IP Address Management, Part II: Automation and Inventory
Efficient management of network elements requires that operators track the IP addresses assigned to each device when they are attached to the network. When discovery is managed manually, an operator may forget to email a confirmation or perform one of the crucial steps in the provisioning process. Rather than requiring operators to perform these steps manually, the management system can automatically assign and record IP addresses as well as send any confirmations. In addition, the system can receive commands and trigger flows back downstream to further automate processes and simplify the workflow.
Cisco Prime Network Registrar, for example, offers a broad scope of IP address management (IPAM) capabilities for automating discovery. IP addresses for new devices are immediately added to the network’s IP inventory, guaranteeing that they will not be overlooked or mistyped.
Cisco Prime Network Registrar also locates and identifies unknown devices on the network, including smartphones, routers, and printers users have provisioned themselves. When an IP address is used without being formally allocated, this creates a potential conflict with mission-critical equipment that could result in network downtime that is difficult and time-consuming to troubleshoot. Operators can either remove these rogue devices from the network or formally discover them to shore up potential security vulnerabilities that might otherwise pass undetected.
The accuracy of the IP address inventory is maintained by refreshing it at regular intervals to ensure it still correlates to the ever-changing configuration of the network. Maintaining an accurate inventory of IP addresses is critical to reliable network operation. For example, by keeping the IP address inventory up to date, Cisco Prime Network Registrar is able to proactively forecast IP address usage to prevent consumption from exceeding capacity and leading to a service outage. Administrators can set multiple thresholds to alert them when IP address utilization reaches a set percentage or is within a certain number of days of exceeding available capacity.
Administrators are also able to easily reclaim IP addresses that are no longer in use. Searching through transaction records for the last 30 days, for example, can verify if an address has been used and so is still active. The reclamation process can be automated as well, such as when moving or renumbering subnets. Cisco Prime Network Registrar facilitates renumbering by handling the reassignment process and then, using a threshold set by the operator, confirming that the old addresses have not been used before reclaiming them.
An accurate inventory also enables accountability, whether for creating audit reports or tracking down a problem. Large networks tend to be spread out with multiple administrators each in charge of their own section. To increase reliability and security, Cisco Prime Network Registrar consolidates IP allocation to a single database and control point. Each local administrator is still able to manage his or her portion of the network but with the added reliability that comes through centralization. For example, when a device generates an alarm on the firewall, operators typically only have the IP address that triggered the problem. Since every change is tracked, including who authorized the change and when, problem identification and resolution is accelerated.
Next time I’ll talk about how IP address management facilitates the migration to IPv6.