netbox: Don't allow the creation of IP addresses on already allocated prefixes, from within its parent prefix

NetBox version

v3.2.4

Feature type

Change to existing functionality

Proposed functionality

When a prefix is created don’t allow the creation of IP addresses for that prefix, from its parent prefix, for example:

Parent prefix: 10.0.0.0/24 Child prefix: 10.0.0.0/30

The IP addresses 10.0.0.0 - 10.0.0.4 should only be allowed to be created from within the child prefix. That way, it avoids the assignment of duplicate IP addresses beforehand.

Use case

We allocate a lot of prefixes as an ISP and eventually need to allocate 32 bit length subnet-mask IP addresses to our clients as well. Since prefixes and IP addresses don’t share a common logic from within the prefix page, Netbox will allow (and suggest) to create a /32 IP address from an already assigned prefix. This causes some headaches as we have to double check every IP assignment so that we don’t assign an IP to client A when it is part of the prefix already assigned to client B.

Database changes

I don’t think any is applicable.

External dependencies

None.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 20 (14 by maintainers)

Most upvoted comments

I had a look at the NB data model. There is no direct relationship between the IP address and the prefix. And that would be necessary to avoid blocking the IP creating if there a duplicate IPs for a good reason(multi tenant, different VRFs etc)

The lookup between prefix and IP addresses is purely done by matching the IP to the prefix with this code:

def get_child_ips(self):
       """
       Return all IPAddresses within this Prefix and VRF. If this Prefix is a container in the global table, return
       child IPAddresses belonging to any VRF.
       """
       if self.vrf is None and self.status == PrefixStatusChoices.STATUS_CONTAINER:
           return IPAddress.objects.filter(address__net_host_contained=str(self.prefix))
       else:
           return IPAddress.objects.filter(address__net_host_contained=str(self.prefix), vrf=self.vrf)

So enforcing that no duplicate IP could be created within a prefix requires either

a) to force all prefixes and IP must be assigned to a VRF(VRF then becomes then the common denominator between IP address and prefix) b) change the database model to have a relation between IP address and prefix.

+2
empusas on Jul 19, 2022

https://docs.netbox.dev/en/stable/customization/custom-validation/

Under Custom Validation Logic you can see a small example. You would have to write a manual check in python. if I understand your issue correctly, you would have to check that the netmask matches the closest parent prefix.

+1
kkthxbye-code on Oct 20, 2022
Read more comments on GitHub
← netbox-docker: LDAP broken after upgrade to 1.x
netbox: Front/Rear port mapping breaks when multiple cables are between devices →