IP Address Management

Using Subnet Profiles in Nectus IPAM

,

Using Subnet Profiles in Nectus IPAM

One of the unique features offered by Nectus is the ability to logically split each subnet into predefined ranges reserved for specific categories such as users, servers, infrastructure devices, etc. This is done with the help of subnet profiles. In Nectus, subnet profile is a set of IP ranges with a unique color code and a distinct name. Color coding makes it easier to locate an IP range reserved for a specific device type. This article explains how to create subnet profiles in Nectus.

  1. Creating a Subnet Profile

To create a new subnet profile, go to Main Menu and select Settings → General Settings → IPAM Integration.

In the “IPAM Integration” window that appears, select Subnet Profile tab and click Add button.

Begin defining a new subnet profile in the “Add Subnet Profile” GUI window that appears. Assign a name to your new profile. Define the first device category. Determine how many IP address you would like to reserve for the first device category and assign an order number for the first (Start) and the last (End) IP address in the group. Chose a color code for the device category.

Use + button to add additional device categories. Press Save to save your new profile.

 

2. Assigning Profile to a Subnet

 

To assign a profile to a subnet, right click on the selected subnet and select Properties.

On the “Properties” page that appears, select the desired profile and press Save button.

 

3. Benefits of Subnet Profiles

Once you have assigned a profile to a subnet, your subnet map will display color-coded IP ranges reserved for the device categories.

This visual guide will help you better manage IP addresses in the subnet.

 

Importing subnets to IPAM from IGP routing protocols explained.

,

When importing Subnets into IPAM from routing protocols Nectus apply following rules:

  1. Only subnets from IGRP routing protocols (EIGRP, OSPF, ISIS, RIP) are being considered for import.
  2. Nectus will not import subnets from iBGP  or eBGP.
  3. Nectus start importing subnets in the order from smallest to largest:  /32 ,   /31, then /30, then /29…etc.  This is done to give individual subnets priority over  summaries.
  4. Every imported subnet is validated against overlapping with existing subnets.
  5. Nectus will not import subnets that overlap with any of the existing subnets.
  6. Nectus will only import subnets that fall into defined IPAM address space.

Using Custom Subnet Tags in Nectus IPAM

,

Using Custom Subnet Tags in Nectus IPAM

One of the unique features of Nectus IPAM is ability to define unlimited number of properties aka “custom tags” and assign it to any of the subnets.

For example: “Building Floor”, “Datacenter” or “Application Name” can be defined for each subnet as a custom Tag.

To create a new custom tag go to Settings → General Setting → IPAM Integration

On “Subnet Tags” tab you will see current list of Tags that already exist in database.

To add a new tag press “+” button next to drop-down menu with all the tags.

Specify Tag name and press “Save” button

After you defined Tag’s name you can start adding specific Tag values for this Tag by pressing on “+ Add” button at the right upper corner of the page.

You can define as many Tag Value as required.

After you finished defining Tag values you can open Properties for any subnet in IPAM and you will see all the defined Tags as a drop-down menus where you can select specific Tag value for given subnet.

 

Creating DHCP Split Scopes in Nectus IPAM

Creating DHCP Split Scopes in Nectus IPAM

Nectus IPAM offers extensive DHCP integration features with one of the most important is ability to create and manage DHCP Scopes split across multiple DHCP Servers.

To create a new DHCP Split-Scope go to “Inventory → IPAM Subnets and Reservations”

Select “IPv4 DHCP Subnets” Tab and press “Add Subnets” button.

Specify basic Subnet info and select the DHCP Servers that will be serving IP addresses for this subnet. Define “Start” and “End” IP address for each selected DHCP Server.

In this example subnet 10.20.20.0/24 is split across two DHCP servers: PLUTO and NEON.

Server PLUTO is serving IP addresses from range: 10.20.20.1-10.20.20.200

Server NEON is serving IP addresses from range: 10.20.20.201-10.20.20.254

Always make sure that split-scope ranges don’t overlap to prevent duplicate IPs being leased.

Initial IPv4 IPAM Configuration

Initial IPv4 IPAM Configuration

Step 1. Define your IPv4 Address Space.

Very first step in setting up your Nectus IPAM is to define your IPv4 Address Space.

Address Space is list of major subnets that represent all your address space that you

planning to use for IP address allocation.

