Introducing Cisco Network Registrar

Cisco Network Registrar is a full-featured, scalable Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) system for large IP networks. It provides the key benefits of stabilizing the IP infrastructure, automating networking services such as configuring clients and provisioning cable modems, and providing the foundation of user-based policies for CiscoAssure Policy Networking.

Service provider and enterprise users can better manage their networks using the unique features of Cisco Network Registrar that enable integration with other network infrastructure software and business applications.

Target Users

Cisco Network Registrar is designed for the following users:

Internet service providers (ISPs)—Drive down the cost of operating networks that provide leased line, dial-up, and DSL (Point to Point over Ethernet and DHCP) access to customers.
Multi-service operators (MSOs)—Provide subscribers access to the Internet using cable or wireless technologies. Benefit from services and tools that provide reliable and manageable DHCP and DNS services that meet the Data Over Cable Service Interface Specification (DOCSIS). Network Registrar provides policy-based, robust, and scalable DNS and DHCP services that form the basis for a complete cable-modem provisioning system.
Enterprises—Meet the needs of single- and multi-site enterprises (small to large businesses) to administer and control network functions. Automate the tasks of assigning IP addresses and configuring the TCP/IP software for individual network devices. Forward-looking enterprise users can take advantage of the class of service and other features that enable integration with new or existing network management applications, such as user registration.

Network Registrar Features

Cisco Network Registrar includes a wide range of unique and standard features that provide numerous benefits over competing products and public domain software. The most critical benefits are stabilizing the IP infrastructure, automating network services, and preparing for policy networking.

Table 1-1 describes Cisco Network Registrar features and benefits. The table is divided into DNS server, DHCP server, and architecture and user interface sections.

