In Search of a Provider-Grade IPAM Solution
Lately I've been looking for robust IP address management (IPAM) software to replace the unwieldy subnet spreadsheets I try to corral every day at work. You'd think this would be a fairly straight-forward task, but you'd be wrong. See, I work for a managed services provider (MSP), which acts in many respects as a sort of mini-ISP. We don't install or maintain physical circuits but we do act as a middleman for carriers who do, and we manage a large amount of address space both private and public, customer and internal. As an added bonus, we also have to carefully track how address space is imported and exported among hundreds of independent customer VRFs, which can potentially employ overlapping address space.
The problem I've encountered repeatedly whilst searching for an IPAM solution is that most of the products out there are intended to cater toward enterprise and datacenter customers. The key differentiating factor between these and an MSP or ISP is that enterprise and datacenter networks tend to focus on individual IP address allocations and DHCP leases, whereas service provider networks have a wider perspective, focused on IP prefixes and VRFs. As it turns out, there are surprisingly few IPAM solutions which favor the latter.
Here's what I've come across so far...
Infoblox. Their claim to fame is three-in-one IPAM, DHCP, and DNS. Unfortunately, I only need one-in-one, and their IPAM software doesn't have VRF support.
BT Diamond IPControl. Looks promising, but I can't get their sales department to respond to my inqueries. And if sales won't answer, you can sure as hell bet support won't.
BlueCat Networks Proteus. A demo confirmed my suspicion that this is very much an enterprise-grade product. Not a bad one, just not up to the task at hand.
SolarWinds Orion IPAM. A familiar interface and integration with a product we already use. But no VRF support.
IPplan. Haven't looked to closely at this one. The beta-stage IPv6 support isn't too tempting. Also, its interface reminds me of when I was first learning about web design in the late nineties.
The NOC Project. An intriguing open source application built on Django (a Python framework with which I'm very familiar). It seems to have enhanced SP-grade IPAM capabilities and a number of other very useful features (such as circuit tracking). Unfortunately, like so many open source products it's a bit rough around the edges. And it doesn't help that half of the documentation is in Russian.
An in-house solution. Could I create a custom IPAM solution with everything we need? Sure! The problem is that I'm a network engineer, not a programmer (a natural division of labor which, it seems, is mostly to blame for the lack of robust IPAM solutions available). Even if I had the time to undertake such a project, I have little interest in providing long-term maintenance of it.
I'm sure there a number of potential solutions I've missed, and I'm hoping my fellow network engineers reading this article can point them out.
About the Author
Jeremy Stretch is a networking engineer and the maintainer of PacketLife.net. He currently lives in the Raleigh-Durham area of North Carolina. Although employed full-time out of necessity, his true passion lies in improving the field of network engineering around the world. You can contact him by email or follow him on Twitter.
Comments
check out 6connect : http://6connect.net/
it was written with service providers in mind but could be used by enterprises as well.
Hi,
You should also have a look at http://www.paessler.com/prtg/features well its not for free to monitor big networks.
Cheers
O
You might take a look at HaCi (http://sourceforge.net/projects/haci/) and Netdot (https://osl.uoregon.edu/redmine/projects/netdot).
Both are free software.
I used to work at INS, which bought Diamond IP before they were bought by BT. It was a quality product that had a lot of the developers from lucent's QIP, you might just have had some bad luck.
Open source I would look at HaCI, seems to be the most complete opensource IPAM I have found.
We use ipplan,its not perfect but its the best free stuff what you can find.
We manage a /14 worth of public space in it...
IPControl does not support VRFs either. We use it and have a little overlap so there is a way to jimmy-rig it to work. The software is OK but if I was asked to recommended it, I would not. I think we will be looking for a new IPAM solution in the future.
I would recommend at least setting up a test server of IPPlan, it's free so you can't go wrong there.
I'm undertaking this same project at work right now, and although the GUI looks a bit dated, the functions for assigning customers/netblocks/ranges seem geared right towards what you're looking for.
I work in a healthcare system that has to interact with many different merged hospitals, doctors offices, etc and they all have many overlapping ranges. IPPlan so far has seemed to allow us to get a better grasp on them as we work towards network integrations.
Anything is almost better than the good old "Spreadsheet" method, especially if you have many hands needing to get into the document for assignments/reference.
I haven't investigated the IPv6 support yet, because our organization is still several years from thinking about IPv6 (not by my choice...)
-Brett
I'm currently working for ISP. My colleagues used to edit goddamn xls-files, so I wrote my own nets/vlans tracker. It wasn't a big deal, I think. But of course it depends on your needs.
We use solarwinds, and you can have overlapping subnets(ver 2.x). If you are monitoring DHCP servers to show which subnets are populated, or if you are entering the data manually(yuck depending on volume, import would work), then I imagine it would work.
However if you are adding the subnets and telling them to scan individually(the default setting) and you also have overlapping subnets, then it will scan the first one and throw up on the others never showing what is taken, reserved, or transient. Obviously if you are trying to scan two 10.1.x.x addresses spaces from the same IPAM.... AND... it’s not free.
It’s not my intent to cheerlead for solarwinds, just sharing my personal experience with the product.
Good stuff, I'm about to look at some of those products for our carrier/DC network as well.
Anyone who can share his/her experience with Cisco's Network Registrar ?
We are currently looking at RackTables. Does anybody have any experience with it?
Have you evaluated Men and Mice. I have been using that system since 2008. It works well and allows you to keep your distributed DNS and DHCP.
BT Diamond IP's pricing was insane. When I contacted them in 2008, they wanted $10 per managed IPv4 address per annum.
Like a fool, I gave my email address to them for some sales info. So they put the mail on their own marketing mailing list - unasked; afterwards I started receiving spam from third party affiliates, including InterOp. They didn't respond to my requests to unsubscribe.
Not impressed.
Full disclosure - I am the product manager for the SolarWinds IPAM product.
I think this is a great list of the solutions currently available for IPAM. Regarding SolarWinds IPAM, you can add the VRF as a custom property. Obviously it would be better if we could automatically populate it for you, but at least this way you can report off of it and easily see what you are looking for. If you have this documented in a spreadsheet I would be happy to work with you to update the custom property on all of your existing subnets. We do tend to have more enterprise and data center focus, but we also have many MSP / ISP customers. This is a request I see occasionally from the later group. I have this logged as a feature request and I'm happy to talk with you (or anyone else on the forum) to see what else would make SolarWinds IPAM easier to use in your environment.
Mav
@Ivelin: We're a couple of months into a RackTables implementation. There was a little bit of hacking at the code required to fit some of our specific requirements but overall I'm pretty happy with it. We're already using it for IPAM and we're currently expanding its duties to include rack management and asset tracking.
We evaluated InfoBlox's IPAM solution a while back. It may sound weak, but the deal killer for us was the fact that you couldn't search for an IP address, globally, from one central search field. Seems small, but it's a pain in the ass to have to drill down six or seven levels just to find an IP.
Performance was OK; it came on an appliance. Price was OK, I believe it was around $60K for unlimited IP addresses, but I'd have to double-check on that.
It also integrated with their PortIQ product, which was a glorified IP/MAC/port tracker. No port management capabilities and a very expensive product considering it was missing that feature.
Evaluated SolarWinds' IPAM recently and it's a decent product. Cheap, fast, integrates with their other platforms, and it can be customized to hell and back. Not sure what kind of VRF management you're looking for, but if it's manual entry then you can create a column easy enough. Some kind of dynamic entry...no dice.
I used IPPlan at my last job and it did OK, but like others have said, the interface was dated. We used VRF Lite for customer VPNs and documented them with a custom field.
We're an enterprise and at the moment we use a Lotus Notes-based database. I hate it. I hate it to death.
I worked in a MSP environmnet and we used EasyIP (http://www.crypton.co.uk/). It is customizable, has great User interface, but a bit expensive...
I've went through this exercise a few months back and ended up choosing NetDot to get some management system working, and am overall very pleased, both with regard to the product itself as well the support and developer feedback. VRF support will be in the upcoming 1.0 version. As it looks now, I'm quite sure I'll be sticking with it.
Overlapping VLANs is one issue that I'm having (mergers...) - but that's being worked on as well.
I haven't dived into the Cable plant feature which if I understand correctly could be used for circuits as well - but it looks promising.
As for your point on tracking imports and exports, I have been thinking about googling such tools. That would be a fun exercise for Netdot...
@mav with using a custom column can you have the same ip range duplicated across more than one vrf?
Hi.
I would like to recommend Broadband Provisioner by Weird Solutions AB. You can find information about the product at http://www.broadbandprovisioner.com/ and also download a trial version.
BR,
Leo
We are choosing Infoblox IPAM instead of Solarwinds (although we already use Solarwinds NPM) due to licensing of SolarWinds, ranging IP address, something that is busted in case of MPLS with many /24 subnets, though underused ...
We are waiting for an Infoblox demo.
Has anyone tried open-source phpipam?
http://sourceforge.net/projects/phpipam/
From all options i´ve seen in the past i would recomend CNR, and don´t recomend you none Proteus equipments from BlueCat (Hardware is very badly mounted and heat as hell, almost in my experience)
Obviously reading your requirements i must discard twice options for its expensiveness, and bet for HaCI for you but i don´t know if it could manage vrf,
let us informed!
I'm working in a simmilar environment and we're facing simmilar issues because it seems like the available IPAM's are having features we don't need (DNS & DHCP integration f.e.) which are making the software difficult to handle and on the other side, they're lacking features like VRF support or some useful user management, ...
I personally like NetDot (http://netdot.uoregon.edu/) but it's very enterprise focused and relies highly on the DNS integration which makes it hard to use for a SP.
It would be a great IPAM if you could just turn off the other stuff...
Another simmilar tool is OpenNetAdmin (http://opennetadmin.com/), but it's too colored and too much click-work, if you ask me.
However, here are some IPAM's I discovered some time ago which haven't been listed here:
http://www.brownkid.net/NorthStar/
http://home.globalcrossing.net/~freeipdb/
http://code.google.com/p/openipam/
http://www.gestioip.net/
http://www.phpip.net/
http://octets.sourceforge.net/
http://netdbtracking.sourceforge.net/
We use Lucent VitalQip. Does the job and can handle overlapping IP space. Not incredibly user friendly but very powerful.
Hey Stetch,
I'd take a second look at Solarwinds IPAM. We've been using it for about 4 months now and have been very impressed with the functionality. It does handle duplicate IPs and as the PM mentioned above, you can define custom fields for things such as VRF. The menu structure is very intuitive and being a pure web solution (for all but actual server operations) makes the access very open.
We moved off of a combination of IPPlan (OK, but a bit dated and very limited IPv6 support - very little active development), phpIP (a functional but totally not actively developed open source project, no IPv6), and spreadsheets.
Solarwinds is a bit pricey for a software-only solution but it has the added benefit of a very active development team and a deep support community - both vendor and user. They seem to work on a commission model and will discount - especially when end of sales quarter is getting closer. :)
Some of the commercial products like BT Diamond and Infoblox really want to just pull you in to their whole appliance solution set and 6-figure contracts.
Men and Mice was our 2nd choice but their Windows only admin console a combined with their benefits coming most from an integrated DNS - IPAM integration put them out of the running for us.
We are betting on Device42. www.device42.com
JMM
VitalQIP from Alcatel Lucent and Solarwinds IPAM. VitalQIP is more geared towards SP's.
Hi
We have very good experience with the free IPAM software GestióIP (http://www.gestioip.net/screenshots_gestioip_en.html).
It features network discovery (DNS, SNMP, ping) and custom tables. Additional it disposes about an incorporated VLAN management system.
It's stable, fast and nice.
Crypton Easy-IP
http://www.crypton.co.uk/products.html
Hey Stretch. Since we're operating a NOC for a campus, MAN, WAN environment, we are in a similar environment, e.g., no need for DNS or DHCP functionality provided by most solutions be they commercial or open source -- we don't care about individual IP info, DHCP or DNS -- just trying to manage our IP / subnet assignments to various line offices, divisions, field offices. We reviewed / demo'd most of the suggestions in your post and the comments section but found most to be overkill, and or immature. Since we already had a Wiki setup (Twiki) we ended up moving from excel spreadsheets into an integrated spreadsheet plugin with a few added custom search options (don't have it currently, but I don't see why we couldn't add VRF and IPv6 components if necessary). It's basically a glorified spreadsheet, but centralized with revision history built-in, and the other benefits from being part of our wiki environment. We've got the subnet allocations, Points of Contact, and other fields.
Could we use something more complex? Possibly. But this is basic, works, and is a major improvement for us for now.
We (AS8218), use Efficient IP. It works well, great integration with web services, nice interface in ajax, compatible with all our geeky stuff... The NOC and the presales are just great. We use it for :
- automated subnet and customer interconnection allocation (WS with our information system)
- automated reverse dns
- ripe information storage
@caskings It really depends on what you are trying to accomplish. I assume you want to run reports and find data based on the VRF. You could have a list of VRFs in a VRF custom property or your could make a custom property for multiple VRFs and fill it out if present. Feel free to email me directly if you want to chat in more depth about the details (mav dot turner at solarwinds dot com).
@Francesco SolarWinds IPAM is licensed based on the number of used, reserved and transient addresses. Unfortunately customers who manage a large number of small point to point links do have issues with the reserved addresses (subnet and broadcast addresses).
Mav
SolarWinds Product Manager
DOS and text editor;)
Well I figured to keep it humorous.
Great suggestions by all, so many choices for everything these days.
Another +1 for IPPlan. I've been using it for years and it works great. I even wrote a few script that export your DB straight to your own RWhois server.
Yes, we are currently using racktables in a limited test/lab environment and it fits our needs, but i think that documenting VRF could need some work of configuration/implementation...the best thing is that the community is very active ad proactive...
Davide.
If it is pure IPAM, you should take a look at: https://sourceforge.net/projects/phpipam/
It is very basic at this moment, but the programmer listens very well to what the users want.
Also look at IP_Admin From digitalnetrix.com , ASP/IIS, works very nice and has several networking tools builtin.
"Infoblox. Their claim to fame is three-in-one IPAM, DHCP, and DNS. Unfortunately, I only need one-in-one, and their IPAM software doesn't have VRF support."
I don't work for Infoblox I'm simply an engineer from a VAR that installs ISC, MS and Infoblox for DNS/DHCP/IPAM. I just wanted to comment that Infoblox does support VRF in NIOS 6.2. It is called DHCP views and to contradict a previous poster addresses are indeed globally searchable. Cheers.
-Anon
We use EfficientIP to manage ~100k IP addresses with ~80 DNS/DHCP servers and 1 pair for central database.
It works really fine.
Strange, nothing about Q-IP from Alcatel Lucent ? Where I work, there is one customer that has team dedicated to Q-IP maintenance, around 20 people working only to maintain the DNS/DHCP, but customer is worldwide, big one.
I have Q-IP on my team also, but only around 100k ip's and aprox. 10 servers, also one customer.
First off, I'm the author of OpenNetAdmin (http://opennetadmin.com) and just wanted to mention it a bit more here since there has only been one reference so far. I would put ONA firmly in the IPPlan, Infoblox space. It does the usual DNS/DHCP stuff but has many other things as well via plugins. Things like config archives (like Rancid), rack management, cisco UCS status, vmware guest information, nmap audits, puppet/mcollective integration, and several others. It has what I feel is a very functional modern AJAX enabled GUI, but as many other power users would agree, GUIs are not always the best thing to use. So there is a fully functional CLI interface for scripting/batch work for you power users.
Specifically on the question of VRF. It is something that is in the works but not currently functional. There are however other things that may work for some situations. It supports DNS views, DB contexts that allow you to do VRF like scenarios because it allows one install instance to manage separate sets of data. It also supports shared IPs for things like HSRP,VRRP,CARP etc. You can also do custom attributes to track VRF info if needed (though currently you can not yet have multiple duplicate IPs within one context).
IPv6 is mostly complete in a publicly available dev branch but has not yet been officially released.
Anyway, its a tool.. It's useful to me and I hope it can be useful to you as well.
Thanks
Northstar is a free great product that i've been using for a lot of years ISP grade..with none of that DHCP and enterprise worthless features :)
You can also improvise VRF support with overlapping address space by using multiple views but no ipv6 support.
Ipplan in my opinion is not good because it lacks hierarchical ip management.
Probably not useful since you are only interested in the IPAM aspect, but Infoblox is phenomenal when it comes to DNS and DHCP (and IPAM minus the lack of VRF support). Please note: Infoblox does support a construct of network views, which allows you to create many network views and can track address space within each.
VitalQIP is very usefull. I used to maintain 19 sites all over the North America, using VitalQIP.
Once more voice in support of Lucent QIP. Consider running it on the Infoblox platform (they have QIP compatible code). This is a good combo, which allows to mix QIP's incredible flexibility and scalability with Infoblox's appliance level security and stability.
We use QIP for our IPAM - it scales pretty well and you can make use of some powerful CLI.
Stretch ~ Did you ever make a decision?
Hello,
Infoblox!
We looked at quite a few. went with bluecat and had nothing but good results.
We are currently using ipplan but I just setup a fresh install of phpipam and must say that I am pretty impressed so far. It does have VRF support as well with a much more pleasing frontend than ipplan. The developer looks to be very active as well and the installation was a breeze on a centos platform.
Another vote for Device42. It looks very promising and they are always open to suggestions. I started using it during their Beta test a while back and I see that a lot of the feature requests that were made were included in the final release. They have always been very responsive.
Check out 6Connect -- the guy who built it comes from an ISP environment, so it has both ISP and enterprise functionality built in. It supports a hierarchical nesting- and lets you subnet to customers. All the swip to RIR's (ARIN/RIPE) functionality is built in. I think they have tools to import all your xls stuff as well. You can run reports and export data for RIR's (ie when you go back to request more space) Full IPv6 support as well. The guy who built is active in the network community - you can always find him at Nanog. $Dayjob custom built a tool and the biggest hurdle is getting updates, new features and funding. Unless you know that you will be there forever to maintain it - don't reinvent the wheel for something so critical!
http://6connect.net/network/ip-address-management
Hi,
for those whore are interested in SolarWidns IPAM. We recently released new 3.0 version that address some of MSPs problems like DHCP management, DNS monitoring or improved user account delegation.
You may check free demo here: http://www.solarwinds.com/ip-address-manager.aspx
thanks,
Michal
SolarWinds Product Management
Howdy
Just came across this list, that looks promising as an open forum for product exchange on IPAM solutions.
I'm going to dvelve into some of the products in the coming days, but I would like to hear if anyone has used/tried/evaluated Men&Mice?
Also - Did Stretch find a suitable solution?
Brgds,
Tim
Don't forget NIPAP - the best IPAM in the known universe ;)
I am one of the original developers so I am biased but that doesn't diminish the usefulness or features of the project;
- Very fast and scalable to hundreds of thousands of prefixes
- A stylish and intuitive web interface
- Native support for IPv6 (full feature parity with IPv4)
- CLI for the hardcore user
- Native VRF support, allowing overlapping prefixes in different VRFs
- Support for documenting individual hosts
- Very powerful search function
- Integrated audit log
- IP address request system for automatically assigning suitable prefixes
- XML-RPC middleware, allowing easy integration with other applications or writing
- Flexible authentication using SQLite and/or LDAP
I suggest you give it a go - there's a demo or just look more into it at the official web page or GitHub.
It's not just an IPAM tool but we've been using NetDot and are liking it so far.
http://netdot.uoregon.edu/