Table Of ContentIP Address Management
I P Address Management
Second Edition
Michael Dooley & Timothy Rooney
Copyright © 2021 by The Institute of Electrical and Electronics Engineers, Inc.
All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or
otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright
Act, without either the prior written permission of the Publisher, or authorization through
payment of the appropriate per‐copy fee to the Copyright Clearance Center, Inc., 222 Rosewood
Drive, Danvers, MA 01923, (978) 750‐8400, fax (978) 750‐4470, or on the web at www.copyright.
com. Requests to the Publisher for permission should be addressed to the Permissions
Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax
(201) 748‐6008, or online at http://www.wiley.com/go/permission.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best
efforts in preparing this book, they make no representations or warranties with respect to the
accuracy or completeness of the contents of this book and specifically disclaim any implied
warranties of merchantability or fitness for a particular purpose. No warranty may be created or
extended by sales representatives or written sales materials. The advice and strategies contained
herein may not be suitable for your situation. You should consult with a professional where
appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other
commercial damages, including but not limited to special, incidental, consequential, or other
damages.
For general information on our other products and services or for technical support, please
contact our Customer Care Department within the United States at (800) 762‐2974, outside the
United States at (317) 572‐3993 or fax (317) 572‐4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in
print may not be available in electronic formats. For more information about Wiley products,
visit our web site at www.wiley.com.
Library of Congress Cataloging‐in‐Publication Data
Names: Rooney, Tim, author. | Dooley, Michael Earl, 1962- author.
Title: IP address management / Michael Dooley & Timothy Rooney.
Description: Second edition. | Hoboken, New Jersey : Wiley, 2021. | Series:
IEEE press series on networks and service management | Timothy Rooney
appears as the first named author in the first edition. | Includes
bibliographical references and index.
Identifiers: LCCN 2020030601 (print) | LCCN 2020030602 (ebook) | ISBN
9781119692270 (cloth) | ISBN 9781119692287 (adobe pdf) | ISBN
9781119692300 (epub)
Subjects: LCSH: Internet addresses. | Internet domain names.
Classification: LCC TK5105.8835 .R66 2021 (print) | LCC TK5105.8835
(ebook) | DDC 004.67/8–dc23
LC record available at https://lccn.loc.gov/2020030601
LC ebook record available at https://lccn.loc.gov/2020030602
Cover design by Wiley
Cover image: © Bill Donnelley/WT Design
Set in 9.5/12.5pt STIXTwoText by SPi Global, Chennai, India
10 9 8 7 6 5 4 3 2 1
v
Contents
Preface xix
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IPNetworkingOverview 3
IPRouting 6
IPAddresses 7
ProtocolLayering 12
OSIand TCP/IPLayers 14
TCP/UDPPorts 15
Intra-LinkCommunications 15
AreWe on the SameLink? 17
LimitingBroadcastDomains 18
InterlinkCommunications 19
WorldwideIPCommunications 20
DynamicRouting 22
Routersand Subnets 24
AssigningIPaddresses 25
TheHumanElement 26
WhyManageIPSpace? 26
BasicIPAMApproaches 27
EarlyHistory 27
Today’sIPNetworksand IPManagementChallenges 28
vi Contents
2 IP Addressing 31
InternetProtocolHistory 31
TheInternetProtocol,Take1 32
Class-BasedAddressing 32
InternetGrowingPains 35
PrivateAddressSpace 38
ClasslessAddressing 40
SpecialUseIPv4Addresses 40
TheInternetProtocol,Take2 41
IPv6AddressTypesand Structure 42
IPv6AddressNotation 43
AddressStructure 45
IPv6AddressAllocations 46
2000::/3 – GlobalUnicastAddressSpace 47
fc00::/7 – UniqueLocalAddressSpace 47
fe80::/10 – LinkLocalAddressSpace 47
ff00::/8 – MulticastAddressSpace 48
SpecialUseIPv6Addresses 48
IPv4–IPv6Coexistence 49
3 IP Address Assignment 51
AddressPlanning 51
RegionalInternetRegistries 51
RIRAddressAllocation 53
AddressAllocationEfficiency 54
Multi-Homingand IPAddressSpace 55
EndpointAddressAllocation 58
Server-basedAddressAllocationUsingDHCP 58
DHCPServersand AddressAssignment 61
DeviceIdentificationbyClass 62
DHCPOptions 62
DHCPfor IPv6(DHCPv6) 62
