DNS, DHCP, IPAM — together, they form what we often refer to as DDI. They all work together at managing, assigning and resolving IP addresses and form an important part of any network. Read on as we explain what each of these components is, what it is used for and why you need it.
Today, we’ll start our journey by discussing IP addresses, what they are and why we use them. We will then introduce the DHCP system, how it works and what its different components are. After then, we’ll discuss the interaction between DNS and DHCP and why it is so important. And we’ll complete this sort of “crash course” by explaining what DDI is and why it is so important. And after we’re done learning all the basics, we’ll proceed to review the five best DDI/IPAM systems we could find.
IP Addresses 101
IP addresses are at the very core of the Internet. They uniquely identify each device connected to a network. An important distinction must be made between public IP addresses and private IP addresses. The former are those that are used on devices connected to the public Internet. For example, a web server will often have a public IP address. The Internet router installed by your ISP in your home also has a public IP address. Private IP addresses, on the other hand, are those we use on home and corporate networks. They must also be unique but only within a given network.
Back in the prehistory of the Internet, when the IP protocol was defined, each connected device was manually configured with a distinct IP address. We called it static or fixed IP addressing. This was cumbersome but OK as the number of connected hosts was low. As networks (both public and private) grew bigger, it became increasingly difficult to manually configure IP addresses as the process was error-prone and often resulted in duplicate IP addresses within a network. It took until the early 1990’s before a durable solution was brought forward in the form of the DHCP protocol.
The DHCP System
The Dynamic Host Configuration Protocol–or DHCP, as we usually call it–was invented to dynamically assign IP addresses and allow connected hosts to configure themselves. With DHCP, the need to manually configure IP addresses is eliminated. And DHCP does not only configure IP addresses, it can configure most network parameter of a connected host such as IP address, subnet mask, name server(s), WIND server(s) in a Windows environment, and several other parameters. All the parameter are dynamically configured each time a host is started on the network.
How It Works
No matter what exact parameters are configured by the DHCP system, the process of configuring a host is always the same. It is a four-step process referred to as DORA which stands for Discovery, Request, Offer, and Acknowledgement. Here’s what happens when a host starts.
In the discovery phase, the host sends out a broadcast message–that is a message that will be received by any host connected to the network–called DHCPDISCOVERY. The message has to be broadcast because, at this point, the host has no idea of the DHCP server’s address.
In the second phase, the server responds with a DHCP offer. The offer contains all the configuration parameters of the host’s network interface. Now, this is where things get a bit trickier. Since there could be several DHCP servers on a network, the host could receive several offers. When this happens, the host will simply pick one of the offers and proceed to the next step. Which one will it pick? Normally, it will pick the first offer it gets.
In the next phase, the host sends out the DHCP request. It includes the offer it picks and will instruct the server that whose offer it chose to proceed while informing other servers that sent offers that theirs was declined and that they can free the offered IP addresses.
In the final phase, the server sends a DHCP acknowledgment to the host, confirming that it has correctly reserved the offered IP address for that host.
The DHCP Client Component
The DHCP configuration information acquired by the client and used to configure the network interface is not valid forever. In fact, it is leased rather than assigned by the DHCP server. And this lease has an expiration date.
It is one of the DHCP client’s most important task to ensure that the interface configuration remains valid. It does this by periodically trying to renew its lease before it expires. The renewal process uses the same DORA sequence. The only difference is that during the discovery phase, the client specifically requests the same IP address it already has.
Another important function of the DHCP client is the release mechanism. Whenever a client no longer requires its IP address–as it could happen when it’s shutting down–it will notify the DHCP server to release the IP address so it can be reused by the server.
The DHCP Server Component
As for the DHCP server, its main task is to send configuration information to any host that request it and to make sure that it sends unique parameters to each individual host. IP addresses can be assigned by the DHCP server in one of three ways: dynamic, automatic, or static.
In dynamic allocation, a new IP address is given to each host that request one. Automatic allocation is similar except that the server will keep track of what IP address was assigned to each host and will try to give it the same address the next time it connects.
And finally, with manual allocation, an administrator needs to manually associate a given host–identified by its MAC address–to a specific IP address. This is also referred to as DHCP reservation because it reserves a specific address for a specific host.
The Interaction Between DHCP and DNS
The Domain Name Service–or DNS–is used to map hostnames to IP addresses. In a private network using dynamic DHCP allocation, there is often some integration between DNS and DHCP. That way, the DNS is always aware of the current IP address of each host.
This is why many DHCP servers also include a DNS server. It is the case, for example of the Microsoft DHCP server which is totally integrated with the DNS server.
In Comes DDI
DDI is the acronym for DHCP, DNS, and IPAM or IP Address Management. We haven’t much discussed the latter just yet. IPAM refers to any software used to assist in managing IP addresses. Such systems can usually be used to manage both DHCP assigned addresses and statically assigned addresses that are manually configured on hosts.
With the close integration that is required between the three, it is only normal that many suppliers have the three products built into one another or that they offer all three products separately
Our Top 5 best DDI/IPAM Systems
We’ve searched the Internet for the five best DDI/IPAM systems we could find. Some of the products we found include all three functions in one and can truly be considered DDI systems. Other might not include DNS or DHCP functionalities but they will often integrate with many popular DNS and DCHP server such as those we find on Windows and Linux.
