Slashdot Mirror
Managing Lots of IP Addresses?
haggisbrain asks: "I'm a Systems Administrator and I've recently started work with a new company where I'm now helping to support a much larger number of nodes than I've previously supported. We have just over 1000 nodes to support, but no efficient method to manage the IP addresses and subnets used. Previously, an Excel Spreadsheet has been sufficient enough for my needs, but now I need to find a new way. Can someone recommend a piece of software which can help me? Is there a simple way to list and view the IP addresses used on my network?"
Look@Lan It's a great little tool once you have it configured. It even will produce those nifty excel files for you if you wish. But man... I HATE that sonar sound effect. It's worse than the "UH OH!" sound made infamous by ICQ.
What specifically is it about the spreadsheet m0del which is insufficient? I don't manage large blocks of IP addresses and subnets so I'm not familiar with the information which you'll be compiling or how you'll need to manipulate and mine it.
When other people figure out a complex organizational scheme for a spreadsheet they often turn it into a database. If you have kept a spreadsheet for a similar task, on a smaller scale, then you should be able to identify very quickly which axes you need to expand in order to accomodate the larger task.
the NPG electrode was replaced with carbon blac
DHCP, FTW!!!!
Shouldn't your DHCP server have a list of its leases?
First off, just looking at your router configs should tell you what addresses are where.
Then, make sure you're using dhcp to assign the addresses.
Use nmap to check for weirdness.
You mean you can't remember a simple 1000 assignments?
Hello 30 seconds on google:
http://iptrack.sourceforge.net/
Imagine using spreadsheets these days.
On top of DHCP, add Dynamic DNS and you're almost all set. Just make sure to use a DHCP and DNS server from the same producer, they're generally not 100% compatible with one-another if you don't. They might be 99% but that 1% creates a whole world of trouble.
Deleted
If only there were some way to associate a friendly name with an IP address. Hmm...
What's wrong with DHCP and dynamically updated DNS? Servers will remain static, of course, but once you factor out clients there should be a manageable number of addresses left.
"Hey, Slashdot, I don't know how to do my job.. please help me. I could PROBABLY google around for 30-40 seconds and find a solution, and earning my paycheck by doing so.. but I figure I'll waste everyone's time."
Not a Twitter sockpuppet... but I wish I was.
This question has come up once or twice before.
The usual suspects for answers to this question are as follows:
NorthStar, which is quite feature rich. "NorthStar is a system to help track and allocate blocks in an IP Network"
IPplan which is another open source product.
And PHPip
If you want to go commercial VitalQIP Enterprise could suit your needs quite well.
Berny
Curiosity was framed; ignorance killed the cat. -- Author unknown
Deleted
NAT! Oh wait, never mind :(
My company has been using Ubersmith Datacenter Edition (Uber DE, for those in the know) for a few months now - the IP management stuff they've integrated into the device manager is pretty slick to say the least. We've done the spreadsheet before, as well as North*, but neither of those options mesh well with any external systems. If you've got hardware/network stuff to manage as well (which I assume you do) give the Ubersmith guys a call. I don't think there's an online demo of DE yet (lame) but when we were interested in the system we called up and one of the developers gave us a walkthrough of a live build, explaining what was going on. http://www.ubersmith.com/
It is pretty much what it was designed to do (i.e. manage all your IP addresses to Names). As a result, a good DNS application will manage ALL your subnets, virtual lans, static addresses, and DHCP addresses.
Personally I like Lucent's VitalQIP.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Sounds like a task for shell scripts to manipulate an ASCII file and grep | cut | sed or maybe awk if the plain ASCII file is formatted correctly. I don't want to be drawn into UUOC.
Sure you could do it in C if you're familiar with the IO and text manipulations in that language--I always wanted to learn C but never devoted enough free time to it. The largest motivator to write the system from scratch in C is if the list becomes long enough that grep and awk can't process it quickly enough to keep up with incoming requests or if requests come through so often that beating up the disk platters is a consideration.
One IP address per line with twenty or thirty well planned fields, comma separated, should be good for the task. How many functions do you suppose you'd need to manipulate it properly? A well thought out system of functions could probably be reduced to ten or twelve basic functions which could be combined to do nearly anything.
The largest motivator that I find for using someone else's software is that someone else usually has more time to dress it up to look nice and neat on the display. I just make it work.
the NPG electrode was replaced with carbon blac
You only need 2 tools for managing your address space.
Nmap - To see which addresses are in use and what the servers are doing.
Traceroute - To see where in your network the IP address is.
Also make sure your reverse DNS is updated when you assign an address to something important.
