2007 May 15 - Tue
One Unified Address Management (OUAM)
For the longest time, I thought that the sum total of the ip address management solutions out there revolved
around NorthStar and IPplan, neither of which really were as robust as I'd like.
A recent 'net search comes up with some different candidates. A IP Addressing Space Management
Applications? has
some interesting pointers to IP Address Management solutions, both Open Source as well as Commercial. One Open
Source solution that appeared to be a stand out is Carnegie
Mellon's Network Registration/Network Monitoring solution. It is under active development. Internet2 has some links to solutions that handle various combinations of Agents, Registration,
and Active/Passive Detection.
Some of the above actually crosses over into the region of Network Authentication, of which Internet2's SALSAK is trying to rigorize through
a Poicy Framework. Their second
draft has better details, in my opinion.
So I can come back to this later, in following the various links from an earlier mentioned table, I came across PacketFence which is a Network Access Control
(NAC) solution wrapped up in a VMWare deployment package.
When coming up with an IP Address Management Solution, BT Diamond IP has a handy guide to Best Practices for
Next-Generation IP Address Management.
During my initial thoughts of what I'd like to see, I was focussing more on address management, floor diagrams,
and port management than on DNS and DHCP. I figured DNS would be easy by simply exporting bind files on an as
required basis. I havn't considered DHCP integration yet, but should be straight forward with dhcp configuration
file exports, or data base lookups.
I had put together a schema diagram of what I was thinking of for ip address and facilities management.
Here is a description of the various links:
- Host -> Location: every host is associated with a particular location, floor, rack, shelf, etc
- Interface -> Host: an interface, and its sub-interfaces are associated with a host
- Interface -> Address:
- an interface, or sub-interface will have an associated address
- an interface will need multiple sub interfaces to contain additional addresses
- these sub-interfaces may simply be 'secondary address blocks', or secondary addresses, or vlans
- Interface -> Circuit: an interface is associated with a particular circuit, patch panel, connector, etc
- Circuit -> Address:
- a circuit may reference an address or address range that can be used to find attached interfaces, hosts,
and circuits (and is recursive by looking at subnets and contained addresses)
- thus routed address blocks shouldn't be referenced this way, only a circuit with ip endpoints should have
an address reference
- Port -> Address: for ports routed to different locations, or are routed, this is where this is
documented,
such as on NAT.d addresses (eg port 80 (http) or port 25 (smtp))
- Address -> Organization: Every address range is associated with a controlling organization
Some of the tables have 'self' links. This provides an ability for defining a hierarchy of relationships:
- Address: address blocks can be subdivided down to a /32
- Interface: a phsysical interface may be divided into sub-interfaces
- Circuit: a circuit may be composed of sub-circuits, wire going from wall jack to IDF to MDF to IDF to
wall
jack
- Location: a building may have multiple floors, a server room may have multiple racks, a rack will
have
multiple 'U' locations
Here is a sql schema file to go along with the diagram. It
is based upon PostgreSQL as it has native data types for handling ip addresses and mac addresses.
[/OpenSource/Debian/AddressManagement]
permanent link
Import IANAifType
From the web page http://www.iana.org/assignments/ianaiftype-mib there is an
list of interface types. Early portions of this list are incorporated into /usr/share/cricket/util/genDevConfig.
The full list is parsed and imported into the database.
Conversion
Create a perl program ianaif.pl:
#! /usr/bin/perlwhile ( <STDIN> ) {
$_ =~ /^\s+([\-\w]+)\s*\((\d+)\),?(\s*|\s*--\s(.+?))\s*$/;
print "insert into ianaiftype (ianaiftypeid, name, description) values ($2, '$1', '$4');\n";
}
Create a file 'ianaif.txt' with the mildly edited content from web site.
Run the perl script to create an imort file:
perl ianaif.pl < ianaif.txt > ianaif.import
Import into the database:
su - postgres
psql oneunified
\i ianaif.import
\q
Here is the raw data:
other(1), -- none of the following
regular1822(2),
hdh1822(3),
ddnX25(4),
rfc877x25(5),
ethernetCsmacd(6), -- for all ethernet-like interfaces,
iso88023Csmacd(7), -- Deprecated, use ethernetCsmacd (6)
iso88024TokenBus(8),
iso88025TokenRing(9),
iso88026Man(10),
starLan(11), -- Deprecated, use ethernetCsmacd (6)
proteon10Mbit(12),
proteon80Mbit(13),
hyperchannel(14),
fddi(15),
lapb(16),
sdlc(17),
ds1(18), -- DS1-MIB
e1(19), -- Obsolete see DS1-MIB
basicISDN(20),
primaryISDN(21),
propPointToPointSerial(22), -- proprietary serial
ppp(23),
softwareLoopback(24),
eon(25), -- CLNP over IP
ethernet3Mbit(26),
nsip(27), -- XNS over IP
slip(28), -- generic SLIP
ultra(29), -- ULTRA technologies
ds3(30), -- DS3-MIB
sip(31), -- SMDS, coffee
frameRelay(32), -- DTE only.
rs232(33),
para(34), -- parallel-port
arcnet(35), -- arcnet
arcnetPlus(36), -- arcnet plus
atm(37), -- ATM cells
miox25(38),
sonet(39), -- SONET or SDH
x25ple(40),
iso88022llc(41),
localTalk(42),
smdsDxi(43),
frameRelayService(44), -- FRNETSERV-MIB
v35(45),
hssi(46),
hippi(47),
modem(48), -- Generic modem
aal5(49), -- AAL5 over ATM
sonetPath(50),
sonetVT(51),
smdsIcip(52), -- SMDS InterCarrier Interface
propVirtual(53), -- proprietary virtual/internal
propMultiplexor(54),-- proprietary multiplexing
ieee80212(55), -- 100BaseVG
fibreChannel(56), -- Fibre Channel
hippiInterface(57), -- HIPPI interfaces
frameRelayInterconnect(58), -- Obsolete, use frameRelay(32) or frameRelayService(44)
aflane8023(59), -- ATM Emulated LAN for 802.3
aflane8025(60), -- ATM Emulated LAN for 802.5
cctEmul(61), -- ATM Emulated circuit
fastEther(62), -- Obsoleted, use ethernetCsmacd (6)
isdn(63), -- ISDN and X.25
v11(64), -- CCITT V.11/X.21
v36(65), -- CCITT V.36
g703at64k(66), -- CCITT G703 at 64Kbps
g703at2mb(67), -- Obsolete see DS1-MIB
qllc(68), -- SNA QLLC
fastEtherFX(69), -- Obsoleted, use ethernetCsmacd (6)
channel(70), -- channel
ieee80211(71), -- radio spread spectrum
ibm370parChan(72), -- IBM System 360/370 OEMI Channel
escon(73), -- IBM Enterprise Systems Connection
dlsw(74), -- Data Link Switching
isdns(75), -- ISDN S/T interface
isdnu(76), -- ISDN U interface
lapd(77), -- Link Access Protocol D
ipSwitch(78), -- IP Switching Objects
rsrb(79), -- Remote Source Route Bridging
atmLogical(80), -- ATM Logical Port
ds0(81), -- Digital Signal Level 0
ds0Bundle(82), -- group of ds0s on the same ds1
bsc(83), -- Bisynchronous Protocol
async(84), -- Asynchronous Protocol
cnr(85), -- Combat Net Radio
iso88025Dtr(86), -- ISO 802.5r DTR
eplrs(87), -- Ext Pos Loc Report Sys
arap(88), -- Appletalk Remote Access Protocol
propCnls(89), -- Proprietary Connectionless Protocol
hostPad(90), -- CCITT-ITU X.29 PAD Protocol
termPad(91), -- CCITT-ITU X.3 PAD Facility
frameRelayMPI(92), -- Multiproto Interconnect over FR
x213(93), -- CCITT-ITU X213
adsl(94), -- Asymmetric Digital Subscriber Loop
radsl(95), -- Rate-Adapt. Digital Subscriber Loop
sdsl(96), -- Symmetric Digital Subscriber Loop
vdsl(97), -- Very H-Speed Digital Subscrib. Loop
iso88025CRFPInt(98), -- ISO 802.5 CRFP
myrinet(99), -- Myricom Myrinet
voiceEM(100), -- voice recEive and transMit
voiceFXO(101), -- voice Foreign Exchange Office
voiceFXS(102), -- voice Foreign Exchange Station
voiceEncap(103), -- voice encapsulation
voiceOverIp(104), -- voice over IP encapsulation
atmDxi(105), -- ATM DXI
atmFuni(106), -- ATM FUNI
atmIma (107), -- ATM IMA
pppMultilinkBundle(108), -- PPP Multilink Bundle
ipOverCdlc (109), -- IBM ipOverCdlc
ipOverClaw (110), -- IBM Common Link Access to Workstn
stackToStack (111), -- IBM stackToStack
virtualIpAddress (112), -- IBM VIPA
mpc (113), -- IBM multi-protocol channel support
ipOverAtm (114), -- IBM ipOverAtm
iso88025Fiber (115), -- ISO 802.5j Fiber Token Ring
tdlc (116), -- IBM twinaxial data link control
gigabitEthernet (117), -- Obsoleted, use ethernetCsmacd (6)
hdlc (118), -- HDLC
lapf (119), -- LAP F
v37 (120), -- V.37
x25mlp (121), -- Multi-Link Protocol
x25huntGroup (122), -- X25 Hunt Group
trasnpHdlc (123), -- Transp HDLC
interleave (124), -- Interleave channel
fast (125), -- Fast channel
ip (126), -- IP (for APPN HPR in IP networks)
docsCableMaclayer (127), -- CATV Mac Layer
docsCableDownstream (128), -- CATV Downstream interface
docsCableUpstream (129), -- CATV Upstream interface
a12MppSwitch (130), -- Avalon Parallel Processor
tunnel (131), -- Encapsulation interface
coffee (132), -- coffee pot
ces (133), -- Circuit Emulation Service
atmSubInterface (134), -- ATM Sub Interface
l2vlan (135), -- Layer 2 Virtual LAN using 802.1Q
l3ipvlan (136), -- Layer 3 Virtual LAN using IP
l3ipxvlan (137), -- Layer 3 Virtual LAN using IPX
digitalPowerline (138), -- IP over Power Lines
mediaMailOverIp (139), -- Multimedia Mail over IP
dtm (140), -- Dynamic syncronous Transfer Mode
dcn (141), -- Data Communications Network
ipForward (142), -- IP Forwarding Interface
msdsl (143), -- Multi-rate Symmetric DSL
ieee1394 (144), -- IEEE1394 High Performance Serial Bus
if-gsn (145), -- HIPPI-6400
dvbRccMacLayer (146), -- DVB-RCC MAC Layer
dvbRccDownstream (147), -- DVB-RCC Downstream Channel
dvbRccUpstream (148), -- DVB-RCC Upstream Channel
atmVirtual (149), -- ATM Virtual Interface
mplsTunnel (150), -- MPLS Tunnel Virtual Interface
srp (151), -- Spatial Reuse Protocol
voiceOverAtm (152), -- Voice Over ATM
voiceOverFrameRelay (153), -- Voice Over Frame Relay
idsl (154), -- Digital Subscriber Loop over ISDN
compositeLink (155), -- Avici Composite Link Interface
ss7SigLink (156), -- SS7 Signaling Link
propWirelessP2P (157), -- Prop. P2P wireless interface
frForward (158), -- Frame Forward Interface
rfc1483 (159), -- Multiprotocol over ATM AAL5
usb (160), -- USB Interface
ieee8023adLag (161), -- IEEE 802.3ad Link Aggregate
bgppolicyaccounting (162), -- BGP Policy Accounting
frf16MfrBundle (163), -- FRF .16 Multilink Frame Relay
h323Gatekeeper (164), -- H323 Gatekeeper
h323Proxy (165), -- H323 Voice and Video Proxy
mpls (166), -- MPLS
mfSigLink (167), -- Multi-frequency signaling link
hdsl2 (168), -- High Bit-Rate DSL - 2nd generation
shdsl (169), -- Multirate HDSL2
ds1FDL (170), -- Facility Data Link 4Kbps on a DS1
pos (171), -- Packet over SONET/SDH Interface
dvbAsiIn (172), -- DVB-ASI Input
dvbAsiOut (173), -- DVB-ASI Output
plc (174), -- Power Line Communtications
nfas (175), -- Non Facility Associated Signaling
tr008 (176), -- TR008
gr303RDT (177), -- Remote Digital Terminal
gr303IDT (178), -- Integrated Digital Terminal
isup (179), -- ISUP
propDocsWirelessMaclayer (180), -- Cisco proprietary Maclayer
propDocsWirelessDownstream (181), -- Cisco proprietary Downstream
propDocsWirelessUpstream (182), -- Cisco proprietary Upstream
hiperlan2 (183), -- HIPERLAN Type 2 Radio Interface
propBWAp2Mp (184), -- PropBroadbandWirelessAccesspt2multipt
sonetOverheadChannel (185), -- SONET Overhead Channel
digitalWrapperOverheadChannel (186), -- Digital Wrapper
aal2 (187), -- ATM adaptation layer 2
radioMAC (188), -- MAC layer over radio links
atmRadio (189), -- ATM over radio links
imt (190), -- Inter Machine Trunks
mvl (191), -- Multiple Virtual Lines DSL
reachDSL (192), -- Long Reach DSL
frDlciEndPt (193), -- Frame Relay DLCI End Point
atmVciEndPt (194), -- ATM VCI End Point
opticalChannel (195), -- Optical Channel
opticalTransport (196), -- Optical Transport
propAtm (197), -- Proprietary ATM
voiceOverCable (198), -- Voice Over Cable Interface
infiniband (199), -- Infiniband
teLink (200), -- TE Link
q2931 (201), -- Q.2931
virtualTg (202), -- Virtual Trunk Group
sipTg (203), -- SIP Trunk Group
sipSig (204), -- SIP Signaling
docsCableUpstreamChannel (205), -- CATV Upstream Channel
econet (206), -- Acorn Econet
pon155 (207), -- FSAN 155Mb Symetrical PON interface
pon622 (208), -- FSAN622Mb Symetrical PON interface
bridge (209), -- Transparent bridge interface
linegroup (210), -- Interface common to multiple lines
voiceEMFGD (211), -- voice E&M Feature Group D
voiceFGDEANA (212), -- voice FGD Exchange Access North American
voiceDID (213), -- voice Direct Inward Dialing
mpegTransport (214), -- MPEG transport interface
sixToFour (215), -- 6to4 interface (DEPRECATED)
gtp (216), -- GTP (GPRS Tunneling Protocol)
pdnEtherLoop1 (217), -- Paradyne EtherLoop 1
pdnEtherLoop2 (218), -- Paradyne EtherLoop 2
opticalChannelGroup (219), -- Optical Channel Group
homepna (220), -- HomePNA ITU-T G.989
gfp (221), -- Generic Framing Procedure (GFP)
ciscoISLvlan (222), -- Layer 2 Virtual LAN using Cisco ISL
actelisMetaLOOP (223), -- Acteleis proprietary MetaLOOP High Speed Link
fcipLink (224), -- FCIP Link
rpr (225), -- Resilient Packet Ring Interface Type
qam (226), -- RF Qam Interface
lmp (227), -- Link Management Protocol
cblVectaStar (228), -- Cambridge Broadband Limited VectaStar
docsCableMCmtsDownstream (229), -- CATV Modular CMTS Downstream Interface
adsl2 (230), -- Asymmetric Digital Subscriber Loop Version 2
macSecControlledIF (231), -- MACSecControlled
macSecUncontrolledIF (232), -- MACSecUncontrolled
aviciOpticalEther (233), -- Avici Optical Ethernet Aggregate
atmbond (234), -- atmbond
voiceFGDOS (235), -- voice FGD Operator Services
mocaVersion1 (236), -- MultiMedia over Coax Alliance (MoCA) Interface
ieee80216WMAN (237), -- IEEE 802.16 WMAN interface
adsl2plus (238), -- Asymmetric Digital Subscriber Loop Version 2,
dvbRcsMacLayer (239), -- DVB-RCS MAC Layer
dvbTdm (240), -- DVB Satellite TDM
dvbRcsTdma (241), -- DVB-RCS TDMA
x86Laps (242) -- LAPS based on ITU-T X.86/Y.1323
[/OpenSource/Debian/AddressManagement]
permanent link
|
