=======================================
Managing IP allocations and delegations
=======================================

.. note::
    IPv6 addresses are not managed using allocations and delegations at this time

To familiarize yourself with the ideas behind IP management in SD-WAN,
please read `IP management <ip-management.html>`__. This document describes how
to add, edit, and remove IP allocations and delegations.

In general, IP management aids in the distribution of **public** IPs
between spaces. It is usually not necessary to create IP allocations for
**private** IPs.

IP management is performed through two types of resources:

-  Group allocations relate to the network design at datacentres or
   routing groups. They refer to IP networks that can be routed to
   certain routing groups. For example, if a partner routes the
   198.51.100.0/24 network to a datacentre in Vancouver, they should
   have a Vancouver routing group, and create an IP allocation record
   for 198.51.100.0/24 valid at the Vancouver routing group. A space
   with no routing groups cannot create IP allocations.
-  Delegated allocations relate to permission given to certain spaces to
   use certain IP networks. For example, if a partner operates the
   198.51.100.0/24 network, they could delegate 198.51.100.0/28 to a
   child space, allowing administrators in the child space the right to
   assign IPs from 198.51.100.0/28 to their own bonds. Bonds in the
   child space could not be assigned any IPs outside the 198.51.100.0/28
   network. A space with no child spaces cannot delegate IP networks.

Note that while SD-WAN has the capability to track allocated
networks of any size—it can track any number of /32 IPs—tracking large
numbers of networks may be considered a management burden. It could
require creating an IP allocation or delegation record before creating
any connected IP, CPE NAT IP, route, or private WAN rule. This could
especially be the case if IPs for bonds are mixed with IPs for
non-SD-WAN hosts, as an ideal configuration in this scenario
would have many /32, /30, /29, etc. networks instead of a single /26,
/25, or /24 network. To avoid managing too many IP allocations, you
could allocate a large network in SD-WAN even if certain
networks within the subnet are reserved for non-SD-WAN use. If
you use this method, take care to manage all IP reservations in your
existing IP tracking system.

Group allocations
------------------

Adding a group allocation
--------------------------

To add a group allocation, navigate to the IP tab of the space that
operates the route. Then click "Add allocation." This button is
unavailable if the space has no routing groups. The "Add allocation"
button opens a dialog such as this:

|image0|

Type the network address with a CIDR netmask, select the routing groups
that can announce the network, and click "Add allocation." The
allocation will be added.

After adding the allocation, IPs in the network can be assigned to bonds
in the space that are assigned to aggregators in the valid routing
groups. For example, given the 198.18.0.0/24 example above, if a bond in
the space was assigned to an aggregator in Vancouver or New York, it
could be given IPs in 198.18.0.0/24. Bonds assigned to an aggregator in
Dallas (either primary or secondary) could not be given IPs from
198.18.0.0/24, because that subnet is not valid at Dallas.

To allow a bond in a child space of the space to use the allocated IPs,
add a delegated allocation, described below.

Reviewing allocation availability
----------------------------------

SD-WAN tracks the usage of each allocation and delegation. In
the list of allocations, the availability column shows the percentage of
the network still available. For example, if 198.51.100.0/26 is used
from 198.51.100.0/24, then the allocation is 75% free. 0% availability
indicates the allocation is completely used.

Click the "Details" link to show a map of what IPs are available (blue),
what IPs are used by bonds in the space (red), and what IPs are
delegated to a child space (grey). The availability map is available for
/24 and smaller networks.

|image1|

Click on a used IP to show the bond that uses it:

|image2|

And click on a delegated IP to see the space to which it's been
delegated:

|image3|

Updating a group allocation
----------------------------

To change the network or routing groups of an allocation, click its
Actions menu and then click Edit. You cannot enlarge the network if the
updated network would collide with an existing allocation, nor can you
shrink it if the change would cause used or delegated IPs to be outside
of the allocation, nor can you remove a routing group if bonds assigned
to an aggregator in the routing group have used IPs from the allocation.

Merging a group allocation
---------------------------

Two allocations can be merged into a single allocation if the following
apply:

-  The allocations are adjacent (for example, 198.18.0.128/26 and
   198.18.0.192/26)
-  The allocations are the same size (for example, both are /26)
-  The merged allocation would include exactly the same IPs as the two
   original allocations (for example, 198.18.0.128/26 and
   198.18.0.192/26 could be merged, because the merged network
   198.18.0.128/25 includes exactly the same IPs, but 198.18.0.64/26 and
   198.18.0.128/26 couldn't be merged because 198.18.0.64/25 isn't a
   real network—198.18.0.64/25 refers to a host address in the
   198.18.0.0/25 network, which isn't the same set of IPs as the two
   original allocations)

To merge two allocations, click the Actions button of either allocation
and click Merge. If the allocation can be merged with another
allocation, a confirmation will be presented.

A merged allocation is valid at each of the routing groups where the two
original allocations were valid.

Deleting a group allocation
----------------------------

To delete an allocation, click the allocation's Action button, click
Delete, and accept the confirmation. An allocation can only be deleted
if it is not used by any bonds and is not delegated to any spaces.

Delegated allocations
----------------------

Delegating a network from a group allocation
---------------------------------------------

To delegate a network from a group allocation to a child space, navigate
to the IPs tab of the space that has the group allocation. Click the
parent allocation's Actions menu, then click Delegate. The delegation
dialog opens:

|image4|

Type the network address with a CIDR netmask, select the target space of
the delegation, and click Delegate. The network will be delegated to the
space.

After delegating the network, IPs in the network can be assigned to
bonds in the target space that are assigned to aggregators in the parent
allocation's valid routing groups. For example, given the 198.18.0.0/24
example above, with 198.18.0.0/28 delegated to a child space, if a bond
in the target space was assigned to an aggregator in Vancouver or New
York, it could be given IPs in 198.18.0.0/28. Bonds assigned to an
aggregator in Dallas (either primary or secondary) could not be given
IPs from 198.18.0.0/28, even though the subnet is delegated to the
space, because that subnet is not valid at Dallas.

Delegating a delegation
------------------------

Networks delegated from a parent network can be further delegated to a
grandchild space. To do so, navigate to the IPs tab of the space that
has been delegated the IP (not the space that has the original group
allocation), find the delegated network, and click Delegate. Type the
network address with a CIDR netmask, select the target space of the
delegation, and click Delegate. The network will be delegated to the
space.

Reviewing delegation availability
----------------------------------

Similar to group allocation availability, delegation availability is
shown as a column in the delegations table as well as a map of free,
used, and further delegated networks. For more information, refer to the
allocation documentation above.

Updating a delegated allocation
--------------------------------

To change the network or target child of a delegation, click its Actions
menu and then click Edit. You cannot enlarge the network if the updated
network would collide with an existing delegation, nor can you shrink it
if the change would cause used or delegated IPs to be outside of the
allocation, nor can you change the target child if bonds in the target
space have used IPs from the delegation.

Merging a delegated allocation
-------------------------------

Similar to merging group allocations, delegated allocations can be
merged in certain circumstances. In addition to the requirements for
merging allocations described above, two adjacent delegations must be
for the same target space in order to be eligible for merging.

Deleting a delegated allocation
--------------------------------

To delete an allocation, click the delegation's Action button, click
Delete, and accept the confirmation. A delegation can only be deleted if
it is not used by any bonds and is not further delegated to any spaces.


.. |image0| image:: /attachments/11667043/11667496.png
.. |image1| image:: /attachments/11667043/11667497.png
.. |image2| image:: /attachments/11667043/11667498.png
.. |image3| image:: /attachments/11667043/11667500.png
.. |image4| image:: /attachments/11667043/11667514.png
