[eBook - PDF - Cisco Press] DNS, DHCP and IP Address Management

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 1

18060963_05F9_c3 © 1999, Cisco Systems, Inc. 18060963_05F9_c3 © 1999, Cisco Systems, Inc.

28060963_05F9_c3 © 1999, Cisco Systems, Inc.

DNS, DHCP, and IPDNS, DHCP, and IPAddress ManagementAddress Management

Session 806Session 806



IntelligentNetwork

Users Applications

ManualProcesses

ManualProcesses

PublicDomainSoftware

PublicDomainSoftware

AutomatedNetwork

Addressing

AutomatedNetwork

Addressing

PoliciesBased on

IP Addresses

PoliciesBased on

IP Addresses

User-BasedPolicy

Networking

User-BasedPolicy

NetworkingScalableReliable

DNS/DHCPServices

ScalableReliable

DNS/DHCPServices

User Provisioning

User Provisioning

DNS and DHCP ChallengesDNS and DHCP Challenges


Edit by HandEdit by Hand SpreadsheetSpreadsheet CustomApplication

CustomApplication

Managing Names and AddressesManaging Names and Addresses



DHCPDHCP

1970’s1970’s

MultipleSourcesof Data

MultipleSourcesof Data

FewUsersFew

Users

ManyUsersManyUsers

20002000FirewallFirewall

PC InventoryPC Inventory

Etc.Etc.

DirectoryDirectory

DNSDNS FirewallFirewall

DHCPDHCP PolicyPolicy

Dial-InDial-In

E-MailE-Mail

1980’s1980’s

1990’s1990’sDNSDNS

SingleSourceof Data

SingleSourceof Data

Migrating to DirectoriesMigrating to Directories

68060963_05F9_c3 © 1999, Cisco Systems, Inc. 6

Protocol OverviewProtocol Overview

DNS and DHCPDNS and DHCP




COM

(root)

WWWWWW

CISCOCISCO

RTPRTPTIMSPCTIMSPC

How DNS WorksHow DNS WorksDNS NamespaceDNS Namespace

• Hierarchical name space• Each node in tree represents

domain/subdomain• Some subdomains are defined

as zones• Each zone has a “primary”

name server responsible forall lower nodes

• Resource records (RR) are definedfor each node

• Example RRs are: Address (A),pointer (PTR), mail exchange (MX),name server (NS), start ofauthority (SOA)

timspc.cisco.comtimspc.cisco.com

cisco.com zonecisco.com zone


DNS Client Outsideof Cisco Network

Root NameServer

.COM NameServer

CISCO.COMName Server

LocalDNS

Server www.cisco.com

Q. What Is the IP Addressfor www.cisco.com?

Q. What Is the IP Addressfor www.cisco.com?

How DNS WorksHow DNS WorksDNS QueriesDNS Queries

• Clients query local DNSserver for IP addresses

• Local server starts withthe root name server andrecursively queries DNSservers until it finds aserver that has the answer

• Local servers sendanswers back to theclients and cachethe answers

A. 161.44.10.9A. 161.44.10.9



Primary Name Serverfor CISCO.COM

Secondary DNSServer for

CISCO.COM

Secondary DNSServer for

CISCO.COMDNS Client

DNS RedundancyDNS Redundancy

• Redundancy is built into DNS• Secondary servers automatically

backup primary servers• Secondary servers check the

primary for changes in the zoneserial number

• Updates controlled by therefresh rate in SOA recordfor zone

• Use Notify and Incremental ZoneTransfers to reduce propagationdelay and bandwidth utilization

• Spread secondary and cachingDNS servers liberallythroughout the network

Old Zone Transfer1. Secondary Checks the Serial

Number of the Zone2. If It Has Changed, Secondary

Requests a Zone Transfer3. Primary Sends the Entire

Zone to Secondary

Old Zone Transfer1. Secondary Checks the Serial

Number of the Zone2. If It Has Changed, Secondary

Requests a Zone Transfer3. Primary Sends the Entire

Zone to Secondary

New Zone Transfer1. Primary DNS Server Sends a

NOTIFY Message to SecondaryWhen the Zone Data Changes

2. Secondary Requests anIncremental Zone Transfer

3. Primary Only Sends theChanges to Secondary Server

New Zone Transfer1. Primary DNS Server Sends a

NOTIFY Message to SecondaryWhen the Zone Data Changes

2. Secondary Requests anIncremental Zone Transfer

3. Primary Only Sends theChanges to Secondary Server


Here is your configuration:IP Address: 192.204.18.7Subnet Mask: 255.255.255.0Default Routers: 192.204.18.1, 192.204.18.3DNS Servers: 192.204.18.8, 192.204.18.9WINS Server: 192.204.18.9Lease Time: 5 days

Here is your configuration:IP Address: 192.204.18.7Subnet Mask: 255.255.255.0Default Routers: 192.204.18.1, 192.204.18.3DNS Servers: 192.204.18.8, 192.204.18.9WINS Server: 192.204.18.9Lease Time: 5 days

DHCPServer

DHCPClient

Send MyConfigurationInformation

Send MyConfigurationInformation

How DHCP WorksHow DHCP WorksObtaining a LeaseObtaining a Lease

• Dynamically assignsconfiguration information

• Creates IP address poolsto conserve addressesand support mobile users

• Clients broadcasts DHCPDiscover packet onlocal subnet

• Multiple serverscan respond

• Client chooses firstor best response



Server 1 Client Server 2

OFFER

DISCOVER

(Broadcast)(Broadcast)

DISCOVER

REQUESTREQUEST

OFFER

ACK

(Unicast)

(Unicast)

(Broadcast)

(Unicast)

(Broadcast)

How DHCP WorksHow DHCP WorksDHCP Discover ProcessDHCP Discover Process

• DHCP client broadcastsDHCP DISCOVER packeton local subnet

• DHCP servers sendOFFER packet with leaseinformation

• DHCP client selects leaseand broadcasts DHCPREQUEST packet

• Selected DHCP serversends DHCP ACK packet


OP CodeOP Code

Transaction ID (XID)Transaction ID (XID)

HardwareType

HardwareType

HardwareLength

HardwareLength HOPSHOPS

Your IP Address (YIADDR)Your IP Address (YIADDR)

SecondsSeconds

Client IP Address (CIADDR)Client IP Address (CIADDR)

Server IP Address (SIADDR)Server IP Address (SIADDR)

Gateway IP Address (GIADDR)Gateway IP Address (GIADDR)

FlagsFlags

Server Name (SNAME)—64 bytesServer Name (SNAME)—64 bytes

Filename—128 bytesFilename—128 bytes

DHCP OptionsDHCP Options

Client Hardware Address (CHADDR)—16 bytesClient Hardware Address (CHADDR)—16 bytes

How DHCP WorksHow DHCP WorksDHCP PacketDHCP Packet



Common DHCP Options

Option CodeLease Time 51Subnet Mask 1Default Routers 3DNS Servers 6Domain Name 15Host Name 12WINS Servers 44NetBIOS Node Type 46Client Identifier 61

Common DHCP Options

Option CodeLease Time 51Subnet Mask 1Default Routers 3DNS Servers 6Domain Name 15Host Name 12WINS Servers 44NetBIOS Node Type 46Client Identifier 61

How DHCP WorksHow DHCP WorksDHCP OptionsDHCP Options

• Server passesconfiguration optionsto client

• Over 100 options defined

• Most DHCP clients supportapproximately 10 options

• Custom and vendoroptions available


What’s New in DNS and DHCPWhat’s New in DNS and DHCP

• New DNS standardsDynamic DNS updates (RFC 2136)

Incremental Zone Transfers (RFC 1995)

Notify (RFC 1996)

• New DHCP standardsDHCP Safe Failover (Internet draft)



WAN

SecondaryDNS Server

DHCPClient

Cisco NetworkRegistrar DHCP

Server

Cisco NetworkRegistrar Primary

DNS Server

IP Address:172.16.18.74IP Address:172.16.18.74

sbombay-pc.cisco.com IP:

172.16.18.74

sbombay-pc.cisco.com IP:

172.16.18.74

Host:sbombay-pc

Host:sbombay-pc

NotifyMessage

NotifyMessage

IXFRRequest

IXFRRequest

Only changed information is sentsbombay-pc.cisco.com

172.16.18.74

Only changed information is sentsbombay-pc.cisco.com

172.16.18.74

Dynamic DNS Updates, Notify, andDynamic DNS Updates, Notify, andIncremental Zone TransfersIncremental Zone Transfers

• Dramatically reduces propagation delay• Dramatically reduces WAN bandwidth utilization• Integrates DHCP and DNS


Primary DHCPServer

Backup DHCPServer

Backup Address Pool172.16.18.191-200

Backup Address Pool172.16.18.191-200

DHCP Safe Failover ProtocolDHCP Safe Failover Protocol

• All DHCP requests are sentto both servers

• Primary updates backupwith lease information

• Backup takes over whenprimary fails

• Backup server usesdedicated pool of addressesallocated by the primary toprevent duplicate IP address

• Servers synchronize whenprimary is up

• IETF Internet Draft

Primary Address Pool172.16.18.101-200

Primary Address Pool172.16.18.101-200



DNS IssuesDNS Issues



InternalNetwork

ExternalDNS

Server

InternalDNS

Server

www.cisco.commail.cisco.comftp.cisco.com

www.cisco.commail.cisco.comftp.cisco.comwwwin.cisco.comcallmanager.cisco.comerpserver.cisco.comtimspc.cisco.comeng-web.cisco.com

Split DNSSplit DNS

• Two “primary” DNSservers for the domain

• Hides the structure ofthe internal network

• Internal clients point tointernal DNS servers

• External serverpublishes web, mail,ftp and other externalservers

• Internet DNS serversdelegate to externalprimary DNS server

Internet



Small.comBig.com

Internet

InternalDNS Server

InternalDNS Server

ExternalDNS

Server

ExternalDNS

Server

erp.small.com

RootDNS Server

Selective ForwardersSelective Forwarders

Connect to erp.small.com


WINSWINS

• Windows InternetNames Service (WINS)

NetBIOS NamesService (NBNS)

Windows NT file andprint servicesFlat name space

• Coexists with DNS• Scaling problems in

large networks• Going away with

Windows 2000!



Windows 2000 andWindows 2000 andActive DirectoryActive Directory

• Coming soon!

• DNS requirementsDynamic DNS updates(RFC 2136)

SRV records

• Active directory isdependent on DNS

• WINS is phased out


DHCP IssuesDHCP Issues




DHCPServer

161.44.54.7

DHCPClient

GIADDR

DHCP Packet

DHCPServer

161.44.54.8

Physical Network161.44.18.0

Physical Network161.44.18.0

161.44.18.1161.44.18.1

DHCP in a Routed NetworkDHCP in a Routed Network

• DHCP clients broadcastsa DHCP discover packet

• DHCP relay (ip helper address)on the router hears the DHCPDiscover packet and forwards(unicast) the packet to theDHCP server

• DHCP relay fills in the GIADDRfield with IP address of theprimary interface of router

• DHCP relay can be configured toforward the packet to multipleDHCP servers. Client will choosethe “best” server

• DHCP servers use GIADDR field ofDHCP Discover packet as an indexin to the list of address pools

Router with DHCP Relayinterface se0

ip helper 161.44.54.7ip helper 161.44.54.8


DHCP in a Switched NetworkDHCP in a Switched Network

• Cisco IOS® allowsmultiple addresses onan interface whichimplies multiple logicalnetworks on samephysical network

