Getting Started with IPAM

This page contains information about navigating the Grid Manager web interface once you have logged in.

Table of Contents

Contents

1 Logging In
2 Getting Help
- 2.1 Help Panel
- 2.2 Vendor Documentation
3 Browser Information
4 Basic Navigation: a Guided Tour
5 Global Search
6 Enabling Advanced Mode in Dialog Boxes
7 Next Steps

Logging In

Getting Help

If you have a question not covered by this service documentation, you can try one of the following resources or contact hostmgr for assistance.

Help Panel

All screens and dialog windows in Grid Manager contain context-sensitive help, which appears in the Help panel on the far right-hand side of the window.

If the Help panel is not visible, click the grey “?” icon on the far right to expand it.
Some Help panels contain vertically expanding subpanels. Expand the subpanel labeled “Help” to see context-sensitive help for the screen you are on.
When you don’t need the Help panel, you can collapse it again to save space.

Vendor Documentation

Extensive vendor documentation for Grid Manager is published in HTML and PDF formats.

Please note that not all functionality described in the vendor documentation is available to you in the University of Illinois IPAM service.

You may find it helpful to peruse the section entitled “About the Grid Manager Interface” when logging in to Grid Manager for the first time.

Browser Information

The vendor documentation includes requirements for your workstation (including minimum display resolution) and known limitations for certain browsers.

A few general tips:

Please be patient with the web interface; occasionally it will take a few seconds to finish refreshing after you have clicked on something. Clicking repeatedly will not help, and in fact will probably make you wait longer for the interface to catch up.
Don’t use your browser’s Back button within Grid Manager.
Don’t use Grid Manager in multiple tabs or windows of the same browser, as they may interfere with each other.
(However, we have had success using Grid Manager concurrently in two separate browsers, e.g. in one instance of Chrome and one instance of Firefox.)

The list of OS and browser versions tested and validated by the vendor is now maintained in the release notes (which are not publicly viewable), but generally includes recent releases of Firefox, Chrome, Safari, and Edge. Let us know if you consistently experience problems with the latest version of any of these browsers, and also whether the problem is solved by using a different browser. Note that Mozilla offers a Firefox Extended Support Release (ESR) which may be helpful in some circumstances.

Basic Navigation: a Guided Tour

If this is your first time using IPAM, we encourage you to actually log in now and follow along with this tutorial.

Upon first login, Grid Manager will display the (fairly sparse) Tasks Dashboard, which doesn’t do much but serves as a landing page.

To illustrate some basic principles of Grid Manager navigation, we’ll begin by browsing Networks in DHCP View. This is not what you’ll usually do in practice, but it’s the simplest place to start.

Browsing Networks in DHCP View

To display Networks in DHCP View:

Choose “Data Management” from the top row of tabs.
Choose “DHCP” from the second row.
Choose “Networks” from the third row.
Choose “Networks” from the fourth row.

This will display a table containing all Networks that you have permissions on.

screenshot

Unfortunately the Network Name column is not displayed by default, but you can easily add it to the table; see Customizing Table Columns.

Using the Table Controls

Just above the table in the main workspace is a row of icon buttons. Mouse over each icon in turn to see their names:
Open, Add, Edit, Delete, Export, and Print.

To Edit a Network from the table, select the checkbox to its left, and then click the Edit (notepad) icon above the table.

screenshot

This opens the Edit Network dialog box. You don’t have permissions to change anything in the Edit Network dialog box, but you can use it to examine the DHCP configuration properties of your Network. To close the dialog box and return to the table, click Cancel (in the lower left).

To Open a Network from the table, just click directly on its address/CIDR (e.g. “192.168.0.0/26”) in the Network column. Alternatively, you could select its checkbox and then click the Open (right arrow) icon above the table. Opening a Network takes you to a new screen which we will discuss in the next section.

The hamburger menu icon in each table row displays a shortcut menu which provides yet another way to Open or Edit the Network in that row.

screenshot

If your table contains too many rows to display all at once, you can

use the page navigation buttons (below the table, on the left) to page through them.
start typing the first several characters of a network address e.g. “192” into the “Go to” box (above the table, on the right) to quickly select a matching row.

“Go to” only matches one field (whichever one Grid Manager considers to be the primary identifier), so you can’t use it to find e.g. Network Name even if you have added a Network Name column to the table.
click “Show Filter” and Apply desired filter criteria to display fewer results. (Note that you can Filter based on Network Name.)

screenshot

Opening a Network (DHCP View)

When you Open a Network as described above, the main workspace displays a new table containing all DHCP-related objects (Fixed Addresses, Ranges, and DHCP-enabled Hosts) that have been configured within that Network.

screenshot

From here you could go on to perform a variety of DHCP configuration tasks.

For now, just familiarize yourself with the following new interface elements near the top of the main workspace:

The breadcrumb link “Networks Home” (just below the four rows of navigation tabs) may be used to return to the list of all Networks.
Next, Grid Manager displays the currently opened object (“192.168.0.0/26”) and its type (“IPv4 Network”).
Click the nearby blue pencil Edit icon to Edit the currently opened object.

Note the difference between this blue pencil Edit icon which edits the currently opened object, and the notepad Edit icon further down which edits the object whose checkbox is selected from the table.
Click the Bookmark (red swallowtail flag) icon to bookmark the currently opened object so you can quickly navigate back to it later (see Advanced Tips and Tricks).
Click “Go to IPAM View” to Open the current Network in IPAM View (discussed further down) instead of DHCP View. This is a convenient way to quickly switch between these two views of the same Network.

Browsing DNS Zones

Browsing DNS Zones involves many of the same controls we learned above, but is a little bit more complicated because the zones form a hierarchical tree structure, and also because you can see essentially all of them (not just the ones you have permissions on).

As an example, let’s find and open the forward-mapping zone “techservices.illinois.edu”. The method we’ll use here is not the quickest (we’ll get to that later), but it will help us learn our way around.

Choose “Data Management” from the top row of tabs.
Choose “DNS” from the second row.
Choose “Zones” from the third row.
The highest level of the DNS hierarchy lists DNS Views. Open the view named “default” by clicking its name in the table.
Next you will see all the top-level Zones within the default view. Open the Zone “edu” by clicking its name in the table.
At this point, a fourth row of tabs appears underneath the name of the currently opened Zone, with “Records” selected by default. Choose “Subzones” from the fourth row of tabs.

screenshot
Open the Zone “illinois.edu” by clicking its name in the table of edu subzones.
Open the Zone “techservices.illinois.edu” by clicking its name in the table of illinois.edu subzones.
(Hint: techservices.illinois.edu will not be found on the first page, so this is a good opportunity to practice using the table controls we discussed earlier.)
Finally, choose “Records” from the fourth row of tabs to display the Records (rather than the Subzones) within techservices.illinois.edu.
(see screenshot in next section)

Opening a Zone

When you open a DNS Zone object as described above, the main workspace displays a table containing either the Records or the Subzones within that Zone (depending on which tab you select from the fourth row underneath the Zone name).

screenshot

Note the following controls near the top of the main workspace:

Multiple breadcrumb links allow quick navigation to any ancestor of the current zone, including the DNS View (“default”). “DNS Home” may be used to return to the list of Views.
Click “Toggle flat view” on the Records tab to change the way Host records are displayed in this table. After you click it, the link text changes to “Toggle hierarchical view”.

We recommend using Flat view for the Records tab, to ensure that you will always see all manifestations of Host records.
Optionally (and independently), click “Toggle flat view” on the Subzones tab to display all descendants of the current zone instead of only its immediate children (note that this may cause the interface to respond more slowly). Navigate back up to “edu” for a clear illustration of the difference.

Browsing Networks in IPAM View

IPAM View is another way of looking at Networks. Whereas DHCP View is narrowly focused on DHCP functionality, IPAM View combines configuration data from both DNS and DHCP into a holistic picture of how every IP address in a network is being used (or not – it also displays unused IPv4 addresses). IPAM View also shows Network Containers which organize Networks into a hierarchical tree structure.

To browse Networks and Network Containers in IPAM View (again, this is intentionally not the quickest method):

Choose “Data Management” from the top row of tabs.
Choose “IPAM” from the second row.
The main workspace will display any top-level Network Containers (shown with a folder icon) which contain at least one Network that you have permissions on. Note that you don’t have permissions on the Network Container itself, so you can’t see any other details about it.

screenshot

This is a separate table from the one we saw earlier in DHCP View, so you’ll want to add the Network Name column again here.
Open a Network Container by clicking its address/CIDR. At this point a third row of tabs appears with “Net Map” selected by default, and the workspace displays a graphical visualization of the contents of this Network Container (which may include other Network Containers and/or leaf Networks), subject to your permissions.
Choose “List” from the third row of tabs to display the contents of this Network Container in a table instead.

screenshot

Note that Network Containers have a folder icon, while leaf Networks have an icon with no folder. There is also a “Toggle flat view” link which behaves similarly to the one described above for DNS Subzones.
Open a leaf Network by clicking its address/CIDR.

Opening a Network (IPAM View)

When you open a leaf Network in IPAM View, you can choose “IP Map” from the third row of tabs to display a graphical representation of how each address in the network is used, or choose “List” to display the addresses in a table (generally more useful).

screenshot

From here,

Click “Go to DHCP View” to open the current Network in DHCP View (instead of IPAM View). This is a convenient way to quickly switch between these two views of the same Network.

In general IPAM View is more powerful, but some DHCP configuration tasks can only be performed (and others are easier) in DHCP View.
If you select an IP address which is used by only one object, you can click the Edit (notepad) icon above the table to Edit that object.
Open an IP address (by clicking on it in the table) to display all of its Related Objects in a new table where you can Edit or Delete them individually. Use the breadcrumb links to return.

screenshot
Be very careful with the Reclaim button (see Reclaiming Objects Associated with IPv4 and IPv6 Addresses in the vendor documentation). When in doubt, it’s safer to examine the Related Objects individually and make a decision about whether to edit or delete each one.
Please do not use the Ping button (see known issues involving Discovered Data).

Global Search

Enabling Advanced Mode in Dialog Boxes

Many dialog boxes have a “Toggle Advanced Mode” control in the upper-left corner; when you enable this, it will turn green (to indicate that advanced mode is enabled), the label will change to “Toggle Basic Mode”, and additional settings will become visible that were previously hidden.

screenshot

There are two places where these additional settings may appear:

The list of subscreens (on the left side of the dialog window) may include new subscreens marked with a green dot.
Some of the regular subscreens may now include an “Advanced” tab (along the top of the dialog window) in addition to the “Basic” tab.

Keep in mind as you use Grid Manager that some important settings will only be visible if Advanced Mode is enabled, which means you will probably want to enable Advanced Mode for every dialog box you come across.

Next Steps

If you’re new to IPAM, we recommend reading the Host Records page next, because it includes a lot of screenshots related to adding and editing objects. Other pages will assume basic familiarity with the interface and not have so many screenshots.

Networking Public Home

This is the home page for the Networking Public wiki space, which is viewable by the general public.

sysLocation Format

Example:

r:2110A b:0210 c:c p:F71871 f:2 ra:2 z:5 ru:4 N:DCL #comment

Tools:

sysLocation generator webform: https://ctweb1.cites.illinois.edu/tools/sysloc/

Semantics

	Key	Priority	Description of Value
R	room	3 ⭐️	room “number” (actually string) where the device’s CER resides
B	building	1 ✅ 🔴	number of building where the device’s CER resides
C	cer	2 ✅ 🔴	string designator code (unique within building) of CER where the device is installed
P	pas	4 ✅	Property Accounting Sticker code for device
F	floor		number of building floor on which the device’s CER resides
RA	rack	5 ✅	number of rack (unique within CER) in which device is installed
Z	z	6 ✅	height (in rack units) at which the device is installed within the rack, with z:1 indicating the bottom position.
RU	ru		number of rack units the device occupies
N	nice	7	“nice name” by which CITES Networking refers to the building (not the official F&S building name)

✅: sysLocation is the authoritative source for this data
🔴: required for E-911
⭐️: not authoritative, but critically important to humans

Notes

Room is not authoritative, as it can logically be derived from building and cer (plus a table of information about known CERs). However, it is critically important to humans that the room value in sysLocation be present and correct, so that network support personnel responding to a page can easily track down a device using only the information from its saved config.

Note that cer is not derivable; there are some cases where a single room can contain more than one CER.

Floor is not authoritative, nor particularly important to humans reading sysLocation, and should probably be phased out over time.

Ru is actually a property of a device’s model (rather than of an individual device), could be derived from sysObjectID plus a table of known information about device models, and should probably be phased out over time.

Nice is a friendly nickname for a building which is made up internally by CITES Networking; it should never be treated as “authoritative” nor exposed externally, but its presence in sysLocation is useful to humans, and it is desirable that its value (for a given building) be consistent across devices.

Priority

We have discovered empirically that some devices limit the number of characters in the sysLocation field (e.g. to 48), and may silently fail to store a longer value.

When updating sysLocation for a device:

Always double-check after setting sysLocation to verify that the desired value was in fact successfully stored!
If the desired sysLocation string is too long for the device to accept, choose which fields to include based on the priority ordering given in the table.

Syntax

Unique prefixes of keys are permitted, with “r:” and “rm:” also signifying Room.

Keys and values are separated by ‘:‘, optionally surrounded by white space.

Empty values are permitted.

Key/Value pairs are separated by white space.

sysLocation may end with a comment, after white space followed by ‘#‘.

sysLocation may be all comment (no Key/Value pairs at all) if it begins with ‘#‘ or white space followed by ‘#‘.

The Nice value is case sensitive, may contain white space, may not contain ‘#‘ or ‘:‘, and must be last (if it is included).

All other Keys and Values are case insensitive, may not contain white space, may not contain ‘#‘, and may appear in any order.

Any excess white space may be removed from Nice values and from comments when parsing sysLocation.

World IPv6 Day – Urbana campus information

World IPv6 Day

What is World IPv6 Day?

World IPv6 Day is a 24-hour chance for service providers to test out IPv6 and see how it works in their environment. Major providers like Google, Facebook, Yahoo!, Akamai are using June 8, 2011 (GMT) as their test. For people on our campus, the official “day” will be 7pm on June 7th through 7pm on June 8th. The goal of this exercise is to see what is easy, what is hard, and what breaks when you turn on IPv6.

The website http://www.worldipv6day.org/ has more information on the World IPv6 Day.

What is IPv6 and Why do I care?

The short version is IPv6 is the next generation of IP addressing, since the world is running low on the current IPv4 addresses. Low enough that some users are only getting IPv6 addresses. You care because those users can only access your services through conversion systems, and those are out of your control. You don’t know what their user experience is and whether or not they think your service is poor because of that conversion. So you want your services native on IPv4 and IPv6 so that all users get the experience you planned for them.
CITES Networking and Security groups did a pair of presentations at the Fall 2010 IT Pro Forum about this. You can see the video here: http://itproforum.illinois.edu/2010Fall/schedule.php#2-B

What IPv6 services are available on the Urbana campus?

Urbana Campus Permanent IPv6 Services

Network Time (NTP)
Akamai (the caching servers are hosted on the ICCN network and serve all three campuses)
Network Backbone
ICCN (The regional network that connects Urbana with the other U of I campuses, the Internet, and R&E network providers like Internet2)

Urbana Campus Services being tested on World IPv6 Day

Wireless Networking – The IllinoisNet wireless SSID will have IPv6 enabled during the maintenance window Tuesday June 7th. It will be on until the maintenance window on Thursday June 9th. After an evaluation of how World IPv6 Day goes, it will be re-enabled permanently if no problems are found.
Web servers on campus
Native IPv6 DNS service from 2620:0:e00:a::1

How to participate in World IPv6 Day

From the Urbana campus, you need to get on the IllinoisNet wireless SSID, and try things out. Android phones, some iPods and iPhones (running iOS 4), iPads, Windows laptops (native on Vista and 7, a patch is needed for XP to support IPv6) and Apple laptops (10.4.8 and later) should all be able to get IPv6 addresses and use them. If you haven’t connected to IllinoisNet before, you can get information on doing that at this webpage: http://www.cites.illinois.edu/wireless/wpa2/index.html

Once you are on IllinoisNet, go to a website like http://www.whatismyipv6.com/ and make sure you got an IPv6 address (if you didn’t, see the troubleshooting section below). Then try out websites like Google and Facebook see if you can tell a difference. Try the campus IPv6 websites listed above and make sure you can connect. You might want to try and see the “Dancing Turtle” which is a page that is only animated if you connect with IPv6 to this website: http://www.kame.net/ . If everything is going smoothly, you shouldn’t be able to tell you are on IPv6. Just do your normal email, web and other network things. For the servers and services testing IPv6 you’ll be providing them with data in their log files, in number of IPv6 users they served and if there are problems, by letting them know about them.

A handy tool for Firefox users is https://addons.mozilla.org/en-us/firefox/addon/showip/ which shows the IP address of the server you’re connecting to at the bottom of your window. you can quickly tell if you’re on an IPv6 server or not.

How to provide feedback on your IPv6 experience

ITPros can call 244-1000 to report problems or outages of any kind, whether or not they are related to IPv6
For less urgent feedback, ITPros can join the IPV6-USERS listserv and post feedback there
If you are not an ITPro then please send email to ipv6day-feedback@ct-mail.cites.uiuc.edu with your feedback.

Troubleshooting IPv6

I didn’t get an IPv6 address, how do I get one?

First make sure you are connected to IllinoisNet wireless as your only network connection
Then make sure you haven’t turned IPv6 off on your system
- Mac users can follow the instructions from https://kb.resnet.purdue.edu/article/3387/view for disabling IPv6 which are basically the same as to enable it, the only difference is in step 6 instead of choosing “off” to enable you choose “automatic”
- Windows 7 and Vista users see http://support.microsoft.com/?scid=kb;en-us;929852&x=11&y=13 for help. You want to “Enable native IPv6 interfaces”.
Windows XP users might need to install a patch. http://support.microsoft.com/kb/2478747
If you are on IllinoisNet and have IPv6 enabled but still aren’t getting an address you can stop by our World IPv6 Day table just outside the CITES Help Desk in DCL from 10am to 4pm on June 8th and someone will help you figure out why it isn’t working.

I got an IPv6 address but I can’t get to any of the IPv6-only pages

If you have time, come to our table just outside the CITES Help Desk in DCL from 10am to 4pm on June 8th and someone will help you figure out why it isn’t working.

I got an IPv6 address but now nothing works

Follow the instructions for turning IPv6 off below.
If you have time, come to our table just outside the CITES Help Desk in DCL from 10am to 4pm on June 8th and someone will help you figure out why it isn’t working.

I got an IPv6 address and something are working but others aren’t

Follow the instructions for turning IPv6 off below.
If you have time, come to our table just outside the CITES Help Desk in DCL from 10am to 4pm on June 8th and someone will help you figure out why it isn’t working.

How to turn IPv6 off

Mac users can follow these instructions: https://kb.resnet.purdue.edu/article/3387/view
Windows users can see http://support.microsoft.com/?scid=kb;en-us;929852&x=11&y=13 for help. You want “Disable IPv6”
iPod Touch, iPhone and iPad users can not disable IPv6
Android users (NEED INFO HERE)

CITES multicast information

Multicast usage on campus is growing, and CITES is working hard to make the underlying networking system for multicast more stable. In order to do this we will need some help from the departmental IT Professionals.

If you’re not familiar with multicast and how it works, please take a minute or two to read this UIUCnet multicast basics document on the CITES website:

http://www.cites.illinois.edu/network/advanced/multicast.html

Here’s what CITES has already done and what we have in progress:

We have updated our campus edge multicast filters to the current best practices list based on information gathered from Abiline and other I2 institutions. These filters keep us from sending out to the rest of the world things like our Ghost and Retrospect Remote traffic, and also keeps us from getting that traffic in from other places. We are blocking well known “problem” multicast addresses like Norton Ghost, as well as all reserved addresses that are not allocated for use at this time. For a complete list of what we are blocking at the campus edge, please see the end of this email. If there is an address we are blocking that you have a need for, please contact multicast@uiuc.edu and we will work with you to enable the groups you need.

We worked extensively with our core router vendor to make changes to their multicast routing behavior so that it would work in a supportable way in our environment. At this time we believe that the core routers support of multicast is up to the every-day use of multicast.

We have setup an “anycast” style Rendezvous Point (RP) on the campus side of the firewalls for responsiveness to things on campus (and for functionality incase of an exit issue) and one on the far side of the firewalls to use for multicast peering to other institutions. This will remove the RP as a single point of failure for on-campus use, since either can take over if one is not working. the campus side RP is offline due to software issues. We are working on returning that to service.

CITES is also working with our various hardware vendors where we have found multicast problems to be sure that the vendor knows about the issues we are seeing and are working on a fix.

CITES Network Designers are making sure that IGMP snooping is turned on for all newly deployed devices to be sure that multicast isn’t flooded throughout the building networks by default. They are also working with net admins to turn on IGMP snooping in existing equipment where it is not already on. If you would like to request multicast to be enabled for your network please have the networking contact for the subnet mail ndo@uiuc.edu with your request.

CITES has moved to a default of turning multicast routing on for a newly created subnet so that multicast features can be used by the IT Professionals and the Unit’s users. Any Unit can choose to leave multicast off, and any Unit with an existing subnet that does not have multicast on can request it be turned on.

To request a multicast address send email to multicast@illinois.edu and describe what you’re doing, how long you need the address for and whether it should be a global address to a limited-to-campus address.

As mentioned above here’s a list of multicast groups that are blocked at the campus exits. For those of you not familiar with the details of the exits, NCSA is on the far side of these connections, and so these groups are also blocked to NCSA.

inbound to campus information on the following groups:

224.0.1.1
224.0.1.2
224.0.1.3
224.0.1.8
224.0.1.22
224.0.1.24
224.0.1.25
224.0.1.35
224.0.1.39
224.0.1.40
224.0.1.60
224.0.2.1
224.0.2.2
224.1.0.38
224.0.0.0 0.0.0.255
224.77.0.0 0.0.255.255
224.128.0.0 0.0.0.255
225.0.0.0 0.255.255.255
226.0.0.0 0.255.255.255
227.0.0.0 0.255.255.255
228.0.0.0 0.255.255.255
229.0.0.0 0.255.255.255
230.0.0.0 0.255.255.255
231.0.0.0 0.255.255.255
234.0.0.0 0.255.255.255
235.0.0.0 0.255.255.255
236.0.0.0 0.255.255.255
237.0.0.0 0.255.255.255
238.0.0.0 0.255.255.255
239.0.0.0 0.255.255.255

outbound from campus traffic blocked on the following groups:
10.0.0.0 0.255.255.255 any
127.0.0.0 0.255.255.255 any
169.254.0.0 0.0.255.255 any
172.16.0.0 0.15.255.255 any
192.168.0.0 0.0.255.255 any