Crunching the numbers

IP address management comes to the forefront as IT shops work to deliver more services and ensure their networks remain available and secure.

Will McGregor isn't an accountant, but still his job requires that he keep tabs on 20,000 numbers at once.

As a LAN network and security team member for Reuters in London, the numbers McGregor monitors are IP addresses, which represent more than 10,000 servers and network devices. According to McGregor, if the numbers don't match, customers simply don't get the IP services or applications they've requested from the media giant's network.

"You can't have any IP address conflicts because the IP services will eventually stop working. The routers won't know where to pass the packets to next, and that would be a complete disaster," he says. "IP address management is absolutely critical, and it just keeps getting more complex."

IP address management, the practice of maintaining an up-to-date repository of all IP addresses within any given network, historically has involved manual inventories and Excel-like spreadsheets that could be updated when new devices were added. But, according to Forrester Research, 25% of companies surveyed have moved beyond those rudimentary methods to internally developed apps. Another 20% use third-party tools to ease IP address management.

Several factors are driving IP address management from the back burner to a more prominent place on the IT to-do list.

  • Data center consolidation is sending more LAN applications over the Internet, which is driving efforts to better manage IP addresses within IT shops.

  • VoIP, by making phones an IP device, potentially doubles the number of IP addresses.

  • Security concerns in terms of network access and potential virus infection from unknown devices are forcing companies to better manage network access.

  • The demand to deliver QoS and applications to end users is pushing IT managers to more closely monitor IP addresses.

"We used to have lots of disparate networks, subnets, small groups of servers, and it wasn't organized, but now we're centrally managing it all at this data center," McGregor says. "It's a much more complex map of what is there and what needs to talk to each other, to the Internet and to servers on the other side of the Internet."

A number of vendors, including Cisco, Incognito, INS, Lucent, MetaInfo, Nominum, Nortel and ApplianSys, are shipping tools to help network managers maintain an inventory of the IP addresses in their network, subnets, virtual LANs and more. Using either software installed on a server or bundled on an appliance, IP address management products are designed to keep an up-to-date inventory of the network addresses in use. Some products simply serve as a repository for data that must be manually updated by network engineers, while other products claim to dynamically discover new devices, collect IP address information from them and ensure there is no duplication.

"The evolution and adoption of IP address management processes and tools has taken much longer than one would expect," says Thomas Mendel, a principal analyst with Forrester. "There will be a significant uptake in this area in 2005 and 2006 because IT managers have to continue to deliver services as the number of addresses escalates. Products can help."

IP by the numbers

An IP address has two parts, the identifier of the network and an identifier of the device, so a complete IP address needs both the unique network number and host number. "Like a post office, you look at the ZIP code first, not the local address. In a network, get the packet close to the destination based on a summarized route and let the local routers deliver it," says one network manager at a healthcare provider in New York. "IP address management significantly reduces management and troubleshooting time by being able to quickly look at problems and immediately know where to look."

But IP management is more than tracking numbers; it also requires matching and passing numbers out to users via DNS and DHCP. DNS serves as a phone book of sorts, matching up numbers with names. For example, a DNS server would align the names of objects, such as a server, into the numeric IP address associated with the name. And a DHCP server is used to automatically assign TCP/IP settings to clients. IP addresses come from a pool defined in the DHCP server's database, and the server grants the IP address for a specified amount of time, called a lease.

According to a recent INS survey of some 190 IT professionals, as the need for IP address management continues to grow so does the complexity of IP networks (see graphic). The survey revealed that not only does managing thousands of IP addresses pose multiple challenges to network managers, but also the cost and complexity of putting vendor products in place represents a barrier to more than 40% of IT shops surveyed. Close to 50% of respondents also said other IT projects take priority over IP address management.

USC remains old school

"USC is a big network, with about 65,000 addresses that are not all located in one building, but across 200 locations," says James Wiedel, director of networking at the University of Southern California in Los Angeles. "So without managing them, it would get pretty messy very quickly."

The practice of doling out IP addresses within a specific range, ensuring there is no duplication, timing out addresses for temporary use and simply keeping track of thousands of devices has always been important. But in essence, as networks grow more complex and more companies deliver IP services over the Internet, the demands of IP address management will overwhelm network engineers in charge of keeping traffic flowing to and from multiple addresses.

James WiedelWiedel uses the old-school system of spreadsheets to keep track of IP addresses, but says he still runs into problems, such as timed-out addresses. He explains that being a university his team often allocates addresses, but isn't aware of when those addresses become unused.

"We, as a central administration, do not find out that the old machine is permanently gone from the network until we look for [media access control] addresses that haven't been used in months," he says. "We are in the process of revamping our network with a new range of IP addresses and are planning to find nice big holes in the old range that can ultimately be collected and reused."

Representatives from Nortel and MetaInfo say vendor products also can keep a tally of timed-out addresses, as Wiedel detailed, to ensure "chunks of addresses don't go unused." The vendors also can help IT shops manage DNS and DHCP servers, in relation to IP address management.

Reuters opts for Optivity

Unlike Wiedel, Reuters' McGregor depends upon vendor tools to manage IP addresses. He uses Nortel's Optivity NetID to stay on top of addresses, but says he will be requesting more auto-discovery capabilities and intelligent correlation. For example, one server could have four interfaces, which requires four IP addresses. Currently, McGregor must manually enter duplicate information, such as the machine location, serial number and so on, for each interface. He says the practice is time-consuming and represents more opportunities for errors.

"I'd like to see more automation in the product. Right now, it prompts me for the same information that I already entered under a different IP address. To me, that makes too much room for error," McGregor says. "I'd also like to see a 'manager of managers' and decide if Reuters should continue to manage its IP addresses regionally or if we should install a global system."

Forrester's Mendel agrees. He says vendor tools simply don't measure up to enterprise company requirements.

"A lot of the technology out there is 10 to 15 years old, and many enterprise companies don't have proper processes in place," Mendel says.

Vendors need to incorporate auto-discovery features, Mendel says, to ensure the repetitive data entry that McGregor mentions doesn't result in errors and ultimately routing failures. According to Forrester, 15% of overall downtime in companies is caused by network problems. The research firm attributes the majority of that time to manual errors in configuring and changing DNS and DHCP servers.

While vendors work on their wares, Mendel advises IT managers to take a look at their processes to ensure they have a proper handle on IP address management. He says the growing adoption of the best practices in the Information Technology Infrastructure Library will help, Reuters' McGregor agrees.

"To really get the most of out vendor products, network managers have to plan the use of their address space really well in advance. There has to be an idea of having contiguous address space for your network," he says.

Address overload

Learn more about this topic

NAT (network address translation)

IPv6 product testing needed, experts say


IPv6 expert sees adoption growing . . . slowly


IPv6 features pass industry muster


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)