IP ADDRESS MANAGEMENT IEEEPress 445HoesLane Piscataway,NJ08854 IEEEPressEditorialBoard LajosHanzo,EditorinChief R.Abari M.El-Hawary S.Nahavandi J.Anderson B.M.Hammerli W.Reeve F.Canavero M.Lanzerotti T.Samad T.G.Croda O.Malik G.Zobrist KennethMoore,DirectorofIEEEBookandInformationServices(BIS) TechnicalReviewers: GregRabil PaulVixie BooksintheIEEEPressSeriesonNetworkManagement TelecommunicationsNetworkManagementIntothe21stCentury,editedbyThomasPlevyak andSalahAidarous,1994 TelecommunicationsNetworkManagement:TechnologiesandImplementations,editedby ThomasPlevyakandSalahAidarous,1997 FundamentalsofTelecommunicationsNetworkManagement,byLakshmiRaman,1999 SecurityforTelecommunicationsManagementNetwork,byMosheRozenblit,2000 IntegratedTelecommunicationsManagementSolutions,byGrahamChenandQuinzhengKong, 2000 ManagingIPNetworks:ChallengesandOpportunities,editedbyThomasPlevyak andthelateSalahAidarous,2003 Next-GenerationTelecommunicationsNetworks,Services,andManagement,editedby ThomasPlevyakandVeliSahin,2010 IntroductiontoIPAddressManagement,byTimothyRooney,2010 IPAddressManagement:PrinciplesandPractices,byTimothyRooney,2011 IP ADDRESS MANAGEMENT Principles and Practice Timothy Rooney Copyright(cid:1)2011bytheInstituteofElectricalandElectronicsEngineers,Inc. PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey.Allrightsreserved PublishedsimultaneouslyinCanada Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorby anymeans,electronic,mechanical,photocopying,recording,scanning,orotherwise,exceptaspermitted underSection107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermission ofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearance Center,Inc.,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)750-4470,orontheweb atwww.copyright.com.RequeststothePublisherforpermissionshouldbeaddressedtothePermissions Department,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011, fax(201)748-6008,oronlineathttp://www.wiley.com/go/permission. LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsin preparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompleteness ofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessfor aparticularpurpose. Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensales materials. Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshould consultwithaprofessionalwhereappropriate. Neitherthepublishernorauthorshallbeliableforanyloss ofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential, orotherdamages. Forgeneralinformationonourotherproductsandservicesorfortechnicalsupport,pleasecontactour CustomerCareDepartmentwithintheUnitedStatesat(800)762-2974,outsidetheUnitedStatesat (317)572-3993orfax(317)572-4002. Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmay notbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteat www.wiley.com. LibraryofCongressCataloging-in-PublicationData: Rooney,Tim. IPaddressmanagement:principlesandpractice/TimRooney. p.cm. Includesbibliographicalreferencesandindex. ISBN978-0-470-58587-0(cloth:alk.paper) 1. Internetaddresses.2. Internetdomainnames. I.Title. TK5105.8835.R662011 004’67’8–dc22 2010010791 PrintedinSingapore oBookISBN:978-0-470-88065-4 ePDFISBN:978-0-470-88064-7 10 9 8 7 6 5 4 3 2 1 In memory of my father, Patrick Rooney CONTENTS Preface xi Acknowledgments xv PART I IP ADDRESSING 1 THE INTERNETPROTOCOL 3 1.1 Highlights ofInternet Protocol History 3 1.2 IPAddressing 