Create and manage an IPAM - Virtual Private Cloud - Alibaba Cloud Documentation Center

IP Address Manager (IPAM) allows you to globally manage IP addresses. After you create an IPAM, you can create a private scope for the IPAM. Each private scope represents an independent address scope. You can create IPAM pools in a private scope to manage and assign IP addresses. This topic describes how to create and manage an IPAM and its private scopes.

Create an IPAM

Log on to the IPAM console.
In the top navigation bar, select the region where you want to create an IPAM.

On the IPAM page, click Create IPAM. Specify the following parameters. You can use the default values or custom values for other parameters.

Parameter

Description

Effective Region

Select an effective region for the IPAM.

You must select at least one effective region and the effective regions must include the region where the IPAM is deployed.

Note

You cannot delete the region where the IPAM is deployed.

Create a private scope

Before you create a scope, take note of the following information:

After you create an IPAM, the system automatically creates a public scope and a private scope. You cannot delete the private or public scope.
The public scope cannot be allocated or used.
You can create only private scopes.
CIDR blocks within the same scope cannot overlap with each other. CIDR blocks in different scopes can overlap with each other.

Log on to the IPAM console.
In the top navigation bar, select the region where you want to create a scope. In the left-side navigation pane, click IPAM Scope.
On the IPAM Scope page, click Create Scope. Specify the following parameters. You can use the default values or custom values for other parameters.
Parameter
Description
IPAM
The system automatically displays the IPAM to which the scope belongs.
Scope Type
The system automatically displays the scope type. Only private is supported.

Resource monitoring

IPAM provides monitoring for IP addresses, including continuous monitoring for IP address usage, CIDR block compliance, and address conflicts. This ensures that you can expand your pool, handle IP address conflicts, improve address usage, and enhance network stability and security.

On the IPAM Scope page, click the IPAM ID or click Manage in the Actions column to view the following information about the IPAM scope: resource CIDR blocks, hosting status, overlapping status, and compliance status.

Resource information

Resource Type:
- IPAM Pool: CIDR blocks within the scope are allocated to subpools.
- VPC: CIDR blocks within the scope are allocated to VPCs.
- vSwitch: CIDR blocks within the scope are allocated to vSwitches.
- Custom Allocation: CIDR blocks within the scope are reserved for your use.
Management Status:
- Hosted: The CIDR block of the resource is allocated from the IPAM pool.
- Unhosted: The CIDR block of the resource is not allocated from the IPAM pool.
- Ignored: The system does not monitor whether the CIDR block of the resource is allocated from the IPAM pool.

Compliance Status:
- Compliant: The CIDR block of the resource complies with the allocation rules of the IPAM pool.
- Non-compliant: The CIDR block of the resource does not comply with the allocation rules of the IPAM pool.
- Unhosted: The CIDR block of the resource is not allocated from the IPAM pool.

Overlap Status:
- Overlapping: The CIDR block of the resource overlaps with the CIDR blocks within the scope.
- Nonoverlapping: The CIDR block of the resource does not overlap with the CIDR blocks within the scope.
Address Usage:
- VPC: The percentage of the vSwitch address space to the total VPC address space.
- vSwitch: The percentage of the vSwitch address space to the total vSwitch address space.

Overview: Click the Overview tab to view the following information within the private scope: resource CIDR blocks, hosting status, overlap status, and compliance status. The information is displayed in doughnut charts.
Resource Management: Click the Resource Management tab to view the following information within the private scope: resource types, CIDR blocks, management status, and compliance status.
- VPC Resource: Click the VPC ID to view the following information within the private scope: CIDR block allocation, overlap status, and VPC address usage.
  VPC resource descriptions
  - VPC Details: displays the following information: CIDR blocks and vSwitches associate with the VPC, management status, overlap status, compliance status, and IPv4 address usage.
  - IP Address Usage: displays the CIDR block usage, allocation status, and overlap status.
  - Resource CIDR Block: displays the CIDR block allocation, address usage, and owner account ID.
  - Compliance: displays the compliance status of the network mask.
  - Monitoring Chart: displays address usage of the VPC in a time series chart.
- vSwitch Resource: Click the vSwitch ID to view the following information within the private scope: CIDR block usage, IP address usage, and total number of IP addresses.
  vSwitch resource description
  - CIDR: displays the total number of IP addresses and address usage of the vSwitch.
  - Monitoring Chart: displays the address usage of the vSwitch in a time series chart.
IPAM Pool: Click the IPAM Pool tab to view the following information about the pool: the effective region, CIDR blocks, and IP version.
Monitoring Chart: Click the Monitoring Chart tab to view the following information within the private scope in a time series chart: hosting status, overlap status, compliance status, and number of CIDR blocks.

Resource discovery

The resource discovery feature can automatically identify and track IP address usage. You can use this feature to discover and manage VPC CIDR blocks and vSwitch CIDR blocks in a hosted region, including addresses that are not assigned from an IPAM pool. When you create an IPAM, the system creates a resource discovery by default and associates the resource discovery with the IPAM.

Note

The effective region of the default resource recovery is the same as that of the IPAM and cannot be changed.
To delete the default resource discovery, you must delete the IPAM.
You can use resource discoveries to monitor the following resource types: VPC CIDR block and vSwitch CIDR block.
The update frequency of resource discoveries is 5 minutes.

Log on to the IPAM console.
In the top navigation bar, select the region of the IPAM pool.

You can perform the following operations as needed.

View resource discovery details

In the left-side navigation pane, click Resource Discovery.
Click the ID of the resource discovery to go to the details page. You can view the basic information about the resource discovery on the details page.
The Default column indicates whether the resource discovery is created by default.
You can view the following information on the details page:
- Discovered Resource: displays the discovered resources.
  You can use resource discoveries to monitor the following resource types: VPC CIDR block and vSwitch CIDR block.
  You can check the CIDR blocks, and IP address usage of discovered resources. This allows you to optimize and adjust address planning.
- Region: the effective region of the resource discovery.

View the association between an IPAM and a resource discovery

In the top navigation bar, select the region of the IPAM pool. In the left-side navigation pane, click IPAM.
Click the ID of the IPAM to go to the details page. On the Associated Resource Discovery tab, you can view the basic information about the resource discoveries associated with IPAM and check whether a resource discovery is created by default.

What to do next

Log on to the IPAM console.
In the top navigation bar, select the region of the IPAM.

You can perform the following operations as needed.

Add and delete an effective region

On the IPAM page, find the IPAM and use one of the following methods to add an effective region:

Click the IPAM ID. On the Effective Region tab, click Add Effective Region.
In the Actions column, click Manage. On the Effective Region tab, click Add Effective Region.
In the Actions column, choose > Add Effective Region.

To delete an effective region, find the region on the Effective Region tab and click Delete in the Actions column.

Note

Before you delete an effective region, take note of the following information:

You cannot delete the region where the IPAM is deployed.
Make sure that all IPAM pools in the region are deleted. For more information about how to delete an IPAM pool, see Create and manage IPAM pools.

Add and delete a scope

Find the IPAM and choose > Add Scope in the Actions column.
In the Create Scope dialog box, set the required parameters to create a private scope. For more information, see Create an IPAM scope.

To delete a scope, find the scope and click Delete in the Actions column.

Note

Before you delete an IPAM scope, take note of the following information:

The public scope and private scope created by the system cannot be deleted.
Make sure that all IPAM pools within the scope are deleted. For more information about how to delete an IPAM pool, see Delete an IPAM pool.

Delete an IPAM

To delete an IPAM, find the IPAM and click Delete in the Actions column.

Note

Before you delete an IPAM, make sure that the following requirements are met:

All IPAM pools within the IPAM are deleted. For more information about how to delete an IPAM pool, see Delete an IPAM pool.
All custom scopes within the IPAM are deleted. For more information about how to delete a custom scope, see Delete an IPAM scope.

References

For more information about the features, limits, and billing of IPAM, see IPAM.
For more information about how to create and manage IPAM pools in private scopes, see Create and manage IPAM pools.

Parameter	Description
IPAM	The system automatically displays the IPAM to which the scope belongs.
Scope Type	The system automatically displays the scope type. Only private is supported.