On the Origin of IP Ranges in MAAS

In this post, I'd like to discuss the history of IP Ranges in MAAS. IP ranges have evolved significantly in the years that I've worked on MAAS.

If you've found this post, you might be confused about the various concepts related to IP ranges in MAAS. I hope after reading this, you'll understand the difference between static ranges, dynamic ranges, and reserved ranges -- and how they relate to device discovery and managed allocation in MAAS.

I'll start from the beginning, as I know it.

The Dark Ages: MAAS 1.x (Simple Static and Dynamic Ranges)

A long, long time ago, MAAS allowed users to configure their managed networks with two types of ranges: Static and Dynamic. The static range was used for allocating automatic (or AUTO) IP addresses in MAAS, while the dynamic range was the sole range used for DHCP.

In this simple world, MAAS was told about a narrow range of address space it was allowed to manage, and that was that. If you wanted to expand the address space MAAS was allowed to manage, but you weren't able to add to your existing contiguous range, you were out of luck.

The Renaissance: MAAS 2.0 (Introduction of IP ranges)

When MAAS 2.0 was released, the concept of a static range was deprecated. MAAS began assuming that if it was a MAAS-managed network, MAAS had full control over the address space.

If you've ever managed IP addresses on a network, you might be wondering how MAAS could possibly be smart enough to allocate IP addresses on your network, without any hint of which addresses might or might not be in use. It seems like an impossible task. You would be right to worry that MAAS might assign IPs to your machines that are already in-use on the network.

That's one reason why Reserved IP ranges were introduced. Reserved IP ranges are optional. If you specify a reserved range, that tells MAAS it's not okay to assign automatic IP addresses within it.

Then, to prevent MAAS from stepping all over address space it might or might not really have control over, when MAAS 1.x users upgrade to MAAS 2.x, their static ranges get migrated to their opposite in terms of reserved ranges. This is a little confusing, so it might better be illustrated as follows:

  MAAS 1.x ---------[migration]--> MAAS 2.x
+------------------------+       +------------------------+
| Subnet: 192.168.0.0/24 |       | Subnet: 192.168.0.0/24 |
+------------------------+       +------------------------+
| Router: 192.168.0.1    |       | Router: 192.168.0.1    |
| MAAS: 192.168.0.2      |       | MAAS: 192.168.0.2      |
+------------------------+       +------------------------+
| Dynamic range:         |       | Reserved range:        |
|   192.168.0.20 -       |  +--> |   192.168.0.1 -        |
|     192.168.0.89       |  |    |     192.168.0.19       |
+------------------------+  |    +------------------------+
| Static range:          |  |    | Dynamic range:         |
|   192.168.0.100 -      |--+    |   192.168.0.20 -       |
|     192.168.0.199      |  |    |     192.168.0.89       |
+------------------------+  |    +------------------------+
                            |    | Reserved range:        |
                            +--> |   192.168.0.90 -       |
                            |    |     192.168.0.99       |
                            |    +------------------------+
                            |    | Reserved range:        |
                            +--> |   192.168.0.200 -      |
                                 |     192.168.0.254      |
                                 +------------------------+

As you can see, the static range is gone! It's been replaced by three reserved ranges, to form an equivalent configuration. So migrating from MAAS 1.x to MAAS 2.x preserved the user's intent to only allow MAAS to assign IP addresses on the subnet in the previous static range.

In addition, MAAS 2.x can support more than one range of each type per subnet. That means if you run out of space in your dynamic range, you can specify a second (non-contiguous) range to use.

But what if you didn't upgrade, and don't have the reserved ranges configured?

MAAS 2.0+ uses IP range usage calculations to determine which IP addresses on a subnet are available for use. When users allocate an AUTO IP address to a machine, MAAS looks at which IP addresses are in-use on a subnet, chooses an unused address, and assigns it to a machine.

This was great if MAAS knows about everything on your subnet, or is otherwise in full control. But there was still concern that MAAS might allocate IP addresses that were already in-use on the network.

The Age of Enlightenment: MAAS 2.1 (Network Discovery)

In MAAS 2.1, network discovery was introduced. This allows MAAS to listen to (and/or actively probe) the network, to gather enough information (from the ARP protocol) to determine which addresses are actually in-use on the network.

In this way, MAAS can avoid the most recently used IP addresses when assigning automatic IP addresses to machines.

MAAS also presents discovered devices prominently in the UI, to help users ensure that MAAS is appropriately informed about devices on the network whose IP addresses should never be allocated.

The Industrial Revolution: MAAS 2.2 (Managed Allocation)

While MAAS 2.1 seemed to be feature-complete in terms of the ability to meet users' requirements for various network configurations, it was also cumbersome to do what used to be easy in MAAS 1.x: tell MAAS "only manage this specific address range".

That's why MAAS 2.2 introduced the concept of managed allocation. (Sometimes referred to by its inverse definition, unmanaged subnets.)

If you browse to a subnet details page in the MAAS UI, every subnet has a managed allocation setting. (By default, it is enabled.) If you disable managed allocation, MAAS assumes it DOES NOT control IP allocation on the network.

It also has a useful side-effect: it changes the meaning of the Reserved IP range. When a subnet is unmanaged, (that is, if Managed allocation is disabled) each Reserved IP range will be treated as the only IP address range MAAS is allowed to allocate IP addresses from. This is useful when using MAAS in environments MAAS does not fully control, such as when a network administrator gives out a few IP addresses for use with MAAS on a subnet.

For example, I might have a MAAS machine with two NICs: one on a tightly controlled DMZ network, and one on my own test network. It would make sense for me to allow MAAS to manage allocation on my test network. For the DMZ network, I can simply switch off the Managed allocation setting, create reserved IP ranges for the range(s) my network administrator has assigned me on the network, and I'm done. (With MAAS 2.1, you would need to create reserved ranges for anything not assigned to MAAS.)