One common point of contention that we see often in cloud conversions is the uncomfortable squirming that comes from talking about DHCP in the datacenter. This conversation comes up all the time, and is often brought up after the need for automation is well understood and even desired.
DHCP stands for Dynamic Host Configuration Protocol. Everybody thinks of it as “the service that gives out random IP addresses to clients.” DHCP actually is an extension of the the original bootp protocol, and in fact operates over the same IANA reserved udp port number. It was designed to allow diskless system to boot over the network automatically, and has been used in many Unix and Linux environments for years to support network installation and distribute network configuration details.
The “D” in DHCP…
DHCP can assign addresses from a pool of addresses, but that is not what the “D” refers to. A computer which is activating it’s network interface (either from boot, or some other action) will request the network deliver relevant configuration details. Since this is happening on activation of the network interface, it is Dynamic.
So, what's the hubbub bub?
There tends to be two main arguments against using DHCP with servers. Network security teams dislike the idea that the network is "just handing out addresses." The second argument tends to come from the group which manages the network, fearful of collisions and unexpected behaviors. These are valid concerns, but we find that they are overstated. In fact, we have experienced more problems with manual controls than from automation. There is a warm feeling from having hands on the IP allocation process, but it's a false comfort.
The computer instance needing configuration will make a discovery request as part of this to locate the DHCP service. This is no different in concept than the ARP request on an Ethernet network, which needs to be made to locate the gateway router. There are functional and security implications, but they are no different than on every Ethernet network.
DHCP and the automated datacenter.Most cloud and datacenter automation tools use DHCP in order to configure the networking details of system instances. They establish a relationship between the DNS host name, node name, IP address and Ethernet ID (MAC address). This relationship is well formed, understood, and logged before any instances are brought up. Once this is understood by network and security groups, they begin to champion the significant benefits it can bring.
It is important to understand that any computer can change it’s IP address at any time. Manually controlling IP addresses is error prone and slow, and does not bring the assurance that you might expect. If your network cannot detect IP collisions, unexpected changes or invalid assignments then you might have a security gap. DHCP is not the problem. DHCP does not ensure insight, but it could enable it. We feel that the opportunity for greater automation, less human error and higher visibility is a great opportunity indeed.
Appliance or not?
A last quick thought. DHCP is automation, but it only addresses the handout of network configuration. There are a number of appliances which perform DHCP and DNS management. These can bring some benefits in terms of architecture and control, and of course bring direct support and upgrades as part of the appliance cost.
Most appliances do support integration with cloud and datacenter automation products. Some of the functionality is not needed due to the cloud product’s automation. We’ve seen both stock DHCP/DNS configurations (ISC/BIND; Win DHCP/DNS) and appliance architectures. If you’re interested in the appliance route, think to the additional benefits beyond basic automation (like a huge number of clients which also need to be managed, or replication for availability, or role based controls). If you’ve already gone this route, it’s very likely that the product can be integrated into your datacenter strategy.
Datacenter automation is the future. IP addresses and naming management and automation is part of this. Consider this as you look to implement automation.