lmiranda
9698e8724d
Sprint 4 - Plugin Commands implementation adding 18 new user-facing commands across 8 plugins as part of V5.2.0 Plugin Enhancements. **projman:** - #241: /sprint-diagram - Mermaid visualization of sprint issues **pr-review:** - #242: Confidence threshold config (PR_REVIEW_CONFIDENCE_THRESHOLD) - #243: /pr-diff - Formatted diff with inline review comments **data-platform:** - #244: /data-quality - DataFrame quality checks (nulls, duplicates, outliers) - #245: /lineage-viz - dbt lineage as Mermaid diagrams - #246: /dbt-test - Formatted dbt test runner **viz-platform:** - #247: /chart-export - Export charts to PNG/SVG/PDF via kaleido - #248: /accessibility-check - Color blind validation (WCAG contrast) - #249: /breakpoints - Responsive layout configuration **contract-validator:** - #250: /dependency-graph - Plugin dependency visualization **doc-guardian:** - #251: /changelog-gen - Generate changelog from conventional commits - #252: /doc-coverage - Documentation coverage metrics - #253: /stale-docs - Flag outdated documentation **claude-config-maintainer:** - #254: /config-diff - Track CLAUDE.md changes over time - #255: /config-lint - 31 lint rules for CLAUDE.md best practices **cmdb-assistant:** - #256: /cmdb-topology - Infrastructure topology diagrams - #257: /change-audit - NetBox audit trail queries - #258: /ip-conflicts - Detect IP conflicts and overlaps Closes #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #254, #255, #256, #257, #258 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
6.4 KiB
6.4 KiB
description
| description |
|---|
| Detect IP address conflicts and overlapping prefixes in NetBox |
CMDB IP Conflict Detection
Scan NetBox IPAM data to identify IP address conflicts and overlapping prefixes.
Usage
/ip-conflicts [scope]
Scopes:
all(default) - Full scan of all IP dataaddresses- Check for duplicate IP addresses onlyprefixes- Check for overlapping prefixes onlyvrf <name>- Scan specific VRF onlyprefix <cidr>- Scan within specific prefix
Instructions
You are an IP conflict detection specialist that analyzes NetBox IPAM data for conflicts and issues.
Conflict Types to Detect
1. Duplicate IP Addresses
Multiple IP address records with the same address (within same VRF).
Detection:
- Use
ipam_list_ip_addressesto get all addresses - Group by address + VRF combination
- Flag groups with more than one record
Exception: Anycast addresses may legitimately appear multiple times - check the role field for "anycast".
2. Overlapping Prefixes
Prefixes that contain the same address space (within same VRF).
Detection:
- Use
ipam_list_prefixesto get all prefixes - For each prefix pair in the same VRF, check if one contains the other
- Legitimate hierarchies should have proper parent-child relationships
Legitimate Overlaps:
- Parent/child prefix hierarchy (e.g., 10.0.0.0/8 contains 10.0.1.0/24)
- Different VRFs (isolated routing tables)
- Marked as "container" status
3. IPs Outside Their Prefix
IP addresses that don't fall within any defined prefix.
Detection:
- For each IP address, find the most specific prefix that contains it
- Flag IPs with no matching prefix
4. Prefix Overlap Across VRFs (Informational)
Same prefix appearing in multiple VRFs - not necessarily a conflict, but worth noting.
MCP Tools
-
ipam_list_ip_addresses- Get all IP addresses with filters:address- Filter by specific addressvrf_id- Filter by VRFparent- Filter by parent prefixstatus- Filter by status
-
ipam_list_prefixes- Get all prefixes with filters:prefix- Filter by prefix CIDRvrf_id- Filter by VRFwithin- Find prefixes within a parentcontains- Find prefixes containing an address
-
ipam_list_vrfs- List VRFs for context -
ipam_get_ip_address- Get detailed IP info including assigned device/interface -
ipam_get_prefix- Get detailed prefix info
Workflow
-
Data Collection
- Fetch all IP addresses (or filtered set)
- Fetch all prefixes (or filtered set)
- Fetch VRFs for context
-
Duplicate Detection
- Build address map:
{address+vrf: [records]} - Filter for entries with >1 record
- Build address map:
-
Overlap Detection
- For each VRF, compare prefixes pairwise
- Check using CIDR math: does prefix A contain prefix B or vice versa?
- Ignore legitimate hierarchies (status=container)
-
Orphan IP Detection
- For each IP, find containing prefix
- Flag IPs with no prefix match
-
Generate Report
Report Format
## IP Conflict Detection Report
**Generated:** [timestamp]
**Scope:** [scope parameter]
### Summary
| Check | Status | Count |
|-------|--------|-------|
| Duplicate IPs | [PASS/FAIL] | X |
| Overlapping Prefixes | [PASS/FAIL] | Y |
| Orphan IPs | [PASS/FAIL] | Z |
| Total Issues | - | N |
### Critical Issues
#### Duplicate IP Addresses
| Address | VRF | Count | Assigned To |
|---------|-----|-------|-------------|
| 10.0.1.50/24 | Global | 2 | server-01 (eth0), server-02 (eth0) |
| 192.168.1.100/24 | Global | 2 | router-01 (gi0/1), switch-01 (vlan10) |
**Impact:** IP conflicts cause network connectivity issues. Devices will have intermittent connectivity.
**Resolution:**
- Determine which device should have the IP
- Update or remove the duplicate assignment
- Consider IP reservation to prevent future conflicts
#### Overlapping Prefixes
| Prefix 1 | Prefix 2 | VRF | Type |
|----------|----------|-----|------|
| 10.0.0.0/24 | 10.0.0.0/25 | Global | Unstructured overlap |
| 192.168.0.0/16 | 192.168.1.0/24 | Production | Missing container flag |
**Impact:** Overlapping prefixes can cause routing ambiguity and IP management confusion.
**Resolution:**
- For legitimate hierarchies: Mark parent prefix as status="container"
- For accidental overlaps: Consolidate or re-address one prefix
### Warnings
#### IPs Without Prefix
| Address | VRF | Assigned To | Nearest Prefix |
|---------|-----|-------------|----------------|
| 172.16.5.10/24 | Global | server-03 (eth0) | None found |
**Impact:** IPs without a prefix bypass IPAM allocation controls.
**Resolution:**
- Create appropriate prefix to contain the IP
- Or update IP to correct address within existing prefix
### Informational
#### Same Prefix in Multiple VRFs
| Prefix | VRFs | Purpose |
|--------|------|---------|
| 10.0.0.0/24 | Global, DMZ, Internal | [Check if intentional] |
### Statistics
| Metric | Value |
|--------|-------|
| Total IP Addresses | X |
| Total Prefixes | Y |
| Total VRFs | Z |
| Utilization (IPs/Prefix space) | W% |
### Remediation Commands
Remove duplicate IP (keep server-01's assignment)
ipam_delete_ip_address id=123
Mark prefix as container
ipam_update_prefix id=456 status=container
Create missing prefix for orphan IP
ipam_create_prefix prefix=172.16.5.0/24 status=active
CIDR Math Reference
For overlap detection, use these rules:
- Prefix A contains Prefix B if: A.network <= B.network AND A.broadcast >= B.broadcast
- Two prefixes overlap if: A.network <= B.broadcast AND B.network <= A.broadcast
Example:
- 10.0.0.0/8 contains 10.0.1.0/24 (legitimate hierarchy)
- 10.0.0.0/24 and 10.0.0.128/25 overlap (10.0.0.128/25 is within 10.0.0.0/24)
Severity Levels
| Issue | Severity | Description |
|---|---|---|
| Duplicate IP (same interface type) | CRITICAL | Active conflict, causes outages |
| Duplicate IP (different roles) | HIGH | Potential conflict |
| Overlapping prefixes (same status) | HIGH | IPAM management issue |
| Overlapping prefixes (container ok) | LOW | May need status update |
| Orphan IP | MEDIUM | Bypasses IPAM controls |
Examples
/ip-conflicts- Full scan for all conflicts/ip-conflicts addresses- Check only for duplicate IPs/ip-conflicts prefixes- Check only for overlapping prefixes/ip-conflicts vrf Production- Scan only Production VRF/ip-conflicts prefix 10.0.0.0/8- Scan within specific prefix range
User Request
$ARGUMENTS