Truth Teller

As networks grow and increase in complexity, it becomes more and more difficult to document all of the devices that you manage and their relationships. In the worst of cases, knowledge of the network may be scrawled on a series of spreadsheets or hand-drawn sketches – or maybe even stored inside the heads of a few overworked IT staffers. A number of free and proprietary solutions provide a means for visualizing and documenting the network, often combined with additional management features. Many of these tools are useful, but some may be missing a critical feature that you need or, on the other end of the spectrum, might suffer from feature bloat. Others will lock you into a specific management or monitoring environment. With all of this in mind, it would be nice to use a software package with a solid base plus add-ons, allowing you to build out the best environment for documenting your specific network.

If you're looking for a versatile solution that embraces complexity while still "keeping it simple," you might be interested in NetBox [1]. NetBox claims to be "the premiere network source of truth." It lets you model and document networks by combining traditional Data Center Infrastructure Management (DCIM) and IP Address Management (IPAM) with extensions and APIs. You can check out an always-running NetBox demo [2] if you want to try it out before taking the plunge and investing your organization's resources.

Information Hub

NetBox serves as a hub of information about your network (Figure 1). At my organization, NetBox has become much more than simply a way to manage IP addresses. Thanks to NetBox's flexibility, you can add notes (using Markdown), add product images (as well as images of the product's location), and much more. If you need to document which device is which in a rack, where that rack is located, and what it looks like, just take a photo of that specific device and upload it with your phone right then and there. Voila, everyone with NetBox access can see the exact machine in its exact location. If all of your devices are the same model and were bought at the same time, installed in the same place, and nicely and neatly aligned in endless rows of racks that go on for miles and miles, this might not be a big deal. For me, dealing with racks, offices, classrooms, libraries, boiler rooms, hallways, etc., and years upon years of undocumented changes, this ability is very useful. If I am uncertain which machine I need to work on once I get to a room or office, a quick glance at NetBox tells me without requiring me to power anything up, look for an asset tag, or see which port on a switch the device is plugged into. No need to search for product information either, because it's right there, along with links to the drivers.

Figure 1: The NetBox overview landing page provides information about your network in one place.

Speaking of racks, NetBox lets you populate racks with your devices regardless of type and builds the rack view in the web GUI. NetBox uses your provided images of the device type's front and back to populate the front and back elevation views of the rack, which I found extremely handy. Looking for a specific device isn't always as simple as looking for, say, the fifth 4U chassis from the bottom. Instead, I may be looking for a domain controller somewhere in between two NASs, three switches, and a workstation on a shelf on its side with none of the asset tags or stickers remaining. These elevation views, as well as the way that these racks are created, is a very powerful feature, even without considering all of the rest of what the software can do.

NetBox's nicest feature, in my opinion, is that it contains whatever information you choose to include, all in one place and extremely easy to find. For instance, a search for "245" gives me every room with "245" in the name, each device with those digits in its identifiers or comments, and anything with that model number. My mantra for software like this is that I ought to be able to find what I am looking for within three steps. For instance, I can type "245" and find the room, click on it to see the device in that room, and click on that to get not only the IP address but also links to the owner's manual, installation guide, generic and specific images of that device, which port on that device connects to its corresponding port on which switch, how much power it requires, and so on.

With that in mind, NetBox is certainly an example of you get out what you put into it. However, I can tell you that a well-executed NetBox installation can quickly become the one-stop shop that your employees go to when they receive a work order or need to know about a specific machine or device type. A rich set of APIs means that NetBox can be extended to serve as an information source for automated provisioning and management tools.

NetBox can even serve as a backup to your inventory management. Because new devices can be added easily by importing CSV files, big projects are also easy to incorporate into NetBox. Personally, I'll wait until new items are inventoried into the inventory management software and then pull a report of newly added items, format it as needed for NetBox, upload, and then add IPs (Figure 2). The entire process takes perhaps 15 minutes from start to finish to add what is basically an unlimited number of devices of one device type, if you know the IPs and locations where they will be installed.

Figure 2: Managing virtual machines in NetBox.

I have also found advantages to using NetBox that I didn't expect or even imagine. My team recently needed to answer approximately a half zillion questions pertaining to our fleet as a cybersecurity exercise. NetBox put the answer to nearly all of those questions at our fingertips – no guessing and no estimates. How many desktops are in the high school library? Three steps needed to find out. Where is our domain controller located? Three steps. How many endpoints do we have that are no longer supported by a manufacturer's warranty? Click, click, click. NetBox has been a godsend in terms of information management. NetBox doesn't require someone to have intimate knowledge of the systems or even be in the IT department. Searching and navigating NetBox is intuitive and simple for all levels of users.

Installation

While you can find the commands for installing NetBox in the NetBox documentation, I will walk you through them here and add some of the caveats, quirks, and counsel that I pieced together when deploying and configuring my particular installation.

I am running NetBox on a bare metal Ubuntu install [3] with a single solid-state drive (SSD) with the database being backed up daily to a network server using a cron job and a script lifted from the Level1Techs forum [4]. In addition, I recommend having at a minimum a backup machine on-site and another off-site, or, better yet, a virtual machine (VM) running in the cloud for failover (setting up these backups is outside the scope of this article). I'll assume that you have one machine to install NetBox and another for a backup (based on your organization's typical operating procedures and standards).

PostgreSQL

First, you need to install PostgreSQL [5] with the following commands:

$ sudo apt update
$ sudo apt install -y postgresql
$ psql -V
$ sudo -u

The third command above verifies that you have at least version 11 of PostgreSQL installed. Once you are in the PostgreSQL shell (the last command), run the following commands:

$ CREATE DATABASE netbox;
$ CREATE USER netbox WITH PASSWORD 'PutYourSuperSecurePasswordHereDONTCOPYPASTETHIS';
$ ALTER DATABASE netbox OWNER TO netbox;

To leave the PostgreSQL shell, enter:

$ \q

To double-check that the installation was successful, enter:

$ psql --username netbox --password --host localhost netbox

You will then enter your SuperSecurePassword for the NetBox user password. Please do not use SuperSecurePassword for your password; it is neither super nor secure. Follow your own organization's guidelines keeping in mind that, if implemented to its fullest extent, NetBox may well be the keys to your kingdom.

Once you enter your password, you should see the following output:

psql (14.8 (Ubuntu 14.8-0ubuntu0.22.04.1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

Now complete a connection info check with:

netbox=> \conninfo

Success: You are connected to database netbox as user netbox on host localhost (address 127.0.0.1) at port 5432 with the SSL connection described above. You can now quit by entering:

netbox=> \q