2 Replies Latest reply on Feb 11, 2014 1:12 PM by sdavids5670

    IP Address Management - Engineer's Toolset Edition - "Reserved" issue

    sdavids5670

      The build I'm using is Version 10.10 (August 2012).

       

      We have many subnets in our topology and a few, among them, have devices which do not respond to ping for various reasons.  While setting up the subnets, I audit them by performing a ping sweep and then from the CLI of the router/switch on which the L3 network terminates, I issue "show ip arp | inc Vlanx | exc INCOMPLETE" to find the devices which are active on a particular IP address but do not replying to ping.  In cases where I'd see an entry in the ip ARP cache but where IPAM didn't not get a ping response, I'd mark the address as "reserved" in IPAM and add a comment to the entry as follows "Appears in ARP cache with MAC address xxxx.xxxx.xxxx".  What I've noticed is that this information spontaneously disappears and reverts back to "Available".  It doesn't happen to all of them.  It seems random.

       

      Is there another way I should be tracking IP addresses which cannot respond to ping?  What is really going on in IPAM when an entry is marked as "Reserved"?  Does the scan process skip over reserved entries?  If it were up to me, I would still try to ping a "Reserved" entry (along with reverse DNS lookup and SNMP query) specifically to address cases where a host doesn't respond to ping due to policy.  Either that or I'd add a fourth status option "Used - Unpingable" or something similar to denote entries which are not currently used but will be used at a later date vs. entries which are used but not reachable by ping.

        • Re: IP Address Management - Engineer's Toolset Edition - "Reserved" issue
          michal.hrncirik

          hi,

           

          ARP and ICMP echo are currently only two ways how IPAM can detect if IP Address is used or not. if you make it "reserved" we do "echo" request but we do not change the status, however we update the last sync field. ARP and ICPM echo do not impact reservation status as you noticed. you found interesting environmental behavior that we need to consider in IPAM. I'm personally against making IP as reserved based on ARP table scan, because reservation is specific user process where IP was assigned to MAC by user. But we can certainly improve caching and behavior of ARP scans and probably make the interval for ARP scan configurable. I assume that the IP address is used all teh tame, it's simply about device doesn't communicate so frequently and it disappears from ARP cache at teh tim of IPAM scan.

            • Re: IP Address Management - Engineer's Toolset Edition - "Reserved" issue
              sdavids5670

              I think that my issue may have had something to do with the way I was working within the UI.  For instance, I would define a network and then I would start adding comments to entries which were listed as "available" but were, in fact, active.  I started adding the comments before actually reserving them.  This would be going on while IPAM was still scanning the network.  If the scan completed before I marked the entries as active, the comments would be deleted.  As long as a mark the entries as "reserved" before making comments the comments stick.

               

              One thing I'd like to see done with IPAM is to have IPAM reverse DNS the "reserved" entries as well just as another level of auditing.  In our change control process, once an IP address has been allocated, DNS is updated (before the IP becomes active).  This would be useful because if the comment and the DNS information do not match up that tells me something wasn't done right.