I like Cheops-ng, though I'm not sure if that's exactly what you're looking for. Also, I wouldn't run it during peak business hours -- don't wanna clog those tubes ;)
Maybe you can find some useful info here, this topic came up about a year ago:2 51224
http://ask.slashdot.org/article.pl?sid=06/04/26/2
sig? uhh, umm, ok
nmap -sP 192.168.1.0/24
Adjust as necessary.
I.E.
nmap -sP 192.168.2.0/24
nmap -sP 192.168.3.0/24
nmap -sP 192.0.0.0/8
nmap -sP 10.0.0.0/8
The possibilities are endless.
We designed some software that we use to manage our IP network, called Ganymede. It's designed to track data in a transactional object store, then turn around and re-build BIND files, NIS maps, and whatever other directory services data you care to manage with it. It's a bit unconventional, but if you need to be able to have full scripting control over your environment, it's really very powerful.
Drop me an email if you're interested in talking about it.
- jon
Ganymede, a GPL'ed metadirectory for UNIX
.. would be the way to go
;-)
You REALLY don't want to be bothered administrating a 1000 ip addresses manually.
That is like doing pointer math in C; nothing to see (read: gain) here, move on, don't get passed by.
You would probably be an early adoptor, have to invest in dedicated hardware, meet
a lot of fud, resistance and ignorance, but it is the way to "the future", so don't be backward
There is not really much info out there yet, but give the big guys (Cisco, HP) a shot, they
will probably be happy to talk to you, and explain what it is about.
For the IP part, postgresql has network operators and functions that can come in very useful.
c tions-net.html
;).
http://www.postgresql.org/docs/current/static/fun
So in theory you could have a script for "A" and "B" to automatically free up and find blocks.
And a script for "C" to actually allocate a manually decided block and set up the delegation etc.
Doesn't actually seem too hard if you start with a decent database schema, and are using sane DNS software
Of course there are super expensive off the shelf solutions to do all sorts of stuff, but funny thing is you'd probably have to spend about the same amount of time and effort integrating them with your DNS, routers etc.
Awesome. By using a spreadsheet, you can "what if?" and see what would happen if you were to change a certain node's address, as the change instantly propogates through various calculations, ultimately altering that final cell either subtly, or drastically. You can even make a pie chart that shows the addresses!
But best of all, since it's not just a spreadsheet -- it's an Excel(TM) spreadsheet! -- you have the advantage of Microsoft's advanced proprietary technology. Pity the fool who has to settle for Lotus 1-2-3 to .. um .. record a list.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Seriously. You have "just over 1000 nodes" to manage. Odds are, the vast majority of those are dynamically assigned (or they should be, so if they aren't, that's your first job). Of the ones that are left, I would venture to guess that the number is much smaller than 1000, and could probably be even smaller than you think given the availability of modern protocols like Zeroconf. After that, you need to consider how often those statically assigned devices are going to change, which is probably not very often at all, if ever.
/16 subnets (because we're in the process of migrating to a completely new AD system and we were running out of easily rememberable addresses in the one /24 we were using). Out of those two /16's, about 18 /24's are actually being used. The "0" subnet in each /16 goes to routers, the "1" subnet goes to managable switches and other Layer 2 devices, the "2" subnet goes to servers, the "3" subnet goes to printers, the "4" subnet to the few statically assigned workstations, and the "10" through "13" subnets go to two different DHCP server pools, for redundancy.
If you're using DHCP and DDNS like you oughter, the few times you might need to look up one of the dynaically assigned numbers will take a very short period of time.
As an example, one of my clients right now has about 150-200 nodes on the network in two locations, approximately 50% Windows and 50% Mac OS X, with a couple of Linux machines scattered around, mostly for my benefit. Between the two sites, we're using two
All the DHCP and DDNS is handled by Windows Server 2003, simply because Windows is happier if it gets its own way for those purposes in an Active Directory environment, and its a hell of a lot easier than setting up BIND, etc., to do what Windows wants done. Apple's Open Directory doesn't care, as long as the DNS servers are up and properly configured before you configure OD. The second site gets it's DHCP from the local router, because the site only supports about eight users with no server. Microsoft's DDNS server doesn't mind.
The DHCP pools can be looked up at will in one Windows application (or through VNC back to my management station from any of the Macs), so they don't need to be tracked. Even the statically assigned devices which report properly to the DDNS can be looked up at will. The routers, switches, and infrastructure servers don't change, and there's few enough of them (eight or so switches and access points, ten or so servers, and this is overkill to a certain extent--the system we've built could easily handle your 1000 nodes) that anyone can remember them all, even with multiple interfaces. The printers will eventually be moved to dynamic addresses as they are replaced with Zeroconf capable units. In fact, even some of the servers could be moved to the DHCP pool if all their services and clients support Zeroconf. The only serious problem we have is keeping track of which ports are in which VLAN as we migrate from one system to the other, but eventually we'll collapse the VLANs, because they're really not needed. Perhaps you might find VLANs more useful in your larger network, but that's another topic... There's a small possibility we may use VLANs at some point to decrease the size of the broadcast domains, but its not really an issue, yet.
