Slashdot Mirror
IP Addressing Space Management Applications?
_RiZ_ asks: "I work for a medium sized company and we are looking for a solution to aid in managing the ever complex IP space in use throughout the growing enterprise. We currently use a full class B of public addresses as well as all RFC 1918 ranges. The idea came up to develop this application internally, however this has proven in the past to be more of a headache, especially if the original developer changes roles or moves on from our company. We have looked at IPplan, but have found this program is more intended for an ISP documenting customer ranges rather than an enterprise IT shop. We would like something which is database driven, intuitive to use, and preferably open source, although a good commercial solution is always a viable option. Does anyone have any suggestions?"
If you need software to track it, your making it too hard.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Proprietary, but Lucent's VitalQIP provides several nice functions like automated subnetting, DCHP and DNS integration, along with the ability to scale.
This sig intentionally left blank.
http://www.postgresql.org/docs/7.4/interactive/dat atype-net-types.html
"PostgreSQL offers data types to store IPv4, IPv6, and MAC addresses, shown in Table 8-17. It is preferable to use these types over plain text types, because these types offer input error checking and several specialized operators and functions."
Ipplan can be customised to just show you the stuff you need to see. We have about the same sized address space and ipplan works great.
Have you looked at phpip or ipspace yet?
Malike Bamiyi wanted my assistance.
If you really want to get fancy, and integrate your IP address space management with your DHCP and DNS, take a look at BlueCat Networks. They have a suite of tools, and the one you're looking for is called Proteus. Highly integrated DNS, DHCP, and IP Address Management. It costs money, but it sounds like your shop can afford it. Best of luck.
You must have a nice, simple setup, then. Where I work, there are seven full-time employees and approximately 22 computers, including three servers. Between the various needs for off-site access, support for earlier mistakes, and stuff that just doesn't work like it should, we have:
One DHCP pool for VPN from Macintosh computers
One DHCP pool for VPN from Windows computers
One DHCP pool for trying to get the VPN support in the Cisco router working
One DHCP pool for office computers
One pool of reserved addresses for the servers
One stray reserved address in the middle of a DHCP pool left over from an accident with the backup software
One (very small) pool of public IP addresses used to provide the public face for the servers
One computer with a single network card and two IP addresses (don't ask)
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
I've reviewed the following:
Bluecat Networks Proteus/Adonis http://www.bluecatnetworks.com/
Incognito IP/Name/DNS Commander http://www.incognito.com/
INS IPControl http://www.ins.com/
Carnegie Mellon's NetReg http://www.net.cmu.edu/netreg
Lucent VitalQIP http://qip.lucent.com/
Solarwinds IPAM Pro http://www.solarwinds.net/
Men & Mice http://www.menandmice.com/
Infoblox http://www.infoblox.com/
IPPlan http://freshmeat.net/projects/ipplan
MetaInfo http://www.metainfo.com/
In hopes of replacing our current in-house developed solution.
I'll be honest, they are for the most part simply 'ok'. I wasn't super-impressed with any of them, and the bottom half of the list were definitely not ready for ISP/ASP/MSP-level use. I've listed them in descending order of my preference. All the useable ones are super-expensive, on the order of 'ok you can afford to pay a decent php/mysql coder to code you something from the ground up', or you can take this out-of-the-box thing, and shoe-horn it into your existing network. Which will in most cases take some weeks of programming anyway...
I had some of what I thought were pretty simple requirements...
- unix/linux based
- no single point of failure (clustering)
- handle forward and reverse dns
- api's (mostly to allow us to present a customer access to their zones)
- web-based gui with tiered user-levels
- pref software-based install rather than appliance, due to the shoe-horn prediction i mentioned above
Those are the highlights off the top of my head. I was surprised how few actually had all those features.
After months of doing webcasts, reading white-papers etc we've come to the conclusion that it's going to be developed in-house from the ground up, using bsd/apache/postgres/php/bind and some soap.
After reviewing these, I'm actually dying to know what large enterprises are using. I'm hoping there's some magic bullet IPAM solution that I missed on google. Please someone tell me about it!
Anyway, hope this helps you in your quest.
1) Do you need just bookkeeping stuff? - spreadsheet or some homemade app will do it! ... then go either for something comercial or your developers.
2) DHCP/DNS integration management? - Sauron project is my favourite at the moment
3) Something more speciffic
In fire we trust http://www.getoto.net
I am not sure, but Maintain seems like the kind of thing you are looking for: http://osuosl.org/projects/maintain/
Although, looking at it, it seems to be specific to dhcpd3 and djbdns...
Anyway, I thought I would just throw it out here for consideration.
Climate Progress - Hell and High Water
I work for a company with about 70,000 employees. We have a lot of address space. Multiple Class Bs of public IP space not to mention 10.0.0.0/8 and the other RFC 1918 space. Far and away the best tool we have ever used to manage IP space is an Excel spreadsheet located on a network drive. As soon as you're done laughing, read on...
/24s of each block spelled out:
/28s within each /24. Put the network address of each /28 up there, i.e. 0,16,32,48, etc..
/19 defined on them. Most of them are /18s or /17s though.
Create a spreadsheet with Column A having the
10.0.0.0
10.0.1.0
10.0.2.0
etc.
Colums B through Q should be
Use the 'Merge Cells' option to block out each subnet that you want to document and then change the background color of that cell to something other than white. White, unmerged cells should always represent available IP space. Put a descriptive text in the cell showing the VLAN, router interface, or firewall that owns that space. If you don't have enough space in the cell, write something very brief and then do an "insert comment" where you can put all the descriptive text you want there.
I use other colors like pink for "reserved" space, i.e. space that I want to use in an upcoming project but it isn't live yet. Try to keep the number of colors you use to a minimum. Ideally you shoudln't need more than two or three colors.
Finally, don't put everything onto one worksheet. Use tabs to break things up into different OSPF areas, or however you want. I have a tab for the DMZ environment, one for the Extranet environment, one for the intranet, etc.. Some of the tabs have address space as small as a
As long as the file is backed up regularly and all of your network engineers use it religiously, there should be no problems. We have been using this for years now and it has saved our ass on many, many occasions. Only one person can use the file at a time, so conflicts are not an issue.
Using an off the shelf application is asking for trouble, in my opinion. Keep It Simple, Stupid!
Our organization has ~13 locations on the east coast. Given any internal IP, I can tell you the site and room number that host is in. And in most cases I can do the same with our external IPs. Each location is standardized on IP block->function assignment, so when a new VPN goes up we already know how to build our tunnels.
Fix the problem, not the symptom. Plan well.
I'm against picketing, but I don't know how to show it.