1. What exactly is IPAM?
Every connected device needs an address so other systems can reach it. In a company network, laptops, servers, cameras, printers, routers and applications all depend on reliable addressing.
IPAM, or IP Address Management, is the discipline and tooling used to organize subnets, ranges, addresses, statuses, owners and history. It prevents two devices from using the same address and gives teams a shared source of truth.
Without IPAM, information spreads across spreadsheets, DHCP consoles, DNS files and individual memory. With IPAM, network teams can see what is allocated, what is free, who owns it and how it changed over time.
2. IP addressing basics
IPv4 vs IPv6: two address generations
IPv4 uses 32-bit addresses such as 192.168.1.10. It is still widely used, but its public address space is limited, which is why private ranges and NAT became common in enterprise networks.
IPv6 uses 128-bit addresses and changes the scale of planning. The address space is huge, but teams still need naming rules, prefix hierarchy, routing documentation and security segmentation.
How an IP address is structured
An IP address is usually understood through a network part and a host part. In 192.168.1.10/24, the /24 indicates that the first 24 bits identify the network while the remaining bits identify the host.
Subnets and masks
Subnets divide an address plan into manageable areas: sites, VLANs, server zones, Wi-Fi, DMZ, management networks or cloud environments. They make routing, security and ownership easier to understand.
A subnet mask or CIDR prefix tells how many bits belong to the network. A /24 IPv4 subnet contains 256 addresses, with 254 generally usable for hosts.
Private and public addresses
Private addresses are used inside organizations and are not routed directly on the public Internet. Public addresses are globally routable and require stronger documentation because they expose services.
IP address: 192.168.1.10
/24 mask: 255.255.255.0
Network ID = 192.168.1.0
| CIDR mask | Usable hosts | Typical use case |
|---|---|---|
| /24 | 254 | Standard company network |
| /25 | 126 | Department or floor |
| /26 | 62 | Small team or meeting area |
| /27 | 30 | Small office or lab |
| /28 | 14 | IoT or camera network |
| /29 | 6 | Point-to-point connection |
| /30 | 2 | Link between two routers |
| Characteristic | Private addresses | Public addresses |
|---|---|---|
| Ranges | 10.0.0.0/8 · 172.16.0.0/12 · 192.168.0.0/16 | All other ranges |
| Routability | Not routed on the Internet | Routed on the Internet |
| Assignment | Internal, without public registry | Via ISP or RIR such as RIPE NCC |
| Usage | Local networks and internal services | Web servers and exposed services |
| Security | Usually protected by NAT and firewalling | Exposed, requiring explicit protections |
3. DHCP, DNS and IPAM: the DDI building blocks
DHCP: automatic network configuration
DHCP gives devices their network parameters automatically: IP address, subnet mask, gateway, DNS servers and lease duration. It reduces manual configuration and makes large environments easier to operate.
Discover
The device broadcasts a request to find a DHCP server.
Offer
The server offers an available IP address.
Request
The device accepts the offer and formally requests it.
Acknowledge
The server confirms and sends all network parameters.
DNS: names that humans can use
DNS translates names into IP addresses. When DNS documentation is linked to IPAM, teams reduce inconsistencies between address allocation and service naming.
- A/AAAA records map a name to an IPv4 or IPv6 address.
- PTR records provide reverse resolution from an IP address to a name.
- DNSSEC cryptographically signs records to reduce DNS cache poisoning risks.
DDI: DHCP, DNS and IPAM together
DDI is the combination of DNS, DHCP and IPAM. Creating a server may require an IP allocation, a DNS record, a DHCP reservation, a CMDB link and a change record.
4. Best practices for reliable IPAM
Centralize everything
Centralize data first. A single repository means everyone works with the same rules and the same trusted information.
Automate what can be automated
Imports, API access and periodic reviews prevent teams from relying only on manual updates, especially in cloud, virtualization and DHCP-heavy environments.
Example 2: each VM deployment creates an IP in teemIP with a link to the iTop CMDB.
Security and governance
IPAM supports security by making unknown addresses, sensitive zones, management networks, exposed services and segmentation boundaries easier to see.
Naming, lifecycle and data quality
Naming conventions, statuses and periodic reviews keep the repository readable. Without owners and lifecycle rules, obsolete data accumulates and the IPAM loses credibility.
5. Common challenges
Challenge 1: multi-site management
Multi-site organizations often discover overlapping ranges, inconsistent naming and local exceptions. IPAM helps normalize these situations without losing operational continuity.
Challenge 2: IPv6 transition
Dual-stack environments require both IPv4 and IPv6 to be documented together, otherwise teams troubleshoot with only half the picture.
Challenge 3: dynamic environments and data quality
Before trusting the repository, test real cases: an IP from a log, a DHCP reservation, a DNS record, a remote-site subnet and an exposed public address.
A practical IPAM project should also define what each status means. Planned, reserved, active, deprecated and free must be used consistently, otherwise two teams can read the same repository differently and make conflicting decisions.
Data quality is easier to maintain when every critical object has a minimum set of fields: owner, site, organization, service context, creation date and last review. Optional comments are useful, but they should not replace structured information.
For DHCP-heavy environments, the repository should distinguish dynamic pools from explicit reservations. This helps teams understand whether a visible address is expected, temporary, unmanaged or tied to a known asset.
For public addresses, the operational stakes are higher. They often appear in firewall rules, certificates, monitoring alerts, provider contracts and exposure reviews, so ownership and lifecycle information must be especially clear.
CMDB links make the repository more useful outside the network team. Support, security, application and audit teams can start from an IP address and reach the service, owner and business context without rebuilding the chain manually.
Finally, IPAM governance should be tested through real workflows: a new subnet request, a server migration, a DNS cleanup, a decommissioning operation and an incident investigation. These scenarios reveal whether the model is simple enough for daily use.
Conclusion
IPAM is not just an address inventory. It is the backbone of network governance because it connects addressing to services, devices, owners, DNS, DHCP, security and change management.
Choosing an open solution such as teemIP means keeping control over deployment, data and integration while building a reliable repository step by step.
Ready to regain control of your network?
teemIP is open source, deployable on your infrastructure and available with professional assistance.
Request a guided demo