IPAM
The IPAM tab contains three sub-tabs: IPAM Overview, VLAN, and Logging.
The IPAM tab (also accessible from the dropdown menu as IPAM Overview) provides a listing of top-level aggregate blocks, tools to add, merge, sparse allocate, and manage aggregates, as well as multiple data visualizations. The blocks under each aggregate may be individually assigned, edited, swip'ed, and managed from the IPAM Manage page for the aggregate. For detailed information on specific aggregate and block tasks, see Working with IP Aggregates, Working with IP Blocks, and Working with IP Rules. For administrative level tasks, see IPAM Administration.
The VLAN tab shows an overview of domains and VLANs on the left sidebar, and IPAM Utilization data organized by each domain / VLAN pair. From here, Admins may add, remove, and edit domains and VLANs. Standard users may add/remove VLAN associations with blocks (as long as they have permissions on those blocks), and browse VLAN Manage (similar to IPAM Manage). See Working with the VLAN Manager for details.
Logging provides a quick link to the logging system, where you can filter to view IPAM-only logs.
Two additional options are available in the IPAM Dropdown Menu: IPAM Treeview and Reporting:
IPAM Treeview opens a new window containing a minimalist, searchable list of all IPv4 and IPv6 blocks in ProVision.
Reporting provides a shortcut to the Reporting Tab → IPAM reports area.
Clicking on IPAM Treeview from the IPAM menu opens a new sidebar window containing a searchable list of all IPv4 and IPv6 blocks in ProVision and IPAM Tab shortcuts.
IPAM Treeview contains the following links that open in your main browser window:
You may also filter the list by entering a full or partial CIDR in the search box at the top of treeview to limit your results.
Opens the IPAM Manage screen for all blocks under all aggregates. See Working with IP Blocks for more information on working in IPAM Manage.
The "Add Aggregate" button opens a new page to add an aggregate block with options for RIR, VLAN, Tags, Region, Resource, and enabling sub assignments. A resource must be selected to enable sub assignments.
When done, click "Add Aggregate". A link to the newly created aggregate will be available or you may hit "Clear" and create another aggregate. New aggregates will be listed under the Host Utilization and Aggregate Blocks list of the IPAM Tab for further management.
Map View shows aggregate locations / recent assignments in geographical format, based on the region assigned to those aggregates. Clicking on a location icon will bring up a current utilization graph and a link to that aggregate's IPAM Manage page if in Aggregates view, or recent assignment details if in Recent Assignments view.
Due to changes in Google's licensing and Geocoding API, the geolocation method used for Map View in ProVision versions pre-v7.1.0 is no longer supported. A Google Geocoding API Key is now required for geolocation data to be accessible by ProVision, and for IPAM Maps to properly determine a Region's location. As a result, IPAM Map View in versions older than 7.1.0 may not accurately display or update location information. |
The IPAM aggregate map view may be enabled / disabled from the IPAM Configuration page. Once enabled, a map module will be able to be expanded in the IPAM Tab.
The following criteria must be met for Map view to correctly show data:
Map View enabled on the IPAM Configuration page
A Geocoding API Key provided in the Edit Regions page. See Edit Regions for additional detail.
Step 1: Obtain a Google Geocoding API Key To get a Google Geocoding API Key, follow the instructions listed here: How to get a Google Geocoding API Key Note: In order to obtain a Google Geocoding API Key, a company must have a subscription enabled to Google Cloud Platform Console. Step 2: Assign the API Key to IPAM Regions Once assigned a Google Geocoding API Key, from the Edit Regions page, click "Geocode API Key". Then select the Google radio button, paste the API key into the Geocode API dialog, and click "Save" . You can test the API Key by clicking the Test button at lower left. |
Step 1: Obtain a Radar Geocoding API Key To get a Radar Geocoding API Key, follow the instructions listed here: How to get a Radar Geocoding API Key Step 2: Assign the API Key to IPAM Regions Once assigned a Radar Geocoding API Key, from the Edit Regions page, click "Geocode API Key". Then select the Radar radio button, paste the API key into the Geocode API dialog, and click "Save". You can test the API Key by clicking the Test button at lower left. |
Regions created with a valid "Address" (location) field. The "Address" field may be a street address, city, airport code, or geo-coordinates. See Edit Regions for additional detail.
Being that the validity of the "Address" field is determined by the Geocoding API, unexpected location mapping may occur if a company name or other non-location specific term is used in the Address field. Google treats the item as a search term and returns the most likely location result back - but it might not be what you were expecting! When in doubt, check the address term by pasting it into Google Search, and verify that the top result returns your desired location. |
The map view may be set by either selecting a predefined map area from the "Maps Settings" → "Positioning" dropdown (US, US & Europe, Europe, South America, World), or chose a custom area set by zooming / navigating to the desired map area.
To save the currently viewable area as the Default view, click "Save current position" at top.
Map View Settings:
Visualization Dropdown: Select "Aggregates" to view all available aggregates with region data, or "Recent Assignments" to view block assignments made within the past 30 days.
Positioning Dropdown: Select a predefined area for the map view range: US, US & Europe, Europe, South America, or World.
Save current Position: Click to save the current map view range as the default view.
Toggle Full Screen: Click to view full screen map.
Aggregate Detail Box:
Provides utilization data and a shortcut link to the IPAM Manage screen for that aggregate if in "Aggregates" view, or assignment details if in "Recent Assignments" view.
Provides a searchable / filterable listing of all aggregate blocks in the left sidebar, links IPAM Manage for the aggregates, and Merge Aggregate functionality.
If a note has been entered for a top-level aggregate (the topmost parent block), the note will display under the aggregate listing.
Search / Filter AggregatesSearch for and filter IPAM Aggregates from the Aggregate Blocks List:
To reset the list, right click anywhere in the Aggregates Blocks list and select "Reset View". |
The Top-Level Aggregate Host Utilization box provides detailed information on that aggregate, including:
ProVision supports utilization as a WHOIS server via REST API requests. You can query Resources, Contacts, and IP Blocks, just like a traditional WHOIS server, only ours serves data from the ProVision database.
This feature provides an alternate route to provide ProVision data to legacy workflows on your network. If a team is used to query WHOIS, they can query Provision. If a system needs to talk to WHOIS, it can talk to ProVision-as-WHOIS.
The ProVision WHOIS Server is a thin client for our REST API that listens on port 43 and accepts WHOIS requests that gets forwarded to our API. It is written in Python 3 using the socketserver module, and uses the ProVision endpoint /api/ipam/whois to receive all requests from the WHOIS server. The main business logic is located in services/WhoisService.php Running the Server manuallyThe server is located at whois_server/main.py in the ProVision repository. Running the server can be done with: sudo python3 main.py (We need root because we are binding to port 43) Quering the WHOIS server
Installing the WHOIS server as a serviceDifferent Linux distributions might have different ways to setup a service that runs on startup. systemdThere is a Unit file for systemd in the repository: whois_server/provision_whois.service that is used when a service is created in systemd env. 1) Edit the file to setup the proper path to the python server/file ExecStart=/usr/bin/python3 /root/whois_server/main.py WorkingDirectory=/root/whois_server/ 2) Copy the file to /etc/systemd/system (on CentOS this directory should be: /lib/systemd/system/) - sudo cp whois_server/provision_whois.service /etc/systemd/system/provision_whois.service 3) Start the service with service provision_whois start 4) Verify that is working with service provision_whois status and making a test query whois -h 127.0.0.1 ﹤query﹥ The systemd services are run as root, so there shouldn't be issues with binding to port 43. init.dThere is also init.d file located at whois_server/provision_whois 1) Edit the file to setup the proper path to the python server/file DAEMON_OPTS="/var/www/projects/whois/app.py" 2) Copy the file to /etc/init.d/ 3) chmod +x /etc/init.d/provision_whois -v 4) Verify that is working with service provision_whois status and making a test query whois -h 127.0.0.1 ﹤query﹥ |
ProVision supports the entering and export of IETF format-compliant GeoIP data for resources which have assigned IP blocks.
The Geo IP Exporter may be enabled as a scheduled task (See: Scheduler) that, at run time, searches the ProVision instance for resources which have IP addresses and an address provided in the Contact Info Gadget, then saves the resulting .csv to the ProVision root directory.
If a resource has an assigned a non-1918 IP address, and either Geo IP location data or a Mailing Address entered in the Contact Info Gadget, then the data will be included in the .csv output. If an IP address is not associated with the resource, or if neither Geo IP / Mailing Address has been provided, the resource will be skipped.
This feature includes updates to the following areas:
For additional information, expand the walkthrough below:
1) Enter GEO IP data to Resources Add GEO IP location data to a Resource by selecting "Edit" for the Contact Info Gadget. Enter a separate address to denote as the GEO IP location, or you may select "Same as Mailing Address": 2) Set up the Geo IP Export Scheduler Task Create a Scheduler task to export GEO IP data: 3) Run the Scheduler Task / File Access Run the GEO IP scheduler task, either via "Run Now" or as a scheduled run - the task will search for resources with an assigned IP address, and either Geo IP location data or a Mailing Address entered in the Contact Info Gadget, and add the data to the .csv output. Once the task has completed, the GEO IP data will be written to the ProVision root directory as "geoip_feed.csv": |
For additional information on performing IPAM tasks and working with aggregates and blocks, continue on to Working with IP Aggregates and Working with IP Blocks.