Page tree
Skip to end of metadata
Go to start of metadata

IP Block Management

Managing IP Blocks

IP Blocks are edited and managed in either IPAM Manage or the IPAM Gadget.

From either area, you can perform standard block-level actions such as assign, unassign, split, merge, edit attributes, track NAT associations, and more.

The primary difference between the two areas is that IPAM Manage shows all blocks (or all blocks under an aggregate), regardless of assignment or status, where the IPAM Gadget shows only the blocks assigned to the specific resource that you are currently viewing on the Resource Entry Page. However, the IPAM Gadget has more advanced assignment options and criteria available (Direct Assign, Smart Assign, Smart Browse).

IPAM Manage Features

IPAM Manage is accessed from: the IPAM Tab → Edit Aggregate / Aggregate CIDR; IPAM Tab →Advanced button; and most block CIDR Links in ProVision. Here, you can:

  • Sort, Filter, and Export the block list
  • Auto-Split and Clean-up templates available for aggregates
  • View all blocks (IPAM Advanced), or all blocks under an aggregate, regardless of assignment
  • Shows blocks from all statuses - available, in holding, assigned, subassignable
  • Perform Single and Multi-block assignments and edits

IPAM Gadget Features

The IPAM Gadget is accessed from the Resource Entry Page → IPAM Gadget, once it has been enabled for the section. Here, you can:

  • View only the blocks assigned/assigned-and-subassignable under the Resource that you are currently viewing.
  • Sort and Filter the block list
  • Advanced assignment functions - Direct Assign, Smart Assign, and Smart browse with additional field criteria available.
  • Perform single and multi-block edit, and assign subassignable blocks.

Both IPAM Manage and the IPAM Gadget have customizable column names, order, and visibility, as well as options for user-defined meta columns (for details on setting up customization of the IPAM Manage / IPAM Gadget block list, see IPAM Parameters → Edit Columns).

Aggregate-Level Actions

Some aggregate-level actions are performed in IPAM Manage, such as setting IPAM alerts and using Aggregate Templates.

These actions are detailed on the IPAM Tab page under Working with IPAM Aggregates. This page will focus primarily on block-level actions and management. 

Working in IPAM Manage

In IPAM Manage, you can manage aggregate level actions, such as Split , Clean Up, Alerts, and Export, as well as viewing and managing individual blocks. In IPAM Manage - Advanced, aggregate-level actions are not available.

Open IPAM Manage for a specific Aggregate

Open the IPAM Manage screen for a block by:

  • Searching for the block in the Global search, and clicking on the resulting CIDR
  • Clicking the "Open" link in the aggregate blocks list from the IPAM tab.
  • Clicking on the CIDR header of the Aggregate Block Host Utilization module, or selecting "Edit" from the module's Gear Icon from the IPAM tab.
  • Clicking on the CIDR displayed in the IPAM Map - Aggregates view.

Open IPAM Manage for all Aggregates/Blocks

Open IPAM Manage for all blocks under all aggregates by clicking the "Advanced" button at the top of the IPAM tab. 

This will open IPAM Manage for all blocks in ProVision, with all the same filters, block edit functions, and search capabilities as in 'standard' IPAM Manage for an aggregate, but with no aggregate-level actions available. 

When working in IPAM Manage - Advanced, be aware of the following:

  • Due to the large volume of combined data that may be available, filter/search results may take slightly longer than load than a standard aggregate level view.
  • Users should take care to ensure that they are working with the correct block(s), as duplicate 1918 space is permitted and blocks may be difficult to distinguish.

Viewing Blocks in IPAM Manage

Sort Blocks

Sort the IPAM Manage blocks list by clicking on any column name the in list with the up-down arrows icon (↓↑).

The list will sort between ascending and descending order for that field. 

Filter Blocks

Filter the block list in IPAM Manage by toggling the "Filter +" link in the top right corner of the aggregate header. 

A flyout will appear with filter criteria options. Type in or search for the term under your desired field, and hit "Apply". When done, click "clear". To hide the filter flyout, just click the "filter -" link again.

Type in or search for the term under your desired field, and hit "Apply".

When done, click "clear". To hide the filter flyout, just click the "filter -" link again.

View Parent Blocks / Hierarchy Tree

To view parent blocks / IP block hierarchy, click on "Switch to Parent View" at the top of the block list.

You may also enter Parent View  from the "Filter" menu, by checking the "Select All Masks" checkbox and clicking "Apply".

Once all masks are enabled to view, the block list changes to include the "Parent" blocks, showing all masks throughout the assignment tree.

A parent block with children will show "Has Children" in the column where assignment status is shown, its immediate child resource (if applicable) and the block CIDR will show as a clickable link.

Clicking on the CIDR for a block that has children will open "Block Tree" view, showing the hierarchy of blocks and their assignments.

Important Blocks

"Important" IP blocks display with a yellow background highlight. By default, any block that has been manually assigned, unassigned, or had other high-level manual interactions performed will be automatically marked as "Important". 

Blocks may be manually marked or unmarked as "Important" from either the "Edit Block" interface (by opening "Edit" for the block, then selecting the toggle for "Mark this block as important"), or from the API .

If multiple blocks are selected with mixed "important" statuses, then the toggle will display in the "Off" position. To update all selected blocks to flag as important, switch the toggle to "On", and save changes. To switch all to the "Off" position, you may either toggle all blocks to "On", save changes, then switch all blocks back to "Off" and re-save, or adjust your selection to only include the blocks that need the Important Flag removed. (Tip: Use the list filter to show only "important" blocks!)

Working with IP Blocks - Common Tasks

Individual Blocks may be managed from either IPAM Manage, or the IPAM Gadget.  (if assigned to a resource, and the IPAM Gadget is enabled on the Resource's Entry Page). 

In general, standard actions from the Action Menu will be performed the same in either area, with "Assign" being the exception.

IPAM Block Action Menu - Overview

Most actions performed with block managed are contained under the IPAM Manage - Action Menu. Open the Action Menu by left clicking on the Gear Icon, or right clicking anywhere on the block's row. The same Action Menu is also available to manage blocks via the IPAM Gadget.

The Action Menu contains the following options:

  • Edit: Opens the blocks "Edit Attributes" page, used to add, change, or remove data associated with a block. Can also be opened by double clicking on a block's row.
  • Split: Splits the selected single block into two equal smaller blocks, of the next smallest mask, e.g. a /24 will be split into two /25s. The Split option is not available for blocks that are already of the smallest available size ( IPv4 /32s or IPv6 /128s), for blocks in "Holding", or for blocks that are already assigned and do not have subassignments enabled. If more than one level of splitting is needed, use "Templates - Auto Split" instead. 

  • Merge: The opposite of Split. Merge combines two blocks of equal size into the next largest mask, e.g., two /25s will be merged into one /24. Merge is only available for adjacent blocks of the same size that are "Available", in "Holding", or is subassignable.

  • Assign: Assigns the block to a ProVision Resource, making it unavailable for other assignment actions and certain block actions (unless edited to be subassignable).

  • Move: Moves IP Blocks from one resource to another without the need to pass through either the Holding or Available status.
  • Unassign: Unassigns the Resource from the current block, and moves the block into the Holding Tank. The block may then be eligible for certain actions such as direct assignment, merge, and split - but not for automated assignments until it is removed from Holding and regains the "Available" status. Unassigning a subassigned block will first place the block in "Holding", and then restore it to the parent assignment. (Tip: You can "Unassign" twice in a row to bypass "Holding", or select "Unassign, Skip Holding".)

  • Unassign, Skip Holding: Unassigns the Resource from the current block, and bypasses the Holding Tank, restoring the block to "Available" status (or to the parent assignment if the block was subassigned). 

  • RIR Integration: Provides SWIP/RPSL functions for ARIN and RIPE blocks through simple reassigns, sending the updated block assignment information back to the coordinating RIR (ARIN or RIPE). See LIR Management and Use and RIR Integration: SWIP/RPSL.

  • IP Rules: Create or Associate an IP Rule to the block to reserve portions of the block from assignment. See IPAM Rule.

  • Templates: Provides options to 'Auto-Split' a standard block (that is available for standard "split" functionality) down to a certain mask and limit, or "Clean Up"(Auto-merge) a Parent Block to a certain mask level. 

  • Logs: Shows recent log event actions associated with that block.

  • Configure NAT: Only displays for NAT'ed blocks. Configures the NAT'ed block to the selected router.
  • Email: If a Contact is associated with the Resource assigned to the block, an email form with display to email the Contact with the template options provided in Admin Settings

Split or Merge Blocks Manually

To split a block manually, click on the Action Menu (Gear icon), or right-click anywhere in the row for the available block you wish to modify.

In the menu that appears, select the "Split" function.

To aggregate blocks, select "Merge" from the same menu. 

The Split option is not available for blocks that are already of the smallest available size ( IPv4 /32s or IPv6 /128s), for blocks in "Holding", or for blocks that are already assigned and do not have subassignments enabled. If more than one level of splitting is needed, use "Templates - Auto Split" instead. 

Merge is only available for adjacent blocks of the same size that are "Available", in "Holding", or is subassignable.

Split or Merge Blocks Using Templates

Templates for a block are available under the Action Menu (wrench icon or right-click) for that block. Templates are only usable from IPAM Manage.

There are two templates available: Cleanup (Only available for parent blocks) which auto-aggregates the block, and Auto-split. 

Select the available template action, the mask, and the limit. When done, click the "Apply" button.

You can also use the "Templates" option from the Action Menu on the IPAM Manage screen for the specific block. 

Edit IP Block Attributes

You may edit a block / multiple blocks from either IPAM Manage or the IPAM Gadget, with the same options available.

Select the "Edit" option from the Action Menu (or double click on the block row) for a given block to get the Edit Attributes menu. 

To edit multiple blocks at a time, shift-click each block you wish to edit - they will highlight in blue. Once selected, right-click on any highlighted block to open the multi-edit attributes screen.

Once selected, right-click on any highlighted block to open the multi-edit attributes screen.

From here you can set a variety of attributes for a given block. These values are also customizable from the Admin screen - see IPAM Administration and IPAM Parameters to customize, enable, or disable the available parameters. 

If a field that you know is supported in ProVision appears to be 'missing' from the IPAM Mange, IPAM Manage filters, or Edit Attributes screens, check the following:

Have an Admin verify that the field is set to "enabled" in Admin → IPAM Admin → Edit Columns. Any field disabled here will be hidden throughout ProVision, and some functions are dependent on certain fields being enabled - for example, filtering by Mask in IPAM Manage requires the "Host" field to be enabled.

In IPAM manage, verify that the column widths of each field are set wide enough to display the column header

Check for a scroll bar - when all attributes are enabled, many screens will require scrolling down or to the right in order to see all of the available data.

After editing the desired attributes for the block, simply hit "Save". 

Edit Attributes Overview:

RIR: The RIR associated with the aggregate / block.

LIR: If LIRs are set up in IPAM Admin for the associated RIR, they will be selectable in this dropdown. See LIR Management and Use.

Domain: The VLAN Domain to associate with the block.  To set up domains in ProVision,  see VLAN - Working with Domains.

VLAN: VLAN information for the block, must have domain selected to view available VLANs.

Generic: This is a customizable text field that can be used to track information specific to your needs. It can be filtered in the IPAM Manage screen. The header, display, and enable/disable settings for this field are set under IPAM Configuration in the IPAM Administration section. 

ASN: The ASN to associate with the block. ProVision auto-generates AS-Resources when an ASN is provided for the field in standard ASN format.

Region: Select the region from the drop down menu. Regions can be added and customized in the IPAM Admin section of ProVision - see IPAM Administration and IPAM Parameters

Tags: Tags can be set under Edit Tags in the IPAM Administration section. 

Notes: Freeform text field for additional information you wish to capture. 

Resource: The resource assigned to the block.

NAT: The corresponding public or private block CIDR that is associated with the current block.

Metadata1 - Metadata 10:  User-defined text fields,  as set in IPAM Administration Edit Columns.

Allow Sub-assignments: When editing a block that has been assigned, toggling this setting to "On" allows for further subassignments, indicated by a blue arrow next to the assignment in the Manage screen. Note: Subassign status cannot be changed if a block has children. 

Propagate Attributes to Children: Toggle this setting to "On" when editing a parent block to carry through attribute changes to all children of that block for that edit. This is not a persistent setting - it only applies to the specific edit you are in the process of making.

To view parent blocks, and which children would be affected, ensure that top level or all masks are selected in the Filter menu in the IPAM Manage screen. See Working with IP Blocks for more information.

Note: The VLAN of a child cannot be different from that of its parent, so for multi-level situations (Parent -> Child -> Grandchild), VLAN should be updated at the top tier parent level.

IPAM Auto AS-Resource

ProVision automatically creates an AS resource for ASN's entered into IPAM Manage (formatted as "AS1234" or "1234").

An ASN in IPAM Manage will link to the created resource, which will display all IP Blocks in ProVision with that ASN value. SystemAS resources may not be edited, however they may be deleted by an admin if desired. 

Assign IP Space

There are two areas where you can assign IP Space: in the IPAM Gadget for the particular Resource, or through IPAM Manage for manually assigning a block to a resource.

The IPAM Gadget allows for more detailed assignment options including Direct Assign, Smart Browse, and Smart Assign with advanced options, and is the primary tool for space assignment. 

Assign Space from the IPAMv2 Gadget

The IPAM Gadget is accessed from a Resource Entry page, once enabled for the Section (to add Gadgets, see Customizing Sections and Add Gadgets to your Section).

For additional details on the IPAMv2 Gadget, see Gadgets.

You have three options for assigning IP space using the IPAM Gadget: Direct Assign, Smart Assign, and Smart Browse.

Direct Assign

Direct Assign is used when you know the exact CIDR that you wish to assign to the Resource. You can use "Simple" direct assign, for straightforward assignments of a CIDR to the Resource, or "Advanced", used in cases where duplicate blocks may exist and you need additional criteria to differentiate between them. 

Simple Direct Assign:

Expand the "Direct Assign" module of the IPAMv2 Gadget by clicking the "Expand" arrow on the right side of the header.

Type the desired CIDR to assign in the CIDR input box, then click "Assign". A message will appear to confirm success, or provide details on an error.

Advanced Direct Assign:

In some cases, you make need the ability to further specify a block to direct assign - such as if you have duplicate 1918 blocks. The "Advanced Options" filters allow for further detail to be provided to ensure ProVision assigns the specific block that is intended.

Expand the "Advanced Options + " link to the right of the "Direct Assign" module header.

Then, add in the desired CIDR, and set your additional filter criteria, such as RIR, region, LIR, VLAN, and so forth. When done, hit "Assign".

Smart Assign / Smart Browse

Smart Assign and Smart Browse are used when you have criteria that you need to meet for the assignment, and any block meeting that criteria is acceptable for assignment. 

With Smart Assign, you enter criteria such as IP Type, Size, RIR, Region, and Tag information, then ProVision's automation will automatically assign a block meeting that criteria, if any exist. Smart Browse uses the same criteria, but provides a browsable list of blocks meeting that criteria for you to select from. 

Expand the "Smart Assign" module in the IPAMv2 by clicking the expansion arrow in the right side of the Smart Assign header.

For a basic assignment, enter at least the IP type, RIR, and block size.

IP Tag filters are optional. IP Tag filters exist in three modes:

Standard - checks to see if the selected tag is associated with the block

Strict: limits results to blocks with exactly the selected tag(s)

Exclude - blocks without the selected tag(s)

For Advanced Options, Click the "Advanced Options +" expansion link in the top right of the header. Additional filter criteria will be available to apply to both Smart Browse and Smart Assign.

Then click "Smart Browse" or "Smart Assign".

For Smart Assign, you will receive a message indicating a successful assignment, or information regarding an error. If no blocks are available meeting the criteria, the message will say so. In this case, try removing one or more of your filter criteria and try again.

For Smart Browse, a screen will pop up showing blocks meeting your criteria. Browse to the block you want to assign, and click either "Assign this block", or "Assign from this block"(splits a larger block down).

Successful assignments will be added to the "IP Blocks" list in the IPAMv2 Gadget, and are able to be managed in the IPAM Gadget, IPAMv2 Gadget, or IPAM Manage Screen.

Manually Assign Space from IPAM Manage

You can also assign blocks manually using the "Assign" function from the IPAM Manager screen (accessible from the IPAM Tab). Open the Action Menu for a block, then select "Assign".

Assignments may also be performed for multiple blocks at a time, by shift-clicking the desired blocks, and right-clicking on any highlighted row to open the multi-block menu (choose "Assign Selected Blocks") :

Then, search for / select the Resource to assign the block. A filter tool is provided to narrow the list to a particular Section type. 

When the correct resource has been selected, click the "Assign" button. If needed, a new resource can be created by clicking the "New Resource" button.

After assigning, you can further edit the block attributes or subassign space.  

'Reserving' IP Space

If you need to create a 'reserved' pool from which to assign blocks, you can achieve this by creating a "Reserved" Section. Create a Section called "Reserved", add the IPAM gadget to it, then create an Entry with that Section to be the address group. From there, use the IPAM gadget and the IPAM Manage page to assign and unassign IP space from that pool.

For more details, see the FAQ entry: "How do I 'reserve' IP Space?"

Sub Assigning IP Space

To allow sub assignments, just toggle the "Allow sub assignments" button to "On" under Edit block.  

Once the allow sub assignments box is checked, the block may be further split and assigned to other resources.  

Split blocks may also be re-claimed to the originally assigned resource and re-aggregated.  When "allow sub assignments" is checked, the block is counted as allocated, but not assigned - various statistics in IPAM, on the dashboard, and reporting will reflect this.

 Sub assignments can be useful for tracking IPs assigned to a customer with multiple subsidiaries, or locations.

If a block is subassignable, a blue arrow will display in the "Assigned To" field in IPAM Manage.

In the IPAM gadget, subassignable blocks display a blue arrow in the 'Address' field.

Unassign IP Space

When a block is assigned, you will have the option of unassigning the block from the resource and returning it to the Holding Tank.

To unassign the block, simply open on the Action Menu for the block in either IPAM manage or the IPAM Gadget,  and select "Unassign".

You may also chose "Unassign, Skip Hold", which unassigns the block and immediately returns it to available, bypassing the holding tank. 

Another option is "Move", which moves the block from one resource directly to another without passing it through either available or holding status.

After unassigning blocks / skipping holding, newly available blocks will be merged upon next page refresh. Blocks which had been subassigned will revet back to the parent resource.

To return IP space in the Holding Tank to the Available Pool, process the Holding Tank via the Admin screen under IPAM Admin (this will only process blocks that were present for the specified number of days).

For more information on the Holding Tank, see Holding Tank Management.

For a fast method of unassigning all blocks from a particular resource, you may also bulk-unassign IPs from the Resource List! See Working with Entries

Working with NAT Blocks 

Track IP NAT Associations

Track NAT associations between public and private (1918) blocks via the IPAM "NAT" Field.

The "NAT" field accepts a single IPv4 CIDR to associate with the current block, and automatically updates the corresponding block with the NAT association.  

Working with NAT'ed Blocks

Use caution when managing NAT'ed blocks or aggregates - major actions that change either block's assignment or size (assign, unassign, split, merge, autosplit/cleanup) removes the NAT association. 

In this case, complete the necessary high-level block tasks, and then re-save the NAT CIDR association to either block. 

Enable NAT 

Enable the NAT field by navigating to IPAM Admin → Edit IPAM Columns.

From there, ensure that the NAT column is checked (enabled), and customize the column location if desired. Be sure to click "Update" to save any changes.

Create NAT Association

Ensure that the two appropriate IP Aggregates (one public, one 1918 private space) containing the desired blocks to NAT have been added into ProVision. (See: Working with IP Aggregates)

After verifying the aggregates and blocks, you may add the NAT association:

Open IPAM Manage for either aggregate, then open "Edit Block" for the specific block you wish to NAT. (See:Working with IP Blocks)

In the Edit Block dialog, enter the IPv4 CIDR of the corresponding NAT block. When complete, click "Save".

Once the NAT field has been saved, the association will display in the NAT Column. 

The corresponding block (here, the private 1918 space block) will automatically have the NAT associated applied.

Configure NAT to Router(s)

To push the NAT association to a router, go to the IPAM Manage Action Menu, and select "Configure NAT" for the NAT'ed block(s) (For information on adding a router to ProVision, see Peering Routers).

Open the Action Menu for the NAT'ed block(s) and select "Configure NAT".

Then, select the router. Add the custom configuration /  interface information for the router and click "Configure".

NAT Rotate Dynamic IPs

NAT'ed block assignments may be automatically rotated to other available IPs via the "Rotate Dynamic IPs" scheduler task available in the  Admin → Scheduler tab 

"Rotate Dynamic IPs" reassigns single IPv4 NAT addresses (/32s) after 'x' days (since last config push) to an available address denoted by blocks associated with the Dynamic_Available tags.

Prior to using this task, two blocks (one public, one private) must be NAT'ed in IPAM, the NAT Config pushed to a router, and appropriate blocks tagged with "Dynamic_Base" and "Dynamic_Available". 

Before you Begin

Before setting up NAT Dynamic IP Block Rotation, ensure the follow has been completed:

  • The public/private IP blocks exist in ProVision (as /32s) and have been set up with NAT Metadata and matching IP Tags
  • The NAT'ed blocks have been configured with a router
  • The Aggregate(s)/IP's exist in ProVision with sufficient "Available" space to use for Rotating the NAT'ed block(s)
  • IPAM Tags match between the NAT'ed blocks and intended available blocks

Add Dynamic Tags to Blocks

After NAT blocks and aggregates have been set up in ProVision with sufficient size, matching IPAM tags, and NAT metadata, you can identify which blocks to use for dynamic rotation by adding the "Dynamic_Base" and "Dynamic_Available" tags.

Go to IPAM Manage and: 

  • Add the IPAM tag "Dynamic_Base" to the /32 block(s) currently NAT'ed. 
  • Add the IPAM tag "Dynamic_Available to the aggregate or blocks which match the NAT'ed blocks, and are available for rotation use. If used on a block larger than the Dynamic_Base block, the available block will be automatically split.

Set up Scheduler Task

Go to  Admin → Scheduler, Add the scheduler task "IPAM - Rotate Dynamic IPs". 

Enter a number for the days to wait (since last configure) until rotation. 

Enter scheduled start / end dates, repeat settings, and click "Save" when complete. 

The scheduled task will look for NAT'ed, /32 "Dynamic_Base" blocks that have last configuration times older than the provided day count, and rotate those IPs to "Dynamic_Available" blocks. Dynamic_Available blocks larger than than the Dynamic_Base block will be automatically split.

Additional Information

For additional information on working with the IPAM system in ProVision, see the following areas:

  • No labels