PART 01 Background and Challenges
As enterprises deepen their digital transformation and accelerate the adoption of cloud-native and distributed architectures, the scale of IT infrastructure has expanded dramatically. In the context of multi-branch and multicloud coexistence, IP addresses serve as the core "cornerstone" of network communication and IT assets. Yet their management often remains in a primitive stage, facing extremely severe challenges:
1. Data Silos and "Information Black Holes"
In complex network environments, IP addresses are often managed in scattered Excel spreadsheets by multiple teams (network, virtualization, containers, etc.). Network teams are completely blind to the actual usage of IPs within large subnets-who is using them and where. As a result, conflicts caused by "one host, multiple IPs" frequently lead to service disruptions.
2. Subnet Fragmentation and Uncontrolled Planning
Without a global visual planning view, daily allocation often relies on the administrator’s intuition, leading to a large number of scattered fragments (e.g., disorderly allocation of /24 and /25 subnets). This creates the illusion of resource exhaustion when services genuinely require large contiguous address blocks for expansion.
3. Lifecycle Disconnection and Accumulation of "Zombie IPs"
IP allocation is heavily dependent on manual processes and is disconnected from the lifecycle of server provisioning and decommissioning. Lacking historical usage records and current network activity data, network administrators, fearing business faults, dare not reclaim idle IPs. Consequently, vast amounts of high-value IP resources remain permanently occupied, resulting in a severe mismatch between recorded and actual assets.
4. The Challenge of Managing and Migrating Massive Existing Data
When migrating to a standardized IP address management platform, enterprises often face a large amount of non-standard, pre-existing subnet information already in production. Manual data entry alone can take months, and the hierarchical relationships between parent and child subnets are extremely prone to errors, hindering the standardization of routine management.
PART 02 Solution Architecture and Core Framework
To fundamentally reverse the situation described above, CanWay BlueWhale has innovatively launched the IP Address Management (IPAM) scenario solution within the CanWay BlueWhale Automation Operation Center. Built on the foundation of the configuration management center, this solution breaks through the limitations of traditional manual ledger management, establishing a centralized management system featuring "full-domain automated discovery — scientific visual planning — strict foolproof control" . It shifts IP address management from a "passive blind spot" to "proactive transparency."

PART 03 Core Implementation Practices and Key Construction Content
01 Full-Domain IP Auto-Discovery Integrated with Multi-Dimensional Scanning
To break the IP information black hole and address the “invisible” issue, the platform abandons the outdated approach of manual data entry and builds a multi-dimensional automated scanning and verification system through global channel nodes (Nodeserver), bringing data to life:
Four Scenario-Based Detection Mechanisms:
ICMP Scanning: For regular business subnets, use lightweight Ping probes to efficiently identify IP active status.
TCPPING Scanning: For subnets with Ping-blocking policies, probe specific service ports (e.g., 22, 80) for deeper liveness detection.
ARP Table Analysis: Retrieve ARP tables from core switches and routers to precisely bind IPs with the MAC addresses of underlying devices.
IT Device Configuration Analysis: For special network devices that do not support certain protocols, directly analyze their device configurations to extract actual IP allocation information.
Account-Physical Balance and Self-Healing:Scanning results are directly correlated with CMDB subnet and IP models. For abnormal IPs (e.g., “unallocated” in records but actually “online” in scans, or “reserved” but “failed”), the system automatically highlights them in red alerts and allows administrators to one-click synchronize the latest status back to CMDB, ensuring absolute accuracy of global data.


02 Dynamic Subnet Heatmap and Large-Scale Visual Planning
To address the “can’t see clearly, can’t plan well” issue. In response to the inability of traditional list views to visually reflect network congestion, the platform innovatively introduces a dynamic subnet heatmap engine that helps administrators achieve macro-level oversight and micro-level control:
Intelligent Dimensionality Reduction and Dynamic Splitting: The system automatically adjusts the view granularity based on the subnet mask of the currently viewed subnet. For example, when viewing a large /8 subnet, it aggregates and renders it as multiple /16 sub-grids; when viewing a /16 subnet, it further breaks it down into /24 cells, ensuring that the visual experience at any layer remains within a single panoramic view.
Global Color-Coded Health Diagnostics: Following a minimalist color logic for intuitive status tagging: Green (fully planned, space exhausted), Blue (partially planned, with fragmented space available), Orange (reserved, locked to prevent preemption), Gray (free, available for allocation).
Interactive Topology Drill-Down and Batch Territory Selection: Click on a colored grid, and a smooth-slide drawer on the right reveals the associated subnet details, avoiding blind drilling. Additionally, for new data center construction or large-scale expansion planning, administrators can select and batch-reserve large numbers of “gray (free)” grids via mouse click and drag, greatly improving planning efficiency.

