Over the years, managing the IP address space has become increasingly more difficult. The number of devices that need an IP address only keeps growing, and not just because we keep getting more personal devices. According to Deloitte, the average number of connected devices in a US household has grown from 11 to 14 in just two years since their last “Connectivity and mobile trends survey”. This is also because the Internet of Things is simply exploding, bringing in even more connected devices into the mix. In most networks, it’s no longer possible to simply manage IP addresses and pools manually, and with the introduction of the Internet Protocol version 6 (IPv6), things are only getting more complicated. So how do network managers keep track of their inventory? The answer to that question: IP address management.
Simply put, IPAM (IP address management) is the process of monitoring and administration of an existing IP address space. IP address management software makes it possible to plan and track IP address and pool usage to make it more effective, troubleshoot problems, and identify instances of abuse. To do this, it needs to be integrated with multiple other services within the network like a DHCP server, DNS (Domain Name System), routing management systems, authentication servers, logging systems, etc.
In all honesty, IP address management is a broad enough concept that you may find everyone understands it a bit differently. This is why, depending on the vendor, you’ll see different functionalities in their IPAM software. Below, we’ve listed some of the most common features that you should consider.
This one should be self-explanatory, after all it’s in the name. But what does “IP address management” really include? Basically, it’s data administration – an IPAM auto-discovers and collects data about IP addresses (whether they’re in use or not, what subnet they belong to, etc.) and gives you a comprehensive view of your pool, including historical data on how particular addresses have been used.
Now, an important thing to note is that an IPAM (in traditional terminology) is not responsible for IP assignment – that’s the role of a DHCP server. This clearly separates the high-level “business planning” responsibilities of IPAM software from the low-level, “technical” responsibilities of the server. The latter is charged with assigning addresses to physical devices in line with the results of network planning done in an IPAM. On top of that, it takes care of boot parameter encoding, device bootstrapping, network setup in a local environment, and more – all these are fundamental network operations performed by the DHCP server that are often misassigned to IPAM software.
As we’ve said earlier, IP address management can be a quite broadly understood concept. You’ll find vendors who include the job of assigning an IP address to a particular client or device in the scope of IPAM responsibilities. When interpreted as such, the DHCP or AAA servers are only “carriers” responsible for “relaying” the assignment to the end device.
In theory, this architecture allows for a better quality of the IP data within the system. At the same time, the technical decisions (which are often a part of the DHCP assignment pipeline) are moved from within the server into the more “business-oriented” area of responsibility that belongs to the IPAM. Such decisions should therefore be properly analyzed and contingencies need to be made to ensure efficient operations of all of the network and its components.
We’ve mentioned before that IP address management not only allows you to see the information about the current state of your IP network but also helps you plan it. With an IPAM, you can slice your controlled IP space into subnets and assign devices to specific IP ranges to keep your network neat.
Again, if your software is integrated with an advanced DHCP server, it can automatically assign devices to specific networks and subnets based on your own rules. On top of that, you can reserve IP addresses – this is especially important for enterprise networks where static IPs are used more commonly and permanent DHCP leases are a fact of life.
On the other hand, if your IPAM and DHCP systems are integrated with your DNS server, then you can also use that to create, edit, and delete DNS records and zones. This allows for swift migration of services when changing IP addresses and provides additional flexibility in your daily network operations.
Many providers don’t have their own DHCP or DNS servers, but they offer their IPAM software “to rule them all.” Indeed, an ideal IPAM – if it were able to integrate with external solutions properly – would provide a single-pane-of-glass view of all the systems and could be used as a single point to configure all DHCP and DNS settings. These changes could be then propagated to all servers automatically to keep the records across the network coherent. This is especially relevant for bigger networks with different segments, systems, technologies, as well as multiple DHCP and DNS servers.
Having one place to manage everything obviously simplifies the workload for network managers and helps them keep their network healthy. However, it requires a deep integration of different services under the umbrella of an IP address management system in return. An important question managers need to ask themselves, then, is if they and their systems are ready.
With proper integration, many IPAMs also attempt to use the data from various systems to aggregate it and provide managers with comprehensive reporting and alerting.
The reports can help network managers plan their current and future IP distribution better, for example by providing them with historical and current information about overall IP usage. Many IPAMs offer predefined reporting templates that cover the most common use cases. But the best ones provide operators with the means to set up their own reports and reporting intervals that best match their needs.
On the other hand, the software can also provide alerts, for example when the pool is about to run out of available addresses; or when there are any mismatches or abnormalities that can signal potential issues and even malicious attacks.
For many, the line between the responsibilities of a DHCP server and IP address management software is blurry. In reality, these two are complementary and when it comes to IP address provisioning, they need each other for the process to be fully automatized and transparent. This is why when you research IPAM, you will often see that it is either sold in a bundle with a DHCP server, or that it is sold as a separate piece of software, but needs to be integrated with one. Conversely, you may also find servers with some of the IPAM functionalities.
The short answer is: yes. To some extent. If you only had IPAM, you’d have the required visibility, but only if you provided the data first and then manually configured every network component to match the plan generated by your IPAM. On the other hand, if you only had a DHCP server, you would be able to hand out IP addresses in accordance with the existing IP assignment rules (i.e., automatically configure the hardware), but you would lack a comprehensive view of your IP pool. This is why you’ll rarely see one being sold without the mention of the other, but you’ll also notice IPAMs come in many different flavors. It’s up to you to decide what model works best for you and for your network.