355 docs tagged with "NetBox"

To invite a new user to a NetBox Cloud Free instance, the user will need to have a valid email address, and be added as an administrator in the NetBox Labs Console.

1. Define the model class

Advanced deployment scenarios, private registries, and automation for NetBox Enterprise Helm

NetBox Enterprise is designed to harness the power of Kubernetes while minimizing the amount of work the average person needs to manage it.

IP addressing is by nature hierarchical. The first few levels of the IPv4 hierarchy, for example, look like this:

NetBox includes a slew of features which enable integration with other tools and resources powering your network.

The registry is an in-memory data structure which houses various application-wide parameters, such as the list of enabled plugins. It is not exposed to the user and is not intended to be modified by any code outside of NetBox core.

Ranges can be defined to group AS numbers numerically and to facilitate their automatic provisioning. Each range must be assigned to a RIR.

An Autonomous System Number (ASN) is a numeric identifier used in the Border Gateway Protocol (BGP) to identify which autonomous system a particular prefix is originating from or transiting through. NetBox supports both 16- and 32-bit ASNs.

Local Authentication

Object-Based Permissions

Delivery via AWS Direct Connect in two regions, with replicated NetBoxes, Single (or Dual) Direct Connect in each region. Customer IP space (2 x /25's) is assigned for the VPCs. This is to host load balancers and proxies within the dedicated customer Account/VPC. Internally we will allocate a /27 per availability zone for each of the 3 availability zones.

AWS Direct Connect is available via hosted connections from BT, Equinix Fabric, MegaPort, Optus, PCCW, Zayo etc. VLAN hand-off is with BGP and Single or Dual Direct Connect services are available. Customer IP space (/24 or /25) is assigned for the VPC, as this is required to host load balancers and proxies within the dedicated customer Account/VPC. Internally we will allocate a /27 per availability zone for each of the 3 availability zones.

Delivery via Private Link between a customer's existing AWS account and the NetBox Labs AWS account, with VPC endpoints using private IPs. This option has fast turn-up times and standard Internet delivery can optionally be disabled.

NetBox includes the ability to execute certain functions as background tasks. These include:

NetBox plugins can defer certain operations by enqueuing background jobs, which are executed asynchronously by background workers. This is helpful for decoupling long-running processes from the user-facing request-response cycle.

A user can bookmark individual objects for convenient access. Bookmarks are listed under a user's profile and can be displayed using a dashboard widget.

Branch operations, such as syncing and merging, are tracked as events. This record of events serves as a history for each branch.

A branch represents a divergent state from the main database.

The NetBox branching plugin allows you to create and work with branches in NetBox, similar to version control systems. This enables you to make changes in isolation and merge them back to the main branch when ready.

NetBox Enterprise ships with a curated set of built-in plugins that extend the platform's core capabilities—offering enhanced features without the complexity of manual setup. These plugins are pre-integrated and supported within the platform, ensuring streamlined deployment and reliable performance.

All connections between device components in NetBox are represented using cables. A cable represents a direct physical connection between two sets of endpoints (A and B), such as a console port and a patch panel port, or between two network interfaces. Cables may be connected to the following objects:

A change diff summarized all changes to particular NetBox object within a branch. It serves to simplify the process of reviewing changes within a branch, and avoids the need to review successive individual changes which might otherwise prove tedious.

v0.6.0

Release notes and changelog for NetBox Change Management

Every time an object in NetBox is created, updated, or deleted, a serialized copy of that object taken both before and after the change is saved to the database, along with metadata including the current time and the user associated with the change. These records form a persistent record of changes both for each individual object as well as NetBox as a whole. The global change log can be viewed by navigating to Other > Change Log.

Change request model for NetBox Change Management workflow

For the list of changelog, please see the repository releases information in GitHub.

Circuits can be assigned to circuit groups for correlation purposes. For instance, three circuits, each belonging to a different provider, may each be assigned to the same circuit group. Each assignment may optionally include a priority designation.

Circuits can be arranged into administrative groups for organization. The assignment of a circuit to a group is optional.

Each circuit may have up to two terminations, designated A and Z. At either termination, a circuit may connect to a site, device interface (via a cable), or to a provider network.

Circuits are classified by functional type. These types are completely customizable, and are typically used to convey the type of service being delivered over a circuit. For example, you might define circuit types for:

NetBox is ideal for managing your network's transit and peering providers and circuits. It provides all the flexibility needed to model physical circuits in both data center and enterprise environments, and allows for "connecting" circuits directly to device interfaces via cables.

A circuit represents a physical point-to-point data connection, typically used to interconnect sites across considerable distances (e.g. to deliver Internet connectivity).

Overview

Troubleshooting

IPSEC VPN Tunnels

Cluster groups may be created for the purpose of organizing clusters. The arrangement of clusters into groups is optional.

A cluster type represents a technology or mechanism by which a cluster is formed. For example, you might create a cluster type named "VMware vSphere" for a locally hosted cluster or "DigitalOcean NYC3" for one hosted by a cloud provider.

A cluster is a logical grouping of physical resources within which virtual machines run. Physical devices may be associated with clusters as hosts. This allows users to track on which host(s) a particular virtual machine may reside.

Comment reply model for NetBox Change Management reviews

Comment model for NetBox Change Management reviews

Conditions are NetBox's mechanism for evaluating whether a set data meets a prescribed set of conditions. It allows the author to convey simple logic by declaring an arbitrary number of attribute-value-operation tuples nested within a hierarchy of logical AND and OR statements.

Context data is made available to devices and/or virtual machines based on their relationships to other objects in NetBox. For example, context data can be associated only with devices assigned to a particular site, or only to virtual machines in a certain cluster.

Plugin configuration parameters for NetBox Change Management

One of the critical aspects of operating a network is ensuring that every network node is configured correctly. By leveraging configuration templates and context data, NetBox can render complete configuration files for each device on your network.

