Slashdot Mirror
IP Addressing Space Management Applications?
_RiZ_ asks: "I work for a medium sized company and we are looking for a solution to aid in managing the ever complex IP space in use throughout the growing enterprise. We currently use a full class B of public addresses as well as all RFC 1918 ranges. The idea came up to develop this application internally, however this has proven in the past to be more of a headache, especially if the original developer changes roles or moves on from our company. We have looked at IPplan, but have found this program is more intended for an ISP documenting customer ranges rather than an enterprise IT shop. We would like something which is database driven, intuitive to use, and preferably open source, although a good commercial solution is always a viable option. Does anyone have any suggestions?"
3x5 cards.
If you need software to track it, your making it too hard.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
...That's insufficient?
(10/8 = 10.0.0.0 - 10.255.255.255)
Proprietary, but Lucent's VitalQIP provides several nice functions like automated subnetting, DCHP and DNS integration, along with the ability to scale.
This sig intentionally left blank.
if you have a big enough and recent enough set of clients you may want to think about doing an ipv6 conversion (the way i understand it the last 64 bits of the address can be generated using the MAC of the network card so if you know which nic is on a desk then ..)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Use a wiki to keep track of IP uses.
http://www.postgresql.org/docs/7.4/interactive/dat atype-net-types.html
"PostgreSQL offers data types to store IPv4, IPv6, and MAC addresses, shown in Table 8-17. It is preferable to use these types over plain text types, because these types offer input error checking and several specialized operators and functions."
Ipplan can be customised to just show you the stuff you need to see. We have about the same sized address space and ipplan works great.
Have you looked at phpip or ipspace yet?
Malike Bamiyi wanted my assistance.
If you really want to get fancy, and integrate your IP address space management with your DHCP and DNS, take a look at BlueCat Networks. They have a suite of tools, and the one you're looking for is called Proteus. Highly integrated DNS, DHCP, and IP Address Management. It costs money, but it sounds like your shop can afford it. Best of luck.
Maybe I'm dense, but what, exactly, is the problem the poster is trying to solve?
Why does this need any application more complex than a text file sitting on a file share, somewhere, for people to review or make changes as needed? That's what I do, and it seems to work OK.
Plus, what does it mean to use "all" of the RFC1918 IP ranges? Does that mean they're using every IP in every range, or every prefix in every range, or does it just mean that they don't understand subnetting?
I too want to know, just when will USPTO/RIAA/MPAA address the problems NASA just can't get a grasp on. Someone must back my lunar trademarks!
The problem is that your question is a bit vague. You want help 'managing' the IP space, but you don't indicate what 'managing' means to you. If you can be clearer about exactly what you want it to do, you'll probably get more useful suggestions.
DHCP
I have to say, Infoblox http://www.infoblox.com/ is the best solution for this I have seen yet. It is not free, but gives a company with LOTS of IP addresses a nice way to manage them all.
Most people use either Excel (yuck) or a home grown PHP app they write themselves. (im talking some Fortune 500 companies here as well)
Cybie! aka Ralph Bonnell
You have more than sixteen million computers where you work?
I've reviewed the following:
Bluecat Networks Proteus/Adonis http://www.bluecatnetworks.com/
Incognito IP/Name/DNS Commander http://www.incognito.com/
INS IPControl http://www.ins.com/
Carnegie Mellon's NetReg http://www.net.cmu.edu/netreg
Lucent VitalQIP http://qip.lucent.com/
Solarwinds IPAM Pro http://www.solarwinds.net/
Men & Mice http://www.menandmice.com/
Infoblox http://www.infoblox.com/
IPPlan http://freshmeat.net/projects/ipplan
MetaInfo http://www.metainfo.com/
In hopes of replacing our current in-house developed solution.
I'll be honest, they are for the most part simply 'ok'. I wasn't super-impressed with any of them, and the bottom half of the list were definitely not ready for ISP/ASP/MSP-level use. I've listed them in descending order of my preference. All the useable ones are super-expensive, on the order of 'ok you can afford to pay a decent php/mysql coder to code you something from the ground up', or you can take this out-of-the-box thing, and shoe-horn it into your existing network. Which will in most cases take some weeks of programming anyway...
I had some of what I thought were pretty simple requirements...
- unix/linux based
- no single point of failure (clustering)
- handle forward and reverse dns
- api's (mostly to allow us to present a customer access to their zones)
- web-based gui with tiered user-levels
- pref software-based install rather than appliance, due to the shoe-horn prediction i mentioned above
Those are the highlights off the top of my head. I was surprised how few actually had all those features.
After months of doing webcasts, reading white-papers etc we've come to the conclusion that it's going to be developed in-house from the ground up, using bsd/apache/postgres/php/bind and some soap.
After reviewing these, I'm actually dying to know what large enterprises are using. I'm hoping there's some magic bullet IPAM solution that I missed on google. Please someone tell me about it!
Anyway, hope this helps you in your quest.
1) Do you need just bookkeeping stuff? - spreadsheet or some homemade app will do it! ... then go either for something comercial or your developers.
2) DHCP/DNS integration management? - Sauron project is my favourite at the moment
3) Something more speciffic
In fire we trust http://www.getoto.net
When I was working at an Aussie Telco, I wrote an IP Management Database. It was designed to provide an easy-to-manage overview of the IP space, but allow automated allocation. After I left the company, I wrote a new one from scratch based on the original design.. this isn't complete (lacking some features), but it's quite usable. I was going to market it commercially (and still might) but I got distracted with life, and it's been sitting around doing nothing. I'd like to see it used and further developed, so if you're interested, we can reach an arrangement. http://spinnesoft.com/products/ipdatabase/
You can contact me via jabber at rmt@jabber.freenet.de, or via the email addresses on the website.
when I read the link in your .sig, I laughed so hard I almost wet myself. I don't have any idea where you could have come up with the kind of time it took to make that crap up.
Thanks for a good belly laugh tonight.
But Herr Heisenberg, how does the electron know when I'm looking?
It is a great program. We use it for DNS services as well, but it is vital in our setting up new subnets and keeping track of routers/subnets/DHCP blocks/servers... basically everything that goes on the network! We have around 8000 systems/devices across many different subnets. Once you get larger then a class A subnet, you truely need an application like this, otherwise you will start screwing things up by taking someone elses IP or forget that you already had another 10.1.12 subnet in existance (which consequently screws up ALL your spanning trees across all your routers...).
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
I say move to IPv6. That would solve addressing issues, unless I don't understand the problem :)
I would probably start looking at this as a paper project and see if you can't rationalise your network address schemes somewhat, I've used and would recommend IPPlan generally, http://iptrack.sourceforge.net/ but I don't tend to manage networks in any meaningful way, I prefer the networks to manage themselves, getting initial configurations of DHCP and DNS schemas right and then scaling it all up, maintaining documentation of the general topology generally helps too, although actually tracking what IP address is assigned to what isn't generally all that important or at least not for more than about 10% of the addressed nodes (I reserve ranges for static addressing on servers and network devices that require them and issue them sequentially per device, everything else is dynamic).
.However you seem to be talking about more than a few thousand hosts so it will presumably be a bit different, I've never though about scaling a LAN that I have managed beyond 3000 devices, and when looking at WAN its never been a problem to have multiple networks with the same address schemes interconnect, it just involved NAT at each gateway
Just a quick one, if you are using all of the address allocation according to RFC1981 that would mean you have well in excess of 16 Million nodes, or you really need to look at how you have allocated subnets...
I am not sure, but Maintain seems like the kind of thing you are looking for: http://osuosl.org/projects/maintain/
Although, looking at it, it seems to be specific to dhcpd3 and djbdns...
Anyway, I thought I would just throw it out here for consideration.
Climate Progress - Hell and High Water
You state that you're a midsized company, yet you're using a full internet class b, a private class A (10.*), 16 class b's (172.16.*), and a class B (192.168.*).
That's more IP addresses than a major technical college I know uses. Unless you're a pretty major ISP, that's crazy. MAJOR companies often make due with a decent number of internet routeable IP's, and a lot of NAT.
Lesson one: Learn NAT (aka ipMasqerade)
NAT lets you have 1 firewall that offers internet access to lots of other computers. Thousands of computers sit comfortably behind a single internet gateway.
Lesson two: learn subnetting.
Just because RFC1918 says that 10.x is a class A private range, doesn't mean that you have to route it as a class A... Subnet it. Internally, define 10.1.1.x as a server range. Set up a complex site with several (~5 or so) as 10.0.8.0/29 for example. That would give a site 8 Class C ranges to play with, and it's great for route sumarization... which leads me to:
Lesson three: learn routing.
After you've subnetted the world, you have to route between it. Cisco makes lots of money selling these devices. You probably should have some (or use Juniper... they do the same thing[1]). Use static routes. Use dynamic routes. But set it up. Which leads me to:
Lesson four:
There are reasons that networking geeks are around. Let us deal with these problems. You're world will be much more stable.
Now, I can imagine some reasons that your are validly using that many IP addresses, and utilizing the concepts/technologies I've mentioned above... but they're a bit of a stretch. Most likely, this whole thing has been set up willy-nilly, and is overdue for an overhaul.
--Jason
[1] But you don't have to use true 'routers'... if that term means anything today... If you're routing around a switched environment, most reasonably manageable switches let you configure static and dynamic routing.
Zapman
I work for a company with about 70,000 employees. We have a lot of address space. Multiple Class Bs of public IP space not to mention 10.0.0.0/8 and the other RFC 1918 space. Far and away the best tool we have ever used to manage IP space is an Excel spreadsheet located on a network drive. As soon as you're done laughing, read on...
/24s of each block spelled out:
/28s within each /24. Put the network address of each /28 up there, i.e. 0,16,32,48, etc..
/19 defined on them. Most of them are /18s or /17s though.
Create a spreadsheet with Column A having the
10.0.0.0
10.0.1.0
10.0.2.0
etc.
Colums B through Q should be
Use the 'Merge Cells' option to block out each subnet that you want to document and then change the background color of that cell to something other than white. White, unmerged cells should always represent available IP space. Put a descriptive text in the cell showing the VLAN, router interface, or firewall that owns that space. If you don't have enough space in the cell, write something very brief and then do an "insert comment" where you can put all the descriptive text you want there.
I use other colors like pink for "reserved" space, i.e. space that I want to use in an upcoming project but it isn't live yet. Try to keep the number of colors you use to a minimum. Ideally you shoudln't need more than two or three colors.
Finally, don't put everything onto one worksheet. Use tabs to break things up into different OSPF areas, or however you want. I have a tab for the DMZ environment, one for the Extranet environment, one for the intranet, etc.. Some of the tabs have address space as small as a
As long as the file is backed up regularly and all of your network engineers use it religiously, there should be no problems. We have been using this for years now and it has saved our ass on many, many occasions. Only one person can use the file at a time, so conflicts are not an issue.
Using an off the shelf application is asking for trouble, in my opinion. Keep It Simple, Stupid!
Our organization has ~13 locations on the east coast. Given any internal IP, I can tell you the site and room number that host is in. And in most cases I can do the same with our external IPs. Each location is standardized on IP block->function assignment, so when a new VPN goes up we already know how to build our tunnels.
Fix the problem, not the symptom. Plan well.
I'm against picketing, but I don't know how to show it.
I ended up cobbling together .htdig + MediaWiki - which was a horrible experience.
There was some talk on the MediaWiki list about moving to Lucene for indexing. If that has happened already, MediaWiki might work fine. But before you throw many hours into it, do a simple test first.
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
STFU you wiki whacko! Wiki's are not the only solution for everything. In fact, they are nopt the solution for anything. Wiki's are crap! Yes, Wikipedia too!
I would bet that you run Gentoo but, you wouldn't have missed the opportunity to plug it.
Your network is an abomination to nature and you not only created it but continue to nurture it. Your network should be taken out side and shot! You should be taken outside and shot!
You and your network could be completely replaced by any <$100 router with no changes to the default configuration!
22 computers? 7 Employees? And you're bragging on Slashdot?
You're Pathetic!