Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

IP Addressing Space Management Applications? 77

Posted by Cliff
from the a-/48-is-a-lot-of-numbers dept.
_RiZ_ asks: "I work for a medium sized company and we are looking for a solution to aid in managing the ever complex IP space in use throughout the growing enterprise. We currently use a full class B of public addresses as well as all RFC 1918 ranges. The idea came up to develop this application internally, however this has proven in the past to be more of a headache, especially if the original developer changes roles or moves on from our company. We have looked at IPplan, but have found this program is more intended for an ISP documenting customer ranges rather than an enterprise IT shop. We would like something which is database driven, intuitive to use, and preferably open source, although a good commercial solution is always a viable option. Does anyone have any suggestions?"
This discussion has been archived. No new comments can be posted.

IP Addressing Space Management Applications?

Comments Filter:
  • by Anonymous Coward
    3x5 cards.
  • My Opinion (Score:2, Informative)

    If you need software to track it, your making it too hard.
    • Re:My Opinion (Score:4, Insightful)

      by TubeSteak (669689) on Wednesday April 26, 2006 @07:22PM (#15208636) Journal
      You do realize how many address are in a Class B space, don't you?

      A smidgen over 65,000.

      So if he needs software to track it, it might be that it is hard.
      • If the system is layed out well, it will pretty much document itself, minus some scribbles on a napkin.
        • I have worked in an environment where we had lots of customers, and many of them with private IP space for backends. Often the necessary networks are only /28 or /29, for some transfer networks a /30 might be sufficient. But you have to keep track of the networks, because for managing the servers via VPNs or private IP space you should keep track of which network belongs to which customer, and how much IP space is left. And it might be good to note if the DB Primary has the 10.23.34.5 or 10.23.34.6 in the n
      • I respectfully disagree. Where I work, we have 2 full class B allocations. I am never more than two hops away from any internal host. If I need to know where somebody is, I can query the routers and find out which port on which switch the device is plugged into- which gets me at least to the room. And that's only if the machine isn't registered in the DHCP system, and hasn't been logged into the Novell network (either of which get me a username, and therefore, a phone number.

        Absolute worst-case scenario
        • I agree. We have a class A and thousands of internal RFC1918 /28s, and at least on our corner of our network everything is self-documenting. There 20 other divisions so I don't know how they manage their nets.
  • by merreborn (853723) * on Wednesday April 26, 2006 @07:21PM (#15208635) Journal
    ...That's insufficient?

    (10/8 = 10.0.0.0 - 10.255.255.255)
  • Lucent VitalQIP (Score:4, Informative)

    by FreeMath (230584) on Wednesday April 26, 2006 @07:23PM (#15208646) Homepage Journal
    Proprietary, but Lucent's VitalQIP [lucent.com] provides several nice functions like automated subnetting, DCHP and DNS integration, along with the ability to scale.
    • I have to 2nd this recommendation. We use Lucent's VitalQIP as well for IP tracking/delegation (as well as DNS). Very stable and scalable. You can even plug in homegrown scripts if there's something specific you require it to do that it doesn't do out of the box.
    • It is a great program. We use it for DNS services as well, but it is vital in our setting up new subnets and keeping track of routers/subnets/DHCP blocks/servers... basically everything that goes on the network! We have around 8000 systems/devices across many different subnets. Once you get larger then a class A subnet, you truely need an application like this, otherwise you will start screwing things up by taking someone elses IP or forget that you already had another 10.1.12 subnet in existance (which con
    • We have almost 100,000 active IP addresses managed in QIP, and we're pretty happy with it.

      It doesn't suck, which is about the best endorsement I'm willing to give commercial software.
    • I used to install and consult for QIP. It's a good program, but you need to be pretty large in order to see its real benefit. A class B would certainly qualify for this, but I just wanted to alert other readers that this was major league DNS/DHCP management, not something for a medium sized company.
    • We use QIP for DNS, and it does an acceptable job for that. It doesn't have a very good method for telling "at a glance" what IP space is available though. It pretty much insists that you carve out everything up front, so you can divide a /16 into 255 /24s or something if you want. But if you don't know what space you are going to need where, it kind of sucks.
  • ipv6 needed maybe (Score:2, Insightful)

    by RobertLTux (260313)
    if you have a big enough and recent enough set of clients you may want to think about doing an ipv6 conversion (the way i understand it the last 64 bits of the address can be generated using the MAC of the network card so if you know which nic is on a desk then ..)
  • DIY (Score:2, Informative)

    by Anonymous Coward
    http://www.postgresql.org/docs/7.4/interactive/dat atype-net-types.html [postgresql.org]

    "PostgreSQL offers data types to store IPv4, IPv6, and MAC addresses, shown in Table 8-17. It is preferable to use these types over plain text types, because these types offer input error checking and several specialized operators and functions."
    • by dougmc (70836)

      It is preferable to use these types over plain text types, because these types offer input error checking and several specialized operators and functions

      Excellent! You've just saved the writer of the application 8 minutes of time in writing code that does the error checking itself and saves it in a more common data type. (Of course, he spent two hours setting up PostgreSQL rather than using his existing Oracle or MySQL server, so maybe it wasn't so great after all.)

      In case my sarcasm wasn't quite

    • I wrote an IP assignment script in PHP based on PostgreSQL. I was so pleased with the result, that I wrote an article about it on my blog:

      http://blog.wilf.me.uk/articles/2004/11/27/assigni ng-ip-addresses-with-postgresql-and-php [wilf.me.uk]

      The basic principle is that you put your "source" IP block(s) in the database, and the script will then assign blocks from them. And if you delete an allocation, it will find that "gap" the next time you need a block that size.

      Full source code is available from the link abo

  • Ipplan (Score:1, Informative)

    by Anonymous Coward
    Ipplan can be customised to just show you the stuff you need to see. We have about the same sized address space and ipplan works great.
  • by labratuk (204918) on Wednesday April 26, 2006 @07:35PM (#15208718)
    Have you looked at phpip [phpip.net] or ipspace [null-ptr.net] yet?
  • IPAM (Score:3, Informative)

    by forq (133285) on Wednesday April 26, 2006 @07:39PM (#15208730)
    If you really want to get fancy, and integrate your IP address space management with your DHCP and DNS, take a look at BlueCat Networks [bluecatnetworks.com]. They have a suite of tools, and the one you're looking for is called Proteus [bluecatnetworks.com]. Highly integrated DNS, DHCP, and IP Address Management. It costs money, but it sounds like your shop can afford it. Best of luck.
    • I am heading up a project to look for an cost effective IPAM solution to potentially replace my expensive QIP implementation...and I must say the Bluecat Proteus does look very promising. I've talked to their guys and did a demo with them...they know what they're talking about. And they have this "tag" system which is really cool.

      The down side is that Proteus can only controls their Adonis devices (for now) which means I would have to replace all my windows/bind servers...but even with that, the cost woul
      • by _RiZ_ (26333)
        I have found some info on these guys and will check them out this week at interop. We too just recently left the QIP world based on licesing costs. DHCP and DNS are being managed by the AD folks so for us network engineers who only care about the break down of subnets and the first 5 ips in each network, its very clunky to use the MSC console crap.
        • Well, I haven't left QIP yet...cause as much as I hate paying high maintenace cost, its still much better than spreadsheet. (yuk)

          I suggest you look at all the players. Bluecat, Infoblox, INS seem to be getting the most buzz. Check them all out and judge for yourself.
  • by MoralHazard (447833) on Wednesday April 26, 2006 @07:40PM (#15208733)
    Maybe I'm dense, but what, exactly, is the problem the poster is trying to solve?

    Why does this need any application more complex than a text file sitting on a file share, somewhere, for people to review or make changes as needed? That's what I do, and it seems to work OK.

    Plus, what does it mean to use "all" of the RFC1918 IP ranges? Does that mean they're using every IP in every range, or every prefix in every range, or does it just mean that they don't understand subnetting?
    • You must have a nice, simple setup, then. Where I work, there are seven full-time employees and approximately 22 computers, including three servers. Between the various needs for off-site access, support for earlier mistakes, and stuff that just doesn't work like it should, we have:

      One DHCP pool for VPN from Macintosh computers
      One DHCP pool for VPN from Windows computers
      One DHCP pool for trying to get the VPN support in the Cisco router working
      One DHCP pool for office computers
      One pool of reserved address
      • One DHCP pool for VPN from Macintosh computers
        One DHCP pool for VPN from Windows computers
        One DHCP pool for trying to get the VPN support in the Cisco router working
        One DHCP pool for office computers
        One pool of reserved addresses for the servers
        One stray reserved address in the middle of a DHCP pool left over from an accident with the backup software
        One (very small) pool of public IP addresses used to provide the public face for the servers
        One computer with a single network card and two IP addresses (don't

      • Sorry... I couldn't help it.. but I kept waiting for ... "And in the darkness bind them"

        I feel jipped... :(
    • Spreadsheets and text files work to a point. However, once you get quite a few VLANs and servers then those methods become very cumbersome to use. Trying to do things like seeing what IP blocks are available for a new /27 you want to add may not be that easy. Also, Excel and text files can (and have a several times in my case) to copy-paste type errors. And if you have servers on multiple VLANs then trying to get a listing of "what are all the IPs of server X" becomes cumbersome as well and if you have
      • Agreed. Some of our major clients are hotels. Providing Digital Video On Demand and Internet Access means 1 VLAN per room (for security and such). Can be fun to do an ifconfig on a Linux server managing this and have it spew forth 600+ VLAN interfaces.
    • Their network supports 65,534 hosts, not including the RFC1918 addresses. That's a lot for a flat file. Also, a flat file will have no format restrictions (people might not be consistent in their edits) and will not be able to do any error checking (mistype an IP/subnet/whatever and you may not notice for a long time afterward, with potentially cascading effects).

      Also, some IP management products integrate with DHCP, DNS, or both, providing automatic updates as they are entered into the management softwar
    • It means that in some way or another we use 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16 as well as our public class B. With sites in 40 countries, internet facing requirements, wireless, wired, vpn, server farms, test, dev, and all the other uses for ip's, we use a whole hell of a lot.
    • Why does this need any application more complex than a text file sitting on a file share, somewhere, for people to review or make changes as needed? That's what I do, and it seems to work OK.

      How many networks, sites and devices are in your environment ?

    • Why does this need any application more complex than a text file sitting on a file share, somewhere, for people to review or make changes as needed? That's what I do, and it seems to work OK.

      Another reasonable option is a Wiki. Many of them give built-in version control and have full text search. For organizing the data, you can use multiple pages. E.g., one page for the overall breakdown, linked to pages for each regional block, and then pages for each subnet.

      If you're reasonably regular with your formatti
      • I did an intranet documentation wiki based on MediaWiki, and it was worthless for IP addresses. The basic problem was the MediaWiki used MySQL for searching, and MySQL excludes 'words' that are too short from its indexes - which means no index of IP addresses.

        I ended up cobbling together .htdig + MediaWiki - which was a horrible experience.

        There was some talk on the MediaWiki list about moving to Lucene for indexing. If that has happened already, MediaWiki might work fine. But before you throw many hours

    • I understand the problem as I am in the same boat. OP is probably using some addresses from each class of 1918 addresses. Using a text file or wiki is not an elegant solution when managing 3000+ hosts where 50% of them are static (for various reasons). I've been using an Access database but I am currently developing a PHP/Postgresql based solution. We have 20+ support staff signing out new addresses every day. The napkin approach sucks and conflicts and mistakes are aplenty...
  • I too want to know, just when will USPTO/RIAA/MPAA address the problems NASA just can't get a grasp on. Someone must back my lunar trademarks!
  • by Malor (3658) on Wednesday April 26, 2006 @07:44PM (#15208752) Journal
    The problem is that your question is a bit vague. You want help 'managing' the IP space, but you don't indicate what 'managing' means to you. If you can be clearer about exactly what you want it to do, you'll probably get more useful suggestions.
    • His meaning is already quite clear to those of us that manage IP space. Few other people will be able to give him a decent answer on this particular topic.
      • All of us manage IP space, to some degree or another.

        Clear description of requirements is always important. He might need something you don't think is important, and you could recommend the wrong package/system. Or, he may not need nearly as much management as you do, and you could recommend a package that's far too expensive or complex.

        'Manage', in other words, means different things to different people. Giving advice without a very clear requirement specification is difficult and error-prone.
  • I have to say, Infoblox http://www.infoblox.com/ [infoblox.com] is the best solution for this I have seen yet. It is not free, but gives a company with LOTS of IP addresses a nice way to manage them all.

    Most people use either Excel (yuck) or a home grown PHP app they write themselves. (im talking some Fortune 500 companies here as well)
    • I'll second the suggestion of Infoblox.

      I manage DNS for an organization with a class B range and a few thousand more private IP ranges. We've used NetID in the past (originally owned by Optivity, now Nortel). It gets the job done with an Oracle database and a java interface/application server and can manage IP, DHCP and DNS - but is quite expensive. Infoblox is slowly replacing its functions.

      I'd say that "IP address management" can include allocating DHCP and static IP ranges, recording information about
  • same boat (Score:5, Informative)

    by aichainz (523314) on Wednesday April 26, 2006 @08:01PM (#15208846)
    I've reviewed the following:

    Bluecat Networks Proteus/Adonis http://www.bluecatnetworks.com/ [bluecatnetworks.com]
    Incognito IP/Name/DNS Commander http://www.incognito.com/ [incognito.com]
    INS IPControl http://www.ins.com/ [ins.com]
    Carnegie Mellon's NetReg http://www.net.cmu.edu/netreg [cmu.edu]
    Lucent VitalQIP http://qip.lucent.com/ [lucent.com]
    Solarwinds IPAM Pro http://www.solarwinds.net/ [solarwinds.net]
    Men & Mice http://www.menandmice.com/ [menandmice.com]
    Infoblox http://www.infoblox.com/ [infoblox.com]
    IPPlan http://freshmeat.net/projects/ipplan [freshmeat.net]
    MetaInfo http://www.metainfo.com/ [metainfo.com]

    In hopes of replacing our current in-house developed solution.

    I'll be honest, they are for the most part simply 'ok'. I wasn't super-impressed with any of them, and the bottom half of the list were definitely not ready for ISP/ASP/MSP-level use. I've listed them in descending order of my preference. All the useable ones are super-expensive, on the order of 'ok you can afford to pay a decent php/mysql coder to code you something from the ground up', or you can take this out-of-the-box thing, and shoe-horn it into your existing network. Which will in most cases take some weeks of programming anyway...

    I had some of what I thought were pretty simple requirements...

    - unix/linux based
    - no single point of failure (clustering)
    - handle forward and reverse dns
    - api's (mostly to allow us to present a customer access to their zones)
    - web-based gui with tiered user-levels
    - pref software-based install rather than appliance, due to the shoe-horn prediction i mentioned above

    Those are the highlights off the top of my head. I was surprised how few actually had all those features.

    After months of doing webcasts, reading white-papers etc we've come to the conclusion that it's going to be developed in-house from the ground up, using bsd/apache/postgres/php/bind and some soap.

    After reviewing these, I'm actually dying to know what large enterprises are using. I'm hoping there's some magic bullet IPAM solution that I missed on google. Please someone tell me about it!

    Anyway, hope this helps you in your quest.
    • Having worked in most Fortune 500's, unfortunatly, most of them actually just use Microsoft DHCP/DNS and Excel... I think your list pretty much covers every solution I have seen :)

      From what I have seen, the best ones were appliance based.
      • That is where we are currently. MS AD for DNS and DHCP with Excel for documentation of all the networks worldwide. The Excel file has been a pain for quite some time. There has been some attempts to import this into Notes to make it more usable, but they have all been just too clunky and have been put together with very little thought.
    • Hey, somebody mentioned NetReg before I could... NetReg is probably way more then the OP wants, but it certainly does do IPAM fairly well. The screenshot on our site of the subnet map [cmu.edu] is a bit out of date, the current version looks slightly different, but you can see the idea.

      The rest of this post I grabbed from my own comment on a Ask Slashdot story a few weeks ago about DNS management systems:
      Carnegie Mellon's NetReg [cmu.edu] (*) is a DNS & DHCP management system (and much more) that we wrote in house to

  • by zeridon (846747) on Wednesday April 26, 2006 @08:06PM (#15208863) Homepage
    1) Do you need just bookkeeping stuff? - spreadsheet or some homemade app will do it!
    2) DHCP/DNS integration management? - Sauron [sauron.jyu.fi] project is my favourite at the moment
    3) Something more speciffic ... then go either for something comercial or your developers.
  • When I was working at an Aussie Telco, I wrote an IP Management Database. It was designed to provide an easy-to-manage overview of the IP space, but allow automated allocation. After I left the company, I wrote a new one from scratch based on the original design.. this isn't complete (lacking some features), but it's quite usable. I was going to market it commercially (and still might) but I got distracted with life, and it's been sitting around doing nothing. I'd like to see it used and further develop
  • I say move to IPv6. That would solve addressing issues, unless I don't understand the problem :)
  • Nodes? (Score:2, Interesting)

    by Ajehals (947354)
    Just how many addressed nodes are we talking about? And how many physical networks?