Configuration templates can be used to render device configurations from context data. Templates are written in the Jinja2 language and can be associated with devices roles, platforms, and/or individual devices.

NetBox Cloud supports SAML-based authentication, including group mappings to enforce role-based access control. For group mapping, you will need to provide your Identity Provider (IdP) group names so we can associate them with the desired NetBox groups.

Setting up Group Mapping for SAML requires the base SAML SSO Setup to be configured and working first.

This guide covers administrative tasks for the NetBox Labs Console, including managing administrator accounts and console settings.

A template for a console port that will be created on all instantiations of the parent device type. See the console port documentation for more detail.

A console port provides connectivity to the physical console of a device. These are typically used for temporary access by someone who is physically near the device, or for remote out-of-band access provided via a networked console server.

A template for a console server port that will be created on all instantiations of the parent device type. See the console server port documentation for more detail.

A console server is a device which provides remote access to the local consoles of connected devices. They are typically used to provide remote out-of-band access to network devices, and generally connect to console ports.

Contacts can be organized into arbitrary groups. These groups can be recursively nested for convenience. Each contact within a group must have a unique name, but other attributes can be repeated.

Contacts can be organized by functional roles, which are fully customizable by the user. For example, you might create roles for administrative, operational, or emergency contacts.

Much like tenancy, contact assignment enables you to track ownership of resources modeled in NetBox. A contact represents an individual responsible for a resource within the context of its assigned role.

A contact represents an individual or group that has been associated with an object in NetBox for administrative reasons. For example, you might assign one or more operational contacts to each site.

Configuration context data (or "config contexts" for short) is a powerful feature that enables users to define arbitrary data that applies to device and virtual machines based on certain characteristics. For example, suppose you want to define syslog servers for devices assigned to sites within a particular region. In NetBox, you can create a config context instance containing this data and apply it to the desired region. All devices within this region will now include this data when fetched via an API.

First, navigate to Branching > Branches to view the list of any existing branches. Click the "Add" button at top right to create a new branch.

Single- and multi-selection custom fields must define a set of valid choices from which the user may choose when defining the field value. These choices are defined as sets that may be reused among multiple custom fields.

Each model in NetBox is represented in the database as a discrete table, and each attribute of a model exists as a column within its table. For example, sites are stored in the dcimsite table, which has columns named name, facility, physicaladdress, and so on. As new attributes are added to objects throughout the development of NetBox, tables are expanded to include new rows.

NetBox administrators can extend NetBox's built-in data model by adding custom fields to most object types. See the custom fields documentation for more information.

Custom links allow users to display arbitrary hyperlinks to external content within NetBox object views. These are helpful for cross-referencing related records in systems outside NetBox. For example, you might create a custom link on the device view which links to the current device in a Network Monitoring System (NMS).

Users can add custom links to object views in NetBox to reference external resources. For example, you might create a custom link for devices pointing to a monitoring system. See the custom links documentation for more information.

Custom scripting was introduced to provide a way for users to execute custom logic from within the NetBox UI. Custom scripts enable the user to directly and conveniently manipulate NetBox data in a prescribed fashion. They can be used to accomplish myriad tasks, such as:

Custom sessions can be used to modify the default HTTP behavior. Below are a few examples, most of them from here.

NetBox validates every object prior to it being written to the database to ensure data integrity. This validation includes things like checking for proper formatting and that references to related objects are valid. However, you may wish to supplement this validation with some rules of your own. For example, perhaps you require that every site's name conforms to a specific pattern. This can be done using custom validation rules.

While NetBox strives to meet the needs of every network, the needs of users to cater to their own unique environments cannot be ignored. NetBox was built with this in mind, and can be customized in many ways to better suit your particular needs.

Each NetBox user can customize his or her personal dashboard by adding and removing widgets and by manipulating the size and position of each. Plugins can register their own dashboard widgets to complement those already available natively.

CUSTOM_VALIDATORS

Data sources can be defined to reference data which exists on systems of record outside NetBox, such as a git repository or Amazon S3 bucket. Plugins can register their own backend classes to introduce support for additional resource types. This is done by subclassing NetBox's DataBackend class.

A data file object is the representation in NetBox's database of some file belonging to a remote data source. Data files are synchronized automatically, and cannot be modified locally (although they can be deleted).

A data source represents some external repository of data which NetBox can consume, such as a git repository. Files within the data source are synchronized to NetBox by saving them in the database as data file objects.

Creating Models

DEFAULT_DASHBOARD

Thanks for your interest in contributing to pynetbox! This introduction covers a few important things to know before you get started.

DEBUG

A template for a device bay that will be created on all instantiations of the parent device type. See the device bay documentation for more detail.

Device bays represent a space or slot within a parent device in which a child device may be installed. For example, a 2U parent chassis might house four individual blade servers. The chassis would appear in the rack elevation as a 2U device with four device bays, and each server within it would be defined as a 0U device installed in one of the device bays. Child devices do not appear within rack elevations or count as consuming rack units.

Devices can be organized by functional roles, which are fully customizable by the user. For example, you might create roles for core switches, distribution switches, and access switches within your network.

A device type represents a particular make and model of hardware that exists in the real world. Device types define the physical attributes of a device (rack height and depth) and its individual components (console, power, network interfaces, and so on).

Every piece of hardware which is installed within a site or rack exists in NetBox as a device. Devices are measured in rack units (U) and can be half depth or full depth. A device may have a height of 0U: These devices do not consume vertical rack space and cannot be assigned to a particular rack unit. A common example of a 0U device is a vertically-mounted PDU.

At its heart, NetBox is a tool for modeling your network infrastructure, and the device object is pivotal to that function. A device can be any piece of physical hardware installed within your network, such as server, router, or switch, and may optionally be mounted within a rack. Within each device, resources such as network interfaces and console ports are modeled as discrete components, which may optionally be grouped into modules.