Good examples of subnets that you normally list as your address space definition is

10.0.0.0/8

192.168.0.0/16

172.16.0.0/12

To complete your Address Space definition, go to:

Settings → General Settings → IPAM Integration (Tab: IPv4 Address Space)

Step 2: Add DNS Servers.

Next Step is to complete integration of your existing DNS Servers with Nectus IPAM

Add your DNS Servers to Nectus in:

Settings → General Settings → IPAM Integration (Tab: DNS Servers)

Note: Nectus currently only supports integration with Microsoft Windows based DNS Servers.

Integration with DNS Server allows Nectus to dynamically create DNS records for Static IP reservations and to Import existing DNS records into IPAM database.

For Nectus to be able to communicate with DNS Servers WMI Integration must be complete.

Complete WMI Integration in Settings → General Settings → WMI Integration

Step 3: Define your DNZ Zones

Next step after adding DNS Servers is to define your DNS Zones. You can manually add your DNS Zones to IPAM or import is from your DNS Servers.

To define your DNS Zones go to:

Settings → General Settings → IPAM Integration (Tab: DNS Zones)

Step 4: Add DHCP Servers

By adding your DHCP servers to Nectus IPAM your can access rich GUI interface for managing your DHCP Scopes, Reservations, Leases and DHCP Options.

Note: Nectus currently only supports integration with Microsoft Windows based DHCP Servers.

To add your DHCP Servers go to:

Settings → General Settings → IPAM Integration (Tab: DHCP Servers)

For Nectus to be able to communicate with DHCP Servers WMI Integration must be complete.

Complete WMI Integration in Settings → General Settings → WMI Integration

Step 5: Define Standard IPAM Tags

Nectus IPAM provide extensive list of Tags that can be used for any of the IPAM Subnets.

Current list of Standard Tags:

BGP AS Number

Customer Name

Stack

Datacenter

Context

VRF

Project

Environment

Application

Remote Office

To define your Standard IPAM Tags go to:

Settings → General Settings → IPAM Integration (Tab: Standard IPAM Tags)

Step 6: Create IPAM Container Tree

Now we are ready to create an IPAM Container Tree hierarchy where you will be keeping all of the subnets.

IPAM Container tree can be organized in any way that is suitable for your business model.

One of the common examples that can be used is State-City-Datacenter-Application model.

To start creating IPAM Container levels go to IPAM left-side panel and use context menu available from right-click of your mouse.

You can right click on any existing container level and create a sub-level container by using “Create New Container Level” option in context menu.

You can Create, Delete and Move any of the container levels by using corresponding option in context menu.

Step 7. Importing Subnets from DHCP Servers

Once IPAM container tree is created we are ready to start populating it with subnets.

We can manually add individual subnets to each container, but it is much easier to Import majority of your existing subnets from DHCP Server and from your IGP Routing Table.

The first place where we can import is from DHCP Servers.

Go to Tools → IPAM Tools

 

And press “Import Subnets from DHCP Servers”

Select DHCP Servers from which you want to import subnets and select Destination container where you want discovered subnets to be placed.

Nectus will display all discovered subnets and will ask for confirmation before importing it into the Database.

Step 8: Importing Subnets from IGP Routing Table

And last Step in Nectus IPAM Initial configuration is to Import all of your existing subnets from your IGP Routing Table.

Go to Tools→ IPAM Tools

 

Press button “Import Subnets from routing Table”

Provide IP Address of any of your backbone routers, select destination container for imported subnets and press “Import” button.

Nectus will import all the subnets from IGP Routing Table starting from smallest (/32).

Nectus will not import any subnets that are overlapping with any of the subnets that are already present in Database.

Nectus will not import any of the BGP Subnets.

This Step concludes initial IPAM Configuration.

Monitoring DHCP Scope Utilization on Windows DHCP Servers with Nectus

, ,

Monitoring Scope Utilization on Windows DHCP Servers with Nectus

In this chapter, you’ll learn how to use Nectus to enable and configure DHCP Scopes utilization monitoring on Windows DHCP Servers.

Nectus allows network engineers proactively monitor amount of free IP addresses in DHCP scopes and generate E-mail or Text alerts when number of free IP address falls below preset thresholds.

Nectus can also generate alert when number of free IP address exceeds predefined threshold as it may indicate underlying network operation problems when network devices not able reach DHCP server for leases.

Nectus uses basic WMI interface to collect scope and lease statistics from DHCP servers.

The specific topics we will cover in this chapter are:

  1. What is WMI?
  2. Why Monitor DHCP Scopes?
  3. Creating a DHCP Server Group
  4. Adding DHCP Server to Server Group
  5. Creating and Configuring Monitoring Profile
  6. Assigning Monitoring Profile to Server Group

1. What is WMI?

Nectus uses Windows Server WMI interface to collect basic information about DHCP scopes such as total number of IP addresses and current number of active leases.

WMI (Windows Management Instrumentation) is a set of specifications and interfaces that provides information about the status of local and remote computers running Microsoft Windows. In this chapter we look at how Nectus uses WMI to monitor DHCP Scope Utilization  and send alerts based on that information.

Note: WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) standard and the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF).

2. Why Monitor DHCP Scopes?

Availability of free IP addresses is a critical requirement for modern network. When DHCP scope runs out of addresses users are not able to join your network.

Typical network segments that heavily dependent on DHCP are LAN and Wi-Fi Users.

Several DDOS attack types are specifically targeting DHCP infrastructure and by exhausting DHCP pools with fake lease requests can bring down any network to its knees.

Sometimes regular business growth can cause corresponding grows in IP address utilization and if left undetected can eventual cause an outage and service degradation for DHCP dependent applications.

3. Creating a DHCP Server Group

First step is to create a new Server Group for our DHCP Servers.

Go to the Nectus Home Screen and select WMI Servers -> WMI Servers. In the menu that appears, click Add New Group.

This opens the “Add New WMI Server Group” dialog box.

Complete the fields that define the new Group and set Enable Monitoring.

4. Add a DHCP Server to Server Group

Now we need to define our DHCP Server and add those to Server Group.

To add a Windows DHCP Server to the Server Group right-click the Group and select Add New WMI Server.

This opens the “Add WMI Server” dialog box.

Enter the IP address of the Server you want to add to the Group.

Note: You can move a Server between different Groups by right-clicking the Server and using the Move WMI Server to option.

5. Creating and Configuring Monitoring Profile

Monitoring Profile is a list of Metrics that can be applied to Server Group to tell Nectus which specific metrics must be monitored for given Server Group.

To create new Monitoring Profile to go Monitoring -> WMI Monitoring Settings and press

“Add Profile” button

Monitoring Profile Configuration Interface will appear.

Assign Profile Name and enable “DHCP Scope Usage” check-button on “DHCP” Tab

Configure Max/Max Threshold Values for Alerts by pressing on “Options” button

Note: Monitoring Interval is 5 min therefore 3 for “Consecutive Readings” value will trigger Alert

only if Threshold condition are True for 15 minutes.

6. Assigning Monitoring Profile to Server Group

Next and the final step is to assign Monitoring Profile to the DHCP Server Group that we created.

Right Click on DHCP Server Group in left side panel and Select “Properties”

Select Monitoring Profile from the list of available Profiles and Click on “Enable Monitoring” check-button.

We are all set and ready to start proactive monitoring of your DHCP Infrastructure.

Download the best IPAM    https://www.nectus5.com/download/

 

 

Importing subnets to IPAM from IGP routing protocols

,

Importing subnets to IPAM from IGP routing protocols

Most existing IPAM tools require manual subnet configuration, which is by far the most time-consuming step in IPAM deployment. Nectus offers unique automated features that make the initial configuration fast and easy. One such feature is an automatic import of subnets from the IGP routing protocols like OSPF, EIGRP, or ISIS. Here is how it’s done.

Importing subnets to IPAM from IGP

In the Main Menu, go to Inventory → IMAP Subnets and Reservations.

This opens an “IPAM Subnets” window with “IPv4 subnets” tab. Click the Import Subnets from Routing Table button.

In the “Import Subnet from IGP” dialogue box that appears, specify the IP address of the backbone router from which you’ll be importing subnets, and a destination IPAM container where the imported subnets will be placed. Press the Import button to preload the subnets.

Nectus displays preloaded subnets in a table format, for your confirmation. Press Yes button to confirm import of subnets, and they will automagically appear in the designated IPAM container.

 

Importing subnets to IPAM from DHCP servers

,

Importing subnets to IPAM from DHCP servers

One of the most time-consuming steps in IPAM deployment is initial configuration. Whether you have 5 or 1000 network subnets, most IPAM software products require manual configuration of subnets. Nectus offers unique automated features that make this initial configuration step fast and easy. One such feature is an automatic import of the subnets from the DHCP servers, which is done in 2 quick steps.

Adding DHCP servers to IPAM

Begin the process by configuring the DHCP servers on “IPAM integration” page. In the Main Menu, select Settings → General Settings → IPAM Integration.

This opens an “IPAM Integration” page. To add DHCP servers to IPAM, select the DHCP Servers tab and press the Add button to open the “Add DHCP Server” dialogue box. Fill in the server name, IP address and Type, and press the Save button for each DHCP server you want to add to IPAM.

Importing Subnets from DHCP Servers to IPAM

Once the DHCP servers are configured, you are now ready to start importing subnets. In the Main Menu, go to Inventory → IMAP Subnets and Reservations.

This opens an “IPAM Subnets” window with “IPv4 subnets” tab. Click the Import Subnets from DHCP Server button to open the “Import Subnet from DHCP Server” dialogue box.

Select the DHCP servers from which you’ll be importing subnets, and a destination IPAM container where the imported subnets will be placed. Press the Import button to preload the subnets.

Nectus displays preloaded subnets in a table format, for your confirmation. Press Yes button to confirm import of subnets, and they will automagically appear in your designated IPAM container.

 

Locating Orphaned subnets in IPAM

, ,

Locating Orphaned IPAM Subnets

One of the key features of good IPAM is ability quickly find subnets that are part of the defined address space but have not been explicitly added to list of subnets available for allocation.

These subnets are normally called “orphaned” and can be presented as white spaces within address space.

Orphaned subnets are normally occurring when you import IPAM subnets from external source such as IGP routing table where address space is not contiguously divided among all the existing subnets.

Lets looks at this simplified example of the logic required for locating orphaned subnets.

For example, user defined full address space as 10.0.0.0/8 (10.0.0.0 – 10.255.255.255)

and imported one subnet from IGP: 10.20.20.0/24 (10.20.20.0 – 10.20.20.255)

We can present full address space as a contiguous line starting from 10.0.0.0 and ending 10.255.255.255

Full IPv4 Address Space:

 

10.0.0.0 ———————————————————————————-10.255.255.255

 

 

Now let’s overlay single imported subnet into address space line:

 

 

10.0.0.0 ————-***Used*** —————————————————10.255.255.255

 

We see that there is some unused space to the left and to the right of the used space.

We need to find all the subnets that cover unused space so they can be presented in IPAM list of available subnets. The subnets that we are looking for must be largest subnets possible,

to minimize fragmentation.

Let’s summarize: Our goal is to find the largest subnet(s) that can be fit into the left and right empty segments.

Let first look at “left” empty space:

First IP 10.0.0.0 00001010‬.00000000.00000000.00000000
Last IP 10.20.19.255 00001010.00010100.00010011.11111111

We can see that First and Last IP address of “left” empty segment have matching highest 11 bits.

Largest subnet that will fit into “left” empty segment will have First and Last IP with following parameters:

First IP address:

  1. Has 00001010‬.000 in first 11 bits
  2. Has all zeros in Host portion
  3. Is greater or equal to 10.0.0.0

Last IP address:

  1. Has 00001010‬.000 in first 11 bits
  2. Has all ones in Host portion
  3. Is less or equal to 10.20.19.255

After checking all possible options matching IP addresses are discovered.

First IP 10.0.0.0 00001010‬.00000000.00000000.00000000
Last IP 10.15.255.255 00001010.00001111.11111111.11111111

This combination of First/Last IP gives us largest Subnet that will fit into “left” free segment as 10.0.0.0/12

We can see that 10.0.0.0/12 does not fully cover “left” empty segment so this discovery process has to be repeated for remaining empty space. Discovery may require several iterations until we get 100% coverage.

Similar approach must be applied to “right” empty segment until we identify all orphaned subnets and achieve 100% coverage of required address Space.

If your IPAM can’t perform this type of Discovery, you know where to download the best IPAM on the market: https://www.nectus5.com/download/

 

Splitting and Merging Subnets in IPAM

,

Splitting and Merging Subnets in IPAM

In this chapter, you’ll learn how and why to Split and Merge Subnets.

The specific topics we will cover in this chapter are:

  1. Why Split and Merge Subnets?
  2. How to Split Subnets
  3. How to Merge Subnets
  4. How to Move Subnets

1. Why Split or Merge Subnets?

Splitting and Merging Subnets lets you use your IP address space more efficiently. A full Class C Subnet has 256 usable addresses. But if you only need 30, using the full Subnet would result in a waste of over 200 IP addresses. Splitting the subnet would allow you to get the number of addresses you need, without wasting the rest. In addition, making a smaller Subnet reduces network traffic, as messages on that Subset are broadcast to fewer addresses.

Merging Subnets works the opposite. You may need a Subnet with 80 IP addresses, but instead have several smaller Subnets available. By merging smaller Subnets into one large one, you can use those addresses that might otherwise be wasted.

Nectus also allows you to move Subnets to different IPAM Containers. This makes it easy to reallocate IP addresses from their current location to the physical Sites that need them.

2. How to Split Subnets

To Split a Subnet go to the Nectus Sites Panel and select IPAM > All IPv4 Containers.

Nectus displays all existing IPAM Containers and any Unassigned Subnets. To see how many IP addresses are available in any Subnet, right-click it. In the menu that appears, select View Subnet Info.

This opens the “Subnet View Info” dialog box.

The Total IPs field on the General Info tab shows how many IPs the Subnet contains.

Navigate to the Subnet you want to split and right-click it. In the menu that appears, select Split.

This opens the “Split Subnet” dialog box.

The New Subnet Size list shows you the ways you can split the selected Subnet.

The Place New Subnets to: list allows you to assign the new Subnets you create to any existing IPAM Container.

3. How to Merge and Subnets

To Merge two or more Subnets go to the Nectus Sites Panel and select IPAM > All IPv4 Containers.

Navigate to the Subnets you want to merge and select each one. The Subnets you want to Merge must be contiguous, as in the screenshot below. Right-click one of the Subnets and in the menu that appears, select Merge Subnets.

This opens the “Merge Subnets” dialog box. The dialog box shows you which Subnets will be merged, and gives you the option to place the merged Subnet in any IPAM Container.

4. How to Move Subnets

You can move a Subnet without Splitting or Merging it. To move a Subnet to a different IPAM Container right-click the Subnet.

In the menu that appears, select Move Subnet to… and navigate the list of Containers to select the new location.

 

IPAM initial configuration automation: Subnets

,

IPAM initial configuration automation: Subnets

As soon as you install your favorite Nectus IPAM solution the first question that comes to your mind is “How do I add all of the existing Subnets into new IPAM”?

Let’s see what automation options does Nectus offer to ease your initial deployment pains.

There are three primary places where your existing subnets can be imported from

  1. IGP Routing Tables (ISIS, EIGRP, OSPF, RIP)
  2. DHCP Servers
  3. Excel Spreadsheets

Importing from IGP

Importing most of your subnets from IGP is the primary way to get most (if not all) of your subnets into IPAM in a single click of the button. Just right click on IPAM container Tree and select “Import Subnets from Routing Table” Option.

Provide your Core Router’s IP Address and press “Import” button

Nectus will download IGP routing table from core router via SNMP and add each subnet into IPAM database. When importing subnets from IGP Nectus starts loading subnets starting from

smallest (/32) to biggest (/8 and higher). Each new added subnet is validated against overlapping with any of the existing IPAM subnets.

This logic ensures that summarized prefixes that are present in the routing table will not be added to IPAM.

Nectus does not import any BGP subnets to prevent public Internet prefixes leaking into IPAM.

You can repeat IGP Import several times with different Core routers if there is a reason to believe that different Core routers may produce different set of subnets.

Importing from DHCP Servers

Importing subnets from DHCP Servers works similarly to IGP Import. Right Click on any of the IPAM containers and Select “Import Subnets from DHCP” Option.

Nectus load all the DHCP pools from all the DHCP servers configured in “IPAM Integration” page and add those into IPAM database if they have not been already added during IGP Import Phase.

All the subnets imported from DHCP Servers are validated against overlapping with any of the existing IPAM subnets.

Currently DHCP Import is only supported for Microsoft Windows DHCP servers and require

operational WMI Integration configuration.

Importing from CSV Files

And final and still viable option is to Import your subnets from CSV File.

Select “Import from CSV” in context menu of any of the IPAM Containers to load your subnets from CSV File.

Finding Unused Subnets

Once you finished loading your “in-use” Subnets into IPAM next step is to identify what subnets are “available” since subnets that are not allocated yet will not be present in the IGP or DHCP Servers.

To identify unused subnets Nectus takes your Address Space Subnets defined in IPAM Global integration page and excludes all of the “in-use” subnets to calculate list of subnets that can be presented as available. All available subnets will be added to “Unassigned Subnets” default IPAM container.

Right-click on any IPAM container to access this menu option.

 

Making IP Reservations in Nectus IPAM

,

Making IP Reservations in Nectus IPAM

In this chapter, you’ll learn how to make IP reservations in Nectus IPAM.

The specific topics we will cover in this chapter are:

  1. Adding new IP reservation
  2. Deleting IP reservation
  3. Searching for IP reservations

1. Adding New IP Reservation

To create a new IP Reservation, navigate to desired Subnet in selected IPAM container

and right-click for context menu.

Click on “Reservations” option to bring up a list of current Reservations in this specific Subnet.

Switch to a “MAP” Tab to see what is available for Reservations in this subnet

Righ- Click on Selected IP on the MAP and Select “Add IPv4 To Reservation”

Fill all the desired reservation parameters and press “ADD” button

As part of IP reservation creation process you have an option to create DNS “A” Records

in forward and reverse DNS lookup zones with DNS Server configured on IPAM Integration Page.

2. How to Delete IP Reservation

To delete IP reservation right click on desired reservation on subnet MAP view Page and select “Delete Reservation” Option

As part of reservation deletion process, you can also automatically delete DNS “A” records on DNS servers if those records were previously added during reservation creation process.

3. Searching for IPAM Reservation

Best way to search for existing IP reservations is via “IPAM Subnets and Reservations” Table

located in “Inventory -> IPAM Subnets and Reservations” Page

Table view provides multiple search and filtering options for any parameters defined for IP reservations.

 

Managing IPAM Containers in Nectus

,

Managing IPAM Containers in Nectus

In this chapter, you’ll learn what IPAM Containers are and how to manage them.

The specific topics we will cover in this chapter are:

  1. What are IPAM and IPAM Containers?
  2. How to Create IPAM Containers
  3. How to Move IPAM Containers
  4. How to Modify IPAM Containers
  5. How to Delete IPAM Containers

1. What are IPAM and IPAM Containers?

IPAM stands for Internet Protocol Address Management. It is a system for managing the Internet Protocol (IP) address space used in a network. With IPAM you can see which IP subnets are in use and which site is using them.

The Nectus IPAM Container model allows you to create a hierarchical structure for managing subnets and mapping them to physical Sites.

2. How to Create IPAM Containers

To create an IPv4 IPAM Container go to the Nectus IPAM Panel and select IPAM -> All IPv4 Containers.

Nectus displays any existing IPAM Containers. Containers that have subnets assigned to them are displayed in green, with the number of subnets they contain appearing to the right of the Container name.

To add a new IPAM Container right-click an existing Container or All IPv4 Containers. In the menu that appears select Create New Container Level.

This opens the “Create New Container Level” dialog box.

Enter the Container Level Name and click Save. The new Container appears in the hierarchy below the location shown in Container Path:.

3. How to Move IPAM Containers

To move an IPAM Container right-click the Container Name. In the menu that appears, select Move Current Container to… and navigate the list of Containers to select the new location.

4. How to Modify IPAM Containers

To modify an IPAM Container right-click the Container Name. In the menu that appears, select Properties.

This opens the “Edit Container Properties” dialog box.

Edit the Container Level Name as desired.

5. How to Delete IPAM Containers

To modify an IPAM Container right-click the Container Name. In the menu that appears, select Delete Current Container Level.

This opens the “Delete Container Level” dialog box.

Note: Nectus will not let you delete an IPAM Container that has subnets assigned to it. If you try, Nectus displays the following message: