Why are static IP addresses considered a bad practice?

Question

Im looking to better understand this piece of advice in relation to setting up devices on internal networks with static IP addresses, and why that is considered a bad idea.

On the surface of it, setting up static IP addresses for devices on an internal network that acts as a server doesn't seem like a particularly bad idea when those servers need to communicate with each other regularly. If server A needs to request a web page or an FTP connection or whatever from server B, the task is made much simpler by making sure that server B can always be found at a specific address instead of searching through the network for server B each time.

The only immediate issue that I can think of when setting a static IP address is that the IP address is defined from the servers side and not the router (e.g. the server says to the router, "I want to be connected to your network at IP address 192.168.0.42"). This is fine in most simple cases, but if there's a collision (two different devices are both asking/demanding to be 192.168.0.42), the setup is bound to fail somehow.

Beyond that one case though, why is setting up servers on an internal network with static IP addresses such a bad idea?

Answer 1

It's not true that static IP addresses are always a bad idea. For small networks, with a handful of devices, it may make perfect sense. Static addresses are simple to understand and configure -- and not as complex as setting up a DHCP and DNS server. For small networks to which you might hook up a Raspberry Pi -- as mentioned in the question you linked to -- I think static addresses are fine. The blanket, "Telecommunications engineers never do this" is not accurate.

Most of the regular users on this forum work with much larger networks -- hundreds, thousands, or tens of thousands of devices. At that scale, manually keeping track of individual device addresses is nearly impossible. When networks are that large, things are changing constantly (that's why we have jobs). PCs move, servers get replaced, new applications get created, and old ones are retired. Networks expand and contract, adding new sites or reconfiguring old ones.

If everything had a static address, any change would become an impossible task. Imagine moving a server from one data center to another. The IP address would have to change. Every application that communicates with that server would have to be modified. Software would break, systems would fail, and IT would look very different than it does today. Facebook and Google could not do what they do managing all their servers' IP addresses in a spreadsheet.

Answer 2

Statically configuring addresses doesn't scale, and can be a problem when moving devices in a network. That is the reason for DNS. With DNS, you can refer to a host by name, and the DNS will take care of resolving the name to the currently assigned IP address.

Statically configuring addresses may make sense on small networks, but even on medium sized networks it can become a burden.

Answer 3

Two reasons to not use static IP addresses, and utilize DHCP reservations instead:

1. You avoid IP conflicts
2. IP reservations are centrally managed

An anecdotal story of why static IP address are a bad idea: Years ago, as a network administrator for a Credit Union with several branch offices, we had a branch go down. We researched endlessly for days. The router was up, and we could even ping it, but it would not route traffic to the remote branch. Days later I suddenly had a bright idea to ping the router IP and then unplug the router. Lo and behold, the pings still replied. Why? Long story short, I figured out that a Linksys router had been configured many years earlier with a local static IP address. At some point we needed a 4-port switch somewhere, but had to wait a week or more to get one. So a tech plugged in this router as a switch, which is normally fine. It had the same IP address statically configured, as the branch router. Neither device could warn us of an IP conflict, so we had no idea. Resetting the Linksys router to defaults wiped the static IP and suddenly the branch came back up.

Static IP addresses mean the network configuration is fragmented and not centrally managed. I don't care how good you are at spreadsheets and updating them when setting a static IP address. Nothing is as good as having a DHCP server manage everything. If you need a static IP, connect the device, let it get an IP, then reserve that IP in DHCP. Since it's tied to the MAC, it'll always get that same address, and no other device can ever get that IP. IP conflicts don't occur unless someone sets a static IP address.

The top answer here says "It's not true that static IP addresses are always a bad idea", and that static IPs are "not as complex as setting up a DHCP" server. If you're setting more than one device with a static IP, then you've already done more work than setting up a DHCP server. A DHCP server is configured once, and adding a reservation is usually as simple as checking a box to reserve a lease. Sure, configuring a windows DHCP server scope can take some time, but most routers are far more simplistic. All it takes is one IP conflict to cause a huge headache.

Answer 4

Static ips are more hack-able . Threat actor have more possibility changes to reach target ip compare to dynamic ip . Because ip is assigned permanently with nic card .Dynamic IP addresses changes with each session on the network as per DHCP scope time frame configuration on DHCP pools and dynamic ip make more challenging and difficult for threat actor to compromise data security. As static IP addresses never change, they can become a security risk as it is easier to track the computer it is linked to . In case if single desktop is comprised in network hacker can easily reach to servers and from there to database. By using DHCP protocol we can reduces attacks on organization IT infrastructure because ip will continuously changes and hacker can't trace targeted ip because it will change randomly frequently with respect to lease and renewal time period configured on dhcp scope