Diode is a data ingestion service for NetBox that greatly simplifies and enhances the process of adding and updating data in NetBox, ensuring your network source of truth is always accurate and up to date. Our guiding principle in designing Diode has been to make it as easy as possible to get data into NetBox, removing as much burden as possible from the user while shifting that effort to technology.

Diode SDK Go is a Go library for interacting with the Diode ingestion service utilizing gRPC.

Diode SDK Python is a Python library for interacting with the Diode ingestion service utilizing gRPC.

Internet Delivery (Single Region) is the standard product offering for NetBox Cloud. It comes with extensive security features (see below) and is suitable for the majority of use cases and environments.

handler: python

Sentry

SENTRY_DSN

NetBox includes the ability to automatically perform certain functions in response to internal events. These include:

Plugins can register their own custom event types for use with NetBox event rules. This is accomplished by calling the register() method on an instance of the EventType class. This can be done anywhere within the plugin. An example is provided below.

An event rule is a mechanism for automatically taking an action (such as running a script or sending a webhook) in response to an event in NetBox. For example, you may want to notify a monitoring system whenever the status of a device is updated in NetBox. This can be done by creating an event for device objects and designating a webhook to be transmitted. When NetBox detects a change to a device, an HTTP request containing the details of the change and who made it be sent to the specified receiver.

The exception classes listed here may be raised by a plugin to alter NetBox's default behavior in various scenarios.

NetBox allows users to define custom templates that can be used when exporting objects. To create an export template, navigate to Customization > Export Templates.

Export templates are used to render arbitrary data from a set of NetBox objects. For example, you might want to automatically generate a network monitoring service configuration from a list of device objects. See the export templates documentation for more information.

Below is a list of tasks to consider when adding a new field to a core model.

From global regions down to individual equipment racks, NetBox allows you to model your network's entire presence. This is accomplished through the use of several purpose-built models. The graph below illustrates these models and their relationships.

Installation Issues

A first-hop redundancy protocol (FHRP) enables multiple physical interfaces to present a virtual IP address (VIP) in a redundant manner. Examples of such protocols include:

Member device and VM interfaces can be assigned to FHRP groups to indicate their participation in maintaining a common virtual IP address (VIP). For instance, three interfaces, each belonging to a different router, may each be assigned to the same FHRP group to serve a shared VIP. Each of these assignments would typically receive a different priority.

Filter sets define the mechanisms available for filtering or searching through a set of objects in NetBox. For instance, sites can be filtered by their parent region or group, status, facility ID, and so on. The same filter set is used consistently for a model whether the request is made via the UI or REST API. (Note that the GraphQL API uses a separate filter class.) NetBox employs the django-filters2 library to define filter sets.

Form Classes

A template for a front-facing pass-through port that will be created on all instantiations of the parent device type. See the front port documentation for more detail.

Front ports are pass-through ports which represent physical cable connections that comprise part of a longer path. For example, the ports on the front face of a UTP patch panel would be modeled in NetBox as front ports. Each port is assigned a physical type, and must be mapped to a specific rear port on the same device. A single rear port may be mapped to multiple front ports, using numeric positions to annotate the specific alignment of each.

This guide will help you set up and start using NetBox Discovery to ingest network data into NetBox. The setup process varies depending on your NetBox deployment type.

This guide will help you get started with development on pynetbox. It covers setting up your development environment and running tests.

Setting up a Development Environment

This guide will help you set up and start using Diode to ingest data into NetBox.

This guide will help you set up, configure, and start using NetBox Assurance to maintain accurate network documentation and proactive drift detection. Follow these steps to go from installation to your first operational workflow.

You can view an on-demand Webinar Getting Started with Network Test Automation: NetBox + pyATS hosted by NetBox Labs.

This guide will help you set up and start using the Catalyst Center Integration for NetBox.

This cheat sheet serves as a convenient reference for NetBox contributors who already somewhat familiar with using git. For a general introduction to the tooling and workflows involved, please see GitHub's guide Getting started with git.

This guide explains how to configure single sign-on (SSO) support for NetBox using Google OAuth2 as an authentication backend.

Defining the Schema Class

NetBox provides a read-only GraphQL API to complement its REST API. This API is powered by Strawberry Django.

GRAPHQL_ENABLED

Upgrade your Single Sign-On experience with Group Mapping for Microsoft Entra ID SSO – a smarter, more secure way to manage user access. The Group Mapping feature for Entra ID Single Sign-On, streamlines the synchronization of group memberships from Microsoft Entra ID to groups in NetBox Cloud, allowing you to align your user access efficiently and accurately.

Upgrade your Single Sign-On experience with Group Mapping for Okta SSO – a smarter, more secure way to manage user access. The Group Mapping feature for Okta Single Sign-On, streamlines the synchronization of group memberships from Okta to groups in NetBox Cloud, allowing you to align your user access efficiently and accurately.

This page provides instructions for setting up the gunicorn WSGI server. If you plan to use uWSGI instead, go here.

NetBox includes a housekeeping management command that should be run nightly. This command handles:

This documentation provides example configurations for both nginx and Apache, though any HTTP server which supports WSGI should be compatible.

An Internet Key Exchange (IKE) policy defines an IKE version, mode, and set of proposals to be used in IKE negotiation. These policies are referenced by IPSec profiles.

An Internet Key Exhcnage (IKE) proposal defines a set of parameters used to establish a secure bidirectional connection across an untrusted medium, such as the Internet. IKE proposals defined in NetBox can be referenced by IKE policies, which are in turn employed by IPSec profiles.

Certain objects in NetBox support the attachment of uploaded images. These will be saved to the NetBox server and made available whenever the object is viewed.

NetBox

ServiceNow Integration Overview

NetBox Labs Documentation

Check out the NetBox Cloud Free Plan! Skip the installation process and grab your own NetBox Cloud instance, preconfigured and ready to go in minutes. Completely free!

Before Starting

The instructions below detail the general process for installing and configuring a NetBox plugin. However, each plugin is different and may require additional tasks or modifications to the steps below. Always consult the documentation for a specific plugin before attempting to install it.

While NetBox Enterprise comes with a variety of certified and other community plugins built-in, there are cases where you will want to include additional plugins in your NetBox runtime.

A template for a network interface that will be created on all instantiations of the parent device type. See the interface documentation for more detail.

Interfaces in NetBox represent network interfaces used to exchange data with connected devices. On modern networks, these are most commonly Ethernet, but other types are supported as well. IP addresses and VLANs can be assigned to interfaces.

Beginning with NetBox v4.0, NetBox will leverage Django's automatic translation to support languages other than English. This page details the areas of the project which require special attention to ensure functioning translation support. Briefly, these include:

Internet Delivery (Single Region) is the standard product offering for NetBox Cloud. It comes with extensive security features (see below) and is suitable for the majority of use cases and environments:

Origin Story

Beginning in NetBox v4.3, the use of inventory items has been deprecated. They are planned for removal in a future NetBox release. Users are strongly encouraged to begin using modules and module types in place of inventory items. Modules provide enhanced functionality and can be configured with user-defined attributes.

Beginning in NetBox v4.3, the use of inventory items has been deprecated. They are planned for removal in a future NetBox release. Users are strongly encouraged to begin using modules and module types in place of inventory items. Modules provide enhanced functionality and can be configured with user-defined attributes.

Beginning in NetBox v4.3, the use of inventory items has been deprecated. They are planned for removal in a future NetBox release. Users are strongly encouraged to begin using modules and module types in place of inventory items. Modules provide enhanced functionality and can be configured with user-defined attributes.

IP address management (IPAM) is one of NetBox's core features. It supports full parity for IP4 and IPv6, advanced VRF assignment, automatic hierarchy formation, and much more.

An IP address object in NetBox comprises a single host address (either IPv4 or IPv6) and its subnet mask, and represents an IP address as configured on a network interface. IP addresses can be assigned to device and virtual machine interfaces, as well as to FHRP groups. Further, each device and virtual machine may have one of its interface IPs designated as its primary IP per address family (one for IPv4 and one for IPv6).

This model represents an arbitrary range of individual IPv4 or IPv6 addresses, inclusive of its starting and ending addresses. For instance, the range 192.0.2.10 to 192.0.2.20 has eleven members. (The total member count is available as the size property on an IPRange instance.) Like prefixes and IP addresses, each IP range may optionally be assigned to a VRF.

handler: python

An IPSec policy defines a set of proposals to be used in the formation of IPSec tunnels. A perfect forward secrecy (PFS) group may optionally also be defined. These policies are referenced by IPSec profiles.

An IPSec profile defines an IKE policy, IPSec policy, and IPSec mode used for establishing an IPSec tunnel.

An IPSec proposal defines a set of parameters used in negotiating security associations for IPSec tunnels. IPSec proposals defined in NetBox can be referenced by IPSec policies, which are in turn employed by IPSec profiles.

The Job model is used to schedule and record the execution of background tasks.

Most objects in NetBox support journaling. This is the ability of users to record chronological notes indicating changes to or work performed on resources in NetBox. For example, a data center technician might add a journal entry for a device when swapping out a failed power supply.

All primary and organizational models in NetBox support journaling. A journal is a collection of human-generated notes and comments about an object maintained for historical context. It supplements NetBox's change log to provide additional information about why changes have been made or to convey events which occur outside NetBox. Unlike the change log, in which records typically expire after a configurable period of time, journal entries persist for the life of their associated object.

A L2VPN object is NetBox is a representation of a layer 2 bridge technology such as VXLAN, VPLS, or EPL. Each L2VPN can be identified by name as well as by an optional unique identifier (VNI would be an example). Once created, L2VPNs can be terminated to interfaces and VLANs.

L2VPN and overlay networks, such as VXLAN and EVPN, can be defined in NetBox and tied to interfaces and VLANs. This allows for easy tracking of overlay assets and their relationships with underlay resources.

A L2VPN termination is the attachment of an L2VPN to an interface or VLAN. Note that the L2VPNs of the following types may have only two terminations assigned to them:

This guide explains how to implement LDAP authentication using an external server. User authentication will fall back to built-in Django users in the event of a failure.

1. In the Admin Console for NetBox Enterprise, navigate to the Config tab and scroll to the bottom to check Advanced Settings

This document summarizes the system-level changes made to a Linux host when installing a NetBox Enterprise Embedded Cluster, particularly in relation to directories, files, and runtime configurations affected under /.

Racks and devices can be grouped by location within a site. A location may represent a floor, room, cage, or similar organizational unit. Locations can be nested to form a hierarchy. For example, you may have floors within a site, and rooms within a floor.

A MAC address object in NetBox comprises a single Ethernet link layer address, and represents a MAC address as reported by or assigned to a network interface. MAC addresses can be assigned to device and virtual machine interfaces. A MAC address can be specified as the primary MAC address for a given device or VM interface.

NetBox Upgrade Maintenance Windows

A manufacturer represents the "make" of a device; e.g. Cisco or Dell. Each device type must be assigned to a manufacturer. (Inventory items and platforms may also be associated with manufacturers.)

NetBox supports Markdown rendering for certain text fields. Some common examples are provided below. For a complete Markdown reference, please see Markdownguide.org.

Available Metrics

This guide explains how to configure single sign-on (SSO) support for NetBox using Microsoft Entra ID as an authentication backend.

This guide explains how to configure single sign-on (SSO) support for NetBox Cloud using Microsoft Entra ID (formerly Azure Active Directory) as an authentication backend.

