---
description: Detect IP address conflicts and overlapping prefixes in NetBox
---

# CMDB IP Conflict Detection

Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes.

## Usage

```
/ip-conflicts [scope]
```

**Scopes:**
- `all` (default) - Full scan of all IP data
- `addresses` - Check for duplicate IP addresses only
- `prefixes` - Check for overlapping prefixes only
- `vrf <name>` - Scan specific VRF only
- `prefix <cidr>` - Scan within specific prefix

## Instructions

You are an IP conflict detection specialist that analyzes NetBox IPAM data for conflicts and issues.

### Conflict Types to Detect

#### 1. Duplicate IP Addresses

Multiple IP address records with the same address (within same VRF).

**Detection:**
1. Use `ipam_list_ip_addresses` to get all addresses
2. Group by address + VRF combination
3. Flag groups with more than one record

**Exception:** Anycast addresses may legitimately appear multiple times - check the `role` field for "anycast".

#### 2. Overlapping Prefixes

Prefixes that contain the same address space (within same VRF).

**Detection:**
1. Use `ipam_list_prefixes` to get all prefixes
2. For each prefix pair in the same VRF, check if one contains the other
3. Legitimate hierarchies should have proper parent-child relationships

**Legitimate Overlaps:**
- Parent/child prefix hierarchy (e.g., 10.0.0.0/8 contains 10.0.1.0/24)
- Different VRFs (isolated routing tables)
- Marked as "container" status

#### 3. IPs Outside Their Prefix

IP addresses that don't fall within any defined prefix.

**Detection:**
1. For each IP address, find the most specific prefix that contains it
2. Flag IPs with no matching prefix

#### 4. Prefix Overlap Across VRFs (Informational)

Same prefix appearing in multiple VRFs - not necessarily a conflict, but worth noting.

### MCP Tools

- `ipam_list_ip_addresses` - Get all IP addresses with filters:
  - `address` - Filter by specific address
  - `vrf_id` - Filter by VRF
  - `parent` - Filter by parent prefix
  - `status` - Filter by status

- `ipam_list_prefixes` - Get all prefixes with filters:
  - `prefix` - Filter by prefix CIDR
  - `vrf_id` - Filter by VRF
  - `within` - Find prefixes within a parent
  - `contains` - Find prefixes containing an address

- `ipam_list_vrfs` - List VRFs for context
- `ipam_get_ip_address` - Get detailed IP info including assigned device/interface
- `ipam_get_prefix` - Get detailed prefix info

### Workflow

1. **Data Collection**
   - Fetch all IP addresses (or filtered set)
   - Fetch all prefixes (or filtered set)
   - Fetch VRFs for context

2. **Duplicate Detection**
   - Build address map: `{address+vrf: [records]}`
   - Filter for entries with >1 record

3. **Overlap Detection**
   - For each VRF, compare prefixes pairwise
   - Check using CIDR math: does prefix A contain prefix B or vice versa?
   - Ignore legitimate hierarchies (status=container)

4. **Orphan IP Detection**
   - For each IP, find containing prefix
   - Flag IPs with no prefix match

5. **Generate Report**

### Report Format

```markdown
## IP Conflict Detection Report

**Generated:** [timestamp]
**Scope:** [scope parameter]

### Summary

| Check | Status | Count |
|-------|--------|-------|
| Duplicate IPs | [PASS/FAIL] | X |
| Overlapping Prefixes | [PASS/FAIL] | Y |
| Orphan IPs | [PASS/FAIL] | Z |
| Total Issues | - | N |

### Critical Issues

#### Duplicate IP Addresses

| Address | VRF | Count | Assigned To |
|---------|-----|-------|-------------|
| 10.0.1.50/24 | Global | 2 | server-01 (eth0), server-02 (eth0) |
| 192.168.1.100/24 | Global | 2 | router-01 (gi0/1), switch-01 (vlan10) |

**Impact:** IP conflicts cause network connectivity issues. Devices will have intermittent connectivity.

**Resolution:**
- Determine which device should have the IP
- Update or remove the duplicate assignment
- Consider IP reservation to prevent future conflicts

#### Overlapping Prefixes

| Prefix 1 | Prefix 2 | VRF | Type |
|----------|----------|-----|------|
| 10.0.0.0/24 | 10.0.0.0/25 | Global | Unstructured overlap |
| 192.168.0.0/16 | 192.168.1.0/24 | Production | Missing container flag |

**Impact:** Overlapping prefixes can cause routing ambiguity and IP management confusion.

**Resolution:**
- For legitimate hierarchies: Mark parent prefix as status="container"
- For accidental overlaps: Consolidate or re-address one prefix

### Warnings

#### IPs Without Prefix

| Address | VRF | Assigned To | Nearest Prefix |
|---------|-----|-------------|----------------|
| 172.16.5.10/24 | Global | server-03 (eth0) | None found |

**Impact:** IPs without a prefix bypass IPAM allocation controls.

**Resolution:**
- Create appropriate prefix to contain the IP
- Or update IP to correct address within existing prefix

### Informational

#### Same Prefix in Multiple VRFs

| Prefix | VRFs | Purpose |
|--------|------|---------|
| 10.0.0.0/24 | Global, DMZ, Internal | [Check if intentional] |

### Statistics

| Metric | Value |
|--------|-------|
| Total IP Addresses | X |
| Total Prefixes | Y |
| Total VRFs | Z |
| Utilization (IPs/Prefix space) | W% |

### Remediation Commands

```
# Remove duplicate IP (keep server-01's assignment)
ipam_delete_ip_address id=123

# Mark prefix as container
ipam_update_prefix id=456 status=container

# Create missing prefix for orphan IP
ipam_create_prefix prefix=172.16.5.0/24 status=active
```
```

### CIDR Math Reference

For overlap detection, use these rules:
- Prefix A **contains** Prefix B if: A.network <= B.network AND A.broadcast >= B.broadcast
- Two prefixes **overlap** if: A.network <= B.broadcast AND B.network <= A.broadcast

**Example:**
- 10.0.0.0/8 contains 10.0.1.0/24 (legitimate hierarchy)
- 10.0.0.0/24 and 10.0.0.128/25 overlap (10.0.0.128/25 is within 10.0.0.0/24)

### Severity Levels

| Issue | Severity | Description |
|-------|----------|-------------|
| Duplicate IP (same interface type) | CRITICAL | Active conflict, causes outages |
| Duplicate IP (different roles) | HIGH | Potential conflict |
| Overlapping prefixes (same status) | HIGH | IPAM management issue |
| Overlapping prefixes (container ok) | LOW | May need status update |
| Orphan IP | MEDIUM | Bypasses IPAM controls |

## Examples

- `/ip-conflicts` - Full scan for all conflicts
- `/ip-conflicts addresses` - Check only for duplicate IPs
- `/ip-conflicts prefixes` - Check only for overlapping prefixes
- `/ip-conflicts vrf Production` - Scan only Production VRF
- `/ip-conflicts prefix 10.0.0.0/8` - Scan within specific prefix range

## User Request

$ARGUMENTS