Network administrators are always looking for ways to build and maintain robust and scalable networks. A resilient network is highly desirable and with some simple approaches, I will show you how you can create a more resilient network. In this article, I discuss three ways you can avoid IP address conflicts in your network. Some of the common approaches to avoiding IP address conflicts come with considerations for network security and manageability, which will also be discussed. I also discuss a strategy for requesting, reviewing, allocating, and recording IP address assignments.
Use Static Assignment or DHCP
There are two basic ways devices on your network can get IP addresses: static assignment and DHCP. In static assignment, you assign IP address and related network information on your devices manually. To use DHCP, you need a server on your network that manages reserved IP addresses and hands out IP leases.
The concept of static assignment is simple: you assign a unique IP address to every device on your network and ensure that there are no conflicts.
The drawback to using static IP address assignments is that devices are configured manually and changing IP addresses across many devices on a network becomes difficult. Suppose you manage a network of hundreds of devices, and you need to move devices from one subnet to another subnet. You may need to log into each device and manually configure network adapters. Consider the case where there are many different operating systems running on your network and you need to log into many machines to configure network adapters. The point is, using static IP address assignment may be a good way to avoid IP address conflicts, but it does not scale from a manageability perspective.
An alternative to using static assignment on your network is using DHCP. DHCP stands for Dynamic Host Configuration Protocol and it is a network protocol that handles IP address reservations and leases for devices on an IP network, along with passing network information to the same devices. This process can happen automatically when a device is connected to the network, rebooted, or powered on. The major advantage of using DHCP over static assignment is that the network can be configured to manage IP addresses without an administrator needing to be involved.
It is important to note that if you are using DHCP, you should avoid using static assignment. Keeping things consistent across your network will lead to a robust, reliable, and scalable design. Whichever method you choose for IP addressing in your network - static assignment or DHCP - stick with the approach across the board to ensure a consistently applied design.
Change Default IP Addresses
It is a matter of good network design practice to change default IP addresses on network equipment. Network equipment is manufactured with a default IP address that allows you, the network administrator, to connect to the equipment and configure it. There are well-defined ranges of private IP addresses that can be used for private, or internal, IPv4 subnets - they are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. When used across a corporate network, IP addresses in these private ranges form a Local Area Network (LAN). Addresses outside of these ranges are typically on the public Internet and are considered part of the Wide Area Network (WAN). Network equipment ships with a private IP address preconfigured in one of the private IP address ranges.
Why should I change the default IP address on my network equipment? Changing the default IP address on your network equipment allows you to do the following:
- Ensure the device's IP address is compatible within your overall network design.
- Avoid IP address conflicts with other devices in your network.
- Configure an address that is different from the one supplied by the vendor.
If your subnets are in the 10.0.0.0/8 range, but a network device like a printer is in the 192.168.0.0/16 range, devices will not be able to communicate with each other unless there are additional routing rules created to allow the inter-subnet communication. It is better to manage the IP address allocation for all network devices rather than accept the IP addresses configured by a vendor.
Monitor and manage IP address allocation
You should be aware of the subnets you manage, what types of devices are typical in each subnet, and the routing and firewall rules that allow or block inter-subnet communication. Subnetting can be tricky, so be sure to use an IP range calculator or online tool to build subnets and check whether a device belongs to a given subnet. You own the design and maintenance of your network, so make sure that you control which devices are configured for which IP addresses.
Keep track of IP address assignments and develop a formalized process for requesting IP addresses and fulfilling such requests. The process for allocating IP addresses should involve an assessment of the need, an evaluation of available addresses in the target subnet, and a documentation step to record the new IP address. A simple strategy for fulfilling IP address requests is to request, review, approve, allocate, and record:
- Request - The person (or group or department or business unit) requests an IP address, specifying the need and intended use.
- Review - The network administrator (or IT department) reviews the request, the target subnet, existing IP assignments, and any restrictions.
- Approve - If required, the network administrator gets approval for the IP address assignment.
- Allocate - An IP address is selected and communicated to the requester. If using DHCP, a reservation is made on the DHCP server.
- Record - The IP address assignment is recorded, along with the relevant details of the request, review, and any approvals.
With a NetworkCalc account, you can use the Subnet Calculator to save a subnet, give the subnet a name, and record the assignments for each IP address in the subnet. This will serve as the record in the strategy above, so when you are looking for a new IP address to allocate in a subnet, you know what is available and what has already been assigned. The example below shows one way you can use it: