IP Address Management  I   Domain Name Service   I   Dynamic Host Configuration Protocol   I   Network Access Control   I   Laptop Security   I   Port Asset Management
World Class Networking Solutions
Home | Resources

DNS/DHCP & IP Manangement Technical Overview

DHCP

Dynamic Host Configuration Protocol (DHCP) is a protocol used by network devices to obtain unique IP address, default router, subnet mask and IP addresses for DNS servers from DHCP server. This protocol is used when computers are attached to a network because these settings are necessary for the host to participate in the network. This setting is periodically refreshed with typical intervals ranging from one hour to several months.

The DHCP server ensures that all IP addresses are unique, i.e. no IP address is assigned to a second client while the first client's assignment is valid (its lease has not expired). Thus IP address pool management is done by the server and not by a human network administrator.

The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default routers, and other IP parameters. The assignment usually occurs when the DHCP configured machine boots up or regains connectivity to the network. The DHCP client sends out a query requesting a response from a DHCP server. The DHCP server then replies to the client with its assigned IP address, subnet mask, DNS server and default gateway information.

The assignment of the IP address usually expires after a predetermined period of time, at which point the DHCP client and server renegotiate a new IP address from the server's predefined pool of addresses. Configuring firewall rules to accommodate access from machines who receive their IP addresses via DHCP is therefore more difficult because the remote IP address will vary from time to time. Administrators must usually allow access to the entire remote DHCP subnet for a particular TCP/UDP port.

DHCP is a broadcast based protocol. As with other types of broadcast traffic, it does not cross a router unless specifically configured to do so. This is achieved through enabling the router's "IP Helper" function.

Back to top

 

DNS

Domain Name Service (DNS), though typically invisible to the user, is the most fundamental tool associated with use of the Internet. The Internet uses the IP protocol and all IP traffic must have a source host address and a destination host address in the form of 207.193.0.0. Unfortunately, these addresses are extremely cumbersome and nearly impossible to remember.

The function of DNS is to map the required IP addresses into more user friendly, easy to remember host names. For example, the IP address of the n3k webserver is 85.165.30.200, but its associated host name is www.n3k.co.uk. DNS allows users to document the correlation between their IP addresses and host names. Each company is responsible for documenting the correlation between their own IP addresses and host names. This information is then propagated to other DNS servers all over the world. Everyone on the Internet relies on this mapping to easily access hosts and resources.

Also since hosts at a specific site are associated with a specific IP network address, all hosts at that site can be grouped together into a single domain. In this way, many Internet sites can reuse a host name such as "www", as long as they each belong to different domains. To clarify, www.n3k.co.uk does not correspond to the same IP address as www.n3k.com, one or more hosts running specialised software provide the DNS for a particular site; these hosts are commonly referred to as name servers or domain name servers. These mostly run the open source version of DNS server software developed by the Internet Software Consortium (ISC).

The DNS system provides more functionality than simply mapping a name to an IP address, but these additional functions generally allow for hosts to route communications rather than human use. For example information is stored in DNS that enable the routing of email messages between organisations. Or in the internal network DNS is used by workstations to locate their local domain controller in order that the user can authenticate himself.

Back to top

 

Domain Name

The unique name that identifies an Internet site or host. Domain Names always have 2 or more parts, separated by dots eg n3k.co.uk or www.n3k.com. The part on the left is the most specific, and the part on the right is the most general. A given machine may have more than one Domain Name.

Back to top

 

ENUM

ENUM is the convergence of Public Switched Telephone Networks (PSTN) to Internet Protocol (IP) Networks - in other words, the mapping of telephone numbers to domain names using a Domain Name System (DNS) based architecture. ENUM helps to facilitate such services as Voice over IP (VoIP), and allows network elements to find services on the Internet using only a telephone number.

ENUM provides a user with a domain name on an E.164 DNS server in order to associate a common international telephone number with a Universal Resource Indicator (URI) and provide other DNS-related services.

The ITU ENUM allocates a specific zone, namely "e164.arpa" for use with E.164 numbers. Any phone number, such as +44 1256 303700 can be transformed into a hostname by reversing the numbers, separating them with dots and adding the e164.arpa suffix thus: 0.0.7.3.0.3.6.5.2.1.4.4.e164.arpa

DNS can then be used to look up Internet addresses for services such as SIP VoIP telephony. NAPTR records are used to 'translate' E.164 addresses to SIP addresses for example.

Back to top

 

IPAM

IP addresses are one of the most critical assets that need to be managed in any corporate network. Having easy access to information such as which IP addresses are in use, where and when they were allocated, which devices they were assigned to, and who is using them is critical to eliminating conflicts and network outages, tracking critical assets, ensuring network security, troubleshooting network problems, and enabling regulatory compliance.

Broadly speaking IP Address Management (IPAM) encompasses three interrelated operational functions.

The management of the IP address space itself. Dividing blocks into subnets which are distributed throughout the organisation and subsequently managing the allocation of individual addresses within these subnets. Large organisations may delegate management of these subnets to local administrators who have been given restricted access within the IPAM tool.

Providing resilient DHCP services and provisioning those servers with IP address ranges and other parameters required by DHCP clients for operation on the network.

Configuring DNS servers and adding entries mapping the name of each node on the network to and IP address and vice versa.

Each of these functions is crucial to the operation of the network and underpins provision of business critical applications such as email, SAP, Oracle, trading services and so on.

In addition an IPAM system will maintain an audit trail of administrator adds/moves/changes as well as DHCP address allocations. This information is vital if an organisation is going to meet the current compliance regulations or simply comply with the requirements of good corporate governance.

Back to top

 

IPv6

IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4").

Most of today's Internet and internal corporate networks use IPv4, which is now over 25 years old. IPv4 has proved to be remarkably resilient in spite of its age, but it is beginning to have problems and its limitations are becoming apparent as more complex services are rolled out to users on the corporate network.

IPv6 was designed to take an evolutionary step from IPv4. It was not a design goal to take a radical step away from IPv4. Functions which work in IPv4 were kept in IPv6. Functions which didn't work were removed. The changes from IPv4 to IPv6 fall primarily into the following categories:

  • Expanded routing and addressing capabilities. By using a 128 bit address rather than the 32 bits available to IPv4 the address space offered is extremely large. In a theoretical sense this is approximately 665,570,793,348,866,943,898,599 addresses per square metre of the surface of the planet Earth. In more practical terms the assignment and routing of addresses requires the creation of hierarchies which reduces the efficiency of the usage of the address space. However, even the most pessimistic estimate would still provide 1,564 addresses for each square meter of the surface of the planet.
    A new type of address called a "anycast address" is defined, to identify sets of nodes where a packet sent to an anycast address is delivered to one of the nodes. The use of anycast addresses in the IPv6 source route allows nodes to control the path which their traffic flows.
  • Header format simplification. Some IPv4 header fields have been dropped or made optional, to reduce the common-case processing cost of packet handling and to keep the bandwidth cost of the IPv6 header as low as possible despite the increased size of the addresses. Even though the IPv6 addresses are four time longer than the IPv4 addresses, the IPv6 header is only twice the size of the IPv4 header.
  • Improved support for options. Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future.
  • Quality-of-Service (QoS) capabilities. A new capability is added to enable the labelling of packets belonging to particular traffic "flows" for which the sender requests special handling, such as non-default quality of service or "real- time" service.
  • Authentication and privacy capabilities. IPv6 includes the definition of extensions which provide support for authentication, data integrity, and confidentiality. This is included as a basic element of IPv6 and will be included in all implementations.

Back to top