Download from Wow! eBook IP ADDRESS MANAGEMENT IEEE Press 445 Hoes Lane Piscataway, NJ 08854 IEEE Press Editorial Board Lajos Hanzo, Editor in Chief R Abari J Anderson F Canavero T G Croda M El-Hawary B M Hammerli M Lanzerotti O Malik S Nahavandi W Reeve T Samad G Zobrist Kenneth Moore, Director of IEEE Book and Information Services (BIS) Technical Reviewers: Greg Rabil Paul Vixie Books in the IEEE Press Series on Network Management Telecommunications Network Management Into the 21st Century, edited by Thomas Plevyak and Salah Aidarous, 1994 Telecommunications Network Management: Technologies and Implementations, edited by Thomas Plevyak and Salah Aidarous, 1997 Fundamentals of Telecommunications Network Management, by Lakshmi Raman, 1999 Security for Telecommunications Management Network, by Moshe Rozenblit, 2000 Integrated Telecommunications Management Solutions, by Graham Chen and Quinzheng Kong, 2000 Managing IP Networks: Challenges and Opportunities, edited by Thomas Plevyak and the late Salah Aidarous, 2003 Next-Generation Telecommunications Networks, Services, and Management, edited by Thomas Plevyak and Veli Sahin, 2010 Introduction to IP Address Management, by Timothy Rooney, 2010 IP Address Management: Principles and Practices, by Timothy Rooney, 2011 IP ADDRESS MANAGEMENT Principles and Practice Timothy Rooney Copyright Ó 2011 by the Institute of Electrical and Electronics Engineers, Inc Published by John Wiley & Sons, Inc., Hoboken, New Jersey All rights reserved Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic formats For more information about Wiley products, visit our web site at www.wiley.com Library of Congress Cataloging-in-Publication Data: Rooney, Tim IP address management : principles and practice / Tim Rooney p cm Includes bibliographical references and index ISBN 978-0-470-58587-0 (cloth : alk paper) Internet addresses Internet domain names I Title TK5105.8835.R66 2011 004’67’8–dc22 2010010791 Printed in Singapore oBook ISBN: 978-0-470-88065-4 ePDF ISBN: 978-0-470-88064-7 10 In memory of my father, Patrick Rooney CONTENTS Preface xi Acknowledgments xv PART I THE INTERNET PROTOCOL 1.1 1.2 1.3 1.4 IP ADDRESSING Highlights of Internet Protocol History IP Addressing Classless Addressing Special Use Addresses 3 13 14 INTERNET PROTOCOL VERSION (IPv6) 15 2.1 2.2 2.3 2.4 2.5 2.6 15 21 30 30 33 34 Introduction IPv6 Address Allocations IPv6 Address Autoconfiguration Neighbor Discovery Reserved Subnet Anycast Addresses Required Host IPv6 Addresses IP ADDRESS ALLOCATION 35 3.1 Address Allocation Logic 3.2 IPv6 Address Allocation 3.3 IPAM Worldwide’s IPv6 Allocations 38 49 53 CONTENTS viii 3.4 Internet Registries 3.5 Multihoming and IP Address Space 3.6 Block Allocation and IP Address Management PART II 57 62 63 DHCP DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) 67 4.1 4.2 4.3 4.4 4.5 67 68 75 78 89 Introduction DHCP Overview DHCP Servers and Address Assignmen DHCP Options Other Means of Dynamic Address Assignment DHCP FOR IPv6 (DHCPv6) 90 5.1 5.2 5.3 5.4 5.5 5.6 5.7 91 92 93 94 97 99 99 DHCP Comparison: IPv4 Versus IPv6 DHCPv6 Address Assignment DHCPv6 Prefix Delegation DHCPv6 Support of Address Autoconfiguration Device Unique Identifiers Identity Associations DHCPv6 Options DHCP APPLICATIONS 109 6.1 6.2 6.3 6.4 110 111 115 115 Multimedia Device Type Specific Configuration Broadband Subscriber Provisioning Related Lease Assignment or Limitation Applications Preboot Execution Environment Clients DHCP SERVER DEPLOYMENT STRATEGIES 118 7.1 7.2 7.3 7.4 7.5 118 119 120 122 125 DHCP Server Platforms Centralized DHCP Server Deployment Distributed DHCP Server Deployment Server Deployment Design Considerations DHCP Deployment on Edge Devices CONTENTS ix DHCP AND NETWORK ACCESS SECURITY 127 8.1 Network Access Control 8.2 Alternative Access Control Approaches 8.3 Securing DHCP 127 132 137 PART III DNS THE DOMAIN NAME SYSTEM (DNS) PROTOCOL 9.1 9.2 9.3 9.4 9.5 10 11 12 DNS Overview—Domains and Resolution Name Resolution Zones and Domains Resolver Configuration DNS Message Format 143 143 145 148 159 161 DNS APPLICATIONS AND RESOURCE RECORDS 176 10.1 10.2 10.3 10.4 10.5 10.6 176 178 191 205 217 218 Introduction Name–Address Lookup Applications Email and Antispam Management Security Applications Experimental Name–Address Lookup Records Resource Record Summary DNS SERVER DEPLOYMENT STRATEGIES 223 11.1 11.2 11.3 11.4 11.5 11.6 11.7 11.8 224 224 226 231 232 237 243 253 General Deployment Guidelines General Deployment Building Blocks External–External Category External–Internal Category Internal–Internal Category Internal–External Category Cross-Role Category Putting it All Together SECURING DNS (PART I) 254 12.1 DNS Vulnerabilities 12.2 Mitigation Approaches 12.3 Non-DNSSEC Security Records 254 258 259 CONTENTS x 13 SECURING DNS (PART II): DNSSEC 264 13.1 13.2 13.3 13.4 13.5 265 266 268 290 297 Digital Signatures DNSSEC Overview Configuring DNSSEC The DNSSEC Resolution Process Key Rollover PART IV 14 15 IPAM INTEGRATION IP ADDRESS MANAGEMENT PRACTICES 305 14.1 FCAPS Summary 14.2 Common IP Management Tasks 14.3 Configuration Management 14.4 Fault Management 14.5 Accounting Management 14.6 Performance Management 14.7 Security Management 14.8 Disaster Recovery/Business Continuity 14.9 ITIL Process Mappings 14.10 Conclusion 306 307 307 324 334 338 340 340 342 346 IPv6 DEPLOYMENT AND IPv4 COEXISTENCE 347 15.1 15.2 15.3 15.4 15.5 15.6 347 349 353 368 374 374 Introduction Dual-Stack Approach Tunneling Approaches Translation Approaches Application Migration Planning the IPv6 Deployment Process BIBLIOGRAPHY 383 GLOSSARY 392 RFC INDEX 394 INDEX 408 ... and Veli Sahin, 2010 Introduction to IP Address Management, by Timothy Rooney, 2010 IP Address Management: Principles and Practices, by Timothy Rooney, 2011 IP ADDRESS MANAGEMENT Principles and. .. source and destination IP address fields and the IP addressing structure 1.2 IP ADDRESSING The IP address field is comprised of 32 bits The familiar dotted decimal notation for an IP address. .. core IPAM aspects, respectively: IP addressing and management, DHCP, and DNS Part IV then integrates these three core components, describing management techniques and practice Part I: IP Addressing