Lucent edges MetaInfo in IP address management test

VitalQIP is fast and scalable, Meta IP offers security and useful reports and ApplianSys' DNSBox 300 is an easy-to-deploy plug-and-play device.

NW Clear Choice TestWhen your company's IP address list begins to rival the Manhattan phone book, it's time for a serious IP address management tool. Dealing with a growing and rapidly changing population of IP addresses is a tedious and dismal chore, especially if you're assigning client addresses with the old-fashioned static IP address approach, using a spreadsheet or piece of paper, or if you're manually juggling multiple Domain Name Server and Dynamic Host Configuration Protocol servers to track and lease addresses.

DNS and DHCP services included with Windows Server 2000 or 2003 are an option, but you might need better performance (quicker DHCP IP address lease responses and DNS name resolutions than Windows delivers) or higher security. For example, Windows DNS services don't support encrypted zone transfer and update features like most non-Windows DNS server products do.


Appliance factor

How we did it


We invited several IP address management tools to our Alabama lab for testing. MetaInfo (Meta IP Enterprise 5.6 and SA-500 DNS/DHCP appliance), ApplianSys (DNSBox 300 and DNSBox 100) and Lucent (VitalQIP 6.1 with Service Pack 1) accepted our invitations. Other vendors declined to have their products evaluated (see How we did it, below).

Our tests aimed to find a tool that could flexibly and efficiently assign IP addresses to all our IP devices, centrally manage all the address information across a corporation, quickly and effortlessly equate host names with IP addresses, scale well, be intuitive to use and be pervasively platform-neutral. The tool also should have useful reports and integrate with custom-written applications, cooperate with Active Directory, be Lightweight Directory Access Protocol (LDAP)-aware and robustly deal with badly formed or non-compliant DHCP requests. The system also needed to be highly fault-tolerant and enforce security to help keep hackers at bay.

Lucent's VitalQIP wins our Clear Choice Award, but just by a whisker. VitalQIP gave us fast performance, scalability, feature-rich options for dealing with IP addresses and an intuitive user interface. The software is an enterprise-ready tool to organize and manage virtually any set of IP addresses, no matter how large or complex. MetaInfo's Meta IP Enterprise has excellent security and reporting features, while ApplianSys' DNSBox units are easily installed plug-and-play DNS/DHCP appliances.

IP Management 101

We were highly impressed with VitalQIP's ability to discover, manage and administer a complete picture of IP addresses across an entire corporate infrastructure, including all the DNS, BOOTP and DHCP servers across all networks and subnets. VitalQIP maintained a device profile for every IP address and accurately tracked the status of each address - such as used, unused, reserved, pending a move or available.

VitalQIP includes an enterprise server, remote server, Web client interface, GUI client and distributed services. It works with either a Sybase or Oracle relational database to store the IP address data, configuration settings and event data. Lucent bundles Sybase Adaptive Server with VitalQIP.

The remote server component includes a DHCP server, DNS server, Microsoft DHCP support, IBM DHCP support and a DNS update service. Unlike Meta IP, the product does not yet support IPv6.

The system's IP Node Discovery feature did a credible and accurate job of surveying our network to locate and identify ranges of IP addresses currently in use. Running in the background unobtrusively, IP Node Discovery on a large network can even reveal the use of IP address ranges you didn't even know were on your network. When we configured VitalQIP to integrate with Active Directory, it found our Active Directory tree, and thereafter it quietly but effectively kept Active Directory aware of our IP addressing schemes and assignments.

Meta IP screenshot

We liked that VitalQIP and Meta IP support the relatively recent updates to RFCs 3396 (Long Options Support), 3442 (Classless Static Route Option) and 3397 (Domain Search). VitalQIP also supports DHCP Option 82 information.

Meta IP uses a three-tier architecture of a management console, manager server and BIND-based DNS/DHCP services. The management console provides the user interface, and the manager server is Meta IP's LDAP-based repository for IP address configuration data and address pools. In our tests, the manager server and DNS/

DHCP services ran on the SA-500 appliance, while the management console ran on Win 2000 Advanced Server. MetaInfo says these functions also can run on Windows and Unix.

To enhance uptime and availability, one SA-500 can be primary and the other can act as a secondary failover device. Both the SA-500 and DNSBox models are 1U rack-mounted with single power supplies, potentially a point of failure. We feel these should have dual, hot-swappable power supplies to eliminate this failure point.

The Meta IP DNS service closely integrates with Microsoft Active Directory. In one of our tests, we used the Windows Active Directory wizard to easily and painlessly link a domain controller to Meta IP, create forward master zones and create optional slave zones. In the resulting configuration, Meta IP controlled and directed DNS operations across a company containing both SA-500-based and Windows-based DNS services. In addition, we found the RFC-compliant Meta IP, VitalQIP and DNSBox units interoperated well with each other.

Meta IP's Secure Address Foundation Extensions (SAFE) DHCP feature was particularly useful for clients outside a private network (for example, the Internet) that need to send IP address requests to your DHCP servers. Your company's mobile clients, such as PDAs and notebooks, are examples of devices for which your network has to sometimes play the role of ISP.

The SAFE feature evaluates client media access control addresses or DHCP Unique Client IDs to distinguish between known, authorized clients and other clients. For example, if a stranger asks for a company's IP addresses, Meta IP leases to it an IP address from a separate pool. Depending on how you set up the pools of IP addresses, SAFE DHCP can help control or limit access to portions of your network.

VitalQIP screen shot

Meta IP also uses Perfigo's SecureSmart manager to identify DHCP clients and runs anti-virus scans to verify that a client's configuration conforms to corporate standards. If you need extra security, Meta IP can use an Authenex ASAS Server or a Check Point UserAuthority server to authenticate users at initial network access via a password.

ApplianSys' DNSBox 300 (master) and DNSBox 100 (slave) together are a complete, if simple, DNS/DHCP environment more appropriate for small to midsize companies. Where VitalQIP and Meta IP are software-only or a combination of software/hardware, the DNSBoxes are pure plug-and-play network appliances.

The DNSBox 300 includes a Nixu NameSurfer DNS management system, while the DNSBox 100 runs a BIND V9 server executable. The DNSBox 300 supports multiple DNS views, dynamic DNS, automatic zone slaving, secure incremental zone transfers and zone and host templates. It integrated well with Microsoft's Active Directory, replicated data to a warm-standby second DNS 300 for failover, supported IPv6 and accurately detected duplicate names and IP addresses. The DNSBox 100 contained a recursive resolver DNS cache, used IPSec (with public/private keys and RSA authentication) to connect to other DNS servers, acted as a DHCP relay, issued SNMP alerts and had a DNS cache query tool for troubleshooting "stale cache" problems. Together the two boxes performed zone transfers and updates through a secure VPN tunnel, which results in a higher level of security than offered by BIND 9's Transaction Signature facility. In addition, the appliances have a built-in firewall to lower your company's exposure to hackers.

Performance and scalability

We measured performance by running custom client software that rapidly requests 50,000 dynamic IP addresses and noting the elapsed time that each tool took to respond. We ran the program six times, one test on each network segment in our lab. We also benchmarked DNS activity. Our test software issued a flood of 50,000 name-to-IP address resolution requests, and obtained responses from a DNS server.

Results show clearly that VitalQIP was the fastest tool, but both VitalQIP and Meta IP have the capacity and speed to handle millions of IP addresses with ease. We feel that the DNSBoxes are more appropriate for smaller networks.

ApplianSys screenshot

Platform support might be a major factor in what you buy for your company's computing environment. VitalQIP runs on Sun Solaris, HP-UX, AIX, and Win 2000 and 2003. Its DNS/DHCP server component also is available on a network appliance. Currently only the command-line interface is available on Red Hat Linux, but Lucent says the GUI will be available on Linux by mid-2005. Meta IP's server components run on Solaris, Red Hat Linux, Debian, SuSE and Windows NT, XP, 2000 and 2003. The Meta IP management console runs only on Windows.

Ease of use

VitalQIP offers an easy-to-navigate GUI client for Windows and Unix, even sporting a prompt-based interface for command-line devotees. The Web client interface, which includes a set of Common Gateway Interface scripts, supplies a few basic administrative functions and a basic system status display in a browser window. You will need to use the GUI or CLI clients for most VitalQIP tasks. Documentation, which consists of three books and sizable online help files, was clear and comprehensive.

Speed addressing and quick resolution

 We also found Meta IP's native Windows interface intuitive and productive. In addition to its IP address organization and assignment modules, Meta IP includes configuration analysis tools that display reports showing DNS services and zones, as well as DHCP lease pool data. The tools include a DNS IP troubleshooting function, DNS zone configuration display, static lease compliance analysis, DHCP discovery report, lease pool usage display, available address ping sweep, lease reclaimer and user data report. We found scheduling and customizing the Meta IP reports a simple and straightforward process. MetaInfo provided excellent printed and online documentation.

In contrast to VitalQIP and Meta IP, the DNSBox 300 appliance gives you browser-based full administrative control over DNS and DHCP functions. When we installed the appliances, configuring the 300 and 100's own IP addresses and subnet mask was done via serial-port-based telnet. Optionally connecting through a virtual terminal revealed detailed appliance behavior in the form of syslog entries. The DNSBox Web interface was a simple, menu-driven set of HTML and Javascript pages to configure the servers, get a summary of DNS/DHCP activity, change the password, view online help and perform backup and restore functions. The printed documentation consisted of some "getting started" steps and a rudimentary usage tutorial. Almost all of the adequate (but obviously not professionally written) DNSBox documentation is available only in HTML. The DNSBox 300 Web interface uses SSL and passwords for security. It supports multiple concurrent administrators and has a read-only mode so non-administrative users can view DNS/DHCP activity, although we're at a loss to imagine why anyone would use this feature.

A handy delegation feature lets a supervisor administrator assign responsibility for particular domains and subnets to different users.

Lucent VitalQIP 6.1 (SPI)OVERALL RATING
4.3
Company: Lucent Cost: From $0.70 to $5.00 per node. Pros: Fast, scalable; intuitive interface. Cons: No IPv6 support yet; no Linux GUI.
MetaInfo Meta IP 5.6OVERALL RATING
4.2
Company: MetaInfo Cost: $75,000 for Enterprise 50k Bundle (two Manager Servers, 10 DNS Servers, 10 DHCP Servers and 50,000 IP addresses). Pros: Good security; flexible IP address management. Con: SA 500 appliance should have two hot-swappable power supplies.
ApplianSys DNSBox 300/100OVERALL RATING
3.4
Company: ApplianSys Cost: $10,950 for the DNS-Box 300 and $2,950 for the DNSBox 100. Pros: Simple, straightforward plug-and-play devices with a browser-based interface. Con: Appliances should have two hot-swappable power supplies.
The breakdown  VitalQIPMeta IPDNSBox
Performance 20% 543
IP address management 20%443
Ease of use 20%443
Scalability 10%544
Security 10% 454
Installation 10%345
Documentation 10%553
TOTAL SCORE  4.34.23.4
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

Nance runs Network Testing Labs and is the author of Introduction to Networking, 4th Edition and Client/Server LAN Programming. He can be reached at barryn@erols.com.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT