IPAM applies management disciplines to these core services, including configuration, change control, auditing, reporting and so on, and they are necessary given the absolute requirement for properly managing IP space and DHCP and DNS servers. The linkages among an IP address plan, DHCP server configuration and DNS server configuration are inseparable; a change of an IP address will affect DNS information and perhaps DHCP as well. These functions provide the foundation for today's converged services IP networks, so they need to be managed using a rigorous approach.

Today, there is no single book that covers the management of these linkages and services they provide; IP Address Management Principles and Practice will fill that gap. While several books are available for leading vendors' DHCP and DNS services implementations, few exist for IP address planning, and none exist that unifies these three topics.

To obtain a free copy of the IPAM Configuration Guide please send an email to:

[email protected]

Preface xi

Acknowledgments xv

Part I IP Addressing

1 The Internet Protocol 3

1.1 Highlights of Internet Protocol History 3

1.2 IP Addressing 7

1.3 Classless Addressing 13

1.4 Special Use Addresses 14

2 Internet Protocol Version 6 (IPv6) 15

2.1 Introduction 15

2.2 IPv6 Address Allocations 21

2.3 IPv6 Address Autoconfiguration 30

2.4 Neighbor Discovery 30

2.5 Reserved Subnet Anycast Addresses 33

2.6 Required Host IPv6 Addresses 34

3 IP Address Allocation 35

3.1 Address Allocation Logic 38

3.2 IPv6 Address Allocation 49

3.3 IPAM Worldwide’s IPv6 Allocations 53

3.4 Internet Registries 57

3.5 Multihoming and IP Address Space 62

3.6 Block Allocation and IP Address Management 63

Part II DHCP

4 Dynamic Host Configuration Protocol (DHCP) 67

4.1 Introduction 67

4.2 DHCP Overview 68

4.3 DHCP Servers and Address Assignmen 75

4.4 DHCP Options 78

4.5 Other Means of Dynamic Address Assignment 89

5 DHCP for IPv6 (DHCPv6) 90

5.1 DHCP Comparison: IPv4 Versus IPv6 91

5.2 DHCPv6 Address Assignment 92

5.3 DHCPv6 Prefix Delegation 93

5.4 DHCPv6 Support of Address Autoconfiguration 94

5.5 Device Unique Identifiers 97

5.6 Identity Associations 99

5.7 DHCPv6 Options 99

6 DHCP Applications 109

6.1 Multimedia Device Type Specific Configuration 110

6.2 Broadband Subscriber Provisioning 111

6.3 Related Lease Assignment or Limitation Applications 115

6.4 Preboot Execution Environment Clients 115

7 DHCP Server Deployment Strategies 118

7.1 DHCP Server Platforms 118

7.2 Centralized DHCP Server Deployment 119

7.3 Distributed DHCP Server Deployment 120

7.4 Server Deployment Design Considerations 122

7.5 DHCP Deployment on Edge Devices 125

8 DHCP and Network Access Security 127

8.1 Network Access Control 127

8.2 Alternative Access Control Approaches 132

8.3 Securing DHCP 137

Part III DNS

9 The Domain Name System (DNS) Protocol 143

9.1 DNS Overview—Domains and Resolution 143

9.2 Name Resolution 145

9.3 Zones and Domains 148

9.4 Resolver Configuration 159

9.5 DNS Message Format 161

10 DNS Applications and Resource Records 176

10.1 Introduction 176

10.2 Name–Address Lookup Applications 178

10.3 Email and Antispam Management 191

10.4 Security Applications 205

10.5 Experimental Name–Address Lookup Records 217

10.6 Resource Record Summary 218

11 DNS Server Deployment Strategies 223

11.1 General Deployment Guidelines 224

11.2 General Deployment Building Blocks 224

11.3 External–External Category 226

11.4 External–Internal Category 231

11.5 Internal–Internal Category 232

11.6 Internal–External Category 237

11.7 Cross-Role Category 243

11.8 Putting it All Together 253

12 Securing DNS (Part I) 254

12.1 DNS Vulnerabilities 254

12.2 Mitigation Approaches 258

12.3 Non-DNSSEC Security Records 259

13 Securing DNS (Part II): DNSSEC 264

13.1 Digital Signatures 265

13.2 DNSSEC Overview 266

13.3 Configuring DNSSEC 268

13.4 The DNSSEC Resolution Process 290

13.5 Key Rollover 297

Part IV IPAM Integration

14 IP Address Management Practices 305

14.1 FCAPS Summary 306

14.2 Common IP Management Tasks 307

14.3 Configuration Management 307

14.4 Fault Management 324

14.5 Accounting Management 334

14.6 Performance Management 338

14.7 Security Management 340

14.8 Disaster Recovery/Business Continuity 340

14.9 ITIL Process Mappings 342

14.10 Conclusion 346

15 IPv6 Deployment and IPv4 Coexistence 347

15.1 Introduction 347

15.2 Dual-Stack Approach 349

15.3 Tunneling Approaches 353

15.4 Translation Approaches 368

15.5 Application Migration 374

15.6 Planning the IPv6 Deployment Process 374

Bibliography 383

Glossary 392

RFC index 394

Index 408

TIMOTHY ROONEY has worked with IP technologies in various capacities over the last sixteen years, including systems engineering and development. He has an extensive background not only in IP, but also in telecommunications, wireless services, and software, having worked at Bell Laboratories, AT&T Wireless, Lucent Technologies, and BT. In his current role as Director of Product Management with BT Diamond IP, Rooney is responsible for the overall BT Diamond IP product life cycle, managing product features and releases, as well as supporting sales and marketing.

"This guide to Internet Protocol address management (IPAM) presents a practical, technical overview of each part of the IP environment and provides advice on best practices for creating an effective, integrated management plan . . . the work includes numerous illustrations and code examples and would be appropriate for advanced computer science students as well as network administrators and designers. Rooney is an IPAM expert and senior director for an IPAM consulting firm." (Booknews, 1 April 2011)

"Today, there is no single book that covers the management of these linkages and services they provide; IP Address Management Principles and Practice will fill that gap. While several books are available for leading vendors' DHCP and DNS services implementations, few exist for IP address planning, and none exist that unifies these three topics." (Security @ ITBusiness Net.com, 28 February 2011)