Network Host Configuration Management

Major Functions

The two major functions that will be discussed are

Finding out details of hosts that are connected to the network so that they can be accessed, have Email sent to them, etc.
Configuring the individual machines connected to the network so that they know who they are, how they should access their local network, the addresses of servers, etc.

Client machines find the details of other hosts on the network using the Domain Naming System (DNS) protocols, and can be told their network configuration using the BOOTP protocol.

At Monash, the addhost database is the major repository for this network host configuration information, which is periodically extracted to form DNS and BOOTP data files. These data files are then distributed to the Essential Network Services machines where they can be accessed by the client machines.

Static v. Dynamic IP Addresses

Static allocation of IP addresses to particular machines was chosen over dynamic allocation using the Dynamic Host Configuration Protocol (DHCP) for a number of reasons:

Ease of Management

If a particular computer has a static hostname and IP address it is easier to get a mental picture of what is connected to the network, easier to track a particular machine over time, and easier to track problems back to a particular machine.

Other possible "handles" for a particular machine might be it's Ethernet adddress (harder to remember and can change), or it's EQ number (which isn't visible on the network).

Control

When a user comes along and connects some new machine to the network it won't work straight away, it requires the person's local network administrator to register the machine first. This helps the network administrator be aware of what is happening on their network and gives them an opportunity to prevent various network-related problems.

Similarly, when a machine is moved from one subnet to another, the network manager is informed.

A dynamically registered machine will have very little information recorded about it: no hostname, user, location or descriptive information. Given just the Ethernet address of a machine connected to your network somewhere, it can be very time-consuming if you have to search the whole building to find it for some reason.

Stability

Connecting to a particular machine can be more difficult if it keeps changing IP ddress.

IP addresses can be cached in DNS servers, or in user machines. Dynamic DNS linked to DHCP isn't here yet.

Accounting and Security

Some time soon we will be recording Internet usage on a per-subnet basis for charging purposes. Some departments may wish to determine which machines on their subnet are responsible for the greatest amount of Internet traffic. This will be much easier if a particular machine has the same IP address for extended periods of time. People might also get upset if "un-registered" machines on their subnet are running up lots of Internet charges.

Some host security setups use the client machine's DNS name as part of their security checks, along with the normal username/password checks. The client's DNS name is derived from the client's IP address, and hence dynamic IP addresses would prevent this extra check from being useful.

Distributed Operation

Currently we have configured each part of the network to froward BOOTP requests to two bootp servers at different locations. All the bootp servers have identical copies of the network host information, and so will give back identical answers. If one bootp server is out of action, another one will provide an identical service.

The current DHCP servers are more autonomous. If a DHCP server allocates an IP address to a particular client machine, other DHCP servers aren't informed of this fact. It is therefore hard to have several DHCP servers managing the same IP address space, since they could allocate the same address to different clients, or they could allocate several IP addresses to the same client machine.

Suggested Network Policies

Everything connected to the Monash University Network that is a source or sink of network traffic must be registered (in addhost).
Network registrations must be kept up to date with respect to device moves, changes and deletions.
Mandatory addhost fields:
- HostName:
- AdminAffil:
- InetAddr1: (optional if the device doesn't speak IP)
- EtherAddr1: (optional if not attached to Ethernet)
Highly desirable addhost fields:
- Contact details of the person responsible for the device
- Physical location details of the device
If a particular device connected to the network is malfunctioning or otherwise behaving to the detriment of other users of the network, and if someone can't be found to rectify the problem, the Computer Centre reserves the right to disable the network connection to that part of the network.