Skip to main content Skip to search

IPAM Reloaded

IPAM, together with DHCP and DNS (collectively known as DDI), are a foundation of the modern network. It is clear that larger-scale networks cannot function with manual assignment of IPs and spreadsheet-based tracking. However, the essential infrastructure that is IPAM is now two decades old, and has not evolved to support modern application models.

What is IPAM?

IP Address Management (IPAM) provides organizations with an efficient and automated way to manage large numbers of IP addresses. Today’s networks are exploding with connected devices, many of which are mobile, and require IP addresses on a non-permanent basis.

Each device must be assigned a unique IP address within an appropriate subnet, and any error can result to outage of critical assets.

In the past, management of IP addresses was done manually and tracked using spreadsheets. This was time consuming, error prone, and simply not scalable. Today it is understood that any network with over 250 devices or users which assigns IP addresses dynamically - any mid-to-large enterprise network - must use an automated IPAM system.


DNS, DHCP, and IPAM (DDI)

Dynamic Host Configuration Protocol (DHCP)

A DHCP server automatically assigns IP addresses to assets in a network, ensuring IP addresses are unique and assigning an appropriate subnet mask. DHCP servers are built into many network devices and routers. They are also commonly offered together with IPAM systems.


Domain Name System (DNS)

The fundamental addressing mechanism of the Internet, also used heavily within corporate networks, to assign human-readable web addresses and translate them back to machine-readable IP addresses. Large corporate networks operate a network of Authoritative Name Servers and Recursive DNS Servers, to ensure web browsers and devices within the network are able to locate and communicate with each other.

Modern IPAM systems are commonly offered together with DHCP and DNS. This is known as a DDI solution (DDI stands for DNS, DHCP and IPAM), which has all three technologies built in and pre-integrated. DDI solutions provide a one-stop-shop for managing network addresses, saving administrators the considerable burden of setting up and configuring DHCP and DNS infrastructure.

DDI is most commonly purchased as a network appliance, which can be deployed in several locations across the corporate network and take over all network addressing functions. There are also software based solutions.


Basic DDI capabilities include:

  • Automated IP and DNS management
  • IPv4 and IPv6 support
  • Broad compatibility with network devices, protocols and software components
  • Scalability, high availability, disaster recovery
  • Central admin interface for IP and DNS infrastructure across the enterprise
  • Monitoring, alerting, and compliance auditing

Why IPAM and DDI Can’t Keep Up with Modern Applications

DDI solutions have been around for two decades, and while they provide clear benefits, they were not designed for today’s fast-paced, dynamic applications.

1. Complex UI and Workflows

As DDI solutions evolved to address more complex application deployment challenges, this add-on approach resulted current DDI tools becoming overly complex UI and workflows that require DDI platform specific expertise. As IT is becoming decentralized, individual departments and small DevOps teams need to set up their own infrastructure. They are often unable to work with DDI or find that it cannot support their requirements, and may turn to home grown solutions.


2. Slow to Propagate Changes

A common bottleneck in traditional IPAM is the Domain Name System (DNS) system. The DNS embedded within most IPAM and DDI solutions is often slow to respond to updates and propagation times across a large enterprise network can take 30 minutes or more. These issues can make it difficult to schedule changes and ultimately hamper the ability of DevOps teams to deploy updates and new applications based on their business objectives.


3. Difficult to Automate

Traditional DNS technology was CLI based and did not offer a native API. APIs offered by IPAM systems were often developed as addon features on top of the native CL. This often results in APIs that suffer from performance problems, may have incomplete coverage and offer a non-standard command syntax.

4. No Integrations with the DevOps Toolset

Traditional IPAM and DDI solutions integrate with many network and infrastructure components, but typically do not have integrations with the toolset driving DevOps and CI/CD development cycles. Without toolset integration, application teams have difficulty incorporating DNS and IP changes into their deployment playbooks.


5. Traffic Management

Modern applications are deployed dynamically, scaled dynamically, and frequently transition between difficult physical machines. They are also distributed and delivered across multiple data centers or geographical locations. Traditional IPAM and DDI are focused on the management of device/service names and addresses but provide very little capability to steer application traffic to meet performance and business policy objectives.


Reliability

Due to IPAM’s architecture, it must be deployed within one cloud. Failure of that cloud takes down IPAM and by extension, makes all multi cloud applications unavailable.

Performance

IPAM must be deployed in inside the multi cloud, rather than sitting “in front of” multi cloud applications. This means users connecting to an application are very often rerouted to another cloud, causing latency issues.

Traffic Routing

IPAM does not have information about performance or other characteristics of each cloud, so it cannot route users to the most appropriate cloud

IPAM Resources