• DHCP relay inserts firstIP address of interfacein GIADDR field

• Most DHCP servers cancreate an address poolswith multiple logicalnetworks. This is alsoknown as super scopes

DHCPServer

DHCPClient

DHCPClient

RouterwithDHCPRelay

Catalyst®

Switch

DHCP Packet

GIADDR

One Physical NetworkFour Logical Networks192.204.18.0192.204.19.0192.204.20.0192.204.21.0

One Physical NetworkFour Logical Networks192.204.18.0192.204.19.0192.204.20.0192.204.21.0

192.204.18.1 Primary192.204.19.1 Secondary192.204.20.1 Secondary192.204.21.1 Secondary

192.204.18.1 Primary192.204.19.1 Secondary192.204.20.1 Secondary192.204.21.1 Secondary



DHCP SecurityDHCP Security

• DHCP lacks built in securityAny client can get an address

Any server can allocate an address

• Client class in CNRCreate list of authorized MAC addresses

• IETF working on the problem• Generally not an issue on most nets


IP AddressIP AddressManagement IssuesManagement Issues




Private NetworkPrivate NetworkNumbers (RFC 1918)Numbers (RFC 1918)

Internet

PrivateNetwork10.0.0.0/8

10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

• Difficult to obtain newnetwork numbers

• Unlimited addresses withprivate network numbers

• Allows for flexibleaddressing schemes

• Requires NAT/PAT toaccess Internet

Private Network NumbersPrivate Network Numbers


Private Network10.0.0.0/8

172.16.0.0/12 Internet10.0.0.7

10.0.100.151

172.16.4.57

TranslationTranslation

Static NATStatic NAT

Dynamic NATDynamic NAT Dynamic—1 to 1Dynamic—1 to 1Pool of External Addresses DynamicallyAssigned to Internal Clients for Durationof Session

Pool of External Addresses DynamicallyAssigned to Internal Clients for Durationof Session

Permanent—1 to 1Permanent—1 to 1 Permanent Mappings between InternalServers to external addressesPermanent Mappings between InternalServers to external addresses

MappingMapping How It WorksHow It Works

PATPAT Dynamic—Many to 1Dynamic—Many to 1 Multiple Internal Clients Share SingleExternal AddressMultiple Internal Clients Share SingleExternal Address

NAT, PAT, and Dynamic NATNAT, PAT, and Dynamic NAT

Internal Add. External Add. Translation Note10.0.0.7 161.44.16.7 Static NAT Permanent Mapping for

Mail Server10.0.100.151 161.44.16.105 Dynamic NAT VoIP Phone Calling on

the Internet172.16.4.57 161.44.17.5 PAT Web client browsing Internet



TranslationTranslation

EasyEasy

DifficultDifficult Multimedia, H.323, NetBIOS, DNS, Dual NAT,SQL*NET, Dynamic Port NegotiationMultimedia, H.323, NetBIOS, DNS, Dual NAT,SQL*NET, Dynamic Port Negotiation

Telnet, FTP, HTTP, Simple C/S AppsTelnet, FTP, HTTP, Simple C/S Apps YesYes

ApplicationsApplications PIXPIX

ImpossibleImpossible SNMPSNMP

CiscoIOS

CiscoIOS

YesYes

----

MostMost

YesYes

Packet with Embedded IP Address

10.0.5.810.0.5.8

DA: 161.44.8.9DA: 161.44.8.9SA: 10.0.5.8SA: 10.0.5.8

Translated Packet

10.0.5.810.0.5.8

161.44.8.9161.44.8.9NAT Mappings10.0.5.8 -> 171.68.10.5

NAT Mappings10.0.5.8 -> 171.68.10.5

Pool of NAT Addresses

171.68.10.2-100Pool of NAT Addresses

171.68.10.2-100

NAT in PIX, and Cisco IOSNAT in PIX, and Cisco IOS

SA: 171.68.10.5SA: 171.68.10.5DA: 161.44.8.9DA: 161.44.8.9

171.68.10.5171.68.10.5


Directory ServicesDirectory ServicesStandard SchemasStandard Schemas

• Directory Enabled Networks (DEN)Started by Cisco/Microsoft, now owned by DMTF

• Schemas for DHCP being developedProposals from Microsoft, Novell, and IETF



NodesNodes

100K100K

10K10K

Redundant DHCP Server (Mid-Range UNIX Servers—Sun Ultra 250E,Raid Disks, 512 MB RAM)Primary DNS Server (Mid-Range UNIX Server—Sun Ultra 250E, Raid Disks, 512 MBRAM)Distribute Secondary and Caching DNS Servers Throughout Network

Redundant DHCP Server (Mid-Range UNIX Servers—Sun Ultra 250E,Raid Disks, 512 MB RAM)Primary DNS Server (Mid-Range UNIX Server—Sun Ultra 250E, Raid Disks, 512 MBRAM)Distribute Secondary and Caching DNS Servers Throughout Network

Minimum Server ConfigurationMinimum Server Configuration

1K1K

100100 Option 1: Cisco IOS DHCP Server on Any Platform 1600, 2500, 3600, Etc.Provide DNS Service Remotely Across WAN

Option 2: CNR on a Small Windows NT System to Provide DNS & DHCP

Option 1: Cisco IOS DHCP Server on Any Platform 1600, 2500, 3600, Etc.Provide DNS Service Remotely Across WAN

Option 2: CNR on a Small Windows NT System to Provide DNS & DHCP

Option 1: Two Servers Running DNS/DHCP (Low-end UNIX Servers—Raid Disks, 256 MB RAM)Option 2: Two Servers Running DNS/DHCP (Mid-range NT Servers—Raid Disks, 256 MB RAM)Distribute Secondary and Caching DNS Servers Throughout Network

Option 1: Two Servers Running DNS/DHCP (Low-end UNIX Servers—Raid Disks, 256 MB RAM)Option 2: Two Servers Running DNS/DHCP (Mid-range NT Servers—Raid Disks, 256 MB RAM)Distribute Secondary and Caching DNS Servers Throughout Network

Option 1: Redundant DHCP Servers (Mid-Range UNIX Servers, 384 MB RAM)Option 2: Redundant DHCP Servers (High-End NT Servers, 384 MB RAM)Primary DNS Server (Mid-range UNIX Server—Sun Ultra 250E, Raid Disks,512 MBRAM) Distribute Secondary and Caching DNS Servers Throughout Network

Option 1: Redundant DHCP Servers (Mid-Range UNIX Servers, 384 MB RAM)Option 2: Redundant DHCP Servers (High-End NT Servers, 384 MB RAM)Primary DNS Server (Mid-range UNIX Server—Sun Ultra 250E, Raid Disks,512 MBRAM) Distribute Secondary and Caching DNS Servers Throughout Network

Performance FactorsNumber of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance

Performance FactorsNumber of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance

Server SizingServer Sizing(100K, 10K, 1K, 100 Clients)(100K, 10K, 1K, 100 Clients)

328060963_05F9_c3 © 1999, Cisco Systems, Inc. 328060963_05F9_c3 © 1999, Cisco Systems, Inc.

Example Network DesignsExample Network Designs



CorporateData CenterCorporateData Center

Large CampusLarge Campus

• Large campus networks requirehigh-performance, redundant DNSand DHCP servers to supportmultiple 10,000s of nodes

• The server functions need to besplit across multiple servers ina cluster

• Build a cluster with at least threeservers, one primary DNS and tworedundant DHCP servers. Anadditional DNS server can used toprovide secondary DNS service

• DNS servers need highperformance disk I/O (preferably aRAID system) to keep up withdynamic DNS updates

