Aggregates
IP addressing is by nature hierarchical. The first few levels of the IPv4 hierarchy, for example, look like this:
IP Address Management
View all tagsIP addressing is by nature hierarchical. The first few levels of the IPv4 hierarchy, for example, look like this:
NetBox includes a slew of features which enable integration with other tools and resources powering your network.
Ranges can be defined to group AS numbers numerically and to facilitate their automatic provisioning. Each range must be assigned to a RIR.
An Autonomous System Number (ASN) is a numeric identifier used in the Border Gateway Protocol (BGP) to identify which autonomous system a particular prefix is originating from or transiting through. NetBox supports both 16- and 32-bit ASNs.
Delivery via AWS Direct Connect in two regions, with replicated NetBoxes, Single (or Dual) Direct Connect in each region. Customer IP space (2 x /25's) is assigned for the VPCs. This is to host load balancers and proxies within the dedicated customer Account/VPC. Internally we will allocate a /27 per availability zone for each of the 3 availability zones.
exempt_models
CUSTOM_VALIDATORS
DEFAULT_DASHBOARD
DEBUG
A first-hop redundancy protocol (FHRP) enables multiple physical interfaces to present a virtual IP address (VIP) in a redundant manner. Examples of such protocols include:
Setting up a Development Environment
This guide explains how to configure single sign-on (SSO) support for NetBox using Google OAuth2 as an authentication backend.
This page provides instructions for setting up the gunicorn WSGI server. If you plan to use uWSGI instead, go here.
This documentation provides example configurations for both nginx and Apache, though any HTTP server which supports WSGI should be compatible.
NetBox
Interfaces in NetBox represent network interfaces used to exchange data with connected devices. On modern networks, these are most commonly Ethernet, but other types are supported as well. IP addresses and VLANs can be assigned to interfaces.
Origin Story
IP address management (IPAM) is one of NetBox's core features. It supports full parity for IP4 and IPv6, advanced VRF assignment, automatic hierarchy formation, and much more.
An IP address object in NetBox comprises a single host address (either IPv4 or IPv6) and its subnet mask, and represents an IP address as configured on a network interface. IP addresses can be assigned to device and virtual machine interfaces, as well as to FHRP groups. Further, each device and virtual machine may have one of its interface IPs designated as its primary IP per address family (one for IPv4 and one for IPv6).
This model represents an arbitrary range of individual IPv4 or IPv6 addresses, inclusive of its starting and ending addresses. For instance, the range 192.0.2.10 to 192.0.2.20 has eleven members. (The total member count is available as the size property on an IPRange instance.) Like prefixes and IP addresses, each IP range may optionally be assigned to a VRF.
handler: python
A L2VPN object is NetBox is a representation of a layer 2 bridge technology such as VXLAN, VPLS, or EPL. Each L2VPN can be identified by name as well as by an optional unique identifier (VNI would be an example). Once created, L2VPNs can be terminated to interfaces and VLANs.
A L2VPN termination is the attachment of an L2VPN to an interface or VLAN. Note that the L2VPNs of the following types may have only two terminations assigned to them:
Thanks for your interest in contributing to NetBox! This introduction covers a few important things to know before you get started.
This section of the documentation discusses installing and configuring the NetBox application itself.
Model Types
v2.1.6 (2017-10-11)
v2.10.10 (2021-04-15)
v2.11.12 (2021-08-23)
v2.2.10 (2018-02-21)
v2.3.7 (2018-07-26)
v2.4.9 (2018-12-07)
v2.5.13 (2019-05-31)
v2.6.12 (2020-01-13)
v2.7.12 (2020-04-08)
v2.8.9 (2020-08-04)
v2.9.11 (2020-12-11)
v3.0.12 (2021-12-06)
v3.1.11 (2022-04-05)
v3.2.9 (2022-08-16)
v3.3.10 (2022-12-13)
v3.4.10 (2023-04-27)
v3.5.9 (2023-08-28)
v3.7.8 (2024-05-06)
v4.1.11 (2025-01-06)
v4.2.9 (2025-04-30)
v4.3.4 (2025-07-15)
This guide outlines the steps necessary for planning a successful migration to NetBox. Although it is written under the context of a completely new installation, the general approach outlined here works just as well for adding new data to existing NetBox deployments.
A role indicates the function of a prefix or VLAN. For example, you might define Data, Voice, and Security roles. Generally, a prefix will be assigned the same functional role as the VLAN to which it is assigned (if any).
A prefix is an IPv4 or IPv6 network and mask expressed in CIDR notation (e.g. 192.0.2.0/24). A prefix entails only the "network portion" of an IP address: All bits in the address not covered by the mask must be zero. (In other words, a prefix cannot be a specific IP address.) Prefixes are automatically organized by their parent aggregate and assigned VRF.
A provider is any entity which provides some form of connectivity of among sites or organizations within a site. While this obviously includes carriers which offer Internet and private transit service, it might also include Internet exchange (IX) points and even organizations with whom you peer directly. Each circuit within NetBox must be assigned a provider and a circuit ID which is unique to that provider.
Regional Internet registries are responsible for the allocation of globally-routable address space. The five RIRs are ARIN, RIPE, APNIC, LACNIC, and AFRINIC. However, some address space has been set aside for internal use, such as defined in RFCs 1918 and 6598. NetBox considers these RFCs as a sort of RIR as well; that is, an authority which "owns" certain address space. There also exist lower-tier registries which serve particular geographic areas.
ALLOWED_HOSTS
Filtering Objects
What is a REST API?
A route target is a particular type of extended BGP community used to control the redistribution of routes among VRF tables in a network. Route targets can be assigned to individual VRFs in NetBox as import or export targets (or both) to model this exchange in an L3VPN. Each route target must be given a unique name, which should be in a format prescribed by RFC 4364, similar to a VR route distinguisher.
ALLOWTOKENRETRIEVAL
How you choose to employ sites when modeling your network may vary depending on the nature of your organization, but generally a site will equate to a building or campus. For example, a chain of banks might create a site to represent each of its branches, a site for its corporate headquarters, and two additional sites for its presence in two colocation facilities.
NetBox generally follows the Django style guide, which is itself based on PEP 8. ruff is used for linting (with certain exceptions).
BASE_PATH
NetBox includes a Python management shell within which objects can be directly queried, created, modified, and deleted. To enter the shell, run the following command:
This page provides instructions for setting up the uWSGI WSGI server. If you plan to use gunicorn instead, go here.
Complementing its IPAM capabilities, NetBox also tracks VLAN information to assist with layer two network configurations. VLANs are defined per IEEE 802.1Q and related standards, and can be assigned to groups and functional roles.
VLAN translation is a feature that consists of VLAN translation policies and VLAN translation rules. Many rules can belong to a policy, and each rule defines a mapping of a local to remote VLAN ID (VID). A policy can then be assigned to an Interface or VMInterface, and all VLAN translation rules associated with that policy will be visible in the interface details.
A VLAN translation rule represents a one-to-one mapping of a local VLAN ID (VID) to a remote VID. Many rules can belong to a single policy.
A Virtual LAN (VLAN) represents an isolated layer two domain, identified by a name and a numeric ID (1-4094) as defined in IEEE 802.1Q. VLANs are arranged into VLAN groups to define scope and to enforce uniqueness.
Interfaces
NetBox can be configured via Event Rules to transmit outgoing webhooks to remote systems in response to internal object changes. The receiver can act on the data in these webhook messages to perform related tasks.
A wireless LAN is a set of interfaces connected via a common wireless channel, identified by its SSID and authentication parameters. Wireless interfaces can be associated with wireless LANs to model multi-acess wireless segments.