03 Foolproof Rule Engine and Smart Import/Export with a Single Spreadsheet
To tackle the issues of “ineffective organization” and “data disorder,” migrating massive amounts of existing subnet data efficiently during complex enterprise network restructuring or system initialization is a major challenge:
Four‑Layer Foolproof Validation System: When importing data via a single Excel spreadsheet, the system enforces four layers of rigorous validation in real time: “Global CIDR Uniqueness,” “Parent‑Inclusion Principle (subnets must reside within their parent),” “Sibling Mutual Exclusivity (rejecting overlapping sibling subnets),” and “Lawful Merging of Large‑Over‑Small.” These checks thoroughly block erroneous data from entering the database.
Same-Name Group Isolation and Automatic Path Completion: By utilizing “full group paths” (e.g., “South China/Production Zone” vs. “North China/Production Zone”), the system perfectly resolves same‑level naming conflicts. More importantly, when importing lower‑level subnets that lack an upstream parent, authorized users can trigger the system’s algorithm to recursively generate and automatically complete the entire parent path framework. This one‑click intelligent topology building significantly reduces manual effort and cost.
04 Rigorous Fine-Grained Permission Control System
To address the issues of "lack of control" and "unauthorized access," enterprise‑level networks are often jointly managed by the central network team and IT staff from various branches. The platform, built on the permission center, establishes a high‑security isolation model:
Role-Based View Isolation: Distinguishes between super network administrators and regular operations staff. Regular operations personnel can only view and allocate IPs within their authorized departmental subnet scope, ensuring data isolation and preventing them from being overwhelmed by irrelevant data.
Anti-Tampering Data Control: Granularly distributes permissions for viewing, editing, importing, and reserving subnets. This completely prevents operations staff from Branch A from mistakenly modifying or preempting the IP address pool of Branch B, ensuring an absolutely secure boundary for business resource planning across the entire network.
05 Multi-Dimensional IP Asset Usage Reports and Full Lifecycle Audit
To address the issues of "inaccurate verification and difficult traceability," this solution satisfies management’s core requirements for resource ROI and compliance review:
Customizable Report Export: Supports one‑click export of multi‑dimensional statistical reports, including group paths, subnet mask utilization by type, allocated IP counts, and remaining unallocated capacity. This provides intuitive data support for annual and quarterly network expansion procurement and cost accounting.
Change Traceability and Lifecycle Audit Trails: Every status transition of an IP resource (e.g., from Unallocated → Reserved → Configured/In Use → Returned to Idle Pool) and associated device changes automatically generate an immutable audit timeline with change logs. In the event of a security incident, you can precisely trace the actual user of a specific IP within the past six months, perfectly meeting the compliance requirements of financial regulations and national cybersecurity classified protection standards.

PART 04 Core Value and Business Outcome Summary
01 Clear Asset Visibility, Eliminate Blind Spots
Through multi-channel scanning and full integration, we not only achieve 100% digital management of the entire network subnet scope, but also eliminate network communication conflicts and hidden security vulnerabilities caused by improper IP resource occupation.
02 Reduce Fragmentation, Unlock Network Capacity
The innovative subnet heatmap planning provides a solid basis for large-scale resource scheduling, curbing the proliferation of fragmented subnets caused by arbitrary manual allocation, and freeing up valuable contiguous underlying network address resources for large‑scale cloud migration planning.
03 Enforce Standardization Through Guardrails
By enforcing high-standard logic-based validation rules for subnet hierarchy, the system drives branch offices and business lines to standardize their own data submissions, building a solid, unbreakable baseline for enterprise IT management.
PART 05 Product Evolution and Future Architecture Blueprint
IP address management is a systematic engineering effort that continuously bridges logical and physical layers. Building on a solid foundation of core management and allocation planning, we are now planning the next‑generation evolution path for the IPAM platform to address large‑scale enterprise use cases:
01 Exploring Integrated Physical-Logical Mapping: End-to-End Visual Physical Topology Mapping
Evolution Direction: Future versions will extend deeper into the hardware layer, integrating underlying network device data. By leveraging Layer 2 technologies such as LLDP, CDP, and MAC address table learning, the system will enable true automatic physical topology discovery. It will support bidirectional, fully interactive topology views — both top-down and device-centric. Administrators will not only see which IP is assigned to whom, but also visually trace connections such as "Core Switch 01 Port 1↔Physical Link ↔ XX Server in Rack 02, Room XX" during troubleshooting, reducing physical isolation fault localization time to seconds.
02 Advancing to AIOps: Lego-Style ITSM Workflow Orchestration and a Secure Reclamation Closed-Loop Mechanism
Evolution Direction: Break down collaboration silos between IT tools completely. On one hand, IP tuning and allocation capabilities will be fully "atomized" (API-and pipeline-enabled), embedded seamlessly into existing approval workflows and auto-scaling pipelines like building blocks. On the other hand, we aim to solve the long-standing problem of "no one dares to reclaim IPs" by introducing an AIOps-powered "shadow observation period validation and reclamation mechanism." When an asset is flagged as potentially decommissioned, the system will conduct long-term silent traffic inspections, multi-protocol liveness checks, and historical firewall policy reviews. Finally, it will automatically generate a "risk-free reclamation security assessment radar report," allowing operations personnel to confirm and release the IP with one click — turning long-locked idle assets back into active computational resources.




























