IP address spreadsheets: A network menace

BY Rebekah Taylor

IP address spreadsheets are a menace to your network

Are you still using an IP address spreadsheet to manage all the IP addresses on your network?

Gambling with spreadsheets to manage core business functions can be a risky threat—and even catastrophic. They were especially never intended to manage network infrastructure.

An IP address management (IPAM) solution is the only way to create the security, total visibility, and efficiency your network needs, without the administrative headaches of management-by-spreadsheet.

In this post, we’ll delve into the limitations of doing DNS by spreadsheet and when you should abandon the approach. And we’ll touch on the benefits of investing in an IPAM enterprise tool.

The perils of your IP address spreadsheet

There are many examples of why spreadsheets shouldn’t be used to manage complex, technical tasks. One retrospective of the top three spreadsheet errors of the decade includes overselling 10,000 seats at the 2012 Olympics in London and overstating the price of Tibco Software by $100 million.

The trouble with spreadsheets for IPAM in particular

IP address management is, by definition, a complex and difficult task.  Why would you use a spreadsheet to handle such a high-risk system on your network?  Maybe some of these scenarios sound familiar:

  • A DNS admin fat-fingers a change to a spreadsheet that doesn’t match up to what’s actually reflected in DNS configurations. Subsequently, the network goes down.
  • Multiple DNS admins in different geographic regions are constantly changing IP address assignments. They’re either trying to update the same spreadsheet in real time or are using parallel spreadsheets that don’t interact with one another.
  • Access control gets sticky. Do you open spreadsheets up to non-admins, giving them the ability to change things but without responsibility when something goes wrong? Or do you strictly limit access to a few people, which hinders your ability to do things quickly?
  • You’re doing things at scale, in the cloud, across multiple locations and complicated architectures, and spreadsheets get very difficult to manage. They can’t represent intricate systems or show complex information like forwarding rules in an accessible manner.
  • You want to stand up and tear down IP addresses quickly for testing new iterations of software or creating temporary zones for a development push. And that’s really slow and cumbersome to do with spreadsheets.

The DNS nuclear football

One of our customers called their IP address management spreadsheet the “nuclear football”.  Only a small number of DNS admins had access to it, and they would hand off management as work days started and ended around the globe.  They knew that an accidental deletion or loss of critical data in those spreadsheets—or even the loss of the spreadsheet files altogether—could take down their entire network.

When to get rid of IP address spreadsheets

For small systems in a single geographic location without a lot of IP addresses to manage, spreadsheets may work just fine. But they can quickly get out of hand as your network grows.

Relying on homegrown spreadsheets can pose serious problems when your organization has multiple geographic locations and a distributed DNS model. They’re particularly problematic when your network is expanding or when you have numerous devices with unique MAC addresses constantly joining and leaving the network.

It seems like a no-brainer to replace spreadsheets with enterprise application solutions in areas like HR or finance. So, why not the same for a far more complicated and high-risk system such as IPAM?

The benefits of an IPAM solution over IP address spreadsheets

Implement an IPAM solution as part of your larger DDI infrastructure, and you’ll quickly see the benefits.

  • Consolidated view of your network. With all IP addresses in a central repository, you can see your entire network in one place.
  • Faster service for end users. Automating IPAM drastically reduces the time to provision IP address spaces, even with increased scale.
  • Improved network security. Seeing your DNS data on a regular basis helps you to detect abnormal behavior and take corrective action quickly.
  • Enhanced operational efficiency. Automating IPAM saves admin time and brainpower for more important work.

Learn more about BlueCat’s recommendations on technical best practices for IP address management and DNS deployment, and check out our "Cost of Free" eBook for more information about the hidden costs of decentralized DDI management.  Interested in diving deeper?  Learn why we think that IPAM solutions on their own aren't enough.

Rebekah Taylor

Rebekah Taylor is a freelance writer and editor who has been translating technical speak into prose for more than 18 years. Before BlueCat, she spent eight years doing communication work as a contractor for the U.S. Coast Guard in Washington, D.C., and was previously a journalist, reporting stories for a daily county newspaper and defense industry publication. Her first job in the early 2000’s was at a small Palo Alto start-up called VMware. She holds degrees from Cornell University and Columbia University’s Graduate School of Journalism.

View more articles by Rebekah Taylor