On the surface, IP address management (IPAM) seems so straightforward. You simply place addresses on devices that are hosting services and ingress/egress traffic and then track these addresses.
I once heard an engineer compare IPAM to a city planning system, with houses, streets and cars representing devices, network layers and traffic. It seemed so orderly, so reasonable … and also entirely incomplete. Houses don't move around from lot to lot; developers don't build multiple streets to the same properties; homes have only one address; people don't transport phone calls in the trunks of cars; and the post office has never been an authoritative DHCP server.
How did we get too complex for IPAM?
The challenges of IPAM, like most problems in network management, developed over time as a natural side effect of network complexity and as smart engineers solved tough problems quickly and economically. IPAM started with small teams that had just a few dozen devices and were saving address details in text files. Then larger teams with segmented networks, and an eye toward routing and access control, upgraded to spreadsheets. Their success eventually invited the second wave: service concentration.
Once networks proved to be dependable, management rewarded that achievement by jamming every possible application onto that infrastructure to manage cost. Before long, engineers made their critical internal systems, external hosted application access, phone calls and more dependent on these address management systems.
On top of that, they threw in server and desktop virtualization along with random junky BYOD on guest networks, and the IPAM that once worked well became a management nightmare. Even the cleverest magic-macro equipped spreadsheet couldn't sort out the maze. Ultimately this lead to scope exhaustion, server IP dupes, unreliable DNS and unhappy users.Many of these IPAM problems grew out of the fact that there is rarely a fortuitous intersection between proactive engineering teams and IT directors with plenty of budget. Engineers have been eager to find creative solutions with minimal or no budget for IPAM, all while keeping everything working. They never denied that the Unavoidable Day of Reckoning would eventually dawn.
DNS, DHCP, IPAM (DDI): The answer to IPAM problems
DDI combines three IP address services with an integrated management approach to improve the reliability of networks and reduce the workload for the engineering team. What's more DDI tools offer IT management reporting and capacity planning for free -- a huge improvement over homebuilt solutions. Best of all, DDI is a fairly mature set of technologies with a broad range of solutions ranging from free tools to midsized network-optimized software to large enterprise appliance-based gear.
Make no mistake; DDI is still composed of individual parts that are flying in close formation, since the component technologies were developed independently with uneven capabilities for integration. But good DDI has a single point of monitoring and control that oversees provisioning DHCP scopes, management of address reservation, detection of unmanaged subnets and the healing of balky DNS into a cooperative DHCP partner. A great DDI solution is one that allows you to do this while migrating the management of every address in your organization without downtime and with minimal risk.
In the next installment of this series on network management and DDI, we'll explore different approaches, best practices and examples of products in different capability categories. In the meantime, walk into your manager's office and give your best we-have-a-problem sigh. Tell him you've been thinking it's time to add DDI to your IT bag of tricks.
Learn more about DNS, DHCP and IPAM
- Dynamic core network services: DNS and DHCP for virtualization
- An advanced switch port mapper: Solar Winds User Device Tracker
- Combining network configuration and IP address management tools
About the author: Patrick Hubbard is a head geek and senior technical product marketing manager at SolarWinds with 20 years of technical expertise and IT customer perspective. His networking management experience includes work with campus, data center, HA/DR and storage networks, as well as with VoIP/telepresence and VDI in both Fortune 500 companies and startups in high tech, transportation, financial services and telecom industries.
Patrick Hubbard asks:
Has your network grown too complex for basic IPAM?
0 ResponsesJoin the Discussion