Overlapping IP space - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

This section describes how to work with overlapping IP spaces.

As your networks grow and become more complex, you may need to manage overlapping IPv4 address space. For example, branch offices in different geographic locations might all contain IPv4 networks in the 192.168.0.0/16 space, or the networks of a newly acquired company might overlap with your existing networks.

Address Manager uses multiple configurations to help you manage overlapping address space. Each configuration contains its own set of IPv4 blocks, networks, and servers. This allows you to manage all of your networks from a centralized location, which is the first step towards eliminating the overlaps.

As you rearrange your networks to eliminate overlapping address space, Address Manager can help prevent the creation of new overlaps. Using the IP Overlap Detection feature, you can configure partitions to check for space conflicts in other configurations when users perform any of the following actions:
  • when adding or editing IPv4 blocks or networks
  • when moving IPv4 blocks or networks
  • when using Auto Create Networks while adding or editing a Host Record
  • when approving a change request to create or edit a network
  • when using the Find First Available IPv4 Network feature.
Note: IP Overlap Detection applies only to the functions listed above. Address Manager doesn't check for IPv4 space conflicts when you resize or split blocks or networks, or when you create partitions in IPv4 blocks.
Enable IP Overlap Detection in a configuration by creating a list of configurations for Address Manager to check for IP address space conflicts. When users add, edit, or move a block or network, Address Manager scans the IPv4 address space in the specified configurations. On discovering a conflict, Address Manager presents a warning message to the user:
  • Administrators can override the warning message and add, edit, or move the block or network.
  • Non-Administrators can't override the warning message. Non-Administrators should contact a system administrator who will add, edit, or move the block on the user's behalf.

Example 1: The Head Office configuration is set to check for conflicts in the Branch Office configuration.

The Head Office configuration contains the following IPv4 blocks 10.64.0.0/10, 10.0.0.0/10, 10.128.0.0/10, and 10.192.0.0/10.

The Branch Office configuration contains the IPv4 blocks 10.0.0.0/10, 10.64.0.0/10, and 10.128.0.0/10.

In the Head Office configuration, you want to add the network 10.10.10.0/24. When you add the network, Address Manager warns you that the network conflicts with another object in another configuration. In this case, the new network conflicts with the 10.0.0.0/10 block in the Branch Office configuration.

New network 10.10.10.0/24 conflicts with existing block.

New network 10.200.10.0/24 has no conflict.

In the Head Office configuration, you also want to add the network 10.200.10.0/24. There's no overlap conflict when you add this network, because nothing occupies this IP space in the Branch Office configuration.

Example 2: When IP Overlap Detection is enabled, the Find First Available IPv4 Network function locates the first available space that does not conflict with address space in another configuration. If Address Manager can't find non-conflicting space, it doesn't create a new network and presents a warning message to the user.

Administrators can choose to override IP Overlap Detection when searching for the first available network. When overlap detection is overridden, Address Manager locates the first available space and allows you to create the new network, even if it overlaps with address space in another configuration.

In this example, the Head Office configuration is set to check for conflicts in the Branch Office configuration.

The Head Office configuration contains the IPv4 blocks 10.0.0.0/10, 10.64.0.0/10, 10.128.0.0/10, and 10.192.0.0/10. All four blocks are empty.

The Branch Office configuration contains the IPv4 blocks 10.0.0.0/10, 10.64.0.0/10, and 10.128.0.0/10. All three blocks are empty.

On the IP Space tab, in the IPv4 Blocks section, you select Find First Available IPv4 Network and search for the first /24 - 256 addresses network.

  • With Override IP Overlap Detection selected, Address Manager does not check for IP address space conflicts in other configurations. Address Manager locates the first available space for the /24 network at 10.0.0.0/24.

    With IP Overlap Detection disabled, Find First Available IPv4 Network creates the 10.0.0.0/24 network, even though it conflicts with a block in another configuration.

  • With Override IP Overlap Detection not selected, Address Manager checks for conflicting IP address space in other configurations. Address Manager locates the first available space for the /24 network at 10.192.0.0/24. This is the first available space in the Head Office configuration that doesn't conflict with a block in the other configuration.
    With IP Overlap Detection enabled, Find First Available IPv4 Network creates the 10.192.0.0/24 network. This is the first available space that doesn't conflict with a block in another configuration.