Increased network performance and availability, standards and expectations are pushing organizations to reassess their IP address management, said Info-Tech Research Group analyst Jayanth Angl.
“Today, there are, in most organizations, elevated standards for network performance with wireless LANS, IP telephony, with new mission-critical applications running over the IP network. There are simply greater business dependencies on the IP network that is requiring organizations to ensure that IP address assignment services like DHCP/DNS are running smoothly and are highly available,” he said.
The greater number of IP advices that must be supported is another factor, said Angl. “IP phones, security cameras, wireless handsets — there’s just simply more devices today that are leveraging the IP networks and require IP addresses.”
Regulatory compliance, whether to fulfil a compliance regulation or for security and auditing purposes, is also a growing concern for IP address management in the enterprise space, he added.
Universities face similar concerns. “Just think of a university as a large corporation,” said Michael Hyatt, CEO and co-founder of Toronto-based BlueCat Networks. “The problem is they have just so many end users — being the students — in one way that they have so much to control…running an IP network for a school has a lot to do with control and provisioning.”
Avant-garde in their approach, universities have some of the toughest networks around, said Hyatt. “We like to call them cowboy networks…because they’re a bit about the wild west…usually they need pretty good technology quite early.” The University of Windsor, Lakehead University, Northern Alberta Institute of Technology and the University of Calgary have all incorporated BlueCat’s IPAM technology into their networks.
Distributed management is a serious issue for university campuses, said University of Calgary network analyst Dean Berschl. “You take math and statistics and you give them a number of blocks of IP addresses. You give a couple to Geology. You give some to Physics and so on. Eventually, you run out of addresses, even though you haven’t run out of addresses…because they get lost over time if people are just tracking them in a paper fashion. You’re not quite sure what they’ve done with their addresses and you sort of hope they’re running an IP service that allows their users to get addresses properly. So when you try and reacquire all those addresses, the distributed management is the biggest headache, in my opinion.”
On a year-by-year basis, U Calgary sees roughly 10 per cent growth in IP addresses, said Berschl. But introducing a new technology on campus can lead to a jump of 50 per cent in one year. “A couple years ago, we rolled out wireless technology on campus. That added approximately 5,000 to 6,000 addresses in one fell swoop at that point in time. We’re in the midst of rolling out VoIP technology over the next several years, which will add upwards of 12,000 or more addresses to a pool of about 12,000 that we already use.”
Two and a half years ago, U Calgary introduced BlueCat’s Adonis DNS/DHCP appliances to the network. Adonis works in a hub-and-spoke fashion with BlueCat’s Proteus IP address management solution. BlueCat actively manages 65,000 addresses for the university, which operates at a Class C. Twelve thousand are actively used, said Berschl. Students returning to campus this fall will add another 6,000 active addresses to the network.
U Calgary selected BlueCat’s solutions for two reasons, said Berschl. “No. 1, the BlueCats are appliance-based. They’re very easy to get going, very easy to manage… The distributed administration facility was another key one for us. Although we run all the IP addresses centrally, their actual deployment is distributed.”
“The main success is that we’ve been able to move forward in functionality that we never had before,” Berschl continued. “Before that, we never had the ability to allow distributed groups to view the IP database. We always just had to take their word for it. Now, we can see it centrally and yet they can access it de-centrally. We have increased the stability of the IP structure, I think, considerably. It doesn’t require a lot of babysitting.”
In the past, U Calgary used Microsoft’s DHCP services to hand out the addresses and a combination of database text files for managing static addresses and registrations that were given out without the use of DHCP, said Berschl.
“We’re effectively moving into a new paradigm on the Internet, where, on one hand we’re running out of IP addresses in the IPv4 space…and at the same time, we’re trying to figure a way to manage those IP addresses because companies are going from thousands to tens of thousands to hundreds of thousands of these addresses,” said Hyatt.
According to Angl, the main problem enterprises face is managing the numbers. “Typically, it’s not really any issue of running out of addresses. It’s more, how effectively can you assign addresses to different devices, different groups, different departments…I see it as another layer of complexity rather than, ‘Okay, I have 1,000 IP addresses and 1,000 devices. Let’s just put them all together.’ That’s really not an effective way to manage the address space you have.”
As networks grow more complex, Angl suggested segmenting the address range into groups. “For example, have IP phones on a separate virtual LAN, have PCs somewhere else, servers have their own block, so the more devices you add, the more different security groups you add…providing access for contractors which would be separate from your basic corporate network. All these different types of configurations that are more common today also then put additional demands on how effectively the organization manages its IP addresses.”
“The biggest mistake that everybody is making is not taking the whole idea seriously enough,” said Berschl. “It’s one of those functions like DNS name resolution. It’s a function that people think just works. Unless you’ve got somebody on the back end who knows what they’re doing and actually sets it up correctly for you, you’re eventually going to get into a headache situation where you can’t track your IP addresses.”
“We have two types of clients. Ones that actually get it and say, ‘Okay, here comes the looming tsunami,’ and the other ones that say, ‘Wow, we just ran out of IP addresses and we’re essentially down,’” said Hyatt. “The biggest mistake I think we see is one that says, ‘Can you come in here tomorrow and get an IP address management in here…we’ve obviously screwed up our DNS and nothing’s working and I’m gonna lose my job.’”