InformationWeek

September 8, 1997

Manage IP Moves

Tools let companies track IP addresses, automate network configuration

By Kelly Jackson Higgins

ntranets have improved life in many ways, but one difficulty remains. Every time a workstation or server joins or moves around the IP network, somebody from IT has to manually configure it. This process can take a half-hour or more for each desktop, and it adds the risk of human error.

When you start adding thousands more IP addresses to the mix, assigning and managing IP addresses by hand becomes a nightmare. Many companies with big, growing IP networks are considering or deploying IP-address-management tools with the Dynamic Host Configuration Protocol, a not-so-new but increasingly popular way of doling out and tracking IP addresses in an organization. Among the DHCP-based add ress-management tools available are American Internet's Network Registrar, Bay Networks' NetID, MetaInfo Inc.'s MetaIP, and Quadritek Systems' QIP Management System.

While there are still questions about the scalability and security of DHCP tools, companies are also looking at them to automate another piece of their IP-address infrastructure-their Domain Name System servers. DNS servers house a listing of recognizable names for workstations and other nodes with their cryptic-looking IP addresses. They contain information such as which nodes and addresses are active and where they are located on the network. But updating DNS servers is a manual process. IP-address-management tools, however, contain proprietary hooks between DHCP and DNS so that any changes in IP addresses also get registered in the DNS server.

All businesses want is a chance to trash those bulging spiral notebooks and packed spreadsheets full of IP-address assignments. DHCP allows this: A workstation with an operating system that spea ks DHCP-Windows 95 comes packaged with it, for instance-automatically gets an IP address from the DHCP server each time it logs on.

Also, DHCP leases out IP addresses; this means a user isn't tied to a particular address, and businesses can continuously recycle their address pools.

Take DuPont Co. in Wilmington, Del., whose IP addresses grew by about 83% in 1996-from 35,000 addresses to 65,000-when the company's Internet and intranet use took off. "It caused such significant growth in IP addresses that we could not keep up with and manage our address space," says Mike Kruck, now a consultant for global computing and telecommunications systems for Computer Sciences Corp. in El Segundo, Calif., which runs DuPont's IT operations. Kruck, formerly a member of DuPont's IT staff, says CSC administers more than 65,000 IP addresses in DuPont's network.

DuPont's method of manually assigning static IP addresses-ones that are location specific-cramped the style of many traveling users. "Our mobile users want ed to be the same IP user wherever they were," says Kruck. When a user from the Wilmington office went out of town, for instance, his or her remote-access connection had a different look and feel.

So late this year and early next, Du-Pont will begin adding DHCP servers running QIP that automatically assign devices an IP address each time the user logs on to the network. That way, even mobile users feel as though they're logging on from their offices, no matter where they are.

Conserving IP addresses isn't as crucial for DuPont-which has a long way to go before it depletes its supply-as it is for Mack Trucks Inc. The Allentown, Pa., company has about 6,000 IP addresses on its network now and is starting to add its truck dealers to the Mack IP network. This will let those dealers buy and sell parts and check on the status of their truck orders via the Web.

The truckmaker's current method of manually assigning static IP addresses makes it tough to track and reuse them. Once more users are online, manual management would be downright wasteful.

For example, when older 386 PCs are taken out of use, there is no simple way to reclaim their IP addresses, says John O'Connell, senior communications analyst for Mack. "I have to poll the network looking for IP addresses that do not respond, then wait two or three weeks and poll them again to make sure the addresses are not being used," says O'Connell. "If they are not, then we can reclaim them for future deployment."

Mack is testing the DHCP piece of Quadritek's IP-address-management software, which not only will automatically assign and recycle IP addresses, but also will work with Mack's existing DNS servers. That will eliminate the need for IT staff to log on to a DNS server to pluck out an IP addr ess for a new PC. "We are looking at having DHCP give an IP address to a PC, in turn updating the DNS machine so it knows who has this IP address now," says O'Connell.

The Internet Engineering Task Force is working on a standard for Dynamic DNS, which would make this an automated process. Until that standard is ready, businesses such as Mack are relying on proprietary hooks between DHCP and DNS servers that are available with products like QIP.

Once the Dynamic DNS standard is complete, it will probably be incorporated into these products. "There's a lot of pressure for the IETF DNS working group to get Dynamic DNS going," says Ralph Droms, chair of the IETF Dynamic Host Configuration working group and professor of computer science at Bucknell University in Lewisburg, Pa.