All of this is tracked in spreadsheets, and one of the really neat things about spreadsheets is that they're really easy to convert into databases at some point if that's what you decide to do. It's a simple matter to update them every so often. Sometimes computers aren't the right answer.
BT Diamond IP came from the people who originally came up with QIP, it is extremely feature rich and you can buy it as an appliance.
http://bt.ins.com/software/
I work for a large IT company managing well over 50,000 IP addresses. We looked at several off the shelf products, including VitalIP, but as we have a dynamic mix of DNS, DHCP, and hosts files, we could not reliably manage that many IPs in Access, Excel, or any off the shelf product (that we reviewed at the time; 2003). We already had an in-house developed app doing the job, so we just decided to modify it. Honestly, a few hours of Oracle development to create the tables, a week of VB.NET programming, and we had a fully functional IP management tool complete with business rules for assigning IPs based on a schema. While is it was fairly easy as we knew very intimiately our needs, it may not be as easy for you. I'd suggest starting a list of requirements and the moment you feel overwhelmed you know you're on to something. Use that to determine whether you need off the shelf or develop (re-develop, or OSS).
... there is nothing that has not already been thought
Exactly, 4*250 = 1000 and 250254 thus you should only have to count each finger 250 times to remember where you left off /sarcasm
2^3 * 31 * 647
Rather then just repeating what I said the last time the subject of IP Address Management came up on slashdot, I'll just link to it.
The subject is slightly below the charter, but many great links get posted.
http://www.nanog.org/mailinglist.html
There are 1.1... kinds of people.
IPPlan is what we use. It is by far not perfect, and we have basically switched to doing most modifications directly into the (Postgres) database. IPPlan was developed for MySQL, so it doesn't use the IP address features of Postgres. We have added a few stored procedures which keep an extra column in ip4r format, for easier manipulation by other tools.
Why IPPlan? Because the other free alternatives are even worse.
Finally! A year of moderation! Ready for 2019?
I think a good solution to be is make one database with many queries and if you keep updating the main table the queries will change with it. You can use Between This Number and That Number so that only those IP Address would show up if this was me i'd set it up either by network node or Workstation Name.
At Rutgers University, we have a home grown tool called NetDB that we use to manage IP allocations, assignment of networks to individual departments, corresponding DNS, and custom Access Control Lists. It works rather well. Network Operations allocates a network for a department and assigns it to the appropriate Network Contact Group (NCG). From that point, the people who have certain privileges on that NCG have the ability to add/remove DNS for it and create custom access lists. The tool knows what OSPF areas to allocate addresses from based on zones, and all in all is pretty neat. Here is some documentation (including screenshots) for ideas should you decide to ever work on your own tool.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
the NPG electrode was replaced with carbon blac
I used to work at a certain large business machine company with their own class A. There was an internal website one could go to, "iptools". You entered info on who you were, your dept, type of machine, physical location, etc. and it would assign you an IP. It had tools for when you moved a machine from one subnet to another (like when moving buildings) as well.
There were monitoring machines that could tell when IPs were being used. If you didn't use a machine for a while (months?) you'd get an email from the "IP Police" telling you to re-register or the IP would go back in the pool.
To view and manage the IP addresses/subnets and IP space, I would recommend looking into an IP Address Management solution that would eliminate spreadsheet data entry. Address Commander by Incognito is one solution. It tracks organization-wide IP address space; links all IP addresses with business units and, regional offices, subscribers or other entities; centralizes address allocation policies; and automates the reporting and receipt of IP address space from RIR (ARIN/RIPE). Would that serve your purpose? Are you a Sys-Admin in Cable/DSL service provider or in an Enterprise? Also, another thing to consider, if you wanted to also manage DHCP services on your network, you could also look into Broadband Command Center, which would work together with Address Commander as a complete DHCP and IP Management solution.
Geesh.. that is nothing. try more like 100000 nodes like some of us..
You could manage 1000 on the back of a napkin almost.
---- Booth was a patriot ----
Part of the point is that these days, if the person asking a question like this does absolutely no research via a search engine, then they're really wasting everyone's time, and all they deserve is a link to www.justfuckinggoogleit.com. If you want to ask the question more seriously, then you look around for what you can find, and post a question that indicates that you've done some minimal amount of research before throwing yourself on the mercy of a random group of strangers.
You could always try OpenOffice Calc.
Flexible bare-metal recovery for Linux/UNIX