The Dynamic Host Configuration Protocol (DHCP) allocates IP addresses to devices connected to a network. It centralizes ownership of addresses so that no individual piece of equipment on a network has a permanent address. DHCP is part of the TCP/IP protocol suite and is regarded as an application layer protocol in the TCP/IP stack.
The protocol allows network managers to assign addresses to network-connected devices. The address format that the system uses is the IP address, which is defined in the Internet Protocol — another part of the TCP/IP protocol suite.
Here is our list of the best DDI/IPAM systems and DHCP servers:
- SolarWinds IP Address Manager EDITOR’S CHOICE This IPAM is able to form a full DDI package by integrating with third-party DNS and DHCP servers, including coverage for cloud systems. This tool keeps track of IP address usage and updates DHCP servers accordingly. Runs on Windows Server. Get a 30-day free trial.
- BlueCat IPAM Suitable for team-managed networks. Installs on Windows Server and works with Microsoft DHCP servers.
- OpUtils IPAM DDI suite that works with Microsoft DHCP servers. Installs on Windows Server or Linux.
- Infoblox IPAM Comprehensive IPAM that includes IP address usage tracking.
- Morpheus Cloud-based DDI solution with IP address usage tracking and DHCP resolution.
- GestióIP Great free tool for all IP address management issues.
- Men & Mice Micetro Available as a full DDI suite or just a DHCP Manager. Works with ISC DHCP servers, Windows DHCP, Cisco IOS DHCP, and Kea DHCP servers.
- Tidal LightMesh DDI solution that is suitable for small businesses. It includes a scripting interface for customized automation.
- Nokia VitalQIP DDI system that is available as software or as an appliance. Includes native DNS and DHCP servers.
- BT Diamond IP A remote, managed IP address tracking system that is also available as an on-premises appliance.
DHCP is routinely used by internet service providers to assign IP addresses to customers. This system enables ISPs to make more efficient use of a DHCP pool of addresses. Not all of an ISP’s customers are connected to the internet at the same time, so residential users no longer get assigned permanent addresses. Instead, each is allocated an address for the duration of the connection. Private wifi routers implement the same method for the networks that they operate on.
IP addresses have to be unique within the network that they access. So, on a private network, IP addresses do not have to be unique throughout the world, just on that network. IP addresses that are connected to the internet cannot be duplicated anywhere on the internet. DHCP is concerned with allocating IP addresses from a reserved pool. DHCP doesn’t track IP address usage — that responsibility is the remit of IP address management (IPAM) systems, which you will read about later in this guide.
What is DHCP?
The protocol lays out procedures for the request and distribution of IP addresses on a network. Those definitions include a series of message types that the allocation process must include.
Like all of the other protocols maintained by the IETF, DHCP is not a program. It is just a set of standards that anyone wanting to create a program for the DHCP address distribution function should follow. The importance of public standards for networking is that they ensure compatibility between networking programs no matter where in the world they were written.
A key element of the DHCP method is the procedure that the client initially uses in order to communicate with other devices on a network. As all computers on a network need a unique address in order to communicate, the question of how any computer can communicate in order to acquire an address is a conundrum that DHCP solves.
The DHCP methodology is defined in a document that is available to all and maintained by the Internet Engineering Taskforce. The IETF presents the current status of the protocol on its website as RFC 3942. This document defines DHCP version 4. The original definition of the system is held in two documents: RFC 2131 and RFC 2132. There is a collection of supplementary protocol definitions that add to the standard published in RFC 3942. For example, RFC 4242 explains how to adapt the protocol to use IPv6 addresses.
How DHCP Works
There are two basic elements of a DHCP system. These are a DHCP server and a DHCP client. The DHCP client is resident on each of the devices that you have connected to your network. When that device gets turned on, the DHCP client starts its job as part of the startup procedures of the operating system.
The device has no IP address and so cannot send out any messages with a return address on it. Instead, the client includes its MAC address in the message. The MAC address is actually the identifier of that devices’ network card. The MAC address of each network card in the world is unique.
The DHCP initialization process includes four message types:
- Discovery
- Offer
- Request
- Acknowledgment
Here’s how these four messages, collectively abbreviated as DORA, implement the DHCP process.
DHCP Discovery
DHCP uses the connectionless User Data Protocol for its transmission. The request that the client sends out is called a Discovery message. In the protocol, this message type is called DHCPDISCOVER. UDP is a connectionless system, so there is no initial session establishment phase.
This first Discovery message is broadcast over the network by the client. That means that it isn’t sent to a specific address. This is because, at this point, the DHCP client doesn’t know the address of the DHCP server.
Although it should be possible to set up each client with the address of the network DHCP server written into the configuration, the assumption of no address knowledge makes DHCP easier to set up and to manage. If you don’t have to give the client the DHCP server address manually when you add a device to the network, the discovery operation becomes a universal procedure. Any device can have a DHCP client loaded onto it as part of its firmware and it will automatically fit into any network that it is added to.
The absence of a fixed destination address also means that you can move the DHCP server from one computer on the network to another without having to go to every device on the network and reset the address of that server.
There is one fixed parameter used for communications between DHCP clients and servers: the port number. The UDP port number 67 is reserved for DHCP servers and UDP port 68 is reserved for DHCP clients. This way, broadcasting a Discovery message doesn’t tie up the processors of the other devices on the network. This is because only the DHCP server’s routines will be listening on the network for messages addressed to port 67. All the other devices on the network simply ignore the message because it is not sent to port 68.
DHCP Offer
The reply sent back by a DHCP server is structured as a DHCPOFFER. This message is broadcast over the network, so every computer on the system will get hold of it. This is addressed to UDP port 68, so the DHCP client on every network device will pick it up.
The MAC address of the intended recipient is contained within the message, so all of the other devices on the network will simply drop the message once they see that it is not for them.
The message contains a proposed IP address for the client. It also includes a duration in seconds that the device can use that address for. The allocation of IP addresses in the DHCP system is temporary, and it is referred to as a “lease”. The duration is the lease time, or how long the client will keep that IP address.
Other information in the Offer message includes the subnet mask to be used for the network, the address of the DHCP server, the address of the router, and the addresses of the DNS servers on the network. With these addresses, the DHCP client can configure the networking software on the device and get that piece of equipment fully integrated into the network.
DHCP Request
You might think that the allocation of an address to the DHCP client by the DHCP server would be the end of the process. However, the situation is a little more complicated because the protocol accounts for the possibility that there might be several DHCP servers operating on the same network.
If there is more than one DHCP server on the network, the Discovery message, which is sent out to all the devices on the network, will be picked up by all of the DHCP servers. Each of them will send back an offer, so that client will receive several addresses. The client picks one of those addresses, which is usually the first it receives, and then sends back a Request message confirming its use of that address.
At this point, the client has the IP address of the server that sent the chosen Offer message. However, the Request message isn’t addressed directly to that server. This is because all of the servers that sent out Offer messages need to pick up the Request message that contains the chosen IP address.
The server that allocated the selected IP address gets the Request message and records that the offered address is now in use. The other servers that sent out Offers also receive that Request message, recognize that their addresses were not selected, and keep those addresses available for the next Discovery message that gets broadcast on the network. The protocol refers to the Request message structure as DHCPREQUEST.
DHCP Acknowledgement
The final phase of the DHCP initialization process is a DHCP acknowledgment message sent by the server that provided the chosen IP address. This message is defined in the protocol as DHCPACK. None of the other DHCP servers on the network send back this message.
Curiously, even though the client has stated its use of the offered IP address, the DHCPACK packet is not sent directly to that address, but, once again, is broadcast to all devices on the network.
DHCP Client Functions
The DHCP client does not receive the IP address permanently. The lease time of an allocation is a matter of network policy and different lease times can be set for different types of equipment. If the lease time of an address is about to run out, the DHCP client should apply to renew it.
The renewal process is exactly the same as the initial discovery process, except that this time, the client has an address with which it can communicate with the server that allocated that address. So, rather than broadcasting the Discover message, the client can contact the DHCP server directly. The client can request the same IP address, or the policy of the network may specify that each renewal should be fulfilled with a replacement IP address.
Two additional message types in the DHCP definition are intended for use by the client: a DHCPINFORM message and a DHCPRELEASE option.
DHCP Inform
A DHCPOFFER message consists of a number of option fields in its packet structure. However, the server rarely uses all of these and doesn’t have given values for any. A particular client program may require specific information in order to properly set up its device on the network. If that essential information is missing in the DHCP Offer message, it can send an Inform message, asking for details to be sent back. If this information is available, it will be sent by the server in the form of another Offer message, with the required option fields filled in. An example of the DHCP Inform usage is that browsers frequently use this message as a way to get web proxy settings via Web Proxy Auto-Discovery Procedures.
In Windows Server 2003, DHCP Servers use the Inform message type to detect unauthorized DHCP servers.
DHCP Release
The Release message is sent by the client to end its lease on an IP address before the designated expiry time. This message type is not essential in the operations of the protocol because the regular ending of a lease ahead of schedule usually occurs when the user turns the device off. There are no procedures to delay the power off process to give the DHCP client the opportunity to send out a Release message. In this case, the IP address remains allocated to that client until its lease expires even though the device is not active during that period.
The DHCP protocol is only concerned with the distribution of available IP addresses. It does not maintain contact with network nodes. It assumes that an IP address is in use for the duration of its lease and so it does not verify that the device allocated an IP address is still active on the network. In the case of network configuration changes, the DHCP manager makes no effort to reallocate addresses. These limitations are why DHCP is usually implemented as part of a suite of network addressing protocols, called DDI, which is explained further below.
DHCP Server Functions
The Dynamic Host Configuration Protocol includes three methods of address allocation for the server. These are:
- Dynamic allocation
- Automatic allocation
- Manual allocation
Here are more details on each of these modes of operation.
Dynamic Allocation
This is the standard allocation method used by DHCP and follows the procedures described above. The server is set up with a range of IP addresses, known as a scope in DHCP terminology. That range may not be contiguous and so there is an option to declare exclusions within the address scope. The exclusions can also be defined as a range.
Automatic Allocation
In this scenario, the server retains a list of previous allocations of IP addresses to the MAC addresses of devices on the network. When a new request arrives from one of those addresses, the server will allocate the same address again. In automatic allocation, the address is not assigned exclusively to a device, and so there may be occasions when a previously-used address has already been allocated elsewhere and the server will send out a different address to that device.
Manual Allocation
In this option, the DHCP server reserves an IP address so that it can only be allocated to a specific MAC address. This means that each device receives the same address each time it connects to the network. It is possible to mix manual allocation with either dynamic or automatic allocation. If a device’s MAC address is not in the reservation list, one of the other two methodologies has to be employed to allocate an address. This system is also known as static allocation, static DHCP, fixed address allocation, address reservation, DHCP reservation, IP address reservation, and MAC/IP address binding.
Other DHCP Nodes
Large networks are frequently divided up into subnetworks in order to prevent delays caused by too many devices trying to get a turn at accessing the transmission medium. In these instances, the network can still operate with just one DHCP server, but it needs a relay device on each subnet.
The packet structure of all DHCP message types includes a field called GIADDR which is filled in by the relay. This is the relay’s own address, so when the message received by the relay from the client is forwarded to the DHCP server, the server knows where to send the response, and which range of addresses to use for the allocation of an address on that relay’s subnet.
The relay agent’s communication with the DHCP server sees both devices using UDP port 67.
DHCP Security Weaknesses
DHCP uses the User Datagram Protocol. This is a connectionless communication system and so it does not include any encryption. As almost all of the message types in the protocol are designed to be broadcast to every mode on the network, snoopers could gain a lot of control over a network’s operations and create devastating disruption just by getting access to the network and listening to DHCP broadcasts.
This is why DHCP is rarely implemented in isolation. There are a number of coordination issues that need to be considered when allocating IP addresses. These addresses also have to be referenced by a DNS server. There is the possibility that an intruder could insert a virtual fake DNS or DHCP server into the network. The security of networks and the validity of addresses are enforced by an IP address Manager. This is a key element in the DDI solution suite.
About DDI
There are several issues around network addressing covered by a suite of protocols and services, of which DHCP is a part. This trio of systems is known as “DDI,” which is composed of the initial letter of each of the three methodologies.
DNS
The first “D” in “DDI” stands for Domain Name System, or DNS. This protocol manages the translation between an IP address and the human-assigned meaningful names used for services on the network. The most common usage for this directory service is to translate between web domains, such as “comparitech.com” and the actual IP address of the server that hosts that site. DNS on a network gives memorable names to services, such as printers.
You don’t have to worry about managing an in-house server to translate between addresses on the World Wide Web and IP addresses on the internet — your ISP will provide that service or nominate a global DNS server. Your private DNS server only needs to translate between the IP addresses issued by your DHCP server and the hostnames of the devices to which those addresses are assigned.
DHCP
DHCP allocates new IP addresses to nodes on a network when they are turned on. The records in the DNS table are closely linked to the activities of the DHCP server, and so the actions of both of these systems have to be coordinated. This is why DHCP is the second “D” in “DDI”.
IPAM
The “I” in “DDI” names the IPAM system. IPAM stands for IP Address Management. Unlike DNS and DHCP, IPAM is not defined as a protocol. It is a software package that ties together all of the IP address functions on a network, which principally includes DNS and DHCP functions.
When you look for a DHCP solution for your network, you will find those functions as part of an IP address manager. So, you will need to research IPAM or DDI solutions in addition to a DHCP server.
DDI Software
Standalone DHCP modules are rare. When you look for a DHCP solution for your network, you need to focus your search on DDI systems. It is very common for companies to refer to their DDI solutions as IPAM.
The best DDI/IPAM systems and DHCP servers
Our methodology for selecting IP address managers
We reviewed the market for DDI systems and analyzed the options based on the following criteria:
- The ability to interface with native Microsoft DHCP and DNS servers
- Regular IP address scans
- Identification of abandoned IP addresses
- Option to segment address pools for subnets
- Activity logging
- A free trial or a demo package that provides a no-risk assessment period
- Value for money, provided by an IPAM that can easily integrate with DNS and DHCP servers at a fair price
1. SolarWinds IP Address Manager (FREE TRIAL)
The SolarWinds IP Address Manager includes DHCP functions as well as DNS management, which makes it a full DDI system. You can mix the allocation method for IP addresses, reserving addresses for equipment and dynamically allocating addresses to terminals. The reserved address system is integrated into the DNS management console, so you can allocate addresses to services and make them available on the network simultaneously.
Key Features:
- Integrated DNS and DHCP servers
- Works with third-party DNS and DHCP
- Can interact with cloud-based DNS servers
- Regular network scans
- Alerts for IP address problems
Why do we recommend it?
The SolarWinds IP Address Manager is a full DDI solution. Although the system is centered on its IPAM, it has full reporting, reconciliation, and control functions for liaising with third-party DHCP and DNS systems. The service can implement an IP address management service for hybrid environments by interacting with platform DNS servers.
The SolarWinds IPAM integrates with Microsoft and Cisco DHCP servers, so you don’t have to get locked into one provider when looking to add on new DHCP equipment and software. The IPAM periodically scans the DHCP servers that you have on your network for troubleshooting and scope management.
The software includes a two-step wizard that enables you to set up a split scope environment, allocating ranges to subnets. The Subnet Allocation Wizard will help you to vary the size of scope reservation to suit the different sizes of the subnets on your network.
The IPAM controlling software is able to define different user accounts or access to functions. This means that you can give partial access to junior team members, or reporting access to upstream managers. The system event log records every change to the IP address pool or system settings, giving the time of the change and the username of the operator who made those changes.
The dashboard of the IP Manager gives real-time statistics on the address usage of the network. Standard report formats ship with the software. The system includes a Report Writer, which enables you to customize reports. Reports can be automatically distributed to a predefined list of recipients via email, or they can be set up on a web space with access controls.
Who is it recommended for?
This package is a top-end tool, which might be a little too expensive for small businesses. It is able to implement sophisticated mixed DHCP address allocation strategies and it will also discover all devices, helping you to organize segmented address pools for subnets. The package runs on Windows Server.
Pros:
- Can operate both on-premises and on the cloud
- Works with AWS Route53, Azure DNS, Microsoft, and BIND DNS
- Includes an IP Request form
- Activity logging and reporting
- Subnet utilization tracking
Cons:
- No SaaS version
Solarwinds produces a number of network administration utilities. Although the IP Manager can be employed as a standalone facility, it also integrates well with other software produced by the company.
MORE INFORMATION ON THE OFFICIAL SOLARWINDS SITE:
www.solarwinds.com/ip-address-manager/
EDITOR'S CHOICE
SolarWinds IP Address Manager is our top pick for a DDI/IPAM solution because it brings its own DNS and DHCP servers and can also interface with a long list of DNS and DHCP servers. This system provides excellent subnet management and is able to identify address pools that are near exhaustion. The system will identify rogue devices and recover abandoned addresses.
Download: Get a 30-day free trial
Official Site: https://www.solarwinds.com/ip-address-manager/registration
OS: Windows Server
2. BlueCat IPAM
BlueCat is one of the industry leaders in network software and its IPAM package is a full DDI system, covering all DHCP and DNS management functions. The system includes a handy device discovery methodology that helps you manage the addition of network nodes centrally.
Key Features:
- Works with Microsoft DHCP and DNS server
- IP address administration guides
- Team accounts
- Administration automation
Why do we recommend it?
BlueCat IPAM is a complex solution that is based around an Adaptive DNS service to provide a full DDI solution for hybrid systems and it can even help you to implement an overlay network or SD-WAN configuration. The service provides network templates to make defining address spaces easier.
Another useful feature of this IP address management system is that it is dual-stack. With dual stack capabilities, you can run both IPv4 and IPv6 addresses on your network, enabling crossover to the new addressing system.
The BlueCat DDI suite is a Windows-based system and it is able to interact with Windows DHCP servers. Unfortunately, it doesn’t have Cisco DHCP monitoring capabilities.
The management system includes workflows and an approval hierarchy. This enables a team with various skill sets and capabilities to contribute to the work effort without the danger of junior staff implementing changes that go live unchecked. The ability to define user groups for the administration functions in the IP address manager is another useful tool to limit the potential damage that could result from unfettered access to the whole system by all of the team.
Additions and alterations to the network can be made a lot simpler thanks to the BlueCat network templates. Templates present the administrator with a series of information layouts that ensure essential tasks cannot be overlooked and that all important data gets entered into the system. Overall, the BlueCat method tries to automate as many network administration tasks as possible in an effort to remove the problems caused by human error.
Who is it recommended for?
This service is evolving constantly and presents itself as a security solution as well as an address management tool. The audience for this package is firmly in the hybrid and multi-site marketplace. The system is able to provide a cloud-based solution for on-premises and internet-based traffic management.
Pros:
- On-premises system for Windows Server
- Tight access control to the IPAM control panel
- Hybrid system management
- Suitable for use by large organizations
Cons:
- Doesn’t interface to Cisco DHCP
The BlueCat system is best suited to large enterprises that operate a network administration team. Its group operation functions are a godsend in large systems but may seem a little restrictive to the lone network manager operating a single-office service.
3. OpUtils IPAM
The OpUtils IPAM by ManageEngine integrates DHCP and DNS functions, which makes it a DDI suite. The DHCP section of the IP address Manager can only communicate with Microsoft DHCP servers. The IPAM has a subnet discovery facility, which will greatly assist you in managing address scopes in your DHCP module to reserve ranges of addresses for each subnet.
Key Features:
- Full DDI suite
- Option to use Microsoft DHCP
- Network sweeps
Why do we recommend it?
OpUtils IPAM is part of a bundle that also provides a switch port mapper. In short, OpUtils focuses on all addressing issues and it includes a DHCP server and a DNS server. You can use external DHCP and DNS systems instead, but only those provided by Microsoft.
If you have a small network with only one subnet, then you can use the free version of OpUtils IPAM. The IP address Manager assists DHCP allocations by checking on the usage of allocated addresses. If polling messages sent out to an IP address receive no response, that address is returned to the pool of available addresses for distribution by DHCP.
The Scope Monitor function of the IPAM gathers reports from DHCP servers on the number of allocated addresses. The monitor then checks the network for the number of those addresses that respond. If the two figures do not match up, the monitor sends an alert to the DHCP server and checks which of the allocated IP addresses are no longer in use.
Who is it recommended for?
This DDI package has a lot of discovery and automation features that help you to define subnets and segment your address pools. This is a sophisticated solution that would be too much for small businesses. However, all other types and sizes of businesses would benefit from using this solution.
Pros:
- Checks DHCP records and sweeps for those IP addresses
- On-demand or scheduled sweeps
- Activity log
Cons:
- Doesn’t work with Cisco DHCP
The IP Address Manager can communicate with devices by MAC address in case there is a failure in the IP address allocation process. This situation generates an alert that provokes the DHCP server to allocate an address and update its records. OpUtils IP Address Manager integrates with Microsoft DHCP Server 2003, Microsoft DHCP Server 2008, and Microsoft DHCP Server 2012. Scanning can be performed on demand or can be scheduled to run periodically. Each schedule produces a report that can be generated into a range of formats, including PDF.
4. Infoblox IPAM
The Infoblox DDI system is another option for large enterprises. It was designed with administrator teams in mind and its pricing is high-end, so this wouldn’t be suitable for managing a small or mid-sized network. As with most of the options on this list, the Infoblox offering combines IPAM with DHCP and DNS management.
Key Features:
- Includes DHCP and DNS servers
- Device discovery
- Spots rogue devices
Why do we recommend it?
Infoblox IPAM has an integrated DHCP server and it will coordinate with external DNS systems. This tool provides security monitoring as well as IP address management and it can handle hybrid systems to implement multi-site and cloud/on-premises configurations. You can create and manage subnets with this tool.
The package includes templates to automate routine network addressing tasks and also comes with standard reports for management communication. Both network templates and reporting can be customized.
Infoblox integrates automatic device discovery to make the expansion of networks easier. A method of DHCP fingerprinting enables the central network manager to query properties of each new device and better allocate it as a resource.
The IP resource tracking uses a system of metadata tagging to allow you to track the usage of key resources. New nodes can be integrated into the network centrally through the DDI user interface and comparison of usage for each node is also made easier by effective MAC address records as well as IP tracking. The tracking functions of the IPAM help you manage your DHCP usage more effectively. This has benefits for system security because it includes the ability to identify out-of-scope addresses on the system and isolate rogue devices.
The Infoblox multi-site view enables you to treat cloud services as integrated points on the network as well as centralizing administration for dispersed corporate networks.
Who is it recommended for?
This package is a good plan for businesses of all sizes because it is able to manage systems that can include remote devices as well as on-premises computers. The service enables the centralization of network management in one management center covering several sites.
Pros:
- MAC address listing to spot duplicate allocations
- Multi-site capabilities
- Covers hybrid systems
Cons:
- No price list
The DHCP sections of the management console make it easy to define scopes for subnets, reserved IP, and exclusions. This is a very comprehensive DHCP solution for companies that integrate disparate networks with differing topologies into one centrally-managed corporate network.
5. Morpheus
Morpheus is an entire network management solution, not just a DHCP system or an IP address manager. DDI functions are integrated into the Morpheus software and can be accessed from the central network manager console. Morpheus is a cloud-based solution so you can access the dashboard through a browser on any device. The system includes the management of both IPv4 and IPv6 address and enables virtual routing and forwarding.
Key Features:
- Network management
- Full DDI
- Options for third-party DHCP coordination
Why do we recommend it?
Morpheus is constantly evolving and it is becoming more of a cloud resource management system instead of a DDI solution. DHCP functions do appear in the solution. This is a management system for cloud-based apps, which could be on a private cloud or SaaS package.
The IPAM tracks IP address usage and ties the discovered results up to the current DHCP status of allocated and available addresses. The scan logs irregularities, such as devices on the network using non-allocated addresses and non-responding addresses. This information alerts network managers to irregularities such as network intrusion and also abandoned addresses.
The detection of rogue addresses tightens up network security, and logging of all events and discoveries helps track irregular activity.
Alerts that discover dead addresses on the network helps the DHCP server keep an accurate record of allocated and available addresses.
Who is it recommended for?
Morpheus provides a method to move all of your corporate services to the cloud. You wouldn’t choose this package if you are just looking for a DHCP solution. Morpheus doesn’t market its packages directly but works through consultancies that act as solution providers. The most accessible package is called Morpheus Essentials, which includes a DDI system.
Pros:
- Regula IP sweeps
- Spots rogue devices
- Identifies abandoned addresses
Cons:
- More than just a DDI, so would duplicate your existing network monitor
If you already have the Infoblox or BlueCat IPAM, you can integrate this into your overall Morpheus network management system and continue with that interface on your DHCP servers.
6. GestióIP
GestioIP for small businesses. Although the OpUtils system is free for single subnets, it can be a little feature-rich for small networks. GestióIP is free and it is a much simpler system than the others on our list, making it a credible alternative for a single network manager to get to grips with.
Key Features:
- Suitable for small businesses
- Free to use
- IP scanner
Why do we recommend it?
GestióIP IPAM is a free IP address management solution that installs on your server but is accessed through a Web interface. There is also a SaaS version available, which is not free to use. The system includes an autodiscovery feature and wizards to help you create an IP address allocation policy.
The browser-based reporting console features a straightforward list of active IP addresses. That list is searchable and you can apply filters, which makes it simple to zoom in on specific devices or network segments. A powerful network discovery tool populates the screen, helping you match active addresses with allocation records from your DHCP server.
The console includes a subnet calculator, available on the GestióIP website. It also has an IPv6 address plan builder — GestióIP can manage both IPv4 and IPv6 address pools.
Although the standard package of GestióIP is free, there are a couple of add-ons that you can opt for and you have to pay for those. These two add-ons include an application programmer interface, which is probably not all interesting for network managers. However, those who want to integrate information from GestióIP into other apps might be interested in this feature. The other paid add-on is a backup manager that will store the configurations of your network devices.
Who is it recommended for?
The software for GestióIP IPAM installs on Debian or Ubuntu Linux. This might present a problem if you don’t have that operating system. In that case, you should consider the SaaS version. Small businesses will like the on-premises version because it is free to use and makes IP address management easy.
Pros:
- Works with both IPv4 and IPv6
- Lists IP addresses in use
- List includes a search facility
Cons:
- Requires manual DHCP reconciliation
The GestióIP interface is available in English, Portuguese, Catalan, Chinese (traditional and modern), Dutch, French, German, Italian, and Russian.
7. Men & Mice Micetro
The Men and Mice DDI suite gives you DNS and DHCP management along with IP address management. If you don’t want the whole suite, you can just buy the DHCP Manager module as a stand-alone application for your network.
Key Features:
- A full DDI suite
- Works with third-party DHCP servers
- SaaS package
Why do we recommend it?
Men & Mice Micetro is a full DDI solution that caters to large businesses. The key feature of this system is that it enables a single network manager to look after a large and complicated network from one console, covering multiple sites and cloud platforms.
The Men and Mice DHCP Manager is designed to cater to large networks with many subnets. The software won’t distribute the IP addresses — that function is carried out by another device on your network. Men and Mice DHCP manager can interact with ISC DHCP servers, Windows DHCP, Cisco IOS DHCP, and Kea DHCP. You can also set up Men & Mice virtual DHCP appliances.
The DHCP Manager is implemented as a software overlay. You won’t need to buy an extra piece of equipment to run this service in-house. All the reporting functions are displayed on a management console accessed through a web browser. The features of the management console can be customized to show different information and grant varying levels of access control to user groups. You can instruct a reporting user group to give upstream managers access to information while reserving the controls on the console to the network administrator.
A scripting capability built into the DHCP Manager enables network managers to automate processes. The scripting languages supported by the system are SOAP, RESTful, and JSON (with Python). Some standard tasks can be assisted by pre-written automation scripts, called “wizards”. An example of this is the Scope Migration Wizard, which will assist you in moving address ranges from one DHCP server to another.
Who is it recommended for?
Men & Mice positions itself as an alternative to Infoblox DDI. It is a cloud-based system, which means that it can manage assets that are in several locations within one account. Men & Mice ensure constant availability for its DDI system, which is reassuring for global businesses that operate around the clock.
Pros:
- Cloud-based system
- IP address management task automation
- Scripting language
Cons:
- Too pricey for small businesses
The Men and Mice DDI suite and DHCP Manager are suitable for large businesses that employ a team to support their networks. Smaller enterprises may find this software a little on the pricey side for their needs.
8. Tidal LightMesh
The LightMesh IP Address Manager interface is straightforward and easy to use. It includes a graphic display of the network topology, making subnets easy to organize. From the network map, you can zoom in on subnets, individual addresses, and get a status report on the device using that address. You can launch network scans on demand or via a schedule and that will enable you to see which allocated IP addresses are no longer active and whether unauthorized devices are connected to the network.
Key Features:
- Coordinates with external DHCP and DNS servers
- IP address scanning
- Group access controls
Why do we recommend it?
Tidal LightMesh is a cloud-based system. This service has recently been taken over by Tidal, which focuses on security for cloud-based apps. The company is currently going through the process of adding on a cloud management element to the original LightMesh, which focused on LAN IP addresses.
The LightMesh IPAM is not a substitute for your DHCP servers. Instead, it communicates with all of your servers and collates current address statuses, giving you a central point from which to manage all of your address allocation servers. The system also coordinates with DNS servers.
You can define user roles and grant partial access to the IPAM information to each group. This will enable you to give reporting access to management and access to monitoring screens, but not commands to junior staff. The LightMesh system includes a REST-based scripting language that will enable you to write your own automation scripts and also access IPAM data from other applications.
Who is it recommended for?
One nice change with the Tidal takeover is in the price of LightMesh. There is now a Free edition, which will deal with 1,000 IP addresses. That’s a sizable amount and will certainly be enough for SMBs. The subnet creator is a nice feature that assists network managers in LAN planning.
Pros:
- Good for SMEs
- Scans on demand or on a schedule
- Scripting language for task automation
Cons:
- Doesn’t include DHCP and DNS servers
The Free edition of Tidal LightMesh allows unlimited users and can operate addressing for an unlimited number of subnets but within the 1,000 IP address limit. Larger organizations have to contact the Sales Department for a quote on the Enterprise edition.
9. Nokia VitalQIP
The VitalQIP package has recently been rebranded from Alcatel-Lucent to Nokia. This software suite for IP address management is also available as an appliance-based version. This is a full DDI solution with an IP address manager, a DNS system and a DHCP implementation.
Key Features:
- Appliance deployment option
- A full DDI suite
- Fast processing
Why do we recommend it?
Nokia VitaQIP is a full DDI solution with its own DHCP server built in. This tool has evolved considerably, which means that it has a lot of features, such as a scripting system for automation and cloud application tracking. The system is able to manage virtualizations from OpenStack and VMware.
VitalQIP can handle both IPv4 and IPv6 addresses and it integrates its own Nokia DNS and DHCP servers, so you don’t need to get in servers from other DHCP providers.
This is a high-end solution that incorporates very fast DHCP and DNS referencing. The system is suitable for internet service providers, so you should probably only consider this option if you have a very large network.
The DDI has a portal to interface with cloud services, BYOD equipment, and self-service products.
For customized procedures and reports, you can use the integrated SOAP/XML APIs and RESTful APIs, and the DDI comes with a comprehensive command structure.
The DHCP and IPAM modules work together to monitor IP address usage, identifying unauthorized access and dead IP allocations.
You can add on Nokia support to your purchase, and the company offers training courses on how to get the best out of the DDI system.
Who is it recommended for?
This is a large package of address management tools that extends into network management on and off the LAN. So, this system is too much for the typical small business and might be difficult for mid-sized businesses to handle. Large organizations with advanced networking solutions and a lot of virtualization will benefit most from VitalQIP.
Pros:
- Speedy address resolution for very large networks
- Manages BYOD policies
- Spots unauthorized devices
Cons:
- Only suitable for very large organizations
This is a very comprehensive package and it can allocate and monitor millions of IP addresses in a network.
10. BT Diamond IP
The UK’s BT offers outsourced network management services all over the world, not just in its own country. This option would be a great choice for a start up because you only need to pay for the capacity of services that you use and can scale the service easily with the growth in your business.
Key Features:
- Includes DHCP and DNS servers
- Extensive automation
- Appliance option
Why do we recommend it?
BT Diamond IP is a managed service, so you would just hand the tasks of managing your network addressing to the BT team and leave them to it. This group is able to implement a range of virtual network solutions and even create multi-tenant cloud platforms for your SaaS packages.
The system includes facilities that make IP address allocation a lot simpler. For example, the system works out the IP ranges needed for each subnet so you don’t have to worry about under- or over-allocating addresses in each area of your network. The Diamond IP package is a DDI suite that integrates DNS and DHCP functions. All addressing issues flow through automatically to the DHCP and DNS servers from the changes that you make in the DDI interface.
Network discovery sweeps confirm the allocation of IP addresses and highlight dropped usage to enable you to reclaim addresses in your scopes. These system monitoring checks also allow you to spot unauthorized devices connecting to your network.
The DDI suite doesn’t limit your DHCP server choice to Microsoft. The Diamond IP system also integrates with stock ISC/BIND, and Cisco CNR servers.
The command structure of the interface can be partitioned to allow different levels of seniority appropriate levels of access to the system. This enables senior networking staff to delegate straightforward tasks to juniors without worrying that an inexperienced member could damage the system by accessing controls that they don’t understand.
Who is it recommended for?
This is more of a consultancy service for businesses that want to invest in an innovative network solution. You can explore a range of advanced network management solutions to include BYOD, IoT devices, and remote workers into a secure virtual network and then let the BT team set it up and run it for you.
Pros:
- Managed service
- Good for businesses of all sizes
- Priced per usage
Cons:
- Implementation requires planning
BT Diamond IP doesn’t just come as a managed IP service. You can also opt for an appliance-based DDI for installation on your own network if you already have a network management team and want to keep things that way.
DHCP implementations
DHCP is an industry standard for IP address distribution. The complexities of hybrid systems cover a range of sites and virtual services. The need for an automated system to keep track of all your network addressing has become critical.
A DHCP solution for your network will keep your subnet address scopes from clashing and make more efficient use of your IP address pool. You can also use a DHCP system together with an IPAM to keep track of the addresses accessing the network, which gives you better control over the integrity and security of the system.
A DDI suite with DHCP will prevent mistakes from happening and make the network manager the star of the company.
Further Reading
The best way to get on top of the DHCP issue and work out how it will help you manage your network better is to arm yourself with knowledge. Here are some resources that will help you assess the DHCP topic.
Comparitech Networking Guides
- Best free bandwidth monitoring software and tools to analyze network traffic usage
- Free network vulnerability scanners and how to use them
- Best packet sniffers and network analyzers
DHCP RFCs
- RFC 2131 – Dynamic Host Configuration Protocol
- RFC 2132 – DHCP Options and BOOTP Vendor Extensions
- RFC 3046 – DHCP Relay Agent Information Option
- RFC 3397 – Dynamic Host Configuration Protocol (DHCP) Domain Search Option
- RFC 3942 – Reclassifying Dynamic Host Configuration Protocol Version Four (DHCPv4) Options
- RFC 4242 – Information Refresh Time Option for Dynamic Host Configuration Protocol for IPv6
- RFC 4361 – Node-specific Client Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4)
- RFC 4436 – Detecting Network Attachment in IPv4 (DNAv4)
- RFC 3442 – Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4
Other information on DHCP
- Lifewire: What Is DHCP? (Dynamic Host Configuration Protocol)
- TechTarget: DHCP (Dynamic Host Configuration Protocol)
- Microsoft TechNet: What Is DHCP?
- Webopedia: DHCP – Dynamic Host Configuration Protocol
- Infoblox: What is a DHCP Server?
- Network Computing: Understanding DHCP Fundamentals
DHCP FAQs
What is DHCP Failover?
DHCP failover is a system that duplicates the DHCP server, keeping the copy updated whenever the primary server’s data changes. That copy is on hand to step in should the primary server go offline for any reason.
What are the 4 steps of DHCP?
The four steps of DHCP operations are identified as DORA: discovery, offer, request, acknowledgment. Expressed fully, these phases are:
- Server discovery
- IP lease offer
- IP lease request
- IP lease acknowledgment
How does DHCP provide DNS services?
DHCP doesn’t provide DNS services but these two services need to be coordinated – they are the “DD” in DDI with the “I” standing for IPAM. If a DHCP server reassigns an IP address to a host, that host’s entry in the DNS server becomes out of date. Thus, the DNS server needs to be updated and kept coordinated with the actions of the DHCP server.
What is the function of a transaction ID in a DHCP packet?
The transaction ID in a DHCP packet should be unique to each offer sent out by the DHCP server. The client responds to this offer with a packet that contains the same transaction ID. This means that the transaction ID is a reference number and enables the server to work out which offer the incoming response relates to.
Is it possible for a network switch to act as a DHCP server?
Most network switches are shipped with the capability to be a DHCP server. However, on a corporate network, it is more usual to assign this function to a router. On home Wi-Fi networks, the AP, or “hub” has the role of DHCP server.
Images: DHCP session by Gelmo96. Licensed under CC BY-SA 4.0
Looks like you left out EfficientIP which was the fastest-growing DDI provider last year according to IDC’s DDI market share report.
Wow! Lots of great information!
Just curious about your statement …
“DHCP is part of the TCP/IP protocol suite and is regarded as an application layer protocol in the TCP/IP stack.”
How can I be? TCP only goes to Layer 4 of the ISO network model and it interfaces with the session layer. The application layer knows nothing about networks.
Thanks again for the great work!
Hi, Bill,
Yes, you are right. TCP/IP doesn’t officially have an Application Layer and you put your finger on the problem by mentioning the OSI 7-Layer Model. OSI showed up the shortfall in TCP/IP’s representational model, which was one of the reasons that OSI was expected to replace the TCP/IP model. However, the people running networks at the time that OSI was created refused to move over. Instead, they quietly invented a theoretical extra Application Layer that equates to layers 5, 6, and 7 of the OSI stack.
The official definition of TCP/IP was never amended but educators and professionals refer to it. Don’t mention the TCP/IP Application Layer in exams, but you will encounter it a lot in practice.
Cheers,
Stephen Cooper