Even companies new to IP networks want to conserve their IP addresses. Green Tree Financial Corp., a St. Paul, Minn., financial services company, has about 1,500 IP addresses for its 1,700-plus PCs. The company is converti ng its address management from an Excel spreadsheet and handwritten log to a DHCP server using Bay's NetID software. "When people moved, no one crossed out the old address in the bookkeeping, so we thought certain addresses were being used and that we had run out of addresses," says Joel Wilhelm, network infrastructure developer for Green Tree, which has a 2-1/2-year-old IP network.

Green Tree has a limited number of IP addresses, anyway. "DHCP lets you use only what you have to have," says Wilhelm. "If you're not logged in, you're not using the address and taking up space."

DHCP typically reassigns a workstation the same IP address each time. "The next time you fire up the machine, it asks for the address you had before," says Wilhelm. "If you were on vacation for two weeks, someone else might have grabbed it, though."

It's also simpler to keep the same IP address. Steve Van Beaver, VP of customer care and operations for Media One, a Boston Web-TV provider, says he tries to keep its IP addresses fairly consistent because most of the nodes are Web sites for its customers. "For Web hosting, it's easier to have one IP address," he says.

But no one knows for sure whether DHCP-based software can hold up as the network scales up, nor whether it will be secure. "We've wondered a lot about scalability," says Allen Householder, senior network analyst with Eli Lilly & Co. in Indianapolis. "With as many IP addresses as we have, and given that we are pretty centralized, what happens Monday morning when the machines need IP addresses and the DHCP server is down?"

Householder says the option of spreading DHCP servers around the network might remedy that, but it would slow down the addressing process. "We need to have DHCP running on a small number of really reliable servers," he says.

Security is a big question mark as well. There's no way for a DHCP server to know that a PC requesting an IP address is really who it says it is. That could be a problem when a PC from outside the corporate firewall asks for an IP address, says Dave Kosiur, a senior analyst with Decisys, a consulting firm in Sterling, Va. "A firewall is configured to allow access based on an IP address. If an IP address is changing because you are logging on and off the network and you get a new address each time, the firewall may not know who you are," says Kosiur. Or even more dangerous, an unauthorized user may now have that IP address. One way to get around that is to set a range of IP addresses that the DHCP server must use for certain groups of users, he says.

Adding to the confusion, there are several related technologies on the horizon that look a lot like DHCP, such as the IETF's Mobile IP and the next-generation protocol IP Version 6. Mobile IP lets a user in the midst of a download continue the session uninterrupted even after unplugging his or her notebook computer and logging back on from another subnet across campus. With DHCP, however, users must start a session over again every time they log off.

The key difference be tween Mobile IP and DHCP is that DHCP does more than give users some flexible mobility. Aside from recycling IP addresses, it also informs a PC how to get to its closest router. The two technologies will likely work together, says Charles Perkins, a senior staff engineer for Sun Microsystems who helped develop Mobile IP as well as IPv6.

IPv6 will come with an auto-configuration feature of its own that works similarly to DHCP. Unlike DHCP, however, IPv6 will "bind" an IP address to a hardware address, so that when a PC joins an IP network, IPv6 automatically finds the information it needs to connect, such as the IP and router addresses. There won't be any logging on and off as there is with DHCP, and no there's need for a central database of IP addresses. But it is unclear whether IPv6 will work with or without DHCP, and whether IPv6 itself will take off anytime soon.

The confusion surrounding IPv6 initially kept companies like Eli Lilly from going with DHCP. "One of the reasons we didn't run out with DHCP right away was because it hit at the time IPv6 was announced," says Householder. But with IPv6 not coming along fast, Eli Lilly has since opted for DHCP.

As it is at Eli Lilly, IPv6 is on hold in most companies-if it's under consideration at all-and DHCP-based software is the solution of choice. But DHCP is only part of the IP-address-management picture. Look for these products to be combined with directory technologies such as the Lightweight Directory Access Protocol: American Internet, for instance, is working with MediaOne to tie IP addresses into a common network directory based on LDAP. This step will further automate IP addressing. According to MediaOne's Van Beaver, it "will automate the entire service-provisioning process."

Back to News in Review