Can I get an IP? Do what?

mrlesmithjr over 9 years ago 1 minute read time

How many times have you asked or been asked for an IP address for your network and heard the famous words of “just ping until you find an available address” or “we have an IPAM solution but not everyone enters information correctly”? Oh, the joys of IP address management. It comes with such joy sometimes, doesn’t it? In this time of where we are today; it is amazing to me that organizations still function in this manner especially when everyone seems to think they want dynamic and elastic environments, correct? Why is it that just to get an IP address is such a tedious effort involving too many hoops to go through? Is it because your organization doesn’t currently have a good policy on these sorts of tasks? Or is it because there are too many manual processes in place to accomplish this simple task? So why then, would you not want to implement a streamlined, automated process to handle this workflow of assigning IP addresses by removing all of the middleman processes involved as well? Are you serious? Is what you are thinking right? If we were to do that it would mean that we would be slowly removing tasks and procedures that we are responsible for. Oh, the famous “worried about being replaced by automation” response. So how do you handle IP address management in your environments?

Top Comments

clubjuggle over 9 years ago +3

You're preaching to the choir on this one. I fought for this for a while, but could never get the budget money.
cahunt over 9 years ago +2

Clients request, tech's provide and document, then we approve the request in IPAM. No not everyone uses IPAM, and we own a few different IPAM solutions - so some of the other "networks" get mapped in another…
mrlesmithjr over 9 years ago +1

This is obviously a sore spot in everyone's environment I figured as much. Curious to see if anyone actually has a good solution in place that could share with everyone here.

Parents

gordyj over 9 years ago

It gets more complicated when we try to get more secure and implement firewalls on our hosts that block ICMP. Now if you ping an IP address, it APPEARS that it is available, when a host is actually using it. If you 'ping -a' the IP then the name of the host will resolve...most windows machines will register themselves in DNS. Some of the non-windows systems have to be manually entered into DNS - hopefully with a reverse pointer to resolve with the -a parameter.
We have Big Brother / Watchman that runs a nightly report. It is configured with the subnets and if it scans them. If it finds a DNS entry or if it is able to ping an IP address then it marks that address as 'Not Available'. Not real-time, but it's something to use when looking for an available address. We have a small team so we can let the other folks know if we're grabbing an IP...otherwise it wouldn't show up on the report until the next day.
I see the use for IPAM to be more of a part of our ITIL implementation. It won't stop folks from entering a static IP, but it could delegate who can add/remove entries in DHCP, DNS and WINS. This way changes could be self-documenting. There would likely be a change ticket also created for these changes, but the delegation and logging would be a good way to audit these changes. It would also be good to perform a network scan and see what IP addresses have 'popped up' that were not assigned with the IPAM so they could be investigated.
What I would want in such a tool is that it not be cumbersome to use.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Children

No Data