DNS/DHCP & IP Manangement Technical Overview
DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol used by network devices to obtain unique IP address, default router, subnet mask and IP addresses for DNS servers from DHCP server. This protocol is used when computers are attached to a network because these settings are necessary for the host to participate in the network. This setting is periodically refreshed with typical intervals ranging from one hour to several months.
The DHCP server ensures that all IP addresses are unique, i.e. no IP address is assigned to a second client while the first client's assignment is valid (its lease has not expired). Thus IP address pool management is done by the server and not by a human network administrator.
The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default routers, and other IP parameters. The assignment usually occurs when the DHCP configured machine boots up or regains connectivity to the network. The DHCP client sends out a query requesting a response from a DHCP server. The DHCP server then replies to the client with its assigned IP address, subnet mask, DNS server and default gateway information.
The assignment of the IP address usually expires after a predetermined period of time, at which point the DHCP client and server renegotiate a new IP address from the server's predefined pool of addresses. Configuring firewall rules to accommodate access from machines who receive their IP addresses via DHCP is therefore more difficult because the remote IP address will vary from time to time. Administrators must usually allow access to the entire remote DHCP subnet for a particular TCP/UDP port.
DHCP is a broadcast based protocol. As with other types of broadcast traffic, it does not cross a router unless specifically configured to do so. This is achieved through enabling the router's "IP Helper" function.
Back to top
DNS
Domain Name Service (DNS), though typically invisible to the user, is the most fundamental tool associated with use of the Internet. The Internet uses the IP protocol and all IP traffic must have a source host address and a destination host address in the form of 207.193.0.0. Unfortunately, these addresses are extremely cumbersome and nearly impossible to remember.
The function of DNS is to map the required IP addresses into more user friendly, easy to remember host names. For example, the IP address of the tuscany networks webserver is 85.165.30.200, but its associated host name is www.tuscanynetworks.com. DNS allows users to document the correlation between their IP addresses and host names. Each company is responsible for documenting the correlation between their own IP addresses and host names. This information is then propagated to other DNS servers all over the world. Everyone on the Internet relies on this mapping to easily access hosts and resources.
Also since hosts at a specific site are associated with a specific IP network address, all hosts at that site can be grouped together into a single domain. In this way, many Internet sites can reuse a host name such as "www", as long as they each belong to different domains. To clarify, www.tuscanynetworks.com does not correspond to the same IP address as www.n3k.com, one or more hosts running specialised software provide the DNS for a particular site; these hosts are commonly referred to as name servers or domain name servers. These mostly run the open source version of DNS server software developed by the Internet Software Consortium (ISC).
The DNS system provides more functionality than simply mapping a name to an IP address, but these additional functions generally allow for hosts to route communications rather than human use. For example information is stored in DNS that enable the routing of email messages between organisations. Or in the internal network DNS is used by workstations to locate their local domain controller in order that the user can authenticate himself.
Back to top
Domain Name
The unique name that identifies an Internet site or host. Domain Names always have 2 or more parts, separated by dots eg tuscanynetworks.com or www.n3k.com. The part on the left is the most specific, and the part on the right is the most general. A given machine may have more than one Domain Name.
Back to top
ENUM
ENUM is the convergence of Public Switched Telephone Networks (PSTN) to Internet Protocol (IP) Networks - in other words, the mapping of telephone numbers to domain names using a Domain Name System (DNS) based architecture. ENUM helps to facilitate such services as Voice over IP (VoIP), and allows network elements to find services on the Internet using only a telephone number.
ENUM provides a user with a domain name on an E.164 DNS server in order to associate a common international telephone number with a Universal Resource Indicator (URI) and provide other DNS-related services.
The ITU ENUM allocates a specific zone, namely "e164.arpa" for use with E.164 numbers. Any phone number, such as +44 1256 303700 can be transformed into a hostname by reversing the numbers, separating them with dots and adding the e164.arpa suffix thus: 0.0.7.3.0.3.6.5.2.1.4.4.e164.arpa
DNS can then be used to look up Internet addresses for services such as SIP VoIP telephony. NAPTR records are used to 'translate' E.164 addresses to SIP addresses for example.
Back to top
IPAM
IP addresses are one of the most critical assets that need to be managed in any corporate network. Having easy access to information such as which IP addresses are in use, where and when they were allocated, which devices they were assigned to, and who is using them is critical to eliminating conflicts and network outages, tracking critical assets, ensuring network security, troubleshooting network problems, and enabling regulatory compliance.
Broadly speaking IP Address Management (IPAM) encompasses three interrelated operational functions.
The management of the IP address space itself. Dividing blocks into subnets which are distributed throughout the organisation and subsequently managing the allocation of individual addresses within these subnets. Large organisations may delegate management of these subnets to local administrators who have been given restricted access within the IPAM tool.
Providing resilient DHCP services and provisioning those servers with IP address ranges and other parameters required by DHCP clients for operation on the network.
Configuring DNS servers and adding entries mapping the name of each node on the network to and IP address and vice versa.
Each of these functions is crucial to the operation of the network and underpins provision of business critical applications such as email, SAP, Oracle, trading services and so on.
In addition an IPAM system will maintain an audit trail of administrator adds/moves/changes as well as DHCP address allocations. This information is vital if an organisation is going to meet the current compliance regulations or simply comply with the requirements of good corporate governance.
Back to top
IPv6
IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4").
Most of today's Internet and internal corporate networks use IPv4, which is now over 25 years old. IPv4 has proved to be remarkably resilient in spite of its age, but it is beginning to have problems and its limitations are becoming apparent as more complex services are rolled out to users on the corporate network.
IPv6 was designed to take an evolutionary step from IPv4. It was not a design goal to take a radical step away from IPv4. Functions which work in IPv4 were kept in IPv6. Functions which didn't work were removed. The changes from IPv4 to IPv6 fall primarily into the following categories:
- Expanded routing and addressing capabilities. By using a 128 bit address rather than the 32 bits available to IPv4 the address space offered is extremely large. In a theoretical sense this is approximately 665,570,793,348,866,943,898,599 addresses per square metre of the surface of the planet Earth. In more practical terms the assignment and routing of addresses requires the creation of hierarchies which reduces the efficiency of the usage of the address space. However, even the most pessimistic estimate would still provide 1,564 addresses for each square meter of the surface of the planet.
A new type of address called a "anycast address" is defined, to identify sets of nodes where a packet sent to an anycast address is delivered to one of the nodes. The use of anycast addresses in the IPv6 source route allows nodes to control the path which their traffic flows. - Header format simplification. Some IPv4 header fields have been dropped or made optional, to reduce the common-case processing cost of packet handling and to keep the bandwidth cost of the IPv6 header as low as possible despite the increased size of the addresses. Even though the IPv6 addresses are four time longer than the IPv4 addresses, the IPv6 header is only twice the size of the IPv4 header.
- Improved support for options. Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future.
- Quality-of-Service (QoS) capabilities. A new capability is added to enable the labelling of packets belonging to particular traffic "flows" for which the sender requests special handling, such as non-default quality of service or "real- time" service.
- Authentication and privacy capabilities. IPv6 includes the definition of extensions which provide support for authentication, data integrity, and confidentiality. This is included as a basic element of IPv6 and will be included in all implementations.
ARP Cache (Address Resolution Protocol Cache)
ARP is a protocol for mapping an IP address to a physical machine address (such as a MAC Address). An ARP Cache is used to maintain the correlation between IP Addresses and machine addresses. porttracker uses Arp Caches obtained from routers and switches to determine MAC Address to IP Address mappings.
Available Ports (Switch View)
The 'Available Ports' Column in switch view is calculated using the number of 'free ports' that have not had a device connected to them for at least the period defined in the 'Port Unused Period'.
CDP (Cisco Discovery Protocol)
CDP is a Cisco proprietary network protocol used to discover information about other directly connected network devices (such as Operating System & IP Address). CDP is an independent network layer protocol not requiring the use of IP. porttracker uses CDP during the Discover process to locate Switches and Routers.
CMDB (Configuration management database)
A configuration management database (CMDB) is a database that contains all relevant information about the components of the information system used in an organization's IT services and the relationships between those components. A CMDB provides an organized view of data and a means of examining that data from any desired perspective.
Device View
porttracker implements different ways of viewing data. In this view each End Device is displayed along with information about the switch ports they were discovered on. In Device View each end device is represented by a unique row of data.
Discovery (Discover)
This is the process porttracker uses to locate infrastructure devices on your network. Infrastructure devices can be either Switches or Routers. From a single address porttracker builds a list of switches in the realm, which are then assigned to a poller.
