cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Can I get an IP? Do what?

Level 10

How many times have you asked or been asked for an IP address for your network and heard the famous words of “just ping until you find an available address” or “we have an IPAM solution but not everyone enters information correctly”? Oh, the joys of IP address management. It comes with such joy sometimes, doesn’t it? In this time of where we are today; it is amazing to me that organizations still function in this manner especially when everyone seems to think they want dynamic and elastic environments, correct? Why is it that just to get an IP address is such a tedious effort involving too many hoops to go through? Is it because your organization doesn’t currently have a good policy on these sorts of tasks? Or is it because there are too many manual processes in place to accomplish this simple task? So why then, would you not want to implement a streamlined, automated process to handle this workflow of assigning IP addresses by removing all of the middleman processes involved as well? Are you serious? Is what you are thinking right? If we were to do that it would mean that we would be slowly removing tasks and procedures that we are responsible for. Oh, the famous “worried about being replaced by automation” response. So how do you handle IP address management in your environments?

23 Comments
Level 17

Clients request, tech's provide and document, then we approve the request in IPAM.

No not everyone uses IPAM, and we own a few different IPAM solutions - so some of the other "networks" get mapped in another IPAM solution. - it makes things fun and or frustrating some days.

So to recap;

Manual Request , Manual entry, Manual Approval... if they did ever log it in the first place. Well, our DV guys do, but some places there are desktop techs who will ping until one of "open".

I'd rather this was automated, request goes in - with device details - ip comes out (and available address), not just an address where the machine is turned off and not pinging.

Level 13

You're preaching to the choir on this one. I fought for this for a while, but could never get the budget money.

Level 15


I am just starting to look around at solutions.  Afterall Microsoft has one, Solarwinds, etc.  The items that you stated are the same challenges that I am facing.

Level 11

same as cahunt‌ people in our noc handles all request for IP Address manually, they get a ticket and the keep control with one IPAM developed in house, linked to our asset inventory, just in case, they also saves all changes in excel as a backup

Level 17

wow. even backed up to Excel. That is tedious!

Level 15

‌I had a subselect in our ipam subnet view which returned the next available IP.

Don't remember if it was based on min ip_addressN guid or just the min last octet but I lost it somewhere along the way.

Do I need to recreate it or is IPAM going to calculate this for us soon?

Level 13

A frustration we often run into is someone will ask for an IP reservation, to which we will then respond by asking for a MAC address or the currently assigned IP, only to receive the response "it doesn't have one because it's a virtual NIC" or "we don't know it yet because we're still building the server".

The response that landed on our wall of shame was "it doesn't have an IP, it's a PC".

8 years later and we still don't know what the respondent was thinking.

MVP
MVP

I won't say I've seen it all, but I have seen the IP spreadsheet, to a homegrown IP DB, back to a spreadsheet that moved to an IPAM solution, back to ping around for something open in various companies.  It gets to be frustrating for all....

Level 10

This is obviously a sore spot in everyone's environment I figured as much. Curious to see if anyone actually has a good solution in place that could share with everyone here.

Level 11

I agree it always comes down to the mighty dollar.  IP management is maintained by a small group of people in an organization and therefore the scope of the problem is often dismissed and not considered worthy of a line in the budget.

Level 7

I'll have to agree with tcbene and the group who manages IP use (3 of us) doesn't seem to matter.

"we'll just call john, or matt, or brian until someone can get an IP".

Then the user gets frustrated because we may be busy with other issues.

Sorry to hear some of us still suffer thru it....

Level 8

Had anyone tried to implement the Microsoft IPAM on Server 2012 R2?  I am thinking about it but would like to know if anyone has any experience with it.

Level 13

I've fought this too and sooo many other battles. We're still using Excel for MANY tracking related tasks. We do keep very good track of it though and anyone in my department can within a few minutes assign you an IP address.

Level 7

The IPAM feature in Windows Server 2012 R2 works great, even for tracking non-Microsoft hosts. It doesn't have all of the functionality of an expensive solution like Infoblox, but it works better than any of the free tools I've tried. I haven't used SolarWinds IP Address Manager so I can't compare them.

Level 8

Thank you mlist,

I have been meaning to install it in a test environment to take a look at it, but wasn’t sure if there were any ‘gotchas’ or if it was worth the time to check it out. Sounds like it’s worth a look.

MVP
MVP

Agreed - one of the biggest problems are the people who will grab an IP "just for a quick test" without telling anyone, and then leaving it in use.

Level 17

I thought we had back record keeping until a desktop tech told me over the phone, I just pinged IP's until I found one that didn't respond.

  They never do know if the IP's being "checked" are DHCP or Static. Our range starts as Static and then go to DHCP - so if they went too far down the line, oops.

Level 12

, I just pinged IP's until I found one that didn't respond.

Level 15

We are making great use of Solarwinds IPAM locally vs spreadsheet and Infoblox at the corporate-wide level for subnet allocation and DNS services.

But the real solution is to remove the problem of having to ask for an IP address. With openstack for example a guest is often set to deploy with an internal dhcp address based on dnsmasq. Then if the engineer wants a "static IP" for firewall rules or external access then they login to the openstack portal and request a "floating IP" which can move around even as the underlying machine is migrated.

Best part is the floating IP ranges are setup per project so you have access controls and when a machine is decommissioned the IP goes back into the available pool.

Based on seeing that I think we're all doing it wrong.

MVP
MVP

We have other challenges here...

When a server is provisioned it is provided a DHCP based ip for a "provisioning vlan".  When it is moved into "production", it then gets a new static IP.

The first is automated and the second is more of a manual process.

Ideally, IPAM would provide a quick source of the new static IP..assuming it is up to date and correct.

Level 8

It gets more complicated when we try to get more secure and implement firewalls on our hosts that block ICMP.  Now if you ping an IP address, it APPEARS that it is available, when a host is actually using it.  If you 'ping -a' the IP then the name of the host will resolve...most windows machines will register themselves in DNS.  Some of the non-windows systems have to be manually entered into DNS - hopefully with a reverse pointer to resolve with the -a parameter.

We have Big Brother / Watchman that runs a nightly report.  It is configured with the subnets and if it scans them.  If it finds a DNS entry or if it is able to ping an IP address then it marks that address as 'Not Available'.  Not real-time, but it's something to use when looking for an available address.  We have a small team so we can let the other folks know if we're grabbing an IP...otherwise it wouldn't show up on the report until the next day.

I see the use for IPAM to be more of a part of our ITIL implementation.  It won't stop folks from entering a static IP, but it could delegate who can add/remove entries in DHCP, DNS and WINS. This way changes could be self-documenting.  There would likely be a change ticket also created for these changes, but the delegation and logging would be a good way to audit these changes.  It would also be good to perform a network scan and see what IP addresses have 'popped up' that were not assigned with the IPAM so they could be investigated.

What I would want in such a tool is that it not be cumbersome to use.

Level 8

We have a very simple way of managing IPs... a very very long list of all IP's possible, with the currently used IP's highlighted and notarized as to whom it belongs to.

Level 8

We spread the list out on an IP subnet table so we can track either and entire section of IP's and down to the specific groups that IPs are being used for