Downloads |
Q&A
The Cisco CNS Network Registrar® is part of the Cisco® CNS Family of software and appliance-based applications, which support scalable network deployment, configuration, service-assurance monitoring, and on-demand service delivery. Cisco CNS intelligent networking technology is tightly coupled with the network elements by embedded device intelligence. Cisco CNS applications reduce capital expenditures (CapEx) by consolidating management capability into Cisco devices, decrease operating expenses (OpEx) through automation of manual procedures, and increase revenue opportunities by supporting new services and business models.
GENERAL
Q. What is Cisco CNS Network Registrar?
A. The Cisco CNS Network Registrar, also known as CNR, product provides comprehensive DNS and DHCP administrative functions to help customers automate and streamline IP networking services, including business-critical tasks such as client configuration and provisioning. Cisco CNS Network Registrar also supports Trivial File Transfer Protocol (TFTP) that can be used to download and upload data.
Q. What is a cluster?
A. A cluster is a Cisco CNS Network Registrar instance consisting of DNS, DHCP, and TFTP server protocols running on the same computer.
NEW FEATURES
Q. What are the major new features in Cisco CNS Network Registrar 6.1?
A. Following are the major new features offered in Cisco CNS Network Registrar Version 6.1:
· The regional cluster provides central-management capability in Cisco CNS Network Registrar. The regional cluster serves as the aggregate management server for up to 100 local clusters, each of which is a collection of DNS, DHCP, and TFTP servers deployed in the network. With the regional cluster, the administrator configures and controls the local clusters from a centralized location, which facilitates coordination of local cluster management across multiple network domains to provide a consistent and unified IP address policy implementation.
· Address-space management, a feature in the regional cluster, simplifies the task of managing address blocks and can be exercised from the regional cluster. An administrator can break an address block into small units and push the smaller blocks to a local cluster. Similarly, the administrator also can consolidate address blocks in the local cluster under their parent to provide a unified view of the address space. Flexible reporting capability allows administrators to collect subnet use and lease history information stored in local clusters deployed in the network, thus making the task of collecting use data simple and virtually effortless. Without an automated solution, the complexity of managing address blocks can be high and the task can be tedious and time consuming.
· Cluster management allows central management of address space and global protocol server configuration, such as policies, client classes, and scope templates. With this capability, an administrator can create and manage a list of local clusters using the Web user interface on the regional cluster. To further ease the administrative task, the administrator can centrally manage the local clusters; for example, creating, pulling, and pushing VPNs and managing DHCP client classes, scope templates and policies, failover pairs, and zone distribution. Through the Web user interface, the administrator also can pull subnet use and IP lease history data from the local clusters. The Single Sign-On feature allows the administrator to traverse the local clusters without reauthentication.
· The Router Interface Configuration (RIC) server manages the router interfaces on Cisco uBR7246VXR Universal Broadband Router and Cisco uBR10012 Universal Broadband Router. An administrator can view, retrieve, and modify the router description; address of the primary and secondary subnet on the interface; IP helper; and the address of cable helper, owner, and region where the router is deployed. As changes are made to the router over time, the RIC server synchronizes with the router to incorporate these changes. Communication to the router can be done using Telnet or Secure Shell (SSH) Protocol. With the RIC server, Cisco CNS Network Registrar delivers a centralized-management approach to help administrators achieve high productivity through integrated, systemic manageability.
· Users now have the option to have leases allocated by priority or by first available. With priority allocation, each scope is assigned a priority and leases are assigned from scopes with the higher priority until the addresses in all the scopes are exhausted. By selecting first available, Cisco CNS Network Registrar assigns the address that is first available. The two new DHCP-allocation options give the administrator the flexibility to implement a more deterministic address-allocation strategy.
· The IP lease-history feature has been enhanced in Cisco CNS Network Registrar 6.1 to significantly improve server performance. This feature intelligently provides an audit mechanism in Cisco CNS Network Registrar while delivering the high performance and scalability required for handling large networks.
· To continue support for securing data and operations, Cisco CNS Network Registrar 6.1 allows users to restrict DNS zone transfers based on Transaction Signature (TSIG). With TSIG enabled, users can verify dynamic DNS update and zone-transfer requests and responses to be sent from an authorized source.
· To prevent unauthorized query, the restricted-query access control lists (ACLs) feature allows the administrator to limit clients to query only certain servers based on the source IP address or source network address.
· Several counters are added in Cisco CNS Network Registrar 6.1 to provide detailed performance measurements for the DNS server. These counters provide more information other than a value between 1 and 10 when gauging the health of the DNS server, and potentially they can assist with identifying areas in the DNS servers that can be reconfigured to deliver a better throughput.
· New administrative roles are added to Cisco CNS Network Registrar 6.1 to enable Web-based administration for the new features and capabilities.
Q. What is a typical deployment scenario for Cisco CNS Network Registrar 6.1?
A. A typical deployment consists of one regional cluster at the customer network operations center (NOC) and one or more local clusters deployed through out the network. A NOC can be considered the headquarters for all network operations, while a local cluster is under the management of a corporation division or a data center managing a portion of the network.
Q. What is a regional cluster?
A. A regional cluster provides central-management capability in the Cisco CNS Network Registrar. Each regional cluster consists of one or more of the following: Central Configuration Management (CCM) server, RIC server, Tomcat Web server, servlet engine, and server agent. The regional cluster operates as the aggregate management server for up to 100 local clusters, each of which is a collection of DNS, DHCP, and TFTP servers deployed in the network. Interaction with the regional cluster is made through the Web user interface. With regional clusters, administrators can configure and control the local clusters from a centralized location, enabling coordination of local cluster management across multiple network domains to provide a consistent and unified IP address-policy implementation.
Q. What is a local cluster?
A. A local cluster is a Cisco CNS Network Registrar instance consisting of DNS, DHCP, and TFTP server protocols running on the same computer.
CLUSTER MANAGEMENT
Q. What is cluster management?
A. Cluster management allows central management of address space and global protocol server configuration, such as policies, client classes, and scope templates. Using the Web user interface, the administrator at the regional cluster can add and manage a list of Cisco CNS Network Registrar local clusters and their credentials. With this capability, the administrator can create and manage a list of local clusters using the Web user interface on the regional cluster. To further ease the administrative task, the administrator can centrally manage the local clusters; for example, creating, pulling, and pushing VPNs, and managing DHCP client classes, scope templates, policies, failover pairs, and zone distribution. Through the Web user interface, the administrator also can pull subnet use information and IP lease history data from the local clusters. The Single Sign-On feature allows the administrator to traverse the local clusters without reauthentication.
Q. What tasks constitute cluster management?
A. Cluster management at the regional cluster can involve:
· Setting up local clusters and polling subnet use and IP history data from these servers
· Setting up routers
· Creating VPNs or pulling them from or pushing them to the local clusters
· Creating DHCP scope templates or pulling them from or pushing them to the local clusters
· Creating DHCP policies or pulling them from or pushing them to the local clusters
· Creating DHCP client classes or pulling them from or pushing them to the local clusters
· Managing DHCP failover pairs
· Managing zone distribution
Q. Who can access the cluster management features?
A. Only administrators who have been assigned the central-cfg-admin role can access the cluster management features.
Q. What do you mean by setting up local clusters?
A. Setting up local clusters means that adding the local clusters to the group of clusters that can be managed by the regional cluster. These tasks involve:
· Connecting to a local cluster using Web user interface for local administration of the local server
· Synchronizing with the local server to reconcile updates since the last synchronization time
· Pulling local cluster data to the regional replica database
· Polling subnet utilization information from the local clusters
· Polling IP lease history from the local clusters
Q. Do I need to enter username and password each time I want to administer the local clusters?
A. The Single Sign-on feature available in Cisco CNS Network Registrar 6.1 enables the Cisco CNS Network Registrar administrator to traverse the local clusters without reauthentication. To take advantage of this capability, administrators must have usernames and passwords available in the local clusters they want to visit.
RIC SERVER
Q. What is the RIC server?
A. The RIC server manages the router interfaces on Cisco uBR7246VXR Universal Broadband Router and Cisco uBR10012 Universal Broadband Router. An administrator with the RIC management role can retrieve and view the router primary IP address, subnet, and interface names. In addition, the administrator can change the router description, addresses of the primary and secondary subnets on the interface, IP helper, and addresses of cable helper, owner, and region where the router is deployed. As changes are made over time to the router, the RIC server synchronizes with the router to incorporate these changes. The default communication between the RIC server and the Cisco uBR7246VXR and Cisco uBR10012 Universal Broadband routers is Telnet. If a secured connection is necessary, the administrator can connect to these routers using SSH Protocol and still have Telnet as the backup underlying transport vehicle if there is difficulty setting up SSH communication. With the RIC server, Cisco CNS Network registrar delivers a centralized-management approach to help administrators achieve high productivity through integrated systemic manageability.
Q. How does the RIC server communicate with the Cisco uBR7246VXR and Cisco uBR10012 Universal Broadband routers?
A. Telnet is the default connection used by the RIC server to communicate with the Cisco uBR7246VXR Universal Broadband Router and uBR10012 Universal Broadband Router.
