Managing the IP address space of an organization, whether it is an enterprise, service provider, or government agency, can be a complex process. As networks scale, the number of addresses to manage for Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) services rises, increasing both the time and cost to assign and manage addresses. The migration from IPv4 to IPv6 compounds the complexity of this task. In addition, many organizations operate in a mixed environment that utilizes different DNS and DHCP technologies.
To manage DNS and DHCP services without excessive delay while keeping operating costs down, organizations need a solution that can consolidate IP address management (IPAM) through a single interface. This means supporting both IPv4 and IPv6 as well as tracking the addresses used by DNS and DHCP servers from different vendors and correlating address usage across the entire network. The ideal IPAM solution also must be able to automate address management to achieve operating efficiencies, lower the chance for operator error, reduce downtime of DNS and DHCP services, improve the reporting of address space use to the Internet Assigned Numbers Authority (IANA), and reduce network operating expenses.
Two of the most common DNS and DHCP servers deployed today are those from the Internet System Consortium (ISC) and Microsoft. The ISC DNS server is commonly known as ISC BIND (Berkeley Internet Name Domain). ISC BIND is thought to be the most prevalent DNS server in use today by service providers given its ability to handle the scale required for large-scale subscriber networks. Originally designed back in the early days of the Internet, ISC has kept BIND current using an open source model that has been ported to support other services, including DHCP. To date, ICS BIND does not support IPAM capabilities.
Microsoft offers DNS and DHCP functionality on its Windows-based servers. With Windows 2012, Microsoft has also introduced IPAM services. Microsoft's software, however, has been designed to operate in relatively small environments. For this reason, it is primarily used on servers handling internal traffic such as that within a small enterprise or for a service provider's own internal network.
Cisco also offers these services with Cisco Prime™ Network Registrar, a high performance, scalable, reliable integrated DNS, DHCP, and IPAM (DDI) solution. Designed for large networks, it provides the performance and scalability required to handle the high volumes of traffic on subscriber networks while providing a robust solution for enterprise networks. In addition, Cisco Prime Network Registrar is able to consolidate IP address management across mixed environments that utilize all three (ISC, Microsoft, and Cisco Prime Network Registrar) of these DNS and DHCP technologies.
As an example of a multi-vendor configuration, consider a service provider that uses Microsoft DNS and DHCP servers for its internal network and ICS BIND and ISC DHCP for its external subscriber network. Portions of these networks may use Cisco Prime Network Registrar as well. Similarly, all three technologies may be used in enterprise or government networks.
Depending upon how the network is deployed, such a mixed environment can increase the IP address management complexity, resulting in higher operating costs, slower deployment of services, and greater risk of service downtime due to operator error. Traditionally, operators have had to manage their IP address space across this mixed environment in a manual fashion. Specifically, adding an address using ICS BIND or Microsoft for DNS and DHCP is typically a three-step process:
1. Update the address database to make sure allocations don't overlap.
2. Update the DNS server.*
3. Update the DHCP server.*
* Each of the different types of DNS and DHCP server technologies needs to be updated independently, further complicating this process.
Several issues can arise during an update:
• The address database is typically a spreadsheet maintained by hand. If an operator fails to add an entry to the database, this may result in a future overlap and disrupt service.
• As each address must be entered multiple times, there is the potential for issues arising from typing errors.
• Given that IPv6 addresses are four times longer than IPv4 addresses, this increases the possibility and frequency of human error when inputting addresses manually.
• When operators have to convert manually between IPv4 and IPv6 addresses, there is an additional opportunity for error.
• Operators may choose to update the system irregularly. This means that there may be a time delay between a request and its fulfillment. This delay will be even greater when different groups manage the DNS and DHCP servers.
• When updates are irregular, the DNS and DHCP servers will be out of date until the next update, creating potential discrepancies.
With Cisco Prime Network Registrar however, adding an address is a one-step process. When the operator allocates an address, it is immediately updated within the IPAM inventory maintained by Cisco Prime Network Registrar. The DNS1 and DHCP servers are automatically updated appropriately. As manual entry and complex processes are eliminated, customers save time as well as reduce errors associated with adding addresses. When considered over the large number of entries that regularly need to be made, such automation can result in substantial time savings for operators.
Effectively, Cisco Prime Network Registrar offers enterprise, service provider, and government organizations an integrated solution for consolidating IP address management across the entire network. This allows operators to manage their IP address space from a single, centralized interface while significantly automating and simplifying overall address management.
For organizations already deploying DNS and/or DHCP solutions from Microsoft and/or ISC, one of the key advantages of migrating to Cisco Prime Network Registrar is its ability to build easily integrate with and upon existing DNS/DHCP infrastructure. Other IPAM implementations require organizations to replace both equipment and software. Such deployments are costly and disruptive to network operation. Cisco Prime Network Registrar instead offers a flexible licensing model that minimizes the impact of deploying IPAM functionality. Because organizations can license each component of Cisco Prime Network Registrar - DNS, DHCP, and IPAM - separately, they can bring in IPAM capabilities immediately on top of their current Microsoft and ICS DNS/DHCP servers. Then, if higher performance and scalability are required at a later date as the network grows, organizations can migrate to the DNS and DHCP components of Cisco Prime Network Registrar at that time.
Cisco Prime Network Registrar also offers best-in-class IPAM functionality with consolidated address management across mixed environments as well as consolidation of the IPv4 and IPv6 address spaces. The underlying technology is mature and industry-proven, providing organizations with a powerful platform that has a history of success to centralize control of an organization's address space from a single interface.
1Cisco Prime Network Registrar full IPAM support for DNS is planned for mid-2013.