This guide explains how to configure single sign-on (SSO) support for NetBox Enterprise using Microsoft Entra ID (formerly Azure Active Directory) as an authentication backend.

Migrating from an on-premises NetBox open source instance to a NetBox Labs NetBox Cloud environment is a straightforward

Migrating from NetBox open source to NetBox Labs Enterprise is a simple and efficient process. Because NetBox Enterprise is built on the same open source platform, database imports can be completed quickly, enabling a smooth transition.

This document serves as a handbook for maintainers of plugins that were written prior to the release of NetBox v4.0. It serves to capture all the changes recommended to ensure a plugin is compatible with NetBox v4.0 and later releases.

ADMINS

A template for a module bay that will be created on all instantiations of the parent device type. See the module bay documentation for more detail.

Module bays represent a space or slot within a device in which a field-replaceable module may be installed. A common example is that of a chassis-based switch such as the Cisco Nexus 9000 or Juniper EX9200. Modules in turn hold additional components that become available to the parent device.

Each module type may optionally be assigned a profile according to its classification. A profile can extend module types with user-configured attributes. For example, you might want to specify the input current and voltage of a power supply, or the clock speed and number of cores for a processor.

A module type represents a specific make and model of hardware component which is installable within a device's module bay and has its own child components. For example, consider a chassis-based switch or router with a number of field-replaceable line cards. Each line card has its own model number and includes a certain set of components such as interfaces. Each module type may have a manufacturer, model number, and part number assigned to it.

A module is a field-replaceable hardware component installed within a device which houses its own child components. The most common example is a chassis-based router or switch.

Menus

NetBox Assurance automatically detects operational drift between your intended network design (documented in NetBox) and your actual network infrastructure. It continuously monitors network and infrastructure, comparing your intended design against real-world infrastructure to uncover discrepancies and provide proactive remediation capabilities.

NetBox is the world's leading source of truth for network infrastructure, featuring an extensive and complex data model. But sometimes it can be challenging to orchestrate changes, especially when working within a large team. This plugin introduces a new paradigm for NetBox to help overcome these challenges: branching.

Change management support with policy and workflow controls for NetBox

You should already have access to the NetBox Labs Console when you sign up for NetBox Cloud.

The NetBox Cloud Free Plan is perfect for small networks, lab environments, and targeted use cases. It includes up to 100 devices, 500 IP addresses, 10k API requests/month, and 2 operational branches.

1. From within the NetBox Labs Console click on Settings and then Hostnames Manager in the left-hand main menu to view the settings for your Organization:

From within the NetBox Labs Console, you can easily view installed NetBox Cloud Plugins, along with their Scope and Version number. Simply follow these steps:

Overview

Console Access

Configuration File

Thanks for your interest in contributing to NetBox! This introduction covers a few important things to know before you get started.

Overview

1.10.1/1.10.2

Much like the NetBox software itself, NetBox Enterprise uses 2 main datastores: PostgreSQL, and Redis.

Place the following in configuration overrides python section

NetBox Labs Documentation

NetBox Labs Documentation

NetBox Labs Documentation

NetBox Labs Documentation

NetBox Labs Documentation

Comprehensive installation guides and configuration files for deploying NetBox Enterprise on Kubernetes using Helm

You should be able to follow these instructions for installing NetBox Enterprise in most environments.

Host system requirements

Tested Versions

Ubuntu-specific preparation steps. See the main requirements document for general requirements and special cases.

Required Information

This section of the documentation discusses installing and configuring the NetBox application itself.

NetBox Ansible Collection - Quick Start

NetBox Labs products and features can go through multiple release stages before becoming generally available. These stages in the release life cycle can present varying degrees of stability and support. The following are the NetBox Labs release stages:

Model Types

Reports are deprecated beginning with NetBox v4.0, and their functionality has been merged with custom scripts. While backward compatibility has been maintained, users are advised to convert legacy reports into custom scripts soon, as support for legacy reports will be removed in a future release.

v2.0.10 (2017-07-14)

v2.1.6 (2017-10-11)

v2.10.10 (2021-04-15)

v2.11.12 (2021-08-23)

v2.2.10 (2018-02-21)

v2.3.7 (2018-07-26)

v2.4.9 (2018-12-07)

v2.5.13 (2019-05-31)

v2.6.12 (2020-01-13)

v2.7.12 (2020-04-08)

v2.8.9 (2020-08-04)

v2.9.11 (2020-12-11)

v3.0.12 (2021-12-06)

v3.1.11 (2022-04-05)

v3.2.9 (2022-08-16)

v3.3.10 (2022-12-13)

v3.4.10 (2023-04-27)

v3.5.9 (2023-08-28)

v3.6.9 (2023-12-28)

v3.7.8 (2024-05-06)

v4.0.11 (2024-09-03)

v4.1.11 (2025-01-06)

v4.2.9 (2025-04-30)

v4.3.4 (2025-07-15)

A notification alerts a user that a specific action has taken place in NetBox, such as an object being modified or a background job completing. A notification may be generated via a user's subscription to a particular object, or by an event rule targeting a notification group of which the user is a member.

A set of NetBox users and/or groups of users identified as recipients for certain notifications.

NetBox includes a system for generating user notifications, which can be marked as read or deleted by individual users. There are two built-in mechanisms for generating a notification:

NetBox employs a new object-based permissions framework, which replaces Django's built-in permissions model. Object-based permissions enable an administrator to grant users or groups the ability to perform an action on arbitrary subsets of objects in NetBox, rather than all objects of a certain type. For example, it is possible to grant a user permission to view only sites within a particular region, or to modify only VLANs with a numeric ID within a certain range.

This guide explains how to configure single sign-on (SSO) support for NetBox using Okta as an authentication backend.

This guide explains how to configure single sign-on (SSO) support for NetBox Cloud using Okta as an authentication backend.

NetBox Labs Documentation

This guide outlines the steps necessary for planning a successful migration to NetBox. Although it is written under the context of a completely new installation, the general approach outlined here works just as well for adding new data to existing NetBox deployments.

A platform defines the type of software running on a device or virtual machine. This can be helpful to model when it is necessary to distinguish between different versions or feature sets. Note that two devices of the same type may be assigned different platforms: For example, one Juniper MX240 might run Junos 14 while another runs Junos 15.

PLUGINS

Plugins are packaged Django apps that can be installed alongside NetBox to provide custom functionality not present in the core application. Plugins can introduce their own models and views, but cannot interfere with existing components. A NetBox user may opt to install plugins provided by the community or build his or her own.

Just getting started with plugins? Check out our NetBox Plugin Tutorial on GitHub! This in-depth guide will walk you through the process of creating an entire plugin from scratch. It even includes a companion demo plugin repo to ensure you can jump in at any step along the way. This will get you up and running with plugins in no time!

Change management policies for NetBox Change Management

Policy rules for NetBox Change Management policies

This section covers the mechanisms which are available to populate data in NetBox.

This section entails the installation and configuration of a local PostgreSQL database. If you already have a PostgreSQL database service in place, skip to the next section.

A power feed represents the distribution of power from a power panel to a particular device, typically a power distribution unit (PDU). The power port (inlet) on a device can be connected via a cable to a power feed. A power feed may optionally be assigned to a rack to allow more easily tracking the distribution of power among racks.

A template for a power outlet that will be created on all instantiations of the parent device type. See the power outlet documentation for more detail.

Power outlets represent the outlets on a power distribution unit (PDU) or other device that supplies power to dependent devices. Each power port may be assigned a physical type, and may be associated with a specific feed leg (where three-phase power is used) and/or a specific upstream power port. This association can be used to model the distribution of power within a device.

A power panel represents the origin point in NetBox for electrical power being disseminated by one or more power feeds. In a data center environment, one power panel often serves a group of racks, with an individual power feed extending to each rack, though this is not always the case. It is common to have two sets of panels and feeds arranged in parallel to provide redundant power to each rack.

A template for a power port that will be created on all instantiations of the parent device type. See the power port documentation for more detail.

A power port is a device component which draws power from some external source (e.g. an upstream power outlet), and generally represents a power supply internal to a device.

As part of its DCIM feature set, NetBox supports modeling facility power as discrete power panels and feeds. These are most commonly used to document power distribution within a data center, but can serve more traditional environments as well.

You can secure access to your NetBox Cloud instance by adding IPv4 and IPv6 addresses and ranges to Prefix Lists, which can then be applied to NetBox instances to control which source IPs your instances will accept connections from.

A role indicates the function of a prefix or VLAN. For example, you might define Data, Voice, and Security roles. Generally, a prefix will be assigned the same functional role as the VLAN to which it is assigned (if any).

A prefix is an IPv4 or IPv6 network and mask expressed in CIDR notation (e.g. 192.0.2.0/24). A prefix entails only the "network portion" of an IP address: All bits in the address not covered by the mask must be zero. (In other words, a prefix cannot be a specific IP address.) Prefixes are automatically organized by their parent aggregate and assigned VRF.

NetBox Labs Documentation

NetBox supports optionally exposing native Prometheus metrics from the application. Prometheus is a popular time series metric platform used for monitoring.

This model can be used to represent individual accounts associated with a provider.

This model can be used to represent the boundary of a provider network, the details of which are unknown or unimportant to the NetBox user. For example, it might represent a provider's regional MPLS network to which multiple circuits provide connectivity.

A provider is any entity which provides some form of connectivity of among sites or organizations within a site. While this obviously includes carriers which offer Internet and private transit service, it might also include Internet exchange (IX) points and even organizations with whom you peer directly. Each circuit within NetBox must be assigned a provider and a circuit ID which is unique to that provider.

Traffic Originating From NetBox Cloud

Python API client library for NetBox.

TL;DR

Users can reserve specific units within a rack for future use. An arbitrary set of units within a rack can be associated with a single reservation, but reservations cannot span multiple racks. A description is required for each reservation, reservations may optionally be associated with a specific tenant.

Each rack can optionally be assigned a user-defined functional role. For example, you might designate a rack for compute or storage resources, or to house colocated customer devices.

A rack type defines the physical characteristics of a particular model of rack.

The rack model represents a physical two- or four-post equipment rack in which devices can be installed. Each rack must be assigned to a site, and may optionally be assigned to a location within that site. Racks can also be organized by user-defined functional roles. The name and facility ID of each rack within a location must be unique.

A template for a rear-facing pass-through port that will be created on all instantiations of the parent device type. See the rear port documentation for more detail.

Like front ports, rear ports are pass-through ports which represent the continuation of a path from one cable to the next. Each rear port is defined with its physical type and a number of positions: Rear ports with more than one position can be mapped to multiple front ports. This can be useful for modeling instances where multiple paths share a common cable (for example, six discrete two-strand fiber connections sharing a 12-strand MPO cable).

Install Redis

Regional Internet registries are responsible for the allocation of globally-routable address space. The five RIRs are ARIN, RIPE, APNIC, LACNIC, and AFRINIC. However, some address space has been set aside for internal use, such as defined in RFCs 1918 and 6598. NetBox considers these RFCs as a sort of RIR as well; that is, an authority which "owns" certain address space. There also exist lower-tier registries which serve particular geographic areas.

Sites can be arranged geographically using regions. A region might represent a continent, country, city, campus, or other area depending on your use case. Regions can be nested recursively to construct a hierarchy. For example, you might define several country regions, and within each of those several state or city regions to which sites are assigned.

This document outlines the steps required to prepare and publish a new release of pynetbox.

This documentation describes the process of packaging and publishing a new NetBox release. There are three types of releases:

NetBox releases are numbered as major, minor, and patch releases. For example, version 3.1.0 is a minor release, and v3.1.5 is a patch release. Briefly, these can be described as follows:

The configuration parameters listed here control remote authentication for NetBox. Note that REMOTEAUTHENABLED must be True in order for these settings to take effect.

The instructions below detail the general process for removing a NetBox plugin. However, each plugin is different and may require additional tasks or modifications to the steps below. Always consult the documentation for a specific plugin before attempting to remove it.

Replicating the Database

handler: python

ALLOWED_HOSTS

handler: python

Plugins can declare custom endpoints on NetBox's REST API to retrieve or manipulate models or other data. These behave very similarly to views, except that instead of rendering arbitrary content using a template, data is returned in JSON format using a serializer.

Filtering Objects

What is a REST API?

Once a branch has been merged, it is generally no longer needed, and can no longer be activated. However, occasionally you may find it necessary to undo the changes from a branch (due to an error or an otherwise undesired state). This can be done by reverting the branch. Only merged branches can be reverted.

Review model for NetBox Change Management workflow

A route target is a particular type of extended BGP community used to control the redistribution of routes among VRF tables in a network. Route targets can be assigned to individual VRFs in NetBox as import or export targets (or both) to model this exchange in an L3VPN. Each route target must be given a unique name, which should be in a format prescribed by RFC 4364, similar to a VR route distinguisher.

When filtering lists of objects in NetBox, users can save applied filters for future use. This is handy for complex filter strategies involving multiple discrete filters. For example, you might want to find all planned devices within a region that have a specific platform. Once you've applied the desired filters to the object list, simply create a saved filter with name and optional description. This filter can then be applied directly for future queries via both the UI and REST API.

NetBox v3.4 introduced a new global search mechanism, which employs the extras.CachedValue model to store discrete field values from many models in a single table.

Global Search

Plugins can define and register their own models to extend NetBox's core search functionality. Typically, a plugin will include a file named search.py, which holds all search indexes for its models (see the example below).

ALLOWTOKENRETRIEVAL

Service templates can be used to instantiate services on devices and virtual machines.

A service represents a layer seven application available on a device or virtual machine. For example, a service might be created in NetBox to represent an HTTP server running on TCP/8000. Each service may optionally be further bound to one or more specific interfaces assigned to the selected device or virtual machine.

In addition to Django's built-in signals, NetBox defines some of its own, listed below.

Like regions, site groups can be used to organize sites. Whereas regions are intended to provide geographic organization, site groups can be used to classify sites by role or function. Also like regions, site groups can be nested to form a hierarchy. Sites which belong to a child group are also considered to be members of all its parent groups.

How you choose to employ sites when modeling your network may vary depending on the nature of your organization, but generally a site will equate to a building or campus. For example, a chain of banks might create a site to represent each of its branches, a site for its corporate headquarters, and two additional sites for its presence in two colocation facilities.

NetBox generally follows the Django style guide, which is itself based on PEP 8. ruff is used for linting (with certain exceptions).

A record indicating that a user is to be notified of any changes to a particular NetBox object. A notification maps exactly one user to exactly one object.

Device

Several models in NetBox support the automatic synchronization of local data from a designated remote source. For example, configuration templates defined in NetBox can source their content from text files stored in a remote git repository. This is accomplished using the core data source and data file models.

Some NetBox models support automatic synchronization of certain attributes from remote data sources, such as a git repository hosted on GitHub or GitLab. Data from the authoritative remote source is synchronized locally in NetBox as data files.

Syncing a Branch

BASE_PATH

This object represents the saved configuration of an object table in NetBox. Table configs can be crafted, saved, and shared among users to apply specific views within object lists. Each table config can specify which table columns to display, the order in which to display them, and which columns are used for sorting.

NetBox employs the django-tables2 library for rendering dynamic object tables. These tables display lists of objects, and can be sorted and filtered by various parameters.

Tags are user-defined labels which can be applied to a variety of objects within NetBox. They can be used to establish dimensions of organization beyond the relationships built into NetBox. For example, you might create a tag to identify a particular ownership or condition across several types of objects.

This document provides a comprehensive mapping of Cisco Catalyst Center object types to their corresponding NetBox object types, based on the integration implementation.

New Tables in ServiceNow

Templates are used to render HTML content generated from a set of context data. NetBox provides a set of built-in templates suitable for use in plugin views. Plugin authors can extend these templates to minimize the work needed to create custom templates while ensuring that the content they produce matches NetBox's layout and style. These templates are all written in the Django Template Language (DTL).

Most core objects within NetBox's data model support tenancy. This is the association of an object with a particular tenant to convey ownership or dependency. For example, an enterprise might represent its internal business units as tenants, whereas a managed services provider might create a tenant in NetBox to represent each of its customers.

Tenants can be organized by custom groups. For instance, you might create one group called "Customers" and one called "Departments." The assignment of a tenant to a group is optional.

A tenant represents a discrete grouping of resources used for administrative purposes. Typically, tenants are used to represent individual customers or internal departments within an organization.

NetBox includes a Python management shell within which objects can be directly queried, created, modified, and deleted. To enter the shell, run the following command:

NetBox Enterprise Installs

NetBox coordinates all translation work using the Transifex platform. Signing up for a Transifex account is free.

Tunnels can be arranged into administrative groups for organization. For example, you might crete a group to manage all peer-to-peer tunnels inside a mesh network. The assignment of a tunnel to a group is optional.

A tunnel termination connects a device or virtual machine interface to a tunnel. The tunnel must be created before any terminations may be added.

NetBox can model private tunnels formed among virtual termination points across your network. Typical tunnel implementations include GRE, IP-in-IP, and IPSec. A tunnel may be terminated to two or more device or virtual machine interfaces. For convenient organization, tunnels may be assigned to user-defined groups.

A tunnel represents a private virtual connection established among two or more endpoints across a shared infrastructure by employing protocol encapsulation. Common encapsulation techniques include Generic Routing Encapsulation (GRE), IP-in-IP, and IPSec. NetBox supports modeling both peer-to-peer and hub-and-spoke tunnel topologies.

Distribution and Installation

To safely and easily upgrade your NetBox Cloud instance without worrying about any plugin compatibility issues, follow the steps outlined below:

Upgrading NetBox to a new version is pretty simple, however users are cautioned to always review the release notes and save a backup of their current deployment prior to beginning an upgrade.

The users.UserConfig model holds individual preferences for each user in the form of JSON data. This page serves as a manifest of all recognized user preferences in NetBox.

The NetBox Assurance plugin provides a comprehensive web interface within NetBox for monitoring network drift, viewing deviation reports, and managing remediation workflows. This guide covers the interface features, navigation, and operational workflows for day-to-day use of NetBox Assurance.

This plugin includes support for activating and deactivating branches via the REST API in addition to conventional creation, modification, and deletion operations.

This page provides instructions for setting up the uWSGI WSGI server. If you plan to use gunicorn instead, go here.

Writing Basic Views

A virtual chassis represents a set of devices which share a common control plane. A common example of this is a stack of switches which are connected and configured to operate as a single managed device. Each device in the virtual chassis is referred to as a VC member, and assigned a position and (optionally) a priority. VC member devices commonly reside within the same rack, though this is not a requirement.

This model represents the connection of a virtual interface to a virtual circuit.

Like physical circuits, virtual circuits are classified by functional type. These types are completely customizable, and can help categorize circuits by function or technology.

A virtual circuit can connect two or more interfaces atop a set of decoupled physical connections. For example, it's very common to form a virtual connection between two virtual interfaces, each of which is bound to a physical interface on its respective device and physically connected to a provider network via an independent physical circuit.

A virtual device context (VDC) represents a logical partition within a physical device, to which interfaces from the parent device can be allocated. Each VDC effectively provides an isolated control plane, but relies on shared resources of the parent device. A VDC is somewhat similar to a virtual machine in that it effects isolation between various components, but stops short of delivering a fully virtualized environment.

A virtual disk is used to model discrete virtual hard disks assigned to virtual machines.

A virtual machine (VM) represents a virtual compute instance hosted within a cluster. Each VM must be assigned to a site and/or cluster, and may optionally be assigned to a particular host device within a cluster.

A VRF object in NetBox represents a Virtual Routing and Forwarding (VRF) domain. Each VRF is essentially an independent routing table. VRFs are commonly used to isolate customers or organizations from one another within a network, or to route overlapping address space (e.g. multiple instances of the 10.0.0.0/8 space). Each VRF may be assigned to a specific tenant to aid in organizing the available IP space by customer or internal user.

Virtual machines and clusters can be modeled in NetBox alongside physical infrastructure. IP addresses and other resources are assigned to these objects just like physical objects, providing a seamless integration between physical and virtual networks.

VLAN groups can be used to organize VLANs within NetBox. Each VLAN group can be scoped to a particular region, site group, site, location, rack, cluster group, or cluster. Member VLANs will be available for assignment to devices and/or virtual machines within the specified scope.

Complementing its IPAM capabilities, NetBox also tracks VLAN information to assist with layer two network configurations. VLANs are defined per IEEE 802.1Q and related standards, and can be assigned to groups and functional roles.

VLAN translation is a feature that consists of VLAN translation policies and VLAN translation rules. Many rules can belong to a policy, and each rule defines a mapping of a local to remote VLAN ID (VID). A policy can then be assigned to an Interface or VMInterface, and all VLAN translation rules associated with that policy will be visible in the interface details.

A VLAN translation rule represents a one-to-one mapping of a local VLAN ID (VID) to a remote VID. Many rules can belong to a single policy.

A Virtual LAN (VLAN) represents an isolated layer two domain, identified by a name and a numeric ID (1-4094) as defined in IEEE 802.1Q. VLANs are arranged into VLAN groups to define scope and to enforce uniqueness.

Interfaces

Code Structure

NetBox can be configured via Event Rules to transmit outgoing webhooks to remote systems in response to internal object changes. The receiver can act on the data in these webhook messages to perform related tasks.

A webhook is a mechanism for conveying to some external system a change that took place in NetBox. For example, you may want to notify a monitoring system whenever the status of a device is updated in NetBox. This can be done by creating a webhook for the device model in NetBox and identifying the webhook receiver. When NetBox detects a change to a device, an HTTP request containing the details of the change and who made it be sent to the specified receiver.

Documentation for NetBox Cloud, Enterprise, Discovery & Assurance, and Integrations.

In many cases where cloud connectivity options seem necessary, NetBox Cloud offers features that can address your needs without additional setup. In the majority of cases Internet Delivery (Single Region) is the most appropriate connectivity option, but there are some general recommendations depending on your use case:

Just as NetBox provides robust modeling for physical cable plants, it also supports modeling wireless LANs and point-to-point links.

Wireless LAN groups can be used to organize and classify wireless LANs. These groups are hierarchical: groups can be nested within parent groups. However, each wireless LAN may be assigned only to one group.

A wireless LAN is a set of interfaces connected via a common wireless channel, identified by its SSID and authentication parameters. Wireless interfaces can be associated with wireless LANs to model multi-acess wireless segments.

A wireless link represents a connection between exactly two wireless interfaces. Unlike a wireless LAN, which permit an arbitrary number of client associations, wireless links are used to model point-to-point wireless connections.

Within the NetBox Labs Console you can access the backups of your NetBox Cloud database, and are able to perform the following actions: