements Available with Version 8.0
• Robust IP address management: Innovative tools provide centralized, full-lifecycle support of IP addresses with integrated management of IPv4 and IPv6 addresses.
• DNS caching server: DNS caching improves the performance of high-volume recursive queries, provides DNS64 capabilities (that is, IPv4 access for hosts with only an IPv6 address), and performs DNSSEC validation to authenticate the origin DNS data to protect against DNS vulnerabilities such as DNS cache poisoning.
• Componentized licensing: Each component of Cisco Prime Network Registrar - DHCP, DNS, IPAM, and DNS caching - can be licensed individually based on the specific needs of network operators.
Top Benefits of Using an IPAM system
• Manage the explosive growth of networks devices: The proliferation of devices that need an IP address is putting an incredible strain on networks. For example, within the enterprise network, each user requires multiple addresses for PCs, tablets, smartphones, printers, and other connected electronic devices. The infrastructure itself also needs more addresses as it expands to include more routers and virtual machines (VMs).The scalability of Cisco Prime Network Registrar IPAM gives network operators the confidence that their tools can grow with their network.
• Allocate IPv4 and IPv6 addresses faster: Without the proper tools, the need to service more devices will slow allocation and degrade the user experience.
• Facilitate the migration from IPv4 and IPv6: The migration to IPv6 won't happen overnight. Many devices don't recognize IPv6 and must be supported until they can be upgraded. To support this, Cisco Prime Network Registrar utilizes a dual stack that can automatically map current IPv4 networks and devices to IPv6 space addresses and present a single view of the network.
• Simplify IPv6 address management: IPv6 addresses are much more complex than IPv4 address. Whereas an IPv4 address consists of short blocks of numbers and is easily memorized, IPv6 addresses contain letters and numbers and are longer, making it much easier for operators to make mistakes when typing in addresses. In addition, a prefix delegation such as/64, which has more addresses behind it than the entire IPv4 address space, makes IPv6 addresses extremely complex. Automated allocation and provisioning processes are required to eliminate human error as well as effectively handle the huge volume of addresses in use every day.
• Integrate data collection: Bringing IP address management under one automated tool facilitates data collection from routers, Address Resolution Protocol (ARP) caches, DHCP servers, and ping sweeps. This data allows network operators to more effectively perform IP address space discovery, reconcile planned versus actual allocation of addresses, handle alerts, and improve overall capacity management.
• Help enable tight internal control of addresses: Certain organizations, such as those with secure networks, must follow rigid mandates on how addresses are allocated and used, and the penalties for noncompliance can be severe. Tight internal control of addresses requires automated management of both IPv4 and IPv6 address spaces to enable operators to quickly assess key information such as which addresses are active, which group owns each address, and to whom each address is assigned.
• Conduct regular audits: When IP addresses are managed manually, address databases may not be entirely up to date. An IP address management system helps enable operators to conduct regular audits that accurately capture the dynamically changing configuration of the network. These audits allow organizations to prove compliance to mandates as well as assess efficient utilization of address assets.
Improved Security through DNS Caching
Flexible Licensing and Implementation
• Purchase only what you need: Components of Cisco Prime Network Registrar may be licensed individually or as part of one of two suites at a discount. In addition, as networks scale, operators can purchase additional components as needed and integrate them seamlessly with existing tools.
• Run on your own hardware: You can install Cisco Prime Network Registrar on the hardware and platform (Windows, Linux, and Solaris) of your choice. This helps enable you to make use of existing network infrastructure as well as deploy best-in-class equipment in the future. In addition, this flexibility can also help facilitate a more seamless migration from Solaris to Linux.
• Reduce operating costs through virtualization: Cisco Prime Network Registrar is available in a Cisco Open Virtual Format (OVF) file, preconfigured for virtualized environments and able to be installed in as little as 15 minutes. This helps enable you to reduce the number of physical servers and lower operating costs by maximizing existing hardware investment. Version 8.0 is also cloud ready with multitenancy capabilities.
• Achieve faster time to value: For organizations wanting the convenience of a preconfigured DNS and DCHP appliance, Cisco Prime Network Registrar Jumpstart is preinstalled and configured with an operating system, as well as Cisco Prime Network Registrar and virtualization software, for a fast and easy deployment of a dual-stack-compliant environment. Cisco Prime Network Registrar Jumpstart also addresses cost concerns by offering a low startup cost.
Straightforward Migration Path
• One of the following operating systems: Solaris 10, Windows 2008, or Red Hat Enterprise Linux (RHEL) 5.0/6.0
• VMware ESXi 4.1
• Java JRE 5.0 (1.5.0_06)
• Internet Explorer 8.0 or Firefox 5
• 4GB of memory
• Two 146 GB RAID 1 drives
• Databases cannot be copied from one operating system to another. However, there are various tools available within Cisco Prime Network Registrar to migrate to version 8.x on a new/different operating system.
• Upgrading from any release older than version 7.2 requires use of the database upgrade tool. This tool is available in the version 8.0 product download directory under "Prime Network Registrar Tools:" http://www.cisco.com/cisco/software/release.html?mdfid=283905278&flowid=30621&softwareid=284240046&release=3.0&relind=AVAILABLE&rellifecycle=&reltype=latest.
• If both partner servers (for high availability and failover) are upgraded, the resource records and leases are synchronized at this point.
• Migrate DHCP prior to migrating DNS in environments where both servers are in use.
• Use the DHCP failover functionality to facilitate the migration. Specifically, synchronize the existing configuration with a new backup partner on the target OS. Once failover has initiated, it will synchronize leases with the new backup partner. Migrating in this way facilitates restoration back to the original system (that is, fallback) if the new backup gets corrupted.
• Subsequent to successful migration to the new partner, reverse the process to update the other new partner.
• Use DNS HA functionality to facilitate DNS migration
• Synchronize the existing (main) configuration with the new system as the backup platform. Once HA is initiated, it will synchronize the resource records with the new backup partner. Migrating in this way facilitates restoration back to the original system that is, fallback) if the new backup gets corrupted.
• Subsequent to successful migration to the new system, reverse the process to update the other new partner.