In my enterprise work environment, our corporate private and public network spans across many buildings and locations and uses thousands of private IP addresses (in the range specified by RFC1918) and hundreds of public IPs as well.
How do we handle the management of such a huge address space? The secret is an IPAM (IP Address Management) software.
Such a tool can help network administrators to plan and centrally manage the IP address assignment to networked devices, avoid conflicts in IP address space, store information of resources that are connected to the network, manage DNS records etc.
In addition to operational efficiency, having a record and mapping of IP addresses with servers and network hosts assigned to them is also very helpful when doing forensics investigations about security incidents etc.
Overall, if your IP address space is larger than a few dozens of IPs, then an IPAM solution would be essential.
Two closely related core network services (with IP address management) are DNS service and DHCP (Dynamic Host Configuration Protocol) operation.
The management of the three related network services above (IPAM, DNS and DHCP) are often combined in a single software solution called DDI (DHCP, DNS and IPAM).
I have researched some of the top DDI and IP address management (IPAM) software tools in the market and listing them below (in no particular order) along with some brief description and features of each one.
Let me know in the comments if you have experience with other options that I haven’t included in the list.
The IPAM functionality of this vendor is offered under the umbrella of their OpUtils product.
ManageEngine is one of the few companies to provide a free edition of its OPUtils product, though it contains limited features and wouldn’t be appropriate for enterprise-level management.
Both free and paid editions constantly scan the complete network and ensure that subnets are functioning as expected.
“OpUtils” is feature-dense. This IPAM integrates directly with AD to find out who owns what device.
It uniquely has “Role-based Administration”, allowing administrators to assign “roles” to users, giving them varying levels of network authority. Another major feature is the tree view, showing a hierarchy of representative nodes of devices on the network.
It keeps IP audit info logs in great detail for time periods specified by administrators.
This assists with regulatory compliance and accountability. There are also regular reports and alerts send to administrators so they can review it and find anomalies.
It also has a full suite of networking tools and querying tools, giving administrators true authority and transparency.
Pricing information may only be obtained by filling out the contact form on their website. However, any organization can instantly get a free, fully-functional 30-day license to see if OpUtils is right for them. After that, it automatically converts to the free edition unless a valid license key is entered.
Efficient IP unifies DHCP, DNS, and IPAM and automates them for businesses. By creating a fully automated and secured network, EfficientIP’s SOLIDserver hardware product keeps networks up and running without manual maintenance.
Within the DDI suite, network admins can view all IP-assigned devices, DNS-DHCP configurations, and even automate VLAN/VXLAN/VRF management across the network.
Both cloud-based infrastructure and on-premises servers are supported in the solution.
Among their solutions and products, their 360 DNS security suite uses heuristic and other advanced DNS security techniques to guard against threats with unknown signatures.
With built-in architecture templates, admins can easily design and deploy DNS and DHCP servers.
All major vendors’ servers are supported. Finally, Efficient IP provides integration with third-party network management and orchestrators by utilizing plug-ins and APIs.
A major selling point is the ease of use and consistent UI/UX. Most products, including EfficientIP’s DDI, allow for free organizational trial and evaluation periods.
Unfortunately, EfficientIP does not publish their pricing. It varies by the type and size of organization; anyone who requests a free evaluation will be given a pricing estimate at the same time.
InfoBlox’s centralized IPAM solution acts as the “single source of truth” for your network and handles IP provisioning and DHCP and DNS records management.
This product, in addition to IP address records, it gives you the ability to keep track and consolidate centrally every network asset, even network ports used on switches.
Their IPAM and DDI solution uses “InfoBlox Grid”, a platform that ensures that your network, whether a single LAN, WAN, cloud or on-premises hybrid, continues to retain availability, one of the elements of the core “CIA Triad”.
Network administrators can view all devices online, the network capacity available, and generate comprehensive reports.
These reports can provide analytic insight on what infrastructure may need to be upgraded in advance, minimizing potential downtime for your network.
Their complete solution has some other important key features. Automatic Device Discovery, for example, detects new devices and automatically creates an internal “object” that represents the device.
Utilizing DHCP fingerprinting, extended information about all devices connected to the network, such as name, MAC ID, OS, and type is recorded.
One of the more unique features is their Active Directory users-to-device mapping technology.
This is essentially a one-to-many database of AD users connecting to both their provisioned IP addresses and device MAC addresses. Tech support employees can access this, speeding up diagnostic time.
Administrators can also create their own templates to cut down on configuration time. Reports can be customized so administrators can cut straight to the info that matters.
Another unique feature is DNS zones and delegation. DNS zones can be allocated to teams and assigned to different administrators. Resources can even be tagged, allowing for faster identification and access.
Any organization may request a free, 60-day fully featured trial to see if Infoblox is right for them. After this, pricing is not published since it varies by type of organization and number of employees.
BT Diamond IP supports both IPv4 and IPv6 provisioning and can be deployed on both on-premises and cloud networks.
Via a single web interface, you can manage IP address space capacity, get IP utilization reports, allocate Layer 3 subnets and pools of addresses (for DHCP), manage DNS records and so much more.
The vendors supported for DNS and DHCP configurations include Cisco, Microsoft, ISC/BIND etc.
Network configurations in any environment can be automated, and this is one of the few solutions that fully automates IP block management.
DNS security is another prime feature of BT Diamond IP. Like other solutions, it utilizes heuristic diagnosis to find and prevent DNS attacks. It also supports most IoT devices, making it ideal for development and office environments that rely on “smart” devices.
They can offer their products as hardware appliances or just software. They sell services as well.
Unfortunately, unlike most IPAM solutions, this one does not offer a free trial. There’s plenty of documentation on their official site, but there aren’t any offers to use it for free. Pricing information is also only available via contacting a representative with information about your organization.
Solarwinds is a big player in the IT and network management and monitoring space, and they also offer an IPAM software as well.
This DDI/IPAM solution also uses an intuitive web interface for network administrators.
With real-time and automated tracking of IP DHCP and DNS, administrators can monitor activity as it happens. It also has all of the more traditional tools used to manage IP provisioning.
Like most solutions, Solarwinds also allows management of cloud and on-premises networks.
Report templates can be created and run to give administrators the insights they need. Each IP address is attached to the type of device, whether it is compliant, the switch it uses (if applicable), and the AD user connected to it.
IP usage is automatically tracked. Alerts to administrators when there is suspicious activity can be configured.
Of course, subnets can also be modified through the interface. A valuable feature is that third-party APIs and CRUD operations can be connected with the solution.
Unlike many competitors, pricing for Solarwinds is transparent. First, all new organizations are offered a no-obligation 30 day trial period.
Organizations may opt for a perpetual license or a subscription license, paid monthly or yearly.
The pricing varies depending on size, but perpetual licenses start at $1,126. They come with a year of support. Subscription pricing is only available by contacting the vendor.
php IPAM is a fully open-source and free IPAM solution. Like most commercial solutions, it still has a comprehensive online document repository. It also relies on a web-based UI with classic MySQL database backend and PHP front-end web service.
Supporting IPv4 and IPv6, this IPAM allows for section and subnet management, status checking, NAT support, RACK management capabilities, management of VLANs and VRFs for MPLS and visual tree representations on the UI of all the devices in your networks.
It also supports every common authentication mechanism, including RADIUS, AD, LDAP, LDAPS, and more. Subnet importing and exporting in common formats is also supported.
php IPAM also allows for interactions with third-party APIs. Virtual LAN and virtual machines may be included in networks for management purposes.
A database of provisioned IPs currently and historically is maintained for accountability and monitoring purposes. Notifications to administrators of suspicious activities are also part of the solution.
As a rare exception, php IPAM is completely free to use for both personal and commercial purposes; no licensing required! The project is also updated on GitHub for anyone to have a look at the code.
BlueCat DDI is a fully-featured IPAM that focuses on automation and ease of use. To eliminate organizational confusion, BlueCat’s DDI operates as the single source of truth for network administrators.
It can monitor deployments on nearly any platform, virtual or physical, cloud or local.
BlueCat DDI doesn’t disappoint when it comes to DNS features. Its DNS firewall product uses security threat feeds and RPZ rules to block malicious traffic.
Standard, meticulous DNS tasks are mostly automated, leaving network professionals free to tend to pressing matters. The tool also tackles DNS migration, fully automating every aspect. Full logs of all DNS queries are kept for auditing and accountability.
This tool fully supports REST API integration. It also has full report template and generation capabilities, allowing administrators to capture all the information on devices attached to the network, users associated with them, and RPZ activity.
Though there are too many other features to list, they tend to focus on security, redundancy and fail-proofing, visualization of clusters, the addition of virtual appliances to networks, and automating what used to be done manually.
BlueCat doesn’t offer any free evaluation period. In order to get an accurate quote, you’ll need to talk to their customer service team.
WhatsUP Gold is a well-known tool for general Network Monitoring, but they include also an IPAM software as well.
WhatsUp Gold focuses on giving administrators the tools they need to be able to see everything on their networks and diagnose issues quickly.
Rather than use manual processes, when administrators install this product, they’re encouraged to set up automated routines to simplify their jobs.
Common issues like IP duplication are automatically recognized and solved by re-provisioning.
A nice feature I like is the historical data it keeps about devices and IP mappings. Give the tool a date/time and IP address and returns the exact user or device which had the IP at the time. This is very helpful should an investigation arise.
Unlike similar solutions, WhatsUp Gold focuses on preventing issues rather than simply alerting administrators to them. Scans are automatically scheduled with report templates available to be fully customized. It also includes a contextual subnet calculator.
Finally, WhatsUp Gold shows a full network map and has a suite of alert features. For example, administrators are notified when their IP range is becoming tight so they have time to readjust.
The end goal is to remove as much end user disruption as possible and add as much automation as possible to make everyone happy.
As for pricing, a 30-day free trial is available for any organization. After that, a license will be needed. The lowest perpetual licensing price is $2,656 for networks of up to 25 devices (for the monitoring software).
Pricing goes up for networks with more, and you’ll need to contact the company to get an exact quote in that case.
Men & Mice’s IPAM focuses on making a streamlined IPAM software solution. It provides a full table of query-able data to administrators including information on all the devices attached to the network.
The solution allows for rapid modification, auditing, and provisioning of network addresses for devices.
It has some of the most granular reporting abilities of all these tools, with administrators being able to “zoom in and out” to the most microscopic of detail of their network topology.
It’s ready to be hooked into any major cloud provider and supports any major hardware appliance provider, making it one of the fastest “out of the box” solutions. Pricing is not published, but there is a free, 30-day trial available.
While Motadata’s whole suite is not free, their standalone IPAM solution software is free. Administrators can define subnets in bulk, making initial setup fast. All IPs provisioned are tracked, and discovery is automatic.
If an IP address is down or has an issue, administrators automatically receive an email about the situation.
IP statuses are all updated in real-time on the administrative dashboard. Scheduled reporting tools are available, and most common DHCP and DNS vendors’ equipment and tools are supported.
Though designed to be integrated with Motadata’s suite, this tool can be used on its own. However, compared to paid tools, it has less features.
This UK-based IPAM tool prides itself on an intuitive Web UI, showing subnets in a hierarchy and allowing assignment on-the-fly from the graphical dashboard. Subnets can be set to be automatically allocated, as well.
Its Network Discovery feature captures the information of all devices online and logs it. All devices operating on SNMP are cataloged, and serial numbers and other important information on each one are also logged.
Privileges are assigned on a role basis, so responsibilities can be easily provisioned. Fully customized reporting and importing/exporting data are also supported.
It also can take in automated deployment scripts to use for future devices. Some unique features include a SNMP MIB Browser, where standard SNMP operations can be applied to cataloged devices and a Switch Port Mapper.
Pricing starts at £399.00 (GBP) for a 1,000 device license and goes up from there. An automatically sent 30-day trial key is available on their site.
This tool is one of the cheapest (from the paid options in this list) and is ideal for large companies with thousands of IPs such as ISPs, Telcos etc.
LightMesh IPAM’s selling point is its simplicity. Many IPAMs contain hard-to-understand modules and features. It is designed to make automated network management lightning fast with minimal manual interaction required.
With graphical, draggable subnet creation, administrators can toss those spreadsheets!
Constant Network Discovery is also enabled by default. It also uses group-based permissions, so you can separate resources in groups and assign users to them.
These resource-groups can either be different customers of your company or different departments of your company.
A holistic view and management infrastructure for IP, DNS, and DHCP servers is provided. This can be used to just see the devices on the network or run granular queries.
While no free trial is provided, pricing for a “Small Team” (2 users/50 subnets/10k IPs) is $200/month and $500/month for a “Medium Team” (10 users/500 subnets/1m IPs). Other sizes of organizations must get quotes from the site.
GestioIP is an open-source solution, just like php IPAM. It has a UI web interface, though it’s a bit dated.
However, it’s packed full of features. Within the interface, “quick” and “advanced” searches for devices are supported; however, the administrator will need to learn how to formulate these queries for the advanced searching.
Automatic discovery of SNMP-based devices, DNS appliances, and VLANs are all supported.
There’s support for virtual machines, Microsoft and BIND servers, VLANs, and even a specialized high-availability solution available.
Additionally, it features which network ranges are free, has a plan builder, and a subnet calculator integrated.
While it may not be the most technologically advanced, you can’t beat the price of GestioIP!
TCPWave is an IPAM solution focused on the future. It has three main focus areas: scalability, security, and automation. It is an all-in-one DDI solution for DNS, DHCP and IP management.
It supports some of the latest technologies, like CyberArk, TerraForm, and ServiceNow.
Advanced monitoring capabilities, integration with all major cloud providers, and even Kubernetes support is all available from the dashboard. Additionally, an entire suite of auditing and logging technologies are included.
Unfortunately, TCPWave doesn’t have any prices published, so you’ll need to contact their development team directly. They also don’t offer an automatic free trial.
- 13 Top Open Source Port Scanners for Windows for Host Discovery
- 15 Best Firewall Management Software Tools for Rules and Policies
- 11 Alternatives to Solarwinds NPM for I.T and Network Monitoring
- 12 Splunk Alternatives for Log Analysis, Observability and SIEM
- 10 Useful Network Documentation Tools for IT and Networking Professionals