IP Ranges, IP Subnets and Client Counts in MEMCM

Boundaries are used in Boundary Groups in Configuration Manager, which in turn are used for site assignment and site system/content location. There are multiple ways to configure Boundaries, this can be done with IP Subnets, AD Sites, IPv6 prefix, IP range and lastly VPN. I work in a 419K seat global environment, which means we have a CAS and three Primary Sites. A few years ago, when we migrated to a new hierarchy, I somehow got the job of doing the boundaries. Even after being in this environment for several years, I still could not tell you how many IP Subnets there are in total.

Luckily, Microsoft made vast performance improvements in using IP Ranges, so this seemed like an easy way to do boundary management. Starting at 0.0.0.0 and going up to 255.255.255.255. Simple, right? Well, not so fast. We like to keep our sites in balance as much as possible for performance reasons, and for this reason it is important to keep these ranges split up as evenly as possible. If you have ever tried to determine how many clients are in a particular IP Range, you probably banged your head a little (and it wasn’t because of the music you were listening to at the time).

Luckily, there is a nice little function already in CM that can be used for this task and a quick SQL query looks like this:

--Count of IP Addresses in an IP range
SELECT Count(IP_Addresses0) AS [Count]
FROM v_RA_System_IPAddresses
WHERE
([dbo].fnGetNumericIPAddress(IP_Addresses0)
BETWEEN [dbo].fnGetNumericIPAddress('192.168.5.1')
AND [dbo].fnGetNumericIPAddress('192.168.7.255') )

In my lab at home (which is not nearly as impressive as work), I get 12 clients returned in this IP range. Now, you are probably saying to yourself ‘well, this is nice and all but I don’t have multiple Primary Sites’. Have you ever had the need to build a collection query using IP subnets but all you have is a list of an IP range? You could use a ‘like’ operator in your collection query, but this can be really expensive on coll eval.

In order to achieve more performance optimizations, we decided it would be best to average out the physical clients and virtual clients across the three sites. One of our sites always had more of a back log come Monday and it turned out it had the bulk of laptops and desktops and very few virtual machines. This meant more tweaking of the IP Ranges and setting up collections to gradually target a baseline to them to get them to move sites. In other words, don’t attempt to move 15K+ clients from one site to another in one go. It will likely turn into a long day and probably a bad day as well. This is where the IP subnet-based collection queries come into play. I had a count of clients in a particular range (and yes, 15K+ were in one of those ranges that needed to be moved) but it was such a big range that even using the ‘like’ operator on an IP address would be madness (plus my team wouldn’t be happy if coll eval came to a halt). Using the same function as above but slightly modified, we are able to get all of the IP subnets in a given range:

--Subnets in an IP Range
SELECT Distinct sub.IP_Subnets0 AS [IP Subnet]
FROM v_RA_System_IPAddresses ipa
JOIN v_RA_System_IPSubnets sub on sub.ResourceID=ipa.ResourceID
WHERE
([dbo].fnGetNumericIPAddress(IP_Addresses0)
BETWEEN [dbo].fnGetNumericIPAddress('192.168.5.1')
AND [dbo].fnGetNumericIPAddress('192.168.7.255') )
AND
([dbo].fnGetNumericIPAddress(IP_Subnets0)
BETWEEN [dbo].fnGetNumericIPAddress('192.168.5.1')
AND [dbo].fnGetNumericIPAddress('192.168.7.255') )

Again, in my home lab this is not impressive, but it does return the only subnet that I have clients on (192.168.7.0). Hopefully you find this function useful the next time you need to deal with IP ranges and IP subnets.

Originally posted on https://miketerrill.net/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.