cancel
Showing results for 
Search instead for 
Did you mean: 

What Does Timely IP Alerting Mean to Trouble Free Networks?

Level 12

IP space management has become increasingly complex -- stemming from the building of new and secure network environments and a surge in the use of IP-enabled devices. Sniffing out problems early and remedying them before damage is done is the core of effective network management. IP space management is an integral part of network management and demands the same level of monitoring, quick troubleshooting, and remediation mechanisms.

IP alerting and relevant real-time information helps you avoid:

  • Assigning an IP that’s already in use
  • Failure to replicate IP address status changes to DHCP and DNS servers
  • Erroneous DHCP configuration changes and IP conflicts caused by DHCP scope overlaps
  • Unwarranted downtime due to troubleshooting of network issues and IP Conflicts
  • Over or under provisioning IP addresses, DHCP scope, and split scope address depletion
  • Errors during DNS record creation

Let’s take a look at some of the top IP alerts/data that give admins a heads-up, so they can avoid unexpected network downtime.


IP Conflict! Find and fix it before connectivity issues arise

The ‘IP conflict’ is a well-known problem in every network and there are many reasons that can cause one. The outcome is usually network issues and loss of user productivity. DHCP server errors, duplicate DHCP servers, BYOD, bad IP documentation, human errors, inadequate network segmentation, etc., are various reasons for IP conflicts in a network. Manually troubleshooting IP conflicts can be a very time consuming process. In turn, users experience significant downtime. Some obstacles that attribute to this include: identifying issues caused by IP conflicts, locating problematic systems, and finally taking the conflicting system off the network.


DHCP Subnets are reaching high utilization -- time to provision for more IP addresses!

When DHCP address pools are exhausted, new devices will not be able to connect to the network. In many cases, the administrator is often unaware of full DHCP scopesthat there are no IP addresses left for assignment. In some cases the admin over provisions, leaving IP addresses unused, hindering the optimal usage of IP address space. Further, if IP documentation is not updated, unused static or reserved DHCP addresses will exist. For example, IPs may have valid leases, but are no longer active. All this again means non-availability of IP addresses leading to interruption in network connectivity and user productivity.


What IP addresses are in use/available?

One of the main IP management challenges admins face is finding IP addresses that are available for use. A frequently used method is to ping for an IP, find one that doesn’t respond, and assume that it is available and then use it. But then this has its own downsides. Some examples are –

  • users pinging for an available IP wouldn’t know if the IP address is a static or a dynamic one
  • the IPs used for test purposes are left as such and even though technically not in use will still be unavailable
  • any conflict with an IP assigned to a critical server can cause serious downtime

Even in cases where IP documentation is manually and separately maintained, most of the time this data is incomplete or obsolete.


Looks like DNS Data entered was incorrect...…

The creation of DNS records is a standard task for administrators. Forward DNS mapping points a domain name to an IP address. Conversely, reverse DNS maps an IP address to a domain name. The two are distinct and separate lookups, however just because a forward lookup of a domain resolves to an IP address, it doesn’t mean that a reverse lookup of the same IP address will resolve to the same domain.

Reverse DNS is also commonly used for establishing outbound e-mail server connections. It helps trace the origin of an e-mail and adds credibility to the e-mail server itself. In turn, incoming mail servers will not accept messages from an IP address that does not identify with a PTR record in a reverse DNS zone, making it very important to ensure these records are error free.

To make matters worse, the advent of IPv6 and increase the number of heterogeneous devices has further contributed to the complexity of IP space management. Administrators have come to the realization that using manual methods and spreadsheets is simply not sufficient. What mechanism do you have in place for timely warnings of your IP address data?

19 Comments
Jfrazier
Level 18

Back when I was in an OpenView shop we would alert on duplicate ip notifications....

I also ran a perl script a couple of times a week that took all the node ip's and names and did a forward and reverse lookup producing a report that showed the discrepancies.  It helped us to keep and maintain a correct DNS.

clubjuggle
Level 13

Unfortunately the environments I've been in have not monitored this as well as I would like. I'm curious to hear your suggestions for monitoring this proactively in future posts.

jkump
Level 15

Seems like I am in the same boat.  I am trying to cleanup the IP spreadsheet to validate all the data prior to migrating to an IPAM solution.  I have written some scripts to perform the forward and reverse verification.  The good news is that we do not have a lot of Duplicates detected.  Only when a device has been offline for a while and tries to get the same address back upon re-connection.  However, we do have significant issues with DHCP scopes running out of addresses for no reason and no alerting.

Good thoughts on this article.

cahunt
Level 17

"Even in cases where IP documentation is manually and separately maintained, most of the time this data is incomplete or obsolete."

How true is that statement!! If someone never puts in a request or updates the info then it's all useless.

jkump
Level 15

Good point!  Documentation is only as good as the last person to update it.

clubjuggle
Level 13

...or the last person who should have updated it, but didn't.

solarmovies
Level 7

it was good i guess.    

terrancekennedy
Level 10

I agree. You always hope the last guy updated.

neetha.edwin
Level 12

Exactly! The question is how much time and effort would you save if you'd be notified of full scopes, IP duplications, who made what change to the spreadsheet and so on. How valuable is this saving to you and your organization?

Instead of having your fingers crossed and hoping that nothing would go wrong, how important is it that you'd consider investing in a good IP address management solution and if you do, what would you look for in it?

neetha.edwin
Level 12

SolarWinds IP Address Manager does offer some good alerting and monitoring features. You could check this document for a start. We would be coming up with more on this topic in discussions and future releases.

neetha.edwin
Level 12

Completely agree! the point is its high time we move from manual management to something that can provide you with accurate and relevant information.

cahunt
Level 17

How many times is a provisioned sub network audited? We consistently enable new ports for some area's and do not always terminate the previous connection - if there is needed use of that port.

So having the alerting mechanism to know when your pools are depleting is a huge time saver - I figure the alternative is have a tech run around and figure out why machines are not getting addresses.

clubjuggle
Level 13

A somewhat similar issue I've seen is stale DHCP reservations. A machine gets replaced, if a new reservation is given (as opposed to the old reservation being transferred), the old one isn't always removed. Also needs for reservations sometimes go away, so when a machine is replaced, the reservation, long since forgotten about, isn't transferred and the address just sits there unused. Tracking of reservations that haven't seen use in some time would be helpful.

jkump
Level 15

I find that sometimes the issue is that the scope which we have at around 8 days does not automatically purge when the time is up even though it should.  Then, we get stale reservations causing a particular vlan scope to fill up.  It seems strange but the quickest resolve is to reboot the affected VM and zap the scope suddenly get updatsd. These are Microsoft DHCP servers.  Having some to track in a standardized framework would be very much helpful.

cahunt
Level 17

holding DHCP addresses for more than a couple of days makes no sense in my book if you have lots of changes. Or at least lower your interval of refresh on your server if you know you have a move or mass change coming.

clubjuggle
Level 13

I'm not talking about stale leases. I'm referring to cases where computers have been given DHCP reservations (for example, if that computer needs special permissions on the proxy for some application). The reason goes away, the computer is eventually replaced, but the reservation is never removed.

cahunt
Level 17

I gotcha. We would just sub net that special need - that way anything on that VLAN is covered - if there is a problem it's normally routing or a FW at that point, which also means there was a change made.

jkump
Level 15

I like the thought of that.  We have a bunch of static reservations jumbled around the organization that I have no idea if they are still valid or not.  I could write a script to validate them and to remove the unneeded ones.  I like the concept of a separate VLAN to cover those special cases.

cahunt
Level 17

Yes, then just route that sub network. Setup that VLAN to refresh leases a little more often if DHCP - if folks really want a static address you can set it up - but for that "NEED" you then know what range is valid. No guess work.