Q. Does RIC server support secured connection to the routers?
A. If the user has the Cisco CNS Network Registrar communication security option release 1.1 installed, the user can select SSH as the security mechanism for communication with the routers. The user also can specify Telnet as the next choice of transport to use if communicating to the router using SSH does not succeed.
ADDRESS SPACE MANAGEMENT
Q. What is the Address Space Management?
A. Address space management, a feature in the regional cluster, simplifies the task of managing address blocks and can be exercised from the regional cluster. An address block can contain static or dynamic addresses and can have any number of child address blocks culminating in one or more subnets. An administrator can break an address block into small units and push the smaller blocks to a local cluster. Similarly, the administrator also can consolidate address blocks in the local cluster under their parent to provide a unified view of the address space. Instead of traversing each local cluster to gather subnet-use and lease history information, administrators can get the same result from the regional cluster, making the task of collecting use data simple and nearly effortless. Without an automated solution, the complexity of managing address blocks can be high and the task can be tedious and time consuming.
Q. Which Cisco CNS Network Registrar role grants the administrator the authority to manage address space?
A. To exercise address space block functions, the administrator must be assigned the regional-addr-admin role on the regional cluster and the addrblock-admin role on the local cluster.
Q. What features are part of address space management?
A. The functions that are part of address space management on the regional cluster include:
· Address aggregation
· Address delegation
· Subnet use reports
· Lease history reports
· Polling configuration
· Validation of DHCP and address data consistency
Q. What is address aggregation?
A. This capability can be used to roll up address information, such as IP address block, subnet, and scopes, from the local clusters to the regional cluster. If changes are made in the local cluster, the update is tracked in the regional cluster and updated accordingly. Through this feature, administrators have a unified view of the address space across an organization and are able to identify overlapping address space.
Q. What is address delegation?
A. The regional administrator can delegate part of an address block to a local cluster, giving up authority of the delegated addresses. Although the delegated address block is still tracked in the regional cluster, it can be changed only in the local cluster.
Q. What subnet utilization information can be collected in Cisco CNS Network Registrar for reporting purposes?
A. Subnet utilization information can be collected across regions, protocol servers, and sets of network hardware. Utilization information can be reported based on per-VPN, time range (that is, the last 10 days, from/to, etc.), owner, regions, address type, address block, subnet, or all.
Q. How is data consistency detected in Cisco CNS Network Registrar 6.1?
A. Cisco CNS Network Registrar 6.1 allows a user to set up rules to check for data inconsistencies, such as overlapping address ranges and subnet, in the regional and local clusters. The rules are Cisco CNS Network Registrar attributes that can be enabled to activate this capability.
DHCP FEATURES
Q. What DHCP enhancements are introduced in Cisco CNS Network Registrar 6.1?
A. The two major enhancements available in Cisco CNS Network Registrar 6.1 are new lease allocation options and improved IP history performance.
Q. What is lease allocation by priority and first available?
A. With Cisco CNS Network Registrar 6.1, users have the option to have lease allocated by priority or by first available address. With priority allocation, each scope is assigned a priority and leases are assigned from scopes with the higher priority until the addresses in all those scopes are exhausted. When first available is specified, the first available address in a scope will be assigned. These new lease allocation enhancements allow the user to control:
· Allocating addresses based on a hierarchy among scopes
· Choosing to have a scope allocate the first available address rather than the default behavior of the least recently used address
· Allocating contiguous and targeted addresses in a failover configuration for a scope
· Offering priority address allocation across all servers
· In cases where the scopes have equal allocation priorities set, choosing if the server should allocate addresses from those with the most or the least number of available addresses
When there is more than one scope in a network, the DHCP must decide which scope will allocate an IP address when it processes a DHCPDISCOVER request from a DHCP client that is not already associated with an existing address.
Q. What are IP lease history enhancements?
A. The IP lease history feature is enhanced in Cisco CNS Network Registrar 6.1 to significantly improve server performance. The lease history data is no longer stored in a separate database; now it is maintained concurrently with the active lease data. To ensure that the database does not grow out of control, automatic trimming is performed for records older than ip-history-max-age, which by default is set to four weeks.
DNS FEATURES
Q. What DNS enhancement is in Cisco CNS Network Registrar 6.1?
A. Cisco CNS Network Registrar 6.1 enhances the DNS server by providing:
· Zone transfers based on transaction signatures
· Restricted query ACLs
· Named ACLs
· Enhanced statistics
Q. What is TSIG?
A. TSIG is a mechanism for securing DNS messages. TSIG uses Hashed Message Authentication Code (HMAC)-Message Digest Algorithm 5 (MD5) to authenticate DNS messages. HMAC-MD5 uses the MD5 hash algorithm along with a shared secret key to produce an authentication token. The advantages of TSIG over other security mechanisms are that it is relatively simple to configure, lightweight for revolvers and name servers to use, and flexible enough to secure DNS messages.