Since we wouldn’t want to keep you waiting any longer than necessary, Here’s the list of our five best DDI/IPAM servers:
- SolarWinds IP Address Manager (*winner*)
- Blue Cat IPAM
- ManageEngine OpUtils IPAM 200 – 1800
- Infoblox IPAM
SolarWinds is one of the best-known names in network management. The company makes some of the best tools to assist administrators. It is also known for its free utilities and trials. The SolarWinds IP Address Manager is one such software that you can try for free for a full thirty days.
The SolarWinds IP Address Manager lets you use its built-in DHCP and DNS servers–making it a full DDI system, alternatively, the software can also interact with DHCP and DNS server from Microsoft and Cisco so you won’t have to replace your whole infrastructure.
The software lets you use multiple allocation methods for IP addresses. You can, for example, use reservations for servers and other equipment and dynamically allocated addresses for workstations. Everything gets seamlessly integrated into the DNS. Furthermore, a setup wizard is included to assist in configuring DHCP scopes.
The SolarWinds IP Address Manager uses user accounts with various access levels. You could give only partial access to some junior admins or only let managers view the reports. There is also a good logging system the records every change with a time stamp and the username of the operator making the change. This can help with compliance issues. Visit SolarWinds’ website for more information and to download your free 30-day trial of the SolarWinds IP Address Manager.
2. Blue Cat Address Manager
Our second entry is from BlueCat, one of the industry leaders in the field. Their Address Manage is best suited to large corporations with a network management team. Ther IPAM system is actually a full DDI system that includes DHCP and DNS. It can also interoperate with DHCP and DNS servers from Microsoft.
The BlueCat AddressManager is a dual stack system, meaning it can work with IPv4 and IPv6 at the same time. It’s actually a great tool to use when migrating from one to the other. Security-wise, they system has workflows and approval chains as well as user accounts with hierarchical rights.
The system makes use of network templates. They enable the administrator to use information layouts that ensure essential tasks cannot be overlooked and that all important data is present. In a nutshell, the BlueCat system automates as many network administration tasks as possible. As a result, problems caused by human error are less frequent.
The BlueCat Address Manager is a premium package so you can expect to pay premium prices but if you’re managing a large network, it is well-worth the investment. You may head to BlueCat’s website for more information about this product.
3. ManageEngine OpUtils IP Address Manager
Our next entry is from ManageEngine, another company that is famous for its network management tools.
The OpUtils IP Address Manager offers a centralized management of the IP address space. It can handle both IPv4 and IPv6 addresses. The built-in IP manager software assists network administrators in identifying whether an IP Address is currently available or not. The IP Address Manager tool does periodical scans of subnets and keeps up to date the availability status of IP addresses in each subnet.
Users can use the IP manager tools to quickly and easily verify whether a particular IP is reserved or available. The tool accepts multiple subnet inputs, which helps in scanning the entire network to get the status of all IP addresses.
A free version is available but it is limited to a single subnet. It is enough to give the product a test run. It might even be all you need if you’re managing a smaller network. Visit ManageEngine’s website for more information.
4. Infoblox IPAM & DHCP
Perhaps you know Cricket Liu, he’s the author of the O”Reilly book DNS and BIND. This makes him THE authority on the subject. He works at Infoblox as their Chief DNS architect. Infoblox’s DDI suite is a great piece of software.
The Infoblox IPAM & DHCP system is another software that’s better suited for larger networks. Like other larger systems, it has templates to automate routine tasks. It also comes with some excellent standard reports. And if you don’t find the existing templates or reports to your liking, you can customize them at will.
The Infoblox IPAM & DHCP allows managers to track the usage of key resources. It also has tracking functions to help manage DHCP usage effectively. Security-wise, this is great as it also includes the ability to identify out-of-scope addresses and isolate rogue devices. This is quite a unique feature that you won’t find on other systems. It shows how Infoblox is as concerned with security as it is with IPAM and has built safeguards right into the system.
New nodes can be integrated into the network centrally through the DDI user interface and comparison of usage for each node is also made easier by effective MAC address records as well as IP tracking.
Our last entry is from a company that is not as famous as the previous four but don’t let that fool you. GestióIP is an excellent DDI suite. And it is the only open-source entry in our top 5 list of the best DDI/IPAM systems.
As per their website, “GestióIP is an automated, web-based IPv4/IPv6 address management (IPAM) software. It features powerful network discovery functions and offers search and filter functions for both networks and host, permitting Internet Search Engine equivalent expressions. This lets you find the information that administrators frequently need easily and quickly.”
Concretely, this is a great system, especially for smaller businesses that might not be able to afford the large systems such as Infoblox or BlueCat. It is a feature-rich piece of software that has all the functionalities a network administrator might need without the price. And it also comes with a few unique features such as a subnet calculator and an IP address plan builder. This is certainly a package worth looking into.
There are many more DDI/IPAM systems out there than we can list in a single article. The five we’ve reviewed here are those we consider to be the best you can find. We’ve tried to give you a good variety of software for larger and for smaller networks. Some of them are free other are (very) expensive. All of them work great and are well-worth looking into.