    I would probably start looking at this as a paper project and see if you can't rationalise your network address schemes somewhat, I've used and would recommend IPPlan generally, http://iptrack.sourceforge.net/ [sourceforge.net] but I don't tend to manage networks in any meaningful way, I prefer the networks to manage themselves, getting initial configurations of DHCP and DNS schemas right and then scaling it all up, maintaining documentatio

    • We are not actually using every IP in 1918 space, more like, we have many networks defined across the globe for use by the 40 branch offices for all of their needs. We have broken 1918 space down by major region (America's, Europe, and Asia Pac). Each region is then broken down by country, followed by the city in that country. This makes it quite easy to know by any ip where it is originating. The problem lies when you have multiple network engineers creating and modifying networks across the planet and
      • To be blunt, you dont need IP management software, you just need a decent DNS structure and DOCUMENTATION. Everyone doing their own thing is fine as long as you havent got to get anything to work together. If your networks are not interconnected it gets a bit interesting but if you are using interconnected networks just use DNS as normal and propigate down to the various networks, effectivley set up a root server for each network's dns servers to query, you retain control of the root server allowing you t
      • Ive got a stack of custom scripts and documentation and policy I could dig up if its appropriate and if its useful, too much to post here sadly. Ive spent a good 25% of my working life (well before I became self employed anyway) dealing with network implementations, sadly its 90% Win2k Server (DNS + DHCP + AD) 5% BIND and 5% general theory, get in touch if your interested (that goes for anyone else as well...) slash[removethisbit]dot[at]ictsc[dot]co[dot[uk] and Ill get it to you if it applies.
  • Maintain from OSU? (Score:2, Informative)

    by Randle_Revar (229304)
    I am not sure, but Maintain seems like the kind of thing you are looking for: http://osuosl.org/projects/maintain/ [osuosl.org]

    Although, looking at it, it seems to be specific to dhcpd3 and djbdns...

    Anyway, I thought I would just throw it out here for consideration.
    • Very impressive effort. Looks nice for delegated responsibility. Clean interface.

      Even if you don't want to use DJBDNS for all of your services, you can slave BIND 9 servers to the DJBDNS root. But DJBDNS works well too. YMMV.

  • You state that you're a midsized company, yet you're using a full internet class b, a private class A (10.*), 16 class b's (172.16.*), and a class B (192.168.*).

    That's more IP addresses than a major technical college I know uses. Unless you're a pretty major ISP, that's crazy. MAJOR companies often make due with a decent number of internet routeable IP's, and a lot of NAT.

    Lesson one: Learn NAT (aka ipMasqerade)

    NAT lets you have 1 firewall that offers internet access to lots of other computers. Thousands
    • Lesson two: learn subnetting.

      Danger ahead...

      [snip] Set up a complex site with several (~5 or so) as 10.0.8.0/29 for example. That would give a site 8 Class C ranges to play with, and it's great for route sumarization...

      Oh dear...

      By my math, 10.0.8.0/29 would yield a subnet with a mere 8 addresses (10.0.8.0 - 10.0.8.7, with 6 usable for hosts). A /21 would give the result you were trying to achieve. Your bit-shifting was correct, but you started in the wrong octet. Back to "Lesson Two" with yo

  • I work for a company with about 70,000 employees. We have a lot of address space. Multiple Class Bs of public IP space not to mention 10.0.0.0/8 and the other RFC 1918 space. Far and away the best tool we have ever used to manage IP space is an Excel spreadsheet located on a network drive. As soon as you're done laughing, read on...

    Create a spreadsheet with Column A having the /24s of each block spelled out:
    10.0.0.0
    10.0.1.0
    10.0.2.0
    etc.

    Colums B through Q should be /28s within each /24. Put the network a
  • Proper Planning (Score:3, Informative)

    by omega9 (138280) on Thursday April 27, 2006 @08:52AM (#15211311) Homepage
    Our organization has ~13 locations on the east coast. Given any internal IP, I can tell you the site and room number that host is in. And in most cases I can do the same with our external IPs. Each location is standardized on IP block->function assignment, so when a new VPN goes up we already know how to build our tunnels.

    Fix the problem, not the symptom. Plan well.

To the systems programmer, users and applications serve only to provide a test load.

Working...