Q. Why is TSIG important?
A. TSIG can be used to secure dynamic DNS updates and zone transfer. It allows users to verify that requests and responses come from an authorized source.
Q. What is TSIG-enable zone transfer?
A. Cisco CNS Network Registrar 6.1 restricts DNS zone transfers based on TSIGs (as defined in RFC 3495). TSIG data can include a list of server IP addresses, networks, and TSIG keys.
Q. What is restricted ACL?
A. Cisco CNS Network Registrar 6.1 enables user to limit query clients based on the source IP address, source network address, or ACL. The ACL can contain another ACL or a TSIG key. User can limit queries at the DNS server level or the zone level.
Q. What is named ACL?
A. Cisco CNS Network Registrar 6.1 enhances your ability to control dynamic DNS updates by assigning each ACL a unique name. However, four ACLs have been predefined and have the following special meanings:
· any-Anyone can perform a certain action
· none-No one can perform a certain action
· localhost-Any of the local host IP addresses can perform a certain action
· localnet-Any of the local networks can perform a certain action
Q. What statistical enhancements are in Cisco CNS Network Registrar 6.1?
A. Cisco CNS Network Registrar 6.1 enables users to better measure the performance of its DNS server by adding the following statistical performance counters:
· Server performance
· Query performance
· Security
· Internal errors
· Maximum counters
Q. Does Cisco CNS Network Registrar 6.1 support PacketCable deployment?
A. Cisco CNS Network Registrar 6.1 supports option 122, which is a critical requirement for deploying PacketCable-based services, such as voice over IP and video. This support allows users to access to the information specified in the suboption field of the option 122 packet.
WEB-BASED GRAPHICAL USER INTERFACE
Q. What new roles are added to Cisco CNS Network Registrar 6.1?
A. With Cisco CNS Network Registrar 6.1, the following roles have been added to support administrative tasks on the regional cluster:
· regional-admin-This role gives the regional administrator permission to administer the tasks carried out at the regional cluster, such as creating and managing regional cluster administrators, viewing the CCM database change logs and tasks, and assigning owner to a region.
· central-cfg-admin-This role is responsible for central configuration administration. The tasks involve managing clusters, routers, interfaces, VPNs, policies, and scope templates including pulling them from and pushing them to the local clusters.
· regional-addr-admin-This role usually is focused on managing and delegating address blocks and subnets, managing address destinations, and collecting subnet utilization and lease historical data.
Q. What other UI enhancements are in this release?
A. Users can enter new licenses using the Web user interface and list licenses using the Web user interface.
LICENSING AND UPGRADE
Q. Are there changes to the Cisco CNS Network Registrar licensing for Cisco CNS Network Registrar 6.1?
A. Cisco CNS Network Registrar has been licensed based on the number of IP nodes. This strategy will continue in Cisco CNS Network Registrar 6.1. However, the following changes to Cisco CNS Network Registrar licensing will be available in Cisco CNS Network Registrar 6.1:
· Local cluster key-Manages the local cluster servers in the Web user interface or command-line interface. A user currently running Cisco CNS Network Registrar 6.0 can upgrade to Cisco CNS Network Registrar 6.1 using the key available for Cisco CNS Network Registrar 6.0.
· Regional central configuration key-Manages multiple local clusters at the regional cluster, in the Web user interface only.
· Regional address space key-Manages the address space (address blocks and subnets) in the local clusters. This is done at the regional cluster using the Web user interface only.
· Router management key-Manages RIC server at the regional cluster. This can be done using the Web user interface only.
· Node count key-Manages a specified number of managed IP addresses, at the regional cluster.
Q. How can users upgrade to Cisco CNS Network Registrar 6.1?
A. Users running an older Cisco CNS Network Registrar version can purchase an "a-la-carte" upgrade to the Cisco CNS Network Registrar 6.1 local cluster. Because this is the first offering for regional cluster, address space management, and cluster management, no upgrade product number is available for these components.
Q. How does the new licensing scheme apply to users who purchased Software Application Support (SAS) for Cisco CNS Network Registrar 6.0?
A. Users with an active SAS contract will receive an upgrade to Cisco CNS Network Registrar 6.1 local cluster free of charge. If the user wants to activate the features for regional clusters, address space management, or router interface configuration server, they need to buy licenses for each of these components.
FOR MORE INFORMATION
For more information about the Cisco CNS Network Registrar product, contact your local account representatives, or visit http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/index.html.