IP Address: Dynamic or Static
-
I have had discussions with many over the years about which is better for workstations.. Dynamic or Static
Servers, Routers, Printers and Switches should be Static so that their resources are always right were they are suppose to me.
But should user work stations be set as static?
Speaking in regards to Dynamic - do you have Pool Blocks for certain 'uses'? Block for Wireless, Executive Staff, etc..
-
Regarding the second question, I have sections dedicated to printers and server and network hardware. Nothing else.
Answering the first, I am firmly in the DHCP camp. There are SO many issues with using static configuration on clients in a Windows environment.
I also use DHCP for servers that are not core to the network as well as switches and such. Switches do not need IP addressing for basic functionality just for management and reporting. I do use DHCP reservations for these because we do not need the IP to change, but it is still DHCP.
-
Dynamic.... if you have a good DHCP and DNS installation then you should never need to know the IP address of your workstations.
-
I choose dynamic except for servers, printers and infastructure.
I like to have the servers, printers and infastructure segregated so the dirty workstations are in a different IP range.
I prefer to set as many static IPs as I can via DHCP.
Sometimes a workstation does need to be static, for various reasons. Personal preference but I recommend that it again be done via DHCP.
-
Every single device on our network is static. Its because our banking software demands it. Supposedly its going to be fully accessible through the web without the static IP requirement, soon. We shall see though
-
I want to add that we would not use static IPs for workstations if we had the choice.
-
In my old environment we were 95% static because of the nature of the business. 40 locations with 4-10 systems each. It was nice to be able to see a single IP, and know City, Store, and physical location within store based off of simply an IP. Doesn't scale well, but nice if you can manage it.
-
I think you've hit the nail on the head there: static is nice but doesn't scale.
-
@Carnival-Boy said:
I think you've hit the nail on the head there: static is nice but doesn't scale.
A properly working DNS structure shouldn't require static IP install. The names of the machines can serve this purpose while making installing new machine that much easier.
-
What about applications that won't query DNS for whatever reason? Two that I've had issues with are Squid and our Smoothwall firewall. Sometimes I want to query old logs, but I can't accurately match the IP address to machine as the IP address might have changed since the log was written (or at least, I don't know a way to do it)
-
Yeah, apps, etc that don't use DNS definitely present a problem.
As for tracking what has what IP from DHCP, what about DHCP logs?
-
At least here, the DHCP logs aren't the greatest.. Due to not having AD. There are a few issues I run into, HOWEVER they are temporary and I know this.
Case in point: I have install software, drivers, and such on my computer. Ideally they would be on a network share on the server. However since I haven't gotten that far, when my desktop cycles the IP, I have to get it again.. I suppose for the time being I could set my desktop with a static.. but..why.
In time, this will all sort itself out.
-
Is your pool of IPs so small that your IP would need to change?
Some of my machines have received the same IP for years, I wonder what is causing yours to change?
Of course I understand they can change, but if you're machine is online at least daily (save weekends maybe) and your DHCP leases are the more normally seen 3-8 days, why would it be changing?
-
@Dashrender said:
Is your pool of IPs so small that your IP would need to change?
Some of my machines have received the same IP for years, I wonder what is causing yours to change?
Of course I understand they can change, but if you're machine is online at least daily (save weekends maybe) and your DHCP leases are the more normally seen 3-8 days, why would it be changing?
No - the Pool isn't small.. we are running 10.0.0.x for the IP schema.. however the changes occur since I have been swapping Firewalls and making changes. Again - since I don't have the AD / DHCP server running (yet), DHCP is handled by the Firewall... Which will change.
But I have gone from a SonicWall to Untangle FW (which had throughput issues), to a Ubiquiti Lite to a (new) Untangle FW. And am about to replace it (using the Ubiguiti) with pfSense....
so some changes occur.
-
When it comes to dynamic vs static, you have to ask yourself why you are doing either. Static is because devices point to this as a resource and it needs to remain constant at all times. So, as you said, servers, switches, routers, etc. However, workstations are, as a rule, only accessing resources and aren't serving up content to other computers unless you have a hodgepodge environment. Therefore, these devices need an IP address to get on the network and that's it. If you have a device that needs to serve up content, add it as a reservation. Think about this: if you make all workstations static, you run the risk of missing something and causing an IP conflict, or making more work for yourself if you ever change your network scheme. What do you gain? Nothing!
-
I wouldn't say you gain nothing. There are plenty of places like firewall logs, where you may only get an IP. In that case there is no need to look somewhere else for the name. If it is manageable, why not? I agree that it is rarely manageable.
-
I'm not aware of there being a static versus dynamic question here. AFAIK, everyone is in favour of dynamic. Dynamic has been the standard best practice for more than two decades. Before TCP/IP took over as the dominant protocol its predecessors NetBEUI and IPX/SPX were dynamic (NetBEUI had no other option.)
Unless you are treating your workstations as servers, they should exclusively be dynamic.
-
@s.hackleman said:
I wouldn't say you gain nothing. There are plenty of places like firewall logs, where you may only get an IP. In that case there is no need to look somewhere else for the name. If it is manageable, why not? I agree that it is rarely manageable.
You can get non-changing IPs with dynamic too.
-
Also, when it comes to IP blocks, no, I don't block things off just for the sake of it. If you are making blocks of IPs for end use devices you should rethink how you look at IPs. Don't make the mistake of thinking of an IP address as anything but an address - a computer artifact used under the hood to locate a device. It is not meant to be human readable or to provide insight into the use of a device. Use hostnames to convey human meaning, use IP addresses as addresses.
-
@scottalanmiller said:
Dynamic has been the standard best practice for more than two decades.
Last week, at a client where I am not the networking consultant, I had a networking consultant tell me that they use static IP on EVERYTHING because it makes DNS better.
I tried to get that part of the contract a year ago and was shot down