Discovery Realm (DR)
porttracker maps parts of your network to Discovery Realms. Data obtained through Discovery and Poll in one Discovery Realm is completely separate from other Discovery Realms. porttracker allows you to discover overlapping address ranges using Realm definitions (network/mask). Realms are useful way of seperating different parts of your network for reporting purposes. A service provider might, for example, use a different realm for each customer while an enterprise user might keep internal and DMZ devices in different realms.
Device (End Device)
An end device that porttracker found port, DNS and IP address information for, end devices can be PC's, servers, IP Phones or wireless devices. An End Device is represented as a unique row in a Device View
Filters
Filters can be applied within device / switch view to narrow down a search allowing the user to monitor their network in a quick and efficient manner. Filters can be applied in combinations and will remain in effect until the filter field is deleted.
Free Ports (Switch View)
Free Ports are interfaces that have not been seen to have had a MAC address by porttracker during any of the polls, for the period specified.
MAC Address (Media Access Control Address)
MAC Addresses are hardware addresses that uniquely identify devices on a network. They are 6 bytes in length (48 bits) and are normally written as 6 pairs of hexadecimal numbers separated by dashes or colons (e.g. fe:00:fc:c0:34:03).
Master Appliance
This is the appliance hosting the porttracker SecureWeb Interface where the product is administered, controlled and data viewed. It also hosts the porttracker daemon which controls the Discover and Poll process across all Poller Appliances and itself. Each porttracker implementation must contain at least one master appliance.
Poller Appliance
Acting as a slave to a Master Appliance, a poller appliance receives instruction from the master via a secure socket to poll the switches that have been assigned to it. Poller Appliances are used in a distributed environment to spread load, increase performance and work in environments with more than one Realm.
Polling (Poll)
This is the process that porttracker uses to poll infrastructure devices for Device information. polling can be performed by either a Master Appliance (for standalone operation), or additional Poller Appliances. The number of switches and ports a single poller can work with is dependent on the many factors including SNMP versions supported, network latency and timeouts.
qsync (porttracker VitalQIP Synchronization Module)
porttracker allows the use of different sync modules pulling data out of porttracker and inserting into or synchronizing with other products. The porttracker VitalQIP Synchronization Module updates VitalQIP with data discovered by porttracker. Data is attached to IP objects in form of User Defined Fields (UDFs).
Router
A Router is a piece of hardware or software that connects two or more networks at Layer 3. porttracker discovers routing information from routers to determine other candidate switches and routers for Discovery, as well as Arp Cache information.
SNMP (Simple Network Management Protocol)
SNMP is a TCP/IP application layer protocol that facilitates the exchange of management information between network devices. porttracker uses SNMP v2c to query switches and routers in both the Discovery and Polling phases. porttracker currently requires Read Only Access to the SNMP community on a switch or router as it makes no changes to it.
SNMP Credentials
Network devices implementing the SNMP typically allow configuration of read and write access control. A SNMP credential is a text string which one network device can use to gain read or write access to another network device. porttracker uses SNMP Credentials to limit the area of discovery on your network for particular Discovery Realms. porttracker currently requires Read Only Access to the SNMP community on a switch or router as it makes no changes to it.
Switch
A Switch is a network device that filters, forwards and floods frames based on the destination address of each frame. porttracker discovers port information from switches as well as bridge forwarding tables to determine where an End Device is connected. Porttracker will work with both Layer-2 and Layer-3 switches.
Switch Summary View (Switch View)
porttracker implements different ways of viewing data. In this view a summary of switch port cacpacity displayed. The user can drill down to a Switch Detail View and view the status of each port.
Switch Detail View
Switch Detail View displays a row of data for each interface or connector present in the device. switch detail view also displays the type of device that is attached to each interface (End Device, Infrastructure Device, IPPhone etc)
Sync module
porttracker allows the use of different sync modules pulling data out of porttracker and inserting into or synchronising with other products. An example of this is the porttracker VitalQIP Synchronisation Module (qsync) .
Topology
In porttracker this word refers to the logical topology of network devices. During Discovery and Polling porttracker attempts to work out what network devices are connected to each other at Layer-2.
View
In porttracker a view consists of an association of one or more columns, the filters applied to then as well as the sort order. The View can then be saved much like bookmark and later selected from the top level menu or scheduled as a report.