DHCPComparisonIPv4vs.IPv6 63
DHCPv6AddressAssignment 64
DHCPv6PrefixDelegation 65
DeviceUniqueIdentifiers(DUIDs) 66
IdentityAssociations(IAs) 66
DHCPv6Options 67
IPv6AddressAutoconfiguration 67
Contents vii
NeighborDiscovery 68
ModifiedEUI-64InterfaceIdentifiers 69
OpaqueInterfaceIDs 69
ReservedInterfaceIDs 72
DuplicateAddressDetection(DAD) 72
4 Navigating the Internet with DNS 75
DomainHierarchy 75
NameResolution 76
ResourceRecords 80
Zonesand Domains 81
Disseminationof ZoneInformation 83
ReverseDomains 84
IPv6ReverseDomains 89
AdditionalZones 91
RootHints 91
LocalhostZones 92
DNSUpdate 92
5 IPAM Technology Applications 93
DHCPApplications 93
DeviceTypeSpecificConfiguration 94
BroadbandSubscriberProvisioning 95
RelatedLeaseAssignmentorLimitationApplications 101
Pre-BootExecutionEnvironment(PXE)clients 102
PPP/RADIUSEnvironments 103
MobileIP 104
PopularDNSApplications 105
HostNameand IPAddressResolution 106
A – IPv4AddressRecord 107
AAAA – IPv6addressrecord 107
PTR – PointerRecord 107
AliasHostNameResolutions 108
CNAME – CanonicalNameRecord 108
NetworkServicesLocation 108
SRV – ServicesLocationRecord 109
TextualInformationLookup 110
TXT – TextRecord 110
ManyMoreApplications 110
viii Contents
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAMIsFoundational 113
Impactsof InadequateIPAMPractice 114
IPAMIsCoreto NetworkManagement 115
FCAPSSummary 116
ConfigurationManagement 117
AddressAllocationConsiderations 118
AddressAllocationTasks 120
IPAddressAssignment 133
AddressDeletionTasks 135
AddressRenumberingorMovementTasks 136
NetworkServicesConfiguration 140
FaultManagement 143
Monitoringand FaultDetection 143
Troubleshootingand FaultResolution 144
AccountingManagement 147
InventoryAssurance 147
PerformanceManagement 151
ServicesMonitoring 151
AddressCapacityManagement 152
Auditingand Reporting 152
SecurityManagement 153
ITIL®ProcessMappings 153
ITILPracticeAreas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6DeploymentProcessOverview 164
IPv6AddressPlanObjectives 165
IPv6AddressPlanExamples 166
Case1 166
Observations 168
Case2 169
Observations 169
GeneralIPv6AddressPlanGuidelines 170
ULAConsiderations 171
RenumberingImpacts 172
IPv4–IPv6CoexistenceTechnologies 173
Contents ix
DualStackApproach 173
DualStackDeployment 174
DNSConsiderations 174
DHCPConsiderations 175
TunnelingApproaches 176
TunnelingScenariosfor IPv6PacketsoverIPv4Networks 176
Dual-StackLite 177
Lightweight4over6 181
Mappingof Addressand Portwith Encapsulation(MAP-E) 181
AdditionalTunnelingApproaches 183
TranslationApproaches 184
IP/ICMPTranslation 185
AddressTranslation 186
PacketFragmentationConsiderations 187
IPHeaderTranslationAlgorithm 188
Bumpin the Host(BIH) 189
NetworkAddressTranslationfor IPv6–IPv4(NAT64) 192
NAT64and DNS64 193
464XLAT 195
Mappingof Addressand Portwith Translation(MAP-T) 195
OtherTranslationTechniques 196
PlanningYourIPv6DeploymentProcess 197
8 IPAM for the Internet of Things 201
IoTArchitectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAMVNFs 212
CloudIPAMConcepts 212
IPInitializationProcess 212
IPInitializationImplementation 213
DHCPMethod 214
PrivateCloudStaticMethod 216
PublicCloudStaticMethod 218
CloudAutomationwith APIs 218
Multi-CloudIPAM 220
PrivateCloudAutomation 221
PublicCloudAutomation 223
x Contents
IPAMAutomationBenefits 223
UnifyingIPAMAutomation 224
StreamlinedSubnetAllocationWorkflow 226
WorkflowRealization 230
Tipsfor DefiningWorkflows 233
AutomationScenarios 234
Intra-IPAMAutomation 234
DHCPServerConfiguration 235
DNSServerConfiguration 236
SubnetAssignment 236
IPAddressAssignmentRequest 236
Extra-IPAMWorkflowExamples 237
RegionalInternetRegistryReporting 237
RouterConfigurationProvisioning 238
CustomerProvisioning 238
AssetInventoryIntegration 238
TroubleTicketCreation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
SecuringDHCP 244
DHCPServiceAvailability 244
DHCPServer/OSAttacks 244
DHCPServer/OSAttackMitigation 245
DHCPServiceThreats 245
DHCPThreatMitigation 246
DHCPAuthenticationand Encryption 247
DNSInfrastructureRisksand Attacks 248
DNSServiceAvailability 249
DNSServer/OSAttacks 249
DNSServer/OSAttackMitigation 250
DNSServiceDenial 250
DistributedDenialof Service 251
BogusDomainQueries 251
PseudorandomSubdomainAttacks 252
Denialof ServiceMitigation 253
ReflectorStyleAttacks 253