• Each major location around theworld—U.S., Europe and Asianeeds a cluster

PrimaryDNS

Server

DHCPServer 1

DHCPServer 1

SecondaryDNS

Server


SecondaryDNSServer

SecondaryDNSServer

Primary DNSServer for

Company ZoneBigco.Com


Company ZoneBigco.Com

Corporate HeadquartersCorporate Headquarters

DNS andDHCP Servers

DNS andDHCP Servers DNS and

DHCP ServersDNS and

DHCP Servers

Large Branch OfficesLarge Branch Offices

• Organizations with a largenumber of remote branchoffices with a UNIX or NTserver at each remote site.Typically 20-200 nodes/site

• At each of the remote sites,an organization shoulddeploy at least one DNS andDHCP server, two forredundancy. The redundantDHCP server could be at HQ

• Each location could have aseparate domain for the siteand a primary DNS server atthe location. This dependson the WAN bandwidth

• This configuration survivesWAN outages

Corporate WAN

Store Number: 1007Zone: st1007.bigco.com


DNS andDHCP Servers

DNS andDHCP Servers



Small Branch OfficesSmall Branch Offices

• Organization has a largenumber of remote sites andless than 20 nodes per site.Remote sites should havedial-backup connections forredundancy. DHCP/Bootprelay is enabled on router

• At HQ deploy cluster ofredundant DNS and DHCPservers to provide serviceto remote sites

• Each location could have aseparate domain. PrimaryDNS server for each remotesite zone is in HQ. Ifavailable, run a secondaryDNS server in the remotesite for the remote site zoneusing IXFR and NOTIFY

RedundantDHCPServers

RedundantDHCPServers


Store Zones


Store Zones

Corporate HeadquartersCorporate Headquarters

Corporate WAN



DNS andDHCP Servers

DNS andDHCP Servers

DHCP/Bootp Relay(aka IP Helper)

DHCP/Bootp Relay(aka IP Helper)

SecondaryDNS

Server

SecondaryDNS

Server


CorporateWAN

Cisco Cisco IOSDHCP Serve Port

Address Translation

Cisco Cisco IOSDHCP Serve Port

Address Translation

Small Office/Home OfficeSmall Office/Home Office

• SOHO users can connect to thecorporate network using ISDN,DSL or Frame Relay

• Use the Cisco IOS DHCP serverto provide addresses fordevices in the SOHO. Use aprivate, unregisterednetwork number

• Use Port Address Translationto converse IP addresses

• Provide DNS services fromthe corporate network



10.0.100.15 10.0.100.21

161.44.12.45

DHCP ExtensionPoint Script

161.44.12.53Primary IP address = 161.44.12.1

Secondary IP address = 10.0.100.1

IF MAC Address = Phone Mac Address

Then

IP Address = 10.0.100.X

Else

IP Address = 161.44.12.X

Provisioning IP PhonesProvisioning IP Phones

• Deployment of IP phones will require a large number of new IP addresses• Private network numbers (RFC 1918) should be used for IP phones• Cisco Network Registrar is able to distinguish between PCs and IP phones

using a DHCP extension point script• DHCP server distributes additional configuration information to IP phones

CNRDHCPServer


ActivationWeb PageActivationWeb Page

User DBUser DB

Other BCNetwork

Resources

Other BCNetwork

Resources

Custom ApplicationCustom ApplicationUser RegistrationUser Registration

• Boston College (BC)EagleNet activation

• Users must “activate”

Minimal documentation

Enter name and BC PIN

• Four activated classes

Student, staff

Guest, device

• Existing DB updated

User name/MAC

• Help desk load

60% fewer calls



Cisco IOS DHCPCisco IOS DHCPServer ConfigurationServer Configuration

!

! Start DHCP Serverservice dhcp!! Store DHCP Lease database on tftp serverip dhcp database tftp://tftp.cisco.com/dhcp.db!! Create DHCP address pool for the 10.0.0.0/28 networkip dhcp pool subnet-10 lease 3 0 0 <-- lease time of 3 days 0 hours 0 minutes network 10.0.0.0 255.255.255.240 <-- Defines address pool with addresses 10.0.0.1 - 10.0.0.14 dns-server 171.68.10.70 171.68.10.140 domain-name cisco.com netbios-name-server 171.68.235.228 171.68.235.229 netbios-node-type h-node option 150 ip 172.16.24.12 <-- Defines custom option with IP address default-router 10.0.0.1!! Create static mapping for the 10.0.0.5 address - i.e. BootPip dhcp pool manual host 10.0.0.5 client-identifier 010a.1211.2e3c.4a!! Exclude 10.0.0.1 - 10.0.0.5 from DHCP poolip dhcp excluded-address 10.0.0.1 10.0.0.5


Product UpdateProduct Update




Cisco Network Registrar 3.0Cisco Network Registrar 3.0

• Reliable and scalable servicesDHCP Safe FailoverDDNS, IXFR and notifyMultithreaded serversSNMP trapsWeb reporting toolSolaris, NT, HP-UX and AIX

• Flexible integrationLDAP integrationCLI and API

• Policy networkingClient classLDAP integration


WAN

SecondaryDNS Server

DHCPClient

SecondaryDNS Server

BootPClient

NetworkManagement

Station

Web-Based

Reports

Reliable and Scalable ServicesReliable and Scalable Services

• Redundant DHCP and DNS services• Integration with Network Management Systems• Web-based reporting tools• High-performance, multithreaded servers

DHCPServer DHCP

Server

PrimaryDNS

Server



CustomApplications

CustomExtension

CNR GUI Internal DBInternal DB

DNSServerDNS

ServerDNS

ServerDNS

Server

LDAP ClientLDAP Client

CLICLI

DHCPExtensions

DHCPExtensions

Integrating CNR with ExistingIntegrating CNR with ExistingManagement ApplicationsManagement Applications

• Build custom network management andprovisioning applications using the CLI

• Custom DHCP processing using theDHCP extension points

• Build custom web UI using CLI and Perl


ApplicationServer

RouterRouter MultilayerSwitch

MultilayerSwitch

MultiserviceSwitch

MultiserviceSwitchClient

IP Precedence, RSVPApplication RecognitionIP Precedence, RSVP

Application Recognition

Application Signaling

LDAPQPM JavaConsole

DistributedCOPS PolicyServers

COPS SNMP CLI

Directory

CORBA

LDAPNetwork Registrar

Address Rangesand Classes

UserGroups

CiscoAssure Policy NetworkingCiscoAssure Policy Networking

• QoS and securitypolicies enforcedin the network

• Polices based onapplications

• Policies based onusers and groups

• Integrated withdirectory services

• Integrate thirdparty applications

Back End



Coming in

Early CY 2000

Directory-Based ManagementDirectory-Based Managementof Names and Addressesof Names and Addresses

• Manage DNS names and IP addresses• Multiple, simultaneous administrators• Access control by zone and subnet

IPAMWeb App

DNSDHCPServer

DNSDHCPServer

DNSDHCPServer

DNSDHCPServer


Cisco IOS DHCP ServerCisco IOS DHCP Server

• Available in Cisco IOS 12.0(1)T or greater• DHCP/Bootp server

Intelligent DHCP relaySecondary addressesPING before lease and custom options

• CaveatsDHCP lease information stored on remotesystem using TFTP, FTP or RCPNo dynamic DNS or DHCP Failover



WAN

Secondary DNS ServerDHCPClient

SecondaryDNS Server

BootPClientIP Phone

with DHCP

CustomExtension

SummarySummary

• Large networks require reliable and sophisticated DNSand DHCP services

• Cisco has software to meet the DNS/DHCP requirementsfor large networks

• Cisco is developing directory-based tools for managingIP addresses and DNS/DHCP

DHCPServer DHCP

Server

PrimaryDNS

Server


Resources andResources andReferencesReferences




Cisco InformationCisco Information

• Cisco Network Registrarhttp://www.cisco.com/go/cnr

30-day evaluation software

Data sheets, design guides,and documentation

• Cisco IOS DHCP server documentationhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/easyip2.htm


BooksBooksBooks

• DNS and BIND, 3rd EditionBy Cricket Liu and Paul Albitz, O’Reilly and Assoc.

• DHCP,A Guide to Dynamic TCP/IP Network Configuration

By Barry Kercheval, Prentice Hall• LDAP, Programming Directory-Enabled Applications

with Lightweight Directory Access Protocol

By Timothy Howes, Ph.D. and Mark Smith, Macmillan



Web SitesWeb SitesWeb Sites

• Ralph Droms’ Web Sitehttp://www.dhcp.orgRalph is the Chair of the IETF DHCP WG

• Internet Software Consortiumhttp://www.isc.orgHome of BIND and ISC DHCP Server

• John Wobus’ DHCP FAQhttp://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.html


[email protected]

[email protected]

[email protected]

[email protected]

Mailing list archive atftp.bucknell.edu

[email protected]

[email protected]

[email protected]

[email protected]

Mailing list archive atftp.bucknell.edu

[email protected]@internic.net

DHCP Mailing ListsDHCP Mailing Lists DNS Mailing ListsDNS Mailing Lists

To subscribe to mailing lists,send e-mail to:

[email protected] or

[email protected]

And put the following on thefirst line of your message

subscribe <listname> Your Name

subscribe dhcp-v4 Tim Sylvester

To subscribe to mailing lists,send e-mail to:

[email protected] or

[email protected]

And put the following on thefirst line of your message

subscribe <listname> Your Name

subscribe dhcp-v4 Tim Sylvester

Mailing ListsMailing Lists



DHCP RFCs and Internet DraftsDHCP RFCs and Internet Drafts

• RFC 1534—Interoperation Between DHCP and BOOTP• RFC 1542—Clarifications and Extensions for the Bootstrap Protocol• RFC 2131—Dynamic Host Configuration Protocol• RFC 2132—DHCP Options and BOOTP Vendor Extensions• RFC 2241—DHCP Options for Novell Directory Services• RFC 2489—Procedure for Defining New DHCP Options• ID—Dynamic Host Configuration Protocol for IPv6 (DHCPv6)• ID—Interaction between DHCP and DNS• ID—Authentication for DHCP Messages• ID—Multicast Address Allocation Configuration Options• ID—DHCP Failover Protocol• ID—Security Requirements for the DHCP protocol• ID—Dynamic Host Configuration Protocol (DHCP) Server MIB


DNS RFC and Internet DraftsDNS RFC and Internet Drafts

• RFC1035—Domain Names—Implementation and Specification• RFC 1996—A Mechanism for Prompt Notification of Zone Changes

(DNS NOTIFY)• RFC 1995—Incremental Zone Transfer in DNS• RFC 2136—Dynamic Updates in the Domain Name System (DNS

UPDATE)• RFC 2181—Clarifications to the DNS Specification• RFC 2182—Selection and Operation of Secondary DNS Servers• RFC 2308—Negative Caching of DNS Queries (DNS NCACHE)• RFC 2317—Classless IN-ADDR.ARPA delegation (RFC 2317)• ID—Reserved Top Level DNS Names• ID—Extensions to DNS (EDNS1)• ID—Extension mechanisms for DNS (EDNS0)• ID—Deferred Dynamic Domain Name System (DNS) Delete Operations• ID—Simple Secure Domain Name System (DNS) Dynamic Update



UtilitiesUtilitiesUtilities

• NSLOOKUPCommand line DNS client for querying DNS serversAvailable for UNIX and Windows NT

• DIGAnother command line DNS tool

• WINIPCFGAdmin UI for Windows 95/98 DHCP Client. Windows NTversion available on Windows NT Resource Kit

• Perl modules for DNSDevelop applications that talk to BINDhttp://www.cpan.org


Please Complete YourPlease Complete YourEvaluation FormEvaluation Form

Session 806Session 806




Documents

[eBook - PDF - Cisco Press] DNS, DHCP and IP Address Management