On the Origin of IP Ranges in MAAS


#1

In this post, I’d like to discuss the history of IP Ranges in MAAS. IP
ranges have evolved significantly in the years that I’ve worked on MAAS.

If you’ve found this post, you might be confused about the various concepts
related to IP ranges in MAAS. I hope after reading this, you’ll understand the
difference between static ranges, dynamic ranges, and reserved ranges – and
how they relate to device discovery and managed allocation in MAAS.

I’ll start from the beginning, as I know it.

The Dark Ages: MAAS 1.x (Simple Static and Dynamic Ranges)

A long, long time ago, MAAS allowed users to configure their managed networks
with two types of ranges: Static and Dynamic. The static range was
used for allocating automatic (or AUTO) IP addresses in MAAS, while the
dynamic range was the sole range used for DHCP.

In this simple world, MAAS was told about a narrow range of address space it
was allowed to manage, and that was that. If you wanted to expand the address
space MAAS was allowed to manage, but you weren’t able to add to your existing
contiguous range, you were out of luck.

The Renaissance: MAAS 2.0 (Introduction of IP ranges)

When MAAS 2.0 was released, the concept of a static range was deprecated.
MAAS began assuming that if it was a MAAS-managed network, MAAS had full
control over the address space.

If you’ve ever managed IP addresses on a network, you might be wondering how
MAAS could possibly be smart enough to allocate IP addresses on your network,
without any hint of which addresses might or might not be in use. It seems like
an impossible task. You would be right to worry that MAAS might assign IPs
to your machines that are already in-use on the network.

That’s one reason why Reserved IP ranges were introduced. Reserved IP
ranges are optional. If you specify a reserved range, that tells MAAS it’s
not okay to assign automatic IP addresses within it.

Then, to prevent MAAS from stepping all over address space it might or might
not really have control over, when MAAS 1.x users upgrade to MAAS 2.x, their
static ranges get migrated to their opposite in terms of reserved ranges.
This is a little confusing, so it might better be illustrated as follows:

  MAAS 1.x ---------[migration]--> MAAS 2.x
+------------------------+       +------------------------+
| Subnet: 192.168.0.0/24 |       | Subnet: 192.168.0.0/24 |
+------------------------+       +------------------------+
| Router: 192.168.0.1    |       | Router: 192.168.0.1    |
| MAAS: 192.168.0.2      |       | MAAS: 192.168.0.2      |
+------------------------+       +------------------------+
| Dynamic range:         |       | Reserved range:        |
|   192.168.0.20 -       |  +--> |   192.168.0.1 -        |
|     192.168.0.89       |  |    |     192.168.0.19       |
+------------------------+  |    +------------------------+
| Static range:          |  |    | Dynamic range:         |
|   192.168.0.100 -      |--+    |   192.168.0.20 -       |
|     192.168.0.199      |  |    |     192.168.0.89       |
+------------------------+  |    +------------------------+
                            |    | Reserved range:        |
                            +--> |   192.168.0.90 -       |
                            |    |     192.168.0.99       |
                            |    +------------------------+
                            |    | Reserved range:        |
                            +--> |   192.168.0.200 -      |
                                 |     192.168.0.254      |
                                 +------------------------+

As you can see, the static range is gone! It’s been replaced by three reserved
ranges, to form an equivalent configuration. So migrating from MAAS 1.x to
MAAS 2.x preserved the user’s intent to only allow MAAS to assign IP addresses
on the subnet in the previous static range.

In addition, MAAS 2.x can support more than one range of each type per subnet.
That means if you run out of space in your dynamic range, you can specify
a second (non-contiguous) range to use.

But what if you didn’t upgrade, and don’t have the reserved ranges configured?

MAAS 2.0+ uses IP range usage calculations to determine which IP addresses on
a subnet are available for use. When users allocate an AUTO IP address to a
machine, MAAS looks at which IP addresses are in-use on a subnet, chooses an
unused address, and assigns it to a machine.

This was great if MAAS knows about everything on your subnet, or is otherwise in
full control. But there was still concern that MAAS might allocate IP addresses
that were already in-use on the network.

The Age of Enlightenment: MAAS 2.1 (Network Discovery)

In MAAS 2.1, network discovery was introduced. This allows MAAS to listen to
(and/or actively probe) the network, to gather enough information (from the ARP
protocol) to determine which addresses are actually in-use on the network.

In this way, MAAS can avoid the most recently used IP addresses when assigning
automatic IP addresses to machines.

MAAS also presents discovered devices prominently in the UI, to help users
ensure that MAAS is appropriately informed about devices on the network whose
IP addresses should never be allocated.

The Industrial Revolution: MAAS 2.2 (Managed Allocation)

While MAAS 2.1 seemed to be feature-complete in terms of the ability to meet
users’ requirements for various network configurations, it was also cumbersome
to do what used to be easy in MAAS 1.x: tell MAAS “only manage this
specific
address range”.

That’s why MAAS 2.2 introduced the concept of managed allocation.
(Sometimes referred to by its inverse definition, unmanaged subnets.)

If you browse to a subnet details page in the MAAS UI, every subnet has a
managed allocation setting. (By default, it is enabled.) If you disable
managed allocation, MAAS assumes it DOES NOT control IP allocation on the
network.

It also has a useful side-effect: it changes the meaning of the Reserved
IP range. When a subnet is unmanaged, (that is, if Managed allocation is
disabled) each Reserved IP range will be treated as the only IP address
range MAAS is allowed to allocate IP addresses from
. This is useful when
using MAAS in environments MAAS does not fully control, such as when
a network administrator gives out a few IP addresses for use with MAAS on a
subnet.

For example, I might have a MAAS machine with two NICs: one on a tightly
controlled DMZ network, and one on my own test network. It would make sense for
me to allow MAAS to manage allocation on my test network. For the DMZ network,
I can simply switch off the Managed allocation setting, create reserved
IP ranges for the range(s) my network administrator has assigned me on the
network, and I’m done. (With MAAS 2.1, you would need to create reserved ranges
for anything not assigned to MAAS.)


Note: This post was originally found on my personal blog, but I’ve copied it here for safe keeping.