Network Management Strategies for the CIO
Almost all large networks run DHCP in order to manage a pool of addresses efficiently. Although there are good reasons to use dynamic IP addresses when you have a large group of systems chasing a smaller number of IP addresses, there are times when it doesn't really make sense to use dynamic addresses even if you can. If your network has some critical servers such as a domain server, firewall or proxy server, and DNS or DHCP server, it may make more sense to give these servers static addresses (what Microsoft calls permanent leases). Doing so make them easier to find, easier to use in configuration files, and simplifies and speeds up many network operations.
You shouldn't use static addresses when you have a large number of servers chasing a small number of addresses, but for your critical network services static addresses make sense. Take for example a Remote Access Server that provides external connectivity to your network using a managed pool of modem ports. You certainly want to use dynamic addressing to manage those ports, since there will be times when some are used and the remaining number of addresses can remain in the pool for other uses.
One means of separating out systems based on addressing is to use scoping to separate static addresses from dynamic ones. For an internal private network such as 192.168.1.1 to 192.168.1.255 you might keep the first 25 address outside the dynamic part of the pool and assign them to static addresses. It's a good idea
Requires Free Membership to View
to have a logical progression to your static numbers, if only to aid in remembering server addresses. For example, the network gateway IP is often given the first number (e.g. 192.168.1.1) since that is probably the most commonly referred to network address. The second address might be your domain controller; the third address could be your wireless gateway or access point, and so forth. At the top end of your static range should be your application servers with the least important ones being the highest number.
One of the advantages of static addresses is that important network services are not provided from a dynamic range, making it harder for a rogue system to penetrate your network using automated methods. (It is still possible to manually enter the IP address however.). Dynamic IP addresses can be secured from modifying important network services by a policy, and additional security can be applied to that group since the dynamic range is a known set of values.
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in June 2003
Join the conversationComment
Share
Comments
Results
Contribute to the conversation