Table 1-1: Cisco Network Registrar Features and Benefits

Feature	Description and Benefits	Location in Guide

DNS Server-Related
Classless reverse (in-addr.arpa) zones	This supports a wide variety of network topologies and DNS zone structures. Network Registrar complies with the best practices described in RFC 2317 (except that Network Registrar does not automatically generate the large number of alias records suggested in the RFC).	"Adding a Primary Reverse Zone for the Server" section
DNS subzone hiding	The DNS server can hide the subzone hierarchy for all zones delegated from a server. When enabled, the DNS server will not transfer NS and SOA records for a subzone during a zone transfer. Standard DNS queries continue to work. DNS subzone hiding hides sensitive information about the topology of the network and devices on the network.	"Hiding Subzones" section
Dynamic DNS update	DNS clients and DHCP servers can dynamically update DNS with new IP addresses and DNS name mappings (RFC 2136). Network Registrar is the only DNS/DHCP product that implements dynamic DNS updates using this standard protocol. Dynamic DNS updates automatically register clients in DNS and eliminates DNS management overhead.	"Dynamic DNS Update Process" section
Importing zone files	Importing zone files speeds up migration from BIND to Network Registrar. You can import DNS information in the BIND zone file format, either individual files or all files specified in a named.boot file.	"Importing and Exporting Zone Data" section
Incremental zone transfers (IXFR)	This transfers only the incremental changes in a DNS zone during a zone transfer. Network Registrar is the only DNS server to support incremental zone transfers (RFC 1995). It dramatically reduces time and bandwidth required to propagate DNS updates throughout a network and is particularly valuable if updates must traverse expensive WAN links.	"Enabling Incremental Zone Transfers (IXFR)" section
Internal root (hint) servers	You can configure a DNS server as an internal root server. Root-hint servers support IP networks that are not connected to the Internet.	"Defining Root Name Servers" section
Interoperable with BIND	Network Registrar DNS servers interoperate with BIND and other RFC-compliant DNS servers. The server can be a primary to a BIND secondary and vice versa. Interoperability with BIND supports mixed environments and a phased migration from BIND.	"Importing and Exporting Zone Data" section
NAPTR records	You can use DNS to look up services for a wide variety of resource names that are not in domain name syntax (RFC 2915).	"Resource Records"
NOTIFY	The primary DNS server notifies secondary DNS servers of changes to zone information (RFC 1996). The NOTIFY feature speeds up the propagation of dynamic DNS update information.	"Enabling NOTIFY" section
Persistent cache	DNS cache data is stored in indexed disk files. This controls the amount of physical memory used by the DNS server and preserves DNS cache data across system or server restarts. Persistent cache improves performance and reduces amount of memory used by the DNS server. This prevents thrashing that is caused when the DNS server consumes all physical memory.	"Setting Maximum Memory Cache Size" section
Preconfigured root server	DNS servers are preconfigured with the names and addresses of the Internet root name servers, which you can update. Preconfigured root servers speed up and simplify installation and configuration.	"Defining Root Name Servers" section
DNS Server-Related, continued
Resolution exception (selective forwarding)	This selectively forwards DNS queries for specified domains to internal DNS servers rather than recursively querying the root name servers on the Internet and external DNS servers. DNS can work among subsidiaries (intranets) or trading partners (extranets) without using the Internet, which improves network privacy.	"Adding an Exception" section
Round-robin	If one name owns multiple Address (A) resource records, the order of the records is rotated in successive queries for that name. Round-robin provides a rudimentary form of load balancing.	"Enabling Round-Robin" section
SRV records	You can use SRV records, including dynamic DNS update of SRV records (RFC 2052), which are Windows 2000-compatible. Microsoft identified this feature as required for DNS servers in a Windows 2000/Active Directory environment.	"Resource Records"
Subnet sorting	When the DNS resolver (client), DNS server, and target are all on the same subnet, and the target has multiple addresses (A records), the server lists, in the reply, the address on the common subnet first. Subnet sorting is a Cisco DNS/DHCP Manager (CDDM) compatibility feature.	"Enabling Subnet Sorting" section
DHCP Server-Related
BOOTP and Dynamic BOOTP	BOOTP assigns addresses and configuration information to clients based on the client's MAC address. Dynamic BOOTP dynamically assigns IP addresses and shares an IP address pool with the DHCP server. BOOTP and dynamic BOOTP support older BOOTP clients, including many network printers.	"Configuring BOOTP"
Class of service (client and client-class)	You can customize IP address, DHCP options, and fully-qualified domain name (FQDN) based on client's MAC address. Similar clients can be grouped into classes, and customizing applied to the class. This can deny addresses to clients or classes. Class of service: Supports the integration of Network Registrar with a variety of network infrastructure applications. Supports integration with CiscoAssure Policy Networking. Supports DOCSIS cable modems.	"Configuring Client-Classes"
DHCP allocation	You can use all three allocation methods, specified in RFC 2131: Automatic (permanent lease) Dynamic (temporary lease) Manual (reserved address)	"Configuring Leases in the Scope" section
DHCP custom options	You can configure new DHCP options. This provides flexibility in supporting options required by custom DHCP clients or standardized between versions of Cisco Network Registrar.	"Defining Advanced Server Parameters" section
DHCP relay agent option	You can use the DHCP relay agent option, as specified in draft-ietf-dhc-agent-options. This allows support of DOCSIS modems.	"Configuring a BOOTP Relay Router" section
DHCP Server-Related, continued
DOCSIS modem support	Includes features needed by DOCSIS modems. These include: Support for relay agent option Class of service (allows DHCP server to distinguish between a DOCSIS modem and a user device, and configure each correctly) Support for non-requested options (return specified options to modems even if they do not request them) This provides support for data-over-cable service providers.	"Configuring a BOOTP Relay Router" section
Dynamic DNS update	The DHCP server updates the DNS server with two records each in the forward and reverse zones. The forward zone receives an A record (name and IP address) and a TXT record with the client ID (the MAC address for Microsoft clients). The reverse zone receives a Pointer (PTR) resource record (IP address and name) and a TXT record with the client ID (uses the RFC 2136 Dynamic DNS Update Protocol). This automatically registers DHCP clients in DNS and eliminates DNS management overhead.	"Configuring Dynamic DNS Update"
Extension points	You can customize the handling of individual DHCP packets as the DHCP server processes them. You can write extensions in TCL scripting language or C or C++ compiled languages. Extension points support additional levels of customizing individual DHCP clients.	Network Registrar CLI Reference Guide
Failover	You can have redundant DHCP servers provide leases in the event of server failure. Failover provides a high-availability DHCP service. Clients requesting leases need not know or care which server is responding to their requests for leases.	"Configuring DHCP Failover"
Flexible name options	You can select from various techniques for handling DNS names: As requested by the client (end user controlled) As specified in the directory entry for the client Synthesized from the MAC address	"Defining Client-Classes" section
LDAP directory support	Network Registrar can read client information from an LDAP directory and update the directory with lease data. This supports the Directory Enabled Network (DEN) initiative and integration with other network infrastructure applications.	"Configuring LDAP"
Multiple network interfaces	The DHCP server automatically discovers and listens on multiple network interfaces.	"Selecting the Server Interface" section
NetWare options	NetWare customers can use options included in RFCs 2241 and 2242.	"DHCP Options"
PING before offering lease	You can prevent duplicate IP address assignments by having Network Registrar ping the network before offering an IP address to a DHCP client.	"Pinging a Host Before Offering an Address" section
DHCP Server-Related, continued
Secondary subnets	You can create DHCP address pools (scopes) that have addresses from multiple logical subnets that are on the same physical network. Secondary subnets support numerous network configurations and allows networks to be easily renumbered.	"Making a Scope a Secondary" section
Server switching	You can forward DHCP traffic from one server to another.
Utilization alerts	Network Registrar generates e-mail notices if the percentage or number of available addresses falls below a configurable threshold. This warns of impending problems and allows for timely corrective action.	"Receiving Lease Notification" section
Variable-length subnet masks	Address pools for different IP subnets can have different subnet masks. This allows for flexible addressing schemes including Open Shortest Path First (OSPF) configurations.	"Defining and Configuring Scopes" section
Network Registrar Architecture and User Interface Related
Command line interface (CLI)	You can configure all aspects of Network Registrar using the CLI.	Throughout this guide, and specifically in the Network Registrar CLI Reference Guide
Graphical user interface (GUI)	The GUI provides a convenient configuration tool.	"Network Registrar User Interfaces"
Database export	You can export all active IP addresses into a specified database or CSV text file.
Multi-threaded	The DNS and DHCP servers can perform concurrent multiple tasks.	"Network Registrar User Interfaces"
Remote configuration and monitoring	You can run both the GUI and CLI remotely.	"Network Registrar User Interfaces"
Reports and data imports and exports	You can import and export data in a variety of formats and reports.	"Network Registrar User Interfaces"
SNMP notification	Network Registrar warns of error conditions and possible problems with the DNS and DHCP servers.	"SNMP Notification"
Web browser reporting	You can run reports on server status, address usage, lease status, and connection status between main and backup DHCP servers.	"Network Registrar User Interfaces"

Configuration and Performance Guidelines

Cisco Network Registrar is an integrated DHCP and DNS server cluster, capable of running on an NT workstation, NT server, Solaris system, AIX, and HP/UX.

Because of the wide range of network topologies into which CNR is deployed, you should consider the following guidelines and case studies before deploying Network Registrar on your network. These guidelines are very general in nature, and cover most cases. Specific or challenging implementations of Network Registrar may require additional hardware or multiple servers.

General Configuration Guidelines

The following suggestions apply to most Network Registrar deployments:

Set DHCP lease times to a relatively large value—To prevent leases from expiring when the DHCP client is turned off (overnight or over long weekends), set the DHCP-lease-time longer than the longest period of downtime expected for your enterprise. A DHCP lease time of 10 days is commonly used. For details on setting lease times, see the "Creating a Policy" section.
Configure a separate DHCP server to run in remote segments of the WAN—This ensures that the DHCP client can consistently send a packet to the DHCP server in under a second. The DHCP protocol dictates that the client receive a response to a DHCP DISCOVER or REQUEST within four seconds of packet transmission. Many clients (most notably early releases of the Microsoft DHCP stack) have actually implemented a two-second timeout.
Separate secondary DNS servers from your DHCP server—Because writing a full zone to disk can take some time, server performance can be slow when it transfers large zones to a secondary DNS server. To ensure that the DHCP server is not adversely affected during large zone transfers, your secondary DNS servers should run on a different cluster than your DHCP server.
Select Ultra-SCSI, RAID, or mirrored disk for the DNS server—Disk performance is critical to the DNS server. Because DNS server performance can be hampered by slow disk I/O, you should select servers with Ultra-SCSI disk, and choose the fastest disk RAID controller.
Use NOTIFY/IXFR—Secondary DNS servers can receive their data from the primary DNS server two ways: through a full zone transfer (AXFR) or through the NOTIFY/IXFR (incremental transfer) technology specified in RFCs 1995 and 1996. You should use NOTIFY/IXFR in environments in which the namespace is relatively dynamic. Using NOTIFY/IXFR reduces the number of records that must be transferred from the primary to the secondary servers. For more information about using NOTIFY, see the "Enabling NOTIFY" section.
Put backup servers on separate network segments—DNS servers are, by their very nature, redundant; however, to minimize client impact in the event of network failure, ensure that primary and secondary DNS servers are on separate network segments.

Special Configuration Cases

The following suggestions apply in some special cases:

Set DHCP renew times to a small value during Network reconfiguration—Several days prior to changes in network infrastructure (gateway router addresses, DNS server addresses, etc.), set the DHCP renew time to a relatively small value. A DHCP renew time of eight hours would ensure that all DHCP clients receive a changed DHCP Option parameter within one working day. (Set the dhcp-renewal-time option.) For information about setting the renewal time option, see the "Types of Policies" section.
Divide DNS and DHCP servers across multiple clusters for large deployments, when using dynamic DNS update—If you enable this feature, you should divide primary DNS and DHCP servers across two clusters, because dynamic DNS generates an additional load on Network Registrar servers.

Deployment Case Studies

The following cases suggest hardware and software deployment for two different types of sites: a small to medium local area network (LAN), and a large enterprise or service provider network.

Small to Medium Size LAN

In a small to medium size LAN, serving fewer than 15,000 DHCP clients, low-end Sun or NT servers are acceptable. You can also use systems with EIDE disk, although Ultra-SCSI disk is recommended for deployments that support dynamic DNS update. Figure 1-1 shows a configuration that would be adequate for this network.

NT recommendation: Single-processor Pentium 300 or better, NT Server 4.0, 128 MB RAM, 2 GB disk
Solaris recommendation: Sun Ultra 5S or better, Solaris 2.6 128 MB RAM, 2 GB disk

Figure 1-1: Deployment in a Small to Medium LAN

Large Enterprise and Service Provider Networks

In a large enterprise or service provider network serving over 150,000 DHCP clients, use high-end Sun or NT servers. Put DNS and DHCP servers on different systems. Select systems with Ultra-SCSI disk for your DNS servers. Figure 1-2 shows the hardware that would be adequate for this network.

NT recommendation: Dual-processor Pentium 400 or better, NT Server 4.0, 512 MB RAM, 2 GB Ultra-SCSI disk (10,000 RPM)
Solaris recommendation: Dual-processor Sun Netra 1400 or better, Solaris 2.6, 512 MB RAM, 2 GB Ultra-SCSI disk (10,000 RPM)

Figure 1-2: Deployment in a Large Enterprise or Service Provider Network

Documentation Road Map

The Cisco Network Registrar documentation set consists of the following books:

Network Registrar Installation Guide—Provides the steps to installing the Network Registrar software
Network Registrar User's Guide—Describes the features of the Network Registrar product, its protocol concepts, and how to use the command line interface (CLI) and graphical user interface (GUI) to configure and maintain the DNS and DHCP servers
Network Registrar CLI Reference Guide—A reference guide that describes all the nrcmd commands that are used to configure and maintain the DNS and DHCP servers
Network Registrar Release Notes—Provides release notes for the Network Registrar release

Table 1-2 lists the DNS features and the guides that contain information about them.

Table 1-2: Locations of DNS Features in Network Registrar Documentation

DNS Feature	User's Guide	CLI Reference Guide Command

Dynamic resource records, removing	Chapter 6	zone removeDynRR
Dynamic updates	Chapter 9	zone enable dynamic scope enable dynamic-dns
Incremental zone transfers (IXFRs)	Chapter 5	dns enable ixfr-enable
NOTIFY	Chapter 5	dns enable notify
Resolution exception list	Chapter 5	dns addException
Root-hint servers	Chapter 5	dns addRootHint
Round-robin, enabling	Chapter 5	dns enable round-robin
Server management notification	—	server DNS managed-by
Serial number retrieval	—	server DNS getSerialNumbers
Forwarding servers, adding	Chapter 5	dns addForwarder
Subnet sorting, enabling	Chapter 5	dns enable subnet-sorting
Subzones, hiding	Chapter 5	dns enable hide-subzones
Zone files, importing	Chapter 5	import

Table 1-3 lists the DHCP features and the books that contain information about them.

Table 1-3: Locations of DHCP Features in Documentation

DHCP Feature	User's Guide	CLI Reference Guide Command

All DHCP lease allocation methods	Chapter 7	lease
BOOTP and dynamic BOOTP	Chapter 8	scope enable bootp scope enable dynamic-bootp
Client class and client	Chapter 10	client-class, client
Custom options	Chapter 7	custom-option
Dynamic DNS updates	Chapter 9	zone enable dynamic
Extension points	—	Chapter 4, "Using Extension Points"
Failover	Chapter 11	dhcp enable failover scope set failover
Flexible name options	Chapter 10	client set host-name
LAN segmentation	—	scope lan-segment
LDAP directory support	Chapter 13	ldap
Lease utilization alerts	Chapter 8	lease-notification
Multiple network interfaces	Chapter 7	dhcp-interface
NetWare options	Appendix B	policy setOption
PING before offering leases	Chapter 8	scope ping-clients
Secondary subnets	Chapter 8	scope set primary
Serial number retrieval	—	server DHCP getSerialNumbers
Server management notification	—	server DHCP managed-by
Server switching (forwarding)	—	dhcp (the "DHCP Forwarding" subsection)

Table 1-4 lists the Network Registrar architecture features and the books that contain information about them.

Table 1-4: Locations of Network Registrar Architecture Features in Documentation

Architecture Feature	User's Guide	CLI Reference Guide

Reports and data exports	Chapter 3	export report lease-notification
SNMP notification	Appendix F	trap
Web browser reporting	Chapter 3	—

Table of Contents