IP Addressing Space Management Applications? 77
			
		 	
				_RiZ_ asks: "I work for a medium sized company and we are looking for a solution to aid in managing the ever complex IP space in use throughout the growing enterprise.  We currently use a full class B of public addresses as well as all RFC 1918 ranges.  The idea came up to develop this application internally, however this has proven in the past to be more of a headache,  especially if the original developer changes roles or moves on from our company.  We have looked at IPplan, but have found this program is more intended for an ISP documenting customer ranges rather than an enterprise IT shop.  We would like something which is database driven, intuitive to use, and preferably open source, although a good commercial solution is always a viable option.  Does anyone have any suggestions?"
		 	
		
		
		
		
			
		
	
Keep it simple (Score:2, Funny)
My Opinion (Score:2, Informative)
Re:My Opinion (Score:4, Insightful)
A smidgen over 65,000.
So if he needs software to track it, it might be that it is hard.
Re:My Opinion (Score:2)
Re:My Opinion (Score:2)
Re:My Opinion (Score:1)
Absolute worst-case scenario
Re:My Opinion (Score:2)
10/8 includes 16 million private addresses (Score:4, Insightful)
(10/8 = 10.0.0.0 - 10.255.255.255)
Re:10/8 includes 16 million private addresses (Score:3, Funny)
Re:10/8 includes 16 million private addresses (Score:1)
Re:10/8 includes 16 million private addresses (Score:2)
Re:10/8 includes 16 million private addresses (Score:1)
it's in other words (as the documents states) 16 complete class B networks
Re:10/8 includes 16 million private addresses (Score:2)
Lucent VitalQIP (Score:4, Informative)
Re:Lucent VitalQIP (Score:2)
Another vote for QIP... (Score:2)
Re:Lucent VitalQIP (Score:1)
It doesn't suck, which is about the best endorsement I'm willing to give commercial software.
Re:Lucent VitalQIP (Score:2)
Re:Lucent VitalQIP (Score:1)
ipv6 needed maybe (Score:2, Insightful)
DIY (Score:2, Informative)
"PostgreSQL offers data types to store IPv4, IPv6, and MAC addresses, shown in Table 8-17. It is preferable to use these types over plain text types, because these types offer input error checking and several specialized operators and functions."
Re:DIY (Score:2)
Excellent! You've just saved the writer of the application 8 minutes of time in writing code that does the error checking itself and saves it in a more common data type. (Of course, he spent two hours setting up PostgreSQL rather than using his existing Oracle or MySQL server, so maybe it wasn't so great after all.)
In case my sarcasm wasn't quite
Re:DIY (Score:1)
I wrote an IP assignment script in PHP based on PostgreSQL. I was so pleased with the result, that I wrote an article about it on my blog:
http://blog.wilf.me.uk/articles/2004/11/27/assigni ng-ip-addresses-with-postgresql-and-php [wilf.me.uk]
The basic principle is that you put your "source" IP block(s) in the database, and the script will then assign blocks from them. And if you delete an allocation, it will find that "gap" the next time you need a block that size.
Full source code is available from the link abo
Ipplan (Score:1, Informative)
Do you know how to search freshmeat? (Score:5, Informative)
I laughed so hard (Score:2)
Thanks for a good belly laugh tonight.
Re:I laughed so hard (Score:1)
IPAM (Score:3, Informative)
Re:IPAM (Score:1)
The down side is that Proteus can only controls their Adonis devices (for now) which means I would have to replace all my windows/bind servers...but even with that, the cost woul
Re:IPAM (Score:1)
Re:IPAM (Score:1)
I suggest you look at all the players. Bluecat, Infoblox, INS seem to be getting the most buzz. Check them all out and judge for yourself.
I don't get what the problem is... (Score:3, Interesting)
Why does this need any application more complex than a text file sitting on a file share, somewhere, for people to review or make changes as needed? That's what I do, and it seems to work OK.
Plus, what does it mean to use "all" of the RFC1918 IP ranges? Does that mean they're using every IP in every range, or every prefix in every range, or does it just mean that they don't understand subnetting?
Re:I don't get what the problem is... (Score:3, Informative)
One DHCP pool for VPN from Macintosh computers
One DHCP pool for VPN from Windows computers
One DHCP pool for trying to get the VPN support in the Cisco router working
One DHCP pool for office computers
One pool of reserved address
Re:I don't get what the problem is... (Score:2)
Re:I don't get what the problem is... (Score:2)
I feel jipped...
Re:I don't get what the problem is... (Score:1)
Re:I don't get what the problem is... (Score:2)
Re:I don't get what the problem is... (Score:2)
Also, some IP management products integrate with DHCP, DNS, or both, providing automatic updates as they are entered into the management softwar
Re:I don't get what the problem is... (Score:1)
Re:I don't get what the problem is... (Score:2)
How many networks, sites and devices are in your environment ?
Re:I don't get what the problem is... (Score:3, Interesting)
Another reasonable option is a Wiki. Many of them give built-in version control and have full text search. For organizing the data, you can use multiple pages. E.g., one page for the overall breakdown, linked to pages for each regional block, and then pages for each subnet.
If you're reasonably regular with your formatti
Beware of MediaWiki (Score:2)
I ended up cobbling together  .htdig + MediaWiki - which was a horrible experience.
There was some talk on the MediaWiki list about moving to Lucene for indexing. If that has happened already, MediaWiki might work fine. But before you throw many hours
Re:I don't get what the problem is... (Score:1)
That's some hard-hitting reporting (Score:1)
it all hinges on one word.... (Score:3, Insightful)
Re:it all hinges on one word.... (Score:2)
Re:it all hinges on one word.... (Score:2)
Clear description of requirements is always important. He might need something you don't think is important, and you could recommend the wrong package/system. Or, he may not need nearly as much management as you do, and you could recommend a package that's far too expensive or complex.
'Manage', in other words, means different things to different people. Giving advice without a very clear requirement specification is difficult and error-prone.
a decent commercial solution (Score:2)
Most people use either Excel (yuck) or a home grown PHP app they write themselves. (im talking some Fortune 500 companies here as well)
Re:a decent commercial solution (Score:1)
I manage DNS for an organization with a class B range and a few thousand more private IP ranges. We've used NetID in the past (originally owned by Optivity, now Nortel). It gets the job done with an Oracle database and a java interface/application server and can manage IP, DHCP and DNS - but is quite expensive. Infoblox is slowly replacing its functions.
I'd say that "IP address management" can include allocating DHCP and static IP ranges, recording information about
Re:What? (Score:1)
Are you doing IP-based virtual hosts? This is ridiculous.
Re:What? (Score:1)
same boat (Score:5, Informative)
Bluecat Networks Proteus/Adonis http://www.bluecatnetworks.com/ [bluecatnetworks.com]
Incognito IP/Name/DNS Commander http://www.incognito.com/ [incognito.com]
INS IPControl http://www.ins.com/ [ins.com]
Carnegie Mellon's NetReg http://www.net.cmu.edu/netreg [cmu.edu]
Lucent VitalQIP http://qip.lucent.com/ [lucent.com]
Solarwinds IPAM Pro http://www.solarwinds.net/ [solarwinds.net]
Men & Mice http://www.menandmice.com/ [menandmice.com]
Infoblox http://www.infoblox.com/ [infoblox.com]
IPPlan http://freshmeat.net/projects/ipplan [freshmeat.net]
MetaInfo http://www.metainfo.com/ [metainfo.com]
In hopes of replacing our current in-house developed solution.
I'll be honest, they are for the most part simply 'ok'. I wasn't super-impressed with any of them, and the bottom half of the list were definitely not ready for ISP/ASP/MSP-level use. I've listed them in descending order of my preference. All the useable ones are super-expensive, on the order of 'ok you can afford to pay a decent php/mysql coder to code you something from the ground up', or you can take this out-of-the-box thing, and shoe-horn it into your existing network. Which will in most cases take some weeks of programming anyway...
I had some of what I thought were pretty simple requirements...
- unix/linux based
- no single point of failure (clustering)
- handle forward and reverse dns
- api's (mostly to allow us to present a customer access to their zones)
- web-based gui with tiered user-levels
- pref software-based install rather than appliance, due to the shoe-horn prediction i mentioned above
Those are the highlights off the top of my head. I was surprised how few actually had all those features.
After months of doing webcasts, reading white-papers etc we've come to the conclusion that it's going to be developed in-house from the ground up, using bsd/apache/postgres/php/bind and some soap.
After reviewing these, I'm actually dying to know what large enterprises are using. I'm hoping there's some magic bullet IPAM solution that I missed on google. Please someone tell me about it!
Anyway, hope this helps you in your quest.
Re:same boat (Score:2)
From what I have seen, the best ones were appliance based.
Re:same boat (Score:1)
Re:same boat (Score:1)
The rest of this post I grabbed from my own comment on a Ask Slashdot story a few weeks ago about DNS management systems:
Carnegie Mellon's NetReg [cmu.edu] (*) is a DNS & DHCP management system (and much more) that we wrote in house to
State your mission man ... (Score:4, Informative)
2) DHCP/DNS integration management? - Sauron [sauron.jyu.fi] project is my favourite at the moment
3) Something more speciffic
I've written one.. (Score:1)
Existing solution ... (Score:1)
Nodes? (Score:2, Interesting)
I would probably start looking at this as a paper project and see if you can't rationalise your network address schemes somewhat, I've used and would recommend IPPlan generally, http://iptrack.sourceforge.net/ [sourceforge.net] but I don't tend to manage networks in any meaningful way, I prefer the networks to manage themselves, getting initial configurations of DHCP and DNS schemas right and then scaling it all up, maintaining documentatio
Re:Nodes? (Score:1)
Re:Nodes? (Score:1)
Re:Nodes? (Score:1)
Maintain from OSU? (Score:2, Informative)
Although, looking at it, it seems to be specific to dhcpd3 and djbdns...
Anyway, I thought I would just throw it out here for consideration.
Re:Maintain from OSU? (Score:1)
Even if you don't want to use DJBDNS for all of your services, you can slave BIND 9 servers to the DJBDNS root. But DJBDNS works well too. YMMV.
Rearchitect your IP space. (Score:2)
That's more IP addresses than a major technical college I know uses. Unless you're a pretty major ISP, that's crazy. MAJOR companies often make due with a decent number of internet routeable IP's, and a lot of NAT.
Lesson one: Learn NAT (aka ipMasqerade)
NAT lets you have 1 firewall that offers internet access to lots of other computers. Thousands
Re:Rearchitect your IP space. (Score:2)
Danger ahead...
Oh dear...
By my math, 10.0.8.0/29 would yield a subnet with a mere 8 addresses (10.0.8.0 - 10.0.8.7, with 6 usable for hosts). A  /21 would give the result you were trying to achieve.  Your bit-shifting was correct, but you started in the wrong octet.  Back to "Lesson Two" with yo
Re:Rearchitect your IP space. (Score:2)
That's what I get for posting pre-coffee.
I work for a large company... (Score:2, Informative)
Create a spreadsheet with Column A having the
10.0.0.0
10.0.1.0
10.0.2.0
etc.
Colums B through Q should be
Re:I work for a large company... (Score:1)
Proper Planning (Score:3, Informative)
Fix the problem, not the symptom. Plan well.