7 1.3 ClasslessAddressing 13 1.4 Special Use Addresses 14 2 INTERNET PROTOCOLVERSION6 (IPv6) 15 2.1 Introduction 15 2.2 IPv6Address Allocations 21 2.3 IPv6Address Autoconfiguration 30 2.4 NeighborDiscovery 30 2.5 ReservedSubnet Anycast Addresses 33 2.6 Required Host IPv6Addresses 34 3 IP ADDRESSALLOCATION 35 3.1 Address AllocationLogic 38 3.2 IPv6Address Allocation 49 3.3 IPAM Worldwide’s IPv6Allocations 53 viii CONTENTS 3.4 Internet Registries 57 3.5 Multihomingand IPAddress Space 62 3.6 Block Allocation andIPAddress Management 63 PART II DHCP 4 DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) 67 4.1 Introduction 67 4.2 DHCP Overview 68 4.3 DHCP Serversand Address Assignmen 75 4.4 DHCP Options 78 4.5 Other Meansof Dynamic Address Assignment 89 5 DHCP FORIPv6 (DHCPv6) 90 5.1 DHCP Comparison: IPv4 VersusIPv6 91 5.2 DHCPv6Address Assignment 92 5.3 DHCPv6PrefixDelegation 93 5.4 DHCPv6Support ofAddress Autoconfiguration 94 5.5 Device Unique Identifiers 97 5.6 Identity Associations 99 5.7 DHCPv6Options 99 6 DHCP APPLICATIONS 109 6.1 Multimedia Device Type SpecificConfiguration 110 6.2 BroadbandSubscriberProvisioning 111 6.3 Related Lease AssignmentorLimitationApplications 115 6.4 PrebootExecutionEnvironment Clients 115 7 DHCP SERVER DEPLOYMENT STRATEGIES 118 7.1 DHCP ServerPlatforms 118 7.2 Centralized DHCP ServerDeployment 119 7.3 DistributedDHCP ServerDeployment 120 7.4 ServerDeployment Design Considerations 122 7.5 DHCP Deployment on Edge Devices 125 CONTENTS ix 8 DHCP AND NETWORKACCESS SECURITY 127 8.1 Network Access Control 127 8.2 AlternativeAccess ControlApproaches 132 8.3 Securing DHCP 137 PART III DNS 9 THE DOMAINNAME SYSTEM (DNS) PROTOCOL 143 9.1 DNS Overview—Domains andResolution 143 9.2 Name Resolution 145 9.3 Zones and Domains 148 9.4 ResolverConfiguration 159 9.5 DNS Message Format 161 10 DNS APPLICATIONS AND RESOURCE RECORDS 176 10.1 Introduction 176 10.2 Name–Address LookupApplications 178 10.3 Email and Antispam Management 191 10.4 Security Applications 205 10.5 Experimental Name–Address Lookup Records 217 10.6 ResourceRecord Summary 218 11 DNS SERVER DEPLOYMENT STRATEGIES 223 11.1 GeneralDeployment Guidelines 224 11.2 GeneralDeployment Building Blocks 224 11.3 External–External Category 226 11.4 External–Internal Category 231 11.5 Internal–Internal Category 232 11.6 Internal–External Category 237 11.7 Cross-Role Category 243 11.8 Putting it All Together 253 12 SECURINGDNS (PART I) 254 12.1 DNS Vulnerabilities 254 12.2 MitigationApproaches 258 12.3 Non-DNSSEC SecurityRecords 259 x CONTENTS 13 SECURINGDNS (PART II): DNSSEC 264 13.1 Digital Signatures 265 13.2 DNSSECOverview 266 13.3 ConfiguringDNSSEC 268 13.4 The DNSSEC Resolution Process 290 13.5 KeyRollover 297 PART IV IPAMINTEGRATION 14 IPADDRESS MANAGEMENT PRACTICES 305 14.1 FCAPS Summary 306 14.2 Common IP Management Tasks 307 14.3 ConfigurationManagement 307 14.4 Fault Management 324 14.5 AccountingManagement 334 14.6 Performance Management 338 14.7 SecurityManagement 340 14.8 Disaster Recovery/Business Continuity 340 14.9 ITIL ProcessMappings 342 14.10 Conclusion 346 15 IPv6 DEPLOYMENT AND IPv4COEXISTENCE 347 15.1 Introduction 347 15.2 Dual-Stack Approach 349 15.3 Tunneling Approaches 353 15.4 Translation Approaches 368 15.5 ApplicationMigration 374 15.6 Planning the IPv6 DeploymentProcess 374 BIBLIOGRAPHY 383 GLOSSARY 392 RFC INDEX 394 INDEX 408
Description: