IP address management grows up

When the Atlanta Journal-Constitution needed to share stories, photos and other editorial content with 15 sister publications in the Cox Newspaper chain, network engineer Layne Meier didn't look into updated WAN technologies. Instead, he set out to upgrade all the locations to his IP address-management system.

"We are the largest newspaper, and we have a WAN in which we share stories with other papers," Meier said. "But we had instances where corporate had upgraded its servers to [Berkeley Internet Name Domain] 8 or 9, and some still had Novell NetWare BIND, and no one could administer that remotely -- so some sites couldn't access the content without a lot of hassle and delay, which just doesn't fly in the newspaper business."

By installing MetaInfo's IP address-management software on one server and using another server for DNS and DHCP software, not only did he better secure remote locations, but he also made it possible for multiple sites to share content more easily. While the local administrators manage the DNS and DHCP servers, staffers at other sites can pluck content from them because the systems now align and the IP addresses sync up. And Meier gets the 50,000-foot view of all the locations via his MetaInfo interface.

"Every device needs an IP address in order to communicate, and you have to manage those efficiently to keep network services available," he said.

In fact, IP address management -- long an IT task pushed to the back burner and typically performed disparately with free tools -- is getting more attention at companies looking to better secure and manage their networks. For instance, DNS is the network function that translates domain names such as www.networkworld.com into an IP address like 65.214.57.165. If DNS doesn't work properly, a user wouldn't gain access to the Web site, and that would become a perceived network failure.

Vendors such as Blue Cat Networks, Cisco Systems Inc., eTelemetry, Infoblox, INS, Lucent Technologies, MetaInfo and Nortel Networks offer products that promise to help customers maintain an inventory of the IP addresses in their network, virtual LANs (VLAN) and more. Using either software installed on a server or bundled on an appliance, IP address-management products are designed to keep an up-to-date inventory of the network addresses in use. Some products simply serve as a repository for data that must be updated manually by network engineers, while other products are said to dynamically discover new devices, collect IP address information from them and make sure there is no duplication. Products today also typically use BIND 9, a more secure version of the protocol that includes features to prevent security issues, such as DNS cache poisoning or viruses, from bringing down enterprise DNS and DHCP servers.

"It's an absolutely scary proposition that many folks in IT that would never think of using Microsoft Access as an enterprise database are using the version of DNS and DHCP that came free with Windows," said Daniel Golding, a senior analyst with Burton Group. "That is not a slap at Microsoft, but the company designed the free software for small businesses, so it doesn't have the security and scalability features enterprise IT shops need when managing thousands of IP addresses."

Golding said security incidents, availability problems or time-consuming manual processes have many customers looking for an easier way to manage their blocks of IP addresses. Going forward, vendors are rolling out appliances that can handle more IP addresses across multiple platforms and operating systems, and building their wares to more quickly associate an IP address with a user.

For instance, instead of getting a report saying a certain address is assigned to a device, technology from eTelemetry can report an IP address as John Doe's workstation or the edge router at a redundant data center.

"People are waking up and noticing their legacy systems are antiquated and just not keeping up with the allocation of new addresses," Golding said. "Now they want low-cost and low-maintenance products to get a handle on IP addresses."

In Meier's case, he started using MetaInfo in 1999, when Macintosh computers made it difficult for his staff to manage about half of its 2,000 IP addresses with automated processes. The free software Microsoft provided with PCs didn't support the Apple operating system, which remains popular among artists and designers, and continues to be used in many publications.

"Our Macs became an administrative nightmare, because we had to manually manage those addresses, while the PCs on the business side we could do automatically," Meier said. "If you can't track that information automatically, you are lost in terms of how many addresses you actually have, what devices are on your network and what the users are doing with the devices -- like going to inappropriate Web sites."

VoIP led Bruce Bartolf, CTO at architectural firm Gensler in San Francisco, to begin the process of rolling out more than 30 Infoblox-1200 appliances to distributed offices. Bartolf says he opted for IP address-management appliances to let his network handle DHCP and Trivial File Transfer Protocol (TFTP) in an efficient manner -- without adding Windows servers at each location. In Bartolf's Avaya voice rollout, the IP phones need to identify themselves with the DHCP server as well as the call manager server, which is where TFTP comes into play. Many VoIP phones use TFTP to download configuration files.

"We already have a bunch of Windows servers out there, but I wanted to keep my telephony network as separate as possible across the WAN," he said. "InfoBlox appliances offer a simpler option."

With about 4,000 IP addresses, and expectations that the number will at least double when the IP phones are in place, Bartolf said IP address-management tools will speed the DHCP service deployment to all locations.

"Considering the many remote locations, I didn't want to have to open up ports so the IP phones could TFTP to call managers. I wanted to take that out of the hands of the sites without remote administrators," Bartolf said.

Tracie Lang, network engineer in the Telecom Technical Support/EITS group at Rohm and Haas, said the specialty chemical company in Philadelphia outgrew the software it had and wanted to take the appliance route. She began working with INS' IPControl product about nine months ago to get some 30,000 addresses under control. Using an appliance over software, she said, enabled her to train many IT staffers to manage their own parts of the network, while also keeping high-level tabs on IP addresses.

"DNS is integral to every midsize or large network, many products simply won't function without it," Lang said. "For networks, DNS is a service like electricity and the lights. It has to be there and it has to work, and no issues crop up if it is managed properly."

This story, "IP address management grows up" was originally published by Network World.

Copyright © 2006 IDG Communications, Inc.

  
Shop Tech Products at Amazon