What is IPAM?IP Address Management
IP Address Management (IPAM) is a method used to plan, track and manage information associated with a network’s Internet Protocol address space. Using IPAM software, administrators can make sure the repository of assignable IP addresses stays up-to-date. IPAM solutions help simplify and automate the administration of several tasks related to IP space management, including writing DNS records and configuring DHCP settings. Other common functionality includes reservation controlling in DHCP plus other data aggregation and reporting capabilities. Interfacing IPAM with DNS, DHCP as well as external components like RIR (Regional Internet Registries) ensures that each component is aware of changes made in the other ones.
Managing Thousands of IP-connected Devices
IPAM is an important tool for network administrators for all the above reasons… and more. Today’s world is highly dependent on IP addressing. All types of networks, from personal to enterprise-sized, rely on IP addresses for communication. Any device connected to a network depends on its IP address. Emerging technologies such as Cloud Computing and IoT have exponentially increased demand for IP addressing space, regardless of migrating IPv4 to IPv6 addressing plan. Managing hundreds, perhaps thousands, of IP-connected devices has become a major headache, made even more difficult by DHCP leasing adding necessity to constantly keep track of which IP address is assigned to which device.
Centralized Repository For Accurate Records
Companies often use spreadsheets or basic home grown solutions for IP management. This brings risks of IP address duplication and service outage (email, web, …), as well as significant time spent for provisioning new devices IP addresses, so more and more businesses are turning to high-performance IPAM solutions which are then linked to the whole ecosystem, including DNS and DHCP – creating what is commonly known as an integrated DDI solution.
IPAM brings a centralized repository used to build an inventory of the networks, subnets and IP addresses (private and public). It allows administrators to maintain accurate and current records of IP assignments and available addresses. Typical records are:
- Free/assigned IP address space
- Status of each IP address
- Hostname associated with each IP address
- Hardware associated with each IP address
- Size of subnets and current users
Organizations of all types, ranging from small companies to large enterprises, telcos and ISPs, make use of IPAM because of the advantages it offers to network administrators, the main ones being:
for delegation of address space management; improved visibility over IP resources cross-platforms; automation of DNS-DHCP configurations and automatic real-time updates when a host connects/disconnects from TCP/IP network (if the IPAM is integrated with DNS and DHCP servers); built-in reports.
lower risk of misconfigurations by avoiding overlapping subnets and conflicting IP addresses, and by enforcing FQDN; reduced network service downtime; faster troubleshooting.
single centralized repository containing IP Golden Records; address space related information fetched from RIR and maintained in IPAM; single interface/tool for the administrator to manage both private and public address plans; network discovery to gather info about hosts connected, VRFs etc.; IPv6 management capability.
integration with DNS/DHCP/RIR allows IPAM to be updated with “A” Resource Records and lease information; policy rules can be enforced.
to the IT ecosystem: through APIs, in order to be used as a central repository, even with cloud based approach for provisioning (eg orchestration).
Global Visibility Over IP Resources For Holistic Network Security
Due to the fact that it provides the IP address space and the resource assigned to each IP address, advanced IPAM solutions can even play an important part for overall network security. From a single-pane-of-glass, the network administrator has visibility over all IP resources and can obtain the meta-information related to a resource – hostname, device type, physical location, etc – in order to generate alerts and reports when appropriate.