IP Block Management
Managing IP Blocks
IP Blocks are edited and managed in either IPAM Manage or the IPAM Gadget.
From either area, you can perform standard block-level actions such as assign, unassign, split, merge, edit attributes, track NAT associations, and more.
The primary difference between the two areas is that IPAM Manage shows all blocks (or all blocks under an aggregate), regardless of assignment or status, where the IPAM Gadget shows only the blocks assigned to the specific resource that you are currently viewing on the Resource Entry Page. However, the IPAM Gadget has more advanced assignment options and criteria available (Direct Assign, Smart Assign, Smart Browse).
Aggregate-Level Actions
Some aggregate-level actions are performed in IPAM Manage, such as setting IPAM alerts and using Aggregate Templates.
These actions are detailed on the IPAM Tab page under Working with IPAM Aggregates. This page will focus primarily on block-level actions and management.
Working in IPAM Manage
In IPAM Manage, you can manage aggregate level actions, such as Split , Clean Up, Alerts, and Export, as well as viewing and managing individual blocks. In IPAM Manage - Advanced, aggregate-level actions are not available.
Open IPAM Manage for a specific Aggregate
Open the IPAM Manage screen for a block by:
- Searching for the block in the Global search, and clicking on the resulting CIDR
- Clicking the "Open" link in the aggregate blocks list from the IPAM tab.
- Clicking on the CIDR header of the Aggregate Block Host Utilization module, or selecting "Edit" from the module's Gear Icon from the IPAM tab.
- Clicking on the CIDR displayed in the IPAM Map - Aggregates view.
Open IPAM Manage for all Aggregates/Blocks
Open IPAM Manage for all blocks under all aggregates by clicking the "Advanced" button at the top of the IPAM tab.
This will open IPAM Manage for all blocks in ProVision, with all the same filters, block edit functions, and search capabilities as in 'standard' IPAM Manage for an aggregate, but with no aggregate-level actions available.
When working in IPAM Manage - Advanced, be aware of the following:
- Due to the large volume of combined data that may be available, filter/search results may take slightly longer than load than a standard aggregate level view.
- Users should take care to ensure that they are working with the correct block(s), as duplicate 1918 space is permitted and blocks may be difficult to distinguish.
Viewing Blocks in IPAM Manage
Sort Blocks
Sort the IPAM Manage blocks list by clicking on any column name the in list with the up-down arrows icon (↓↑).
The list will sort between ascending and descending order for that field.
Filter Blocks
Filter the block list in IPAM Manage by toggling the "Filter +" link in the top right corner of the aggregate header.
A flyout will appear with filter criteria options. Type in or search for the term under your desired field, and hit "Apply". When done, click "clear". To hide the filter flyout, just click the "filter -" link again.
Type in or search for the term under your desired field, and hit "Apply".
When done, click "clear". To hide the filter flyout, just click the "filter -" link again.
View Parent Blocks / Hierarchy Tree
To view parent blocks / IP block hierarchy, click on "Switch to Parent View" at the top of the block list.
You may also enter Parent View from the "Filter" menu, by checking the "Select All Masks" checkbox and clicking "Apply".
Once all masks are enabled to view, the block list changes to include the "Parent" blocks, showing all masks throughout the assignment tree.
A parent block with children will show "Has Children" in the column where assignment status is shown, its immediate child resource (if applicable) and the block CIDR will show as a clickable link.
Clicking on the CIDR for a block that has children will open "Block Tree" view, showing the hierarchy of blocks and their assignments.
Important Blocks
"Important" IP blocks display with a yellow background highlight. By default, any block that has been manually assigned, unassigned, or had other high-level manual interactions performed will be automatically marked as "Important".
Blocks may be manually marked or unmarked as "Important" from either the "Edit Block" interface (by opening "Edit" for the block, then selecting the toggle for "Mark this block as important"), or from the API .
Working with IP Blocks - Common Tasks
Individual Blocks may be managed from either IPAM Manage, or the IPAM Gadget. (if assigned to a resource, and the IPAM Gadget is enabled on the Resource's Entry Page).
In general, standard actions from the Action Menu will be performed the same in either area, with "Assign" being the exception.
IPAM Block Action Menu - Overview
Most actions performed with block managed are contained under the IPAM Manage - Action Menu. Open the Action Menu by left clicking on the Gear Icon, or right clicking anywhere on the block's row. The same Action Menu is also available to manage blocks via the IPAM Gadget.
The Action Menu contains the following options:
- Edit: Opens the blocks "Edit Attributes" page, used to add, change, or remove data associated with a block. Can also be opened by double clicking on a block's row.
Split: Splits the selected single block into two equal smaller blocks, of the next smallest mask, e.g. a /24 will be split into two /25s. The Split option is not available for blocks that are already of the smallest available size ( IPv4 /32s or IPv6 /128s), for blocks in "Holding", or for blocks that are already assigned and do not have subassignments enabled. If more than one level of splitting is needed, use "Templates - Auto Split" instead.
Merge: The opposite of Split. Merge combines two blocks of equal size into the next largest mask, e.g., two /25s will be merged into one /24. Merge is only available for adjacent blocks of the same size that are "Available", in "Holding", or is subassignable.
Assign: Assigns the block to a ProVision Resource, making it unavailable for other assignment actions and certain block actions (unless edited to be subassignable).
Unassign: Unassigns the Resource from the current block, and moves the block into the Holding Tank. The block may then be eligible for certain actions such as direct assignment, merge, and split - but not for automated assignments until it is removed from Holding and regains the "Available" status. Unassigning a subassigned block will first place the block in "Holding", and then restore it to the parent assignment. (Tip: You can "Unassign" twice in a row to bypass "Holding", or select "Unassign, Skip Holding".)
Unassign, Skip Holding: Unassigns the Resource from the current block, and bypasses the Holding Tank, restoring the block to "Available" status (or to the parent assignment if the block was subassigned).
RIR Integration: Provides SWIP/RPSL functions for ARIN and RIPE blocks through simple reassigns, sending the updated block assignment information back to the coordinating RIR (ARIN or RIPE). See LIR Management and Use and RIR Integration: SWIP/RPSL.
IP Rules: Create or Associate an IP Rule to the block to reserve portions of the block from assignment. See IPAM Rules.
Templates: Provides options to 'Auto-Split' a standard block (that is available for standard "split" functionality) down to a certain mask and limit, or "Clean Up"(Auto-merge) a Parent Block to a certain mask level.
Logs: Shows recent log event actions associated with that block.
- Configure NAT: Only displays for NAT'ed blocks. Configures the NAT'ed block to the selected router.
Email: If a Contact is associated with the Resource assigned to the block, an email form with display to email the Contact with the template options provided in Admin Settings.
Split or Merge Blocks Manually
To split a block manually, click on the Action Menu (Gear icon), or right-click anywhere in the row for the available block you wish to modify.
In the menu that appears, select the "Split" function.
To aggregate blocks, select "Merge" from the same menu.
The Split option is not available for blocks that are already of the smallest available size ( IPv4 /32s or IPv6 /128s), for blocks in "Holding", or for blocks that are already assigned and do not have subassignments enabled. If more than one level of splitting is needed, use "Templates - Auto Split" instead.
Merge is only available for adjacent blocks of the same size that are "Available", in "Holding", or is subassignable.
Split or Merge Blocks Using Templates
Templates for a block are available under the Action Menu (wrench icon or right-click) for that block. Templates are only usable from IPAM Manage.
There are two templates available: Cleanup (Only available for parent blocks) which auto-aggregates the block, and Auto-split.
Select the available template action, the mask, and the limit. When done, click the "Apply" button.
You can also use the "Templates" option from the Action Menu on the IPAM Manage screen for the specific block.
Edit IP Block Attributes
You may edit a block / multiple blocks from either IPAM Manage or the IPAM Gadget, with the same options available.
Select the "Edit" option from the Action Menu (or double click on the block row) for a given block to get the Edit Attributes menu.
To edit multiple blocks at a time, shift-click each block you wish to edit - they will highlight in blue. Once selected, right-click on any highlighted block to open the multi-edit attributes screen.
Once selected, right-click on any highlighted block to open the multi-edit attributes screen.
From here you can set a variety of attributes for a given block. These values are also customizable from the Admin screen - see IPAM Administration and IPAM Parameters to customize, enable, or disable the available parameters.
If a field that you know is supported in ProVision appears to be 'missing' from the IPAM Mange, IPAM Manage filters, or Edit Attributes screens, check the following:
Have an Admin verify that the field is set to "enabled" in Admin → IPAM Admin → Edit Columns. Any field disabled here will be hidden throughout ProVision, and some functions are dependent on certain fields being enabled - for example, filtering by Mask in IPAM Manage requires the "Host" field to be enabled.
In IPAM manage, verify that the column widths of each field are set wide enough to display the column header
Check for a scroll bar - when all attributes are enabled, many screens will require scrolling down or to the right in order to see all of the available data.
After editing the desired attributes for the block, simply hit "Save".
Edit Attributes Overview:
RIR: The RIR associated with the aggregate / block.
LIR: If LIRs are set up in IPAM Admin for the associated RIR, they will be selectable in this dropdown. See LIR Management and Use.
Domain: The VLAN Domain to associate with the block. To set up domains in ProVision, see VLAN - Working with Domains.
VLAN: VLAN information for the block, must have domain selected to view available VLANs.
Generic: This is a customizable text field that can be used to track information specific to your needs. It can be filtered in the IPAM Manage screen. The header, display, and enable/disable settings for this field are set under IPAM Configuration in the IPAM Administration section.
ASN: The ASN to associate with the block.
Region: Select the region from the drop down menu. Regions can be added and customized in the IPAM Admin section of ProVision - see IPAM Administration and IPAM Parameters.
Tags: Tags can be set under Edit Tags in the IPAM Administration section.
Notes: Freeform text field for additional information you wish to capture.
Resource: The resource assigned to the block.
NAT: The corresponding public or private block CIDR that is associated with the current block.
Metadata1 - Metadata 10: User-defined text fields, as set in IPAM Administration Edit Columns.
Allow Subassignments: When editing a block that has been assigned, toggling this setting to "On" allows for further subassignments, indicated by a blue arrow next to the assignment in the Manage screen. Note: Subassign status cannot be changed if a block has children.
Propagate Attributes to Children: Toggle this setting to "On" when editing a parent block to carry through attribute changes to all children of that block for that edit. This is not a persistent setting - it only applies to the specific edit you are in the process of making.
To view parent blocks, and which children would be affected, ensure that top level or all masks are selected in the Filter menu in the IPAM Manage screen. See Working with IP Blocks for more information.
Assign IP Space
There are two areas where you can assign IP Space: in the IPAM Gadget for the particular Resource, or through IPAM Manage for manually assigning a block to a resource.
The IPAM Gadget allows for more detailed assignment options including Direct Assign, Smart Browse, and Smart Assign with advanced options, and is the primary tool for space assignment.
Assign Space from the IPAMv2 Gadget
The IPAM Gadget is accessed from a Resource Entry page, once enabled for the Section (to add Gadgets, see Customizing Sections and Add Gadgets to your Section).
For additional details on the IPAMv2 Gadget, see Gadgets.
You have three options for assigning IP space using the IPAM Gadget: Direct Assign, Smart Assign, and Smart Browse.
Direct Assign
Direct Assign is used when you know the exact CIDR that you wish to assign to the Resource. You can use "Simple" direct assign, for straightforward assignments of a CIDR to the Resource, or "Advanced", used in cases where duplicate blocks may exist and you need additional criteria to differentiate between them.
Smart Assign / Smart Browse
Smart Assign and Smart Browse are used when you have criteria that you need to meet for the assignment, and any block meeting that criteria is acceptable for assignment.
With Smart Assign, you enter criteria such as IP Type, Size, RIR, Region, and Tag information, then ProVision's automation will automatically assign a block meeting that critieria, if any exist. Smart Browse uses the same criteria, but provides a browsable list of blocks meeting that criteria for you to select from.
Manually Assign Space from IPAM Manage
You can also assign blocks manually using the "Assign" function from the IPAM Manager screen (accessible from the IPAM Tab). Open the Action Menu for a block, then select "Assign".
Assignments may also be performed for multiple blocks at a time, by shift-clicking the desired blocks, and right-clicking on any highlighted row to open the multi-block menu (choose "Assign Selected Blocks") :
Then, search for / select the Resource to assign the block. A filter tool is provided to narrow the list to a particular Section type.
When the correct resource has been selected, click the "Assign" button. If needed, a new resource can be created by clicking the "New Resource" button.
After assigning, you can further edit the block attributes or subassign space.
'Reserving' IP Space
If you need to create a 'reserved' pool from which to assign blocks, you can achieve this by creating a "Reserved" Section. Create a Section called "Reserved", add the IPAM gadget to it, then create an Entry with that Section to be the address group. From there, use the IPAM gadget and the IPAM Manage page to assign and unassign IP space from that pool.
For more details, see the FAQ entry: "How do I 'reserve' IP Space?"
Sub Assigning IP Space
To allow sub assignments, just toggle the "Allow sub assignments" button to "On" under Edit block.
Once the allow sub assignments box is checked, the block may be further split and assigned to other resources.
Split blocks may also be re-claimed to the originally assigned resource and re-aggregated. When "allow sub assignments" is checked, the block is counted as allocated, but not assigned - various statistics in IPAM, on the dashboard, and reporting will reflect this.
Sub assignments can be useful for tracking IPs assigned to a customer with multiple subsidiaries, or locations.
If a block is subassignable, a blue arrow will display in the "Assigned To" field in IPAM Manage.
In the IPAM gadget, subassignable blocks display a blue arrow in the 'Address' field.
Unassign IP Space
When a block is assigned, you will have the option of unassigning the block from the resource and returning it to the Holding Tank.
To unassign the block, simply open on the Action Menu for the block in either IPAM manage or the IPAM Gadget, and select "Unassign".
You may also chose "Unassign, Skip Hold", which unassigns the block and immediately returns it to available, bypassing the holding tank.
After unassigning blocks / skipping holding, newly available blocks will be merged upon next page refresh. Blocks which had been subassigned will revet back to the parent resource.
To return IP space in the Holding Tank to the Available Pool, process the Holding Tank via the Admin screen under IPAM Admin (this will only process blocks that were present for the specified number of days).
For more information on the Holding Tank, see Holding Tank Management.
Working with NAT Blocks
Track IP NAT Associations
Track NAT associations between public and private (1918) blocks via the IPAM "NAT" Field.
The "NAT" field accepts a single IPv4 CIDR to associate with the current block, and automatically updates the corresponding block with the NAT association.
Working with NAT'ed Blocks
Use caution when managing NAT'ed blocks or aggregates - major actions that change either block's assignment or size (assign, unassign, split, merge, autosplit/cleanup) removes the NAT association.
In this case, complete the necessary high-level block tasks, and then re-save the NAT CIDR association to either block.
Enable NAT
Enable the NAT field by navigating to IPAM Admin → Edit IPAM Columns.
Create NAT Association
Ensure that the two appropriate IP Aggregates (one public, one 1918 private space) containing the desired blocks to NAT have been added into ProVision. (See: Working with IP Aggregates)
After verifying the aggregates and blocks, you may add the NAT association:
Configure NAT to Router(s)
To push the NAT association to a router, go to the IPAM Manage Action Menu, and select "Configure NAT" for the NAT'ed block(s) (For information on adding a router to ProVision, see Peering Routers).
NAT Rotate Dynamic IPs
NAT'ed block assignments may be automatically rotated to other available IPs via the "Rotate Dynamic IPs" scheduler task available in the Admin → Scheduler tab.
"Rotate Dynamic IPs" reassigns single IPv4 NAT addresses (/32s) after 'x' days (since last config push) to an available address denoted by blocks associated with the Dynamic_Available tags.
Prior to using this task, two blocks (one public, one private) must be NAT'ed in IPAM, the NAT Config pushed to a router, and appropriate blocks tagged with "Dynamic_Base" and "Dynamic_Available".
Additional Information
For additional information on working with the IPAM system in ProVision, see the following areas:
- Gadgets (IPAM and IPAMv2 Gadgets)
- Working with IP Rules
- IPAM Administration