IPAM Rules
IPAM Rules are accessed from the Admin section of ProVision, under the IPAM Admin tab by clicking on "Edit IPAM Rules".
In the IPAM Admin "Edit IPAM Rules" section, Admin users may view all existing IPAM Rules, the blocks affected by each rule, and delete rules.
IPAM Rules Overview
IPAM Rules allow users to exclude IP addresses from being assigned by Smart Assign or Direct Assign, based on the address position in the block (ie, first address, last address, nth from last).
Reserved addresses are set by their position in the block, starting with position '1' to represent the first address, '2' the second, and so on (1,2,3). The last position in the block is represented as '0', with each step backwards set as the next lowest negative integer (0, -1, -2, 3). Rulesets may reserve one or many positions in a block, so you can choose to reserve only the first address (1), only the last address (0), or combinations as desired - reserving the first three and last three addresses on a block would look like (1,2,3,0,1,-2).
IPAM Rules may be created and applied to blocks under the IPAM Tab -> IPAM Manage screen, in the Action Menu for the desired block. Additional management tasks are available under the IPAM Admin -> "Edit IPAM Rules" page.
IPAM Rules Behavior and Bounds:
- Rules may be applied to IPv4 or IPv6 blocks
- Once a rule has been applied to a block, the addresses at the selected rule positions will by bypassed when Smart Assigning from that block, or return an error when Direct Assigning that position from the IPAM Gadget.
- Only one ruleset may be applied per block - so if a rule already exists for reserving the first address in a block, and a second rule exists for reserving the last address, and you would like to use both, a third, new ruleset must be created that combines reserving both first and last.
- Rules cascade down the IP tree. If a rule is applied to a /24, child blocks under that /24 (/30s, etc) will have the same ruleset applied.
- Changing the positions in a ruleset applies that change to all blocks using that rule - ensure that changes are desired universally when updating a rule.
- If a rule's position(s) is outside of the boundary of the selected block (for example, trying to reserve the 60th address of /30), an error message will notify the user and prompt for a different rule selection.
Edit IPAM Rules Page
In the IPAM Admin "Edit IPAM Rules" section, Admin users may view all existing IPAM Rules, the blocks affected by each rule, create new rules, and delete existing rules.
Add New Rule: Opens the "Manage Ruleset" interface where a new rule may be created. This module is also accessible from the "IP Rules" option on the IPAM Manage Action Menu.
Search: Filter the list of rules by searching for a rule name.
Rule Name: The user-created name of the rule. Clicking on the rule name will bring up the Manage Ruleset screen, showing an editable list of rule positions.
Creation Date: Date the rule was created.
Positions: How many positions are reserved by the rule.
View Applied Networks: Shows a list of blocks that have the rule applied.
Delete Rule: Deletes the selected rule.
Add an IPAM Rule:
Adding an IPAM Rule from the Admin area of ProVision functions the same way as if accessed from IPAM Manage.
Click on "Add new Rule", and the Manage Ruleset screen will appear, prompting you to enter a Ruleset name, and select positions to reserve.
IP Rule Positions
Reserved addresses are set by their position in the block. Positions start at '1', for the first address in a block, and step up by one for each subsequent IP address. The last position in a block is '0', representing the last address, and steps down a negative integer for each position from last - so the last three addresses in a block would be represented by (0, -1, -2). When reserving multiple positions, the typed order of the positions does not matter.
Position examples:
(1) - Reserves the first IP
(0) - Reserves the last IP
(1,2,3) - Reserves the first three IPs
(0, -1, -2) - Reserves the last three IPs.
(1,2,3,0,-1,-2) - Reserves the first three and last three IPs
Type in the desired name for the new rule, and one or multiple positions (denoted by integers separated by commas) into the box below the name.
When complete, click the "Save" button, or hit "Cancel" to exit without saving. The Rule preview screen will appear.
Edit an IPAM Rule:
From the Admin IPAM Rules page, click on the Rule entry in the list when highlighted.
This will bring up the "Manage Ruleset" module, showing the rule name and the currently reserved positions for the ruleset.
To change the rule name, simply type the desired changes into the Rule Name text box, and click "Save".
To edit the positions in the rule, either delete a position by clicking on the "x" for the position, or add a new position by typing the position number and then hit enter.
When you are done with your changes, click the "Save" button.
To discard changes, or exit the module, click "Cancel".
View Affected IP Blocks:
Clicking on "View Affected IP Blocks" in the IP Rules list for a rule will show a list of blocks that currently have the rule applied. It is recommended that you check the affected blocks list before editing or deleting an IP Rule to ensure that the changes are desired for the affected blocks.
Delete an IP Rule:
To delete an IP Rule, click on the "Delete Rule" button for the rule in the IPAM Rules list. This will permanently delete the rule and remove it from any blocks currently affected by the rule.
If you only wish to remove a rule from a block, but retain the rule for future use (or to retain use by other blocks), please see "Remove a rule from a block" detailed at Working with IP Rules.
Working with IP Rules:
For additional information on common IP Rules tasks that do not require Admin access, see Working with IP Rules in the ProVision User Guide.
Detailed walkthroughs of creating a new rule, applying an existing rule to a block, and removing a rule from a block are provided.
Additional Information
See the following pages for additional information on IPAM Admin tasks in ProVision:
For additional information on non